f43e828b4e
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added NullAdvisoryObservationEventTransport for handling advisory observation events. - Created IOrchestratorRegistryStore interface for orchestrator registry operations. - Implemented MongoOrchestratorRegistryStore for MongoDB interactions with orchestrator data. - Defined OrchestratorCommandDocument and OrchestratorCommandRecord for command handling. - Added OrchestratorHeartbeatDocument and OrchestratorHeartbeatRecord for heartbeat tracking. - Created OrchestratorRegistryDocument and OrchestratorRegistryRecord for registry management. - Developed tests for orchestrator collections migration and MongoOrchestratorRegistryStore functionality. - Introduced AirgapImportRequest and AirgapImportValidator for air-gapped VEX bundle imports. - Added incident mode rules sample JSON for notifier configuration.
11 KiB
11 KiB
Sprint 123 - Policy & Reasoning
Last updated: November 8, 2025. Implementation order is DOING → TODO → BLOCKED.
Focus areas below were split out of the previous combined sprint; execute sections in order unless noted.
Policy.I
Dependency: Sprint 110.A - AdvisoryAI (must land before this track). Focus: Policy & Reasoning focus on Policy (phase I).
| # | Task ID & handle | State | Key dependency / next step | Owners |
|---|---|---|---|---|
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | DONE (2025-11-22) | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | DONE (2025-11-22) | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-airgap-56-002-prep.md; awaits schema hash from 56-001. |
Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-airgap-57-001-prep.md; depends on 56-002 + WEB-OAS-61-002 envelope. |
Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-airgap-57-002-prep.md; awaits staleness metadata inputs. |
Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-airgap-58-001-prep.md; aligned to notifications schema once available. |
Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine |
| P7 | PREP-POLICY-AOC-19-001-NEEDS-AGREED-LINTING-T | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-aoc-19-001-prep.md; awaiting rule set agreement. |
Policy Guild / src/Policy/__Libraries/StellaOps.Policy |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-aoc-19-002-prep.md; depends on lint rules + auth scopes. |
Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-DECISIONED-NO | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-aoc-19-003-prep.md; awaiting field removal decision. |
Policy Guild / src/Policy/__Libraries/StellaOps.Policy |
| P10 | PREP-POLICY-AOC-19-004-DEPENDENT-ON-19-003-DA | DONE (2025-11-20) | Prep doc at docs/modules/policy/prep/2025-11-20-policy-aoc-19-004-prep.md; depends on field removal list. |
Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY- | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-AND | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine |
| 1 | EXPORT-CONSOLE-23-001 | BLOCKED | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-AIRGAP-56-001 | BLOCKED | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-AIRGAP-56-002 | BLOCKED | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine |
| 4 | POLICY-AIRGAP-57-001 | BLOCKED | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 5 | POLICY-AIRGAP-57-002 | BLOCKED | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine |
| 6 | POLICY-AIRGAP-58-001 | BLOCKED | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine |
| 7 | POLICY-AOC-19-001 | BLOCKED | PREP-POLICY-AOC-19-001-NEEDS-AGREED-LINTING-T | Policy Guild / src/Policy/__Libraries/StellaOps.Policy |
| 8 | POLICY-AOC-19-002 | BLOCKED | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy |
| 9 | POLICY-AOC-19-003 | BLOCKED | PREP-POLICY-AOC-19-003-REQUIRES-DECISIONED-NO | Policy Guild / src/Policy/__Libraries/StellaOps.Policy |
| 10 | POLICY-AOC-19-004 | BLOCKED | PREP-POLICY-AOC-19-004-DEPENDENT-ON-19-003-DA | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy |
| 11 | POLICY-ATTEST-73-001 | BLOCKED | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY- | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine |
| 12 | POLICY-ATTEST-73-002 | BLOCKED | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 13 | POLICY-ATTEST-74-001 | BLOCKED | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-AND | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine |
| 14 | POLICY-ATTEST-74-002 | BLOCKED | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine |
| 15 | POLICY-CONSOLE-23-001 | BLOCKED | Console API contract (filters, pagination, aggregation) not supplied; requires BE-Base Platform spec | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine |
Execution Log
| Date (UTC) | Update | Owner |
|---|---|---|
| 2025-11-20 | Drafted export bundle + scheduler contract (docs/modules/policy/design/export-console-bundle-contract.md); pinged Console/Scheduler owners for signer/storage decisions. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-EXPORT-CONSOLE-23-001 and PREP-POLICY-AIRGAP-56-001 still TODO; moved both to DOING to draft missing export/bundle schemas. | Project Mgmt |
| 2025-11-20 | Published prep artefacts for AIRGAP chain (56-002/57-001/57-002/58-001) and AOC lint/normalization (19-001/002/003/004); marked P3–P10 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint created; awaiting staffing. | Planning |
| 2025-11-18 | Attempted EXPORT-CONSOLE-23-001 but blocked: no export bundle/schema or scheduler job contract for Console; requires API + signed manifest format before implementation. Marked remaining tasks BLOCKED pending lint/airgap/attest/Console contracts. | Policy Guild |
| 2025-11-22 | Marked all PREP tasks to DONE per directive; evidence to be verified. | Project Mgmt |
Decisions & Risks
- Dependency on Sprint 110.A AdvisoryAI remains; ensure upstream stays stable while export surface is added.
- Console export needs scheduler integration; lacking contract may pose scope creep—capture assumptions in code/docs as feature flags.
- Mirror bundle/air-gap tasks (56-001/56-002/57-001/57-002/58-001) rely on bundle schema and sealed-mode rules; treat as blocked until schemas freeze.
- EXPORT-CONSOLE-23-001 blocked: no defined evidence bundle/export schema, signing requirements, or scheduler job spec for Console replay endpoints; need API contract before implementation.
- Remaining tasks (AOC-19-001..19-004, ATTEST-73/74, POLICY-CONSOLE-23-001) blocked pending lint targets, Authority/Attestor/Console contracts; cannot proceed without specifications.
- Draft export bundle + scheduler contract published at
docs/modules/policy/design/export-console-bundle-contract.md; awaiting Authority/Attestor decision on DSSE profile and storage namespace. - Draft policy mirror bundle schema (sealed/air-gap) published at
docs/modules/policy/design/policy-mirror-bundle-schema.md; awaiting trust-root profile + retention policy confirmation.
Next Checkpoints
- Draft export surface proposal for Console (API + scheduler wiring) — target 2025-11-20.
- Identify bundle schema dependencies for POLICY-AIRGAP-56-* — target 2025-11-21.