stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 14 Releases Wiki Activity
Files
f43e828b4e21957636ce35cdaf50bb29da5d4e1d
git.stella-ops.org/docs/modules/findings-ledger/prep/2025-11-22-ledger-airgap-prep.md
StellaOps Bot f43e828b4e
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement MongoDB orchestrator storage with registry, commands, and heartbeats 
- Added NullAdvisoryObservationEventTransport for handling advisory observation events.
- Created IOrchestratorRegistryStore interface for orchestrator registry operations.
- Implemented MongoOrchestratorRegistryStore for MongoDB interactions with orchestrator data.
- Defined OrchestratorCommandDocument and OrchestratorCommandRecord for command handling.
- Added OrchestratorHeartbeatDocument and OrchestratorHeartbeatRecord for heartbeat tracking.
- Created OrchestratorRegistryDocument and OrchestratorRegistryRecord for registry management.
- Developed tests for orchestrator collections migration and MongoOrchestratorRegistryStore functionality.
- Introduced AirgapImportRequest and AirgapImportValidator for air-gapped VEX bundle imports.
- Added incident mode rules sample JSON for notifier configuration.
2025-11-22 12:35:38 +02:00

2.2 KiB
Raw Blame History

Findings Ledger Prep — 29-008, 34-101, AIRGAP-56-001

Status: Ready for implementation (2025-11-22) Owners: Findings Ledger Guild · Observability Guild · AirGap Time Guild · Orchestrator Guild Scope: Provide the missing contracts needed to unblock LEDGER-29-008 load/replay, LEDGER-34-101 orchestrator export linkage, and LEDGER-AIRGAP-56-001 bundle provenance recording.

Observability (LEDGER-29-008)

  • Metrics schema locked:
    • ledger_projection_lag_seconds{tenant} (gauge)
    • ledger_write_duration_seconds_bucket (histogram)
    • ledger_events_total{tenant,kind} (counter)
    • Alert: burn-rate 4xx/5xx on ingestion path >2% over 5m/1h.
  • Log fields: tenantId, requestId, projectionCheckpoint, bundleId?, attestationId?, operation.
  • Trace spans: ledger.write, ledger.replay, ledger.restore with baggage tenant-id, bundle-id.

Orchestrator export linkage (LEDGER-34-101)

  • Export payload shape (from Orchestrator Sprint 150.A):
    • runId (uuid), jobType, artifactHash, policyHash, startedAt, completedAt, status, manifestPath, logsPath.
  • Ledger integration rule: store export rows under collection orchestrator_exports with index (artifactHash, runId); anchor Merkle root into ledger timeline entry ledger_export referencing above fields.

AirGap provenance (LEDGER-AIRGAP-56-001)

  • Mirror bundle contract alignment:
    • fields recorded per import: bundleId, mirrorGeneration, merkleRoot, timeAnchor, publisher, hashAlgorithm, contents[] (sha256 of NDJSON segments).
    • determinism: imports sorted by bundleId; all timestamps UTC.
  • API for recording import: POST /internal/ledger/airgap-import with payload above; respond 202 + ledgerEntryId.

Acceptance Criteria

  • Metrics/log/logging names frozen as above and added to docs/modules/findings-ledger/observability.md in next implementation step.
  • Orchestrator export payload shape referenced by both Ledger and Orchestrator tasks; no missing fields for audit.
  • AirGap import payload is deterministic and replays without external network requirements.

Notes

  • Satisfies PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA, PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT, and PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM.