75f6942769
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
- Implemented MigrationCategoryTests to validate migration categorization for startup, release, seed, and data migrations. - Added tests for edge cases, including null, empty, and whitespace migration names. - Created StartupMigrationHostTests to verify the behavior of the migration host with real PostgreSQL instances using Testcontainers. - Included tests for migration execution, schema creation, and handling of pending release migrations. - Added SQL migration files for testing: creating a test table, adding a column, a release migration, and seeding data.
3.4 KiB
3.4 KiB
Sprint 0124 · Excititor Ingestion & Evidence (Phase VI)
Topic & Scope
- Expose streaming, evidence, and attestation APIs with OpenAPI discovery/examples while keeping aggregation-only semantics.
- Add mirror bundle import telemetry and crypto provider abstraction for deterministic verification profiles.
- Working directory:
src/Excititor(WebService) with AirGap/Policy coordination.
Dependencies & Concurrency
- Depends on Phase V outputs (portable bundles, mirror registration) and Evidence Locker manifests.
- Concurrency: OpenAPI discovery/examples and streaming can proceed in parallel; crypto provider registry relies on security contract.
Documentation Prerequisites
- docs/modules/excititor/architecture.md
- docs/modules/excititor/implementation_plan.md
- docs/modules/excititor/observability/locker-manifest.md
- Excititor WebService AGENTS.md
BLOCKED Tasks: Before working on BLOCKED tasks, review BLOCKED_DEPENDENCY_TREE.md for root blockers and dependencies.
Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
|---|---|---|---|---|---|
| 1 | EXCITITOR-WEB-OBS-52-001 | DONE | Depends on OBS-52 schema | Excititor WebService Guild | Provide SSE/WebSocket bridges for VEX timeline events with tenant filters, pagination anchors, guardrails. |
| 2 | EXCITITOR-WEB-OBS-53-001 | DONE | Depends on 52-001; locker manifest available | Excititor WebService Guild · Evidence Locker Guild | /evidence/vex/* endpoints fetching locker bundles, enforcing scopes, surfacing verification metadata; no verdicts. |
| 3 | EXCITITOR-WEB-OBS-54-001 | DONE | Depends on 53-001; DSSE manifests available | Excititor WebService Guild | /attestations/vex/* endpoints returning DSSE verification state, builder identity, chain-of-custody links. |
| 4 | EXCITITOR-WEB-OAS-61-001 | DONE | None | Excititor WebService Guild | Implement /.well-known/openapi with spec metadata + standard error envelope; update controller/unit tests. |
| 5 | EXCITITOR-WEB-OAS-62-001 | DONE | Depends on 61-001 | Excititor WebService Guild · API Governance Guild | Publish curated examples + deprecation headers for evidence/attestation/timeline endpoints; align SDK docs. |
| 6 | EXCITITOR-WEB-AIRGAP-58-001 | DONE | Depends on mirror thin bundle schema | Excititor WebService Guild · AirGap Importer/Policy Guilds | Emit timeline events + audit logs for mirror bundle imports (bundle ID, scope, actor); map sealed-mode violations to remediation. |
| 7 | EXCITITOR-CRYPTO-90-001 | DONE | Security-approved registry contract | Excititor WebService Guild · Security Guild | Replace ad-hoc hashing/signing with ICryptoProviderRegistry implementations for deterministic verification across profiles. |
Execution Log
| Date (UTC) | Update | Owner |
|---|---|---|
| 2025-12-03 | Normalised sprint to standard template; preserved task details/statuses. | Planning |
Decisions & Risks
- Aggregation-only stance preserved across streaming/evidence/attestation endpoints.
- Crypto provider registry must remain deterministic; benchmark and feature-flag per profile.
- Mirror bundle telemetry relies on thin bundle schema; revisit if schema changes to avoid telemetry mismatch.
Next Checkpoints
- Re-validate
/evidenceand/attestationsresponses after any locker/DSSE manifest updates. - Run OpenAPI discovery/examples regression when new routes land or headers change.