stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
f98cea3bcfb4730b238ab8605ce6d48c2998aa44
git.stella-ops.org/docs/implplan/SPRINT_140_runtime_signals.md
master f98cea3bcf Add Authority Advisory AI and API Lifecycle Configuration 
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.
2025-11-02 13:50:25 +02:00

9.6 KiB
Raw Blame History

Sprint 140 - Runtime & Signals

[Runtime & Signals] 140.A) Graph Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner Summary: Runtime & Signals focus on Graph).

Task ID State Task description Owners (Source)
GRAPH-INDEX-28-001 TODO Define canonical node/edge schemas, attribute dictionaries, identity rules, and seed fixtures; publish schema doc. Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-002 TODO Implement SBOM ingest consumer producing artifact/package/file nodes and edges with valid_from/valid_to, scope metadata, and provenance links. Dependencies: GRAPH-INDEX-28-001. Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-003 TODO Project Concelier linksets into overlay tiles (affected_by edges, evidence refs) without mutating source observations; keep advisory aggregates in overlay store only. Dependencies: GRAPH-INDEX-28-002. Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-004 TODO Integrate VEX statements (vex_exempts edges) with justification metadata and precedence markers for overlays. Dependencies: GRAPH-INDEX-28-003. Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-005 TODO Hydrate policy overlays into graph (governs_with nodes/edges) referencing effective findings and explain hashes for sampled nodes. Dependencies: GRAPH-INDEX-28-004. Graph Indexer Guild, Policy Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-006 TODO Generate graph snapshots per SBOM with lineage (derived_from), adjacency manifests, and metadata for diff jobs. Dependencies: GRAPH-INDEX-28-005. Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-007 TODO Implement clustering/centrality background jobs (Louvain/degree/betweenness approximations) with configurable schedules and store cluster ids on nodes. Dependencies: GRAPH-INDEX-28-006. Graph Indexer Guild, Observability Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-008 TODO Provide incremental update + backfill pipeline with change streams, retry/backoff, idempotent operations, and backlog metrics. Dependencies: GRAPH-INDEX-28-007. Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-009 TODO Add unit/property/integration tests, synthetic large graph fixtures, chaos testing (missing overlays, cycles), and determinism checks across runs. Dependencies: GRAPH-INDEX-28-008. Graph Indexer Guild, QA Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)
GRAPH-INDEX-28-010 TODO Package deployment artifacts (Helm/Compose), offline seed bundles, and configuration docs; integrate Offline Kit. Dependencies: GRAPH-INDEX-28-009. Graph Indexer Guild, DevOps Guild (src/Graph/StellaOps.Graph.Indexer/TASKS.md)

[Runtime & Signals] 140.B) SbomService Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner Summary: Runtime & Signals focus on SbomService).

Task ID State Task description Owners (Source)
SBOM-AIAI-31-001 TODO Provide GET /sbom/paths?purl=... and version timeline endpoints optimized for Advisory AI (incl. env flags, blast radius metadata). SBOM Service Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-AIAI-31-002 TODO Instrument metrics for path/timeline queries (latency, cache hit rate) and surface dashboards. Dependencies: SBOM-AIAI-31-001. SBOM Service Guild, Observability Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-CONSOLE-23-001 TODO Provide Console-focused SBOM catalog API (/console/sboms) with filters (artifact, license, scope, asset tags), pagination cursors, evaluation metadata, and immutable JSON projections for raw view drawer. Document schema + determinism guarantees. SBOM Service Guild, Cartographer Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-CONSOLE-23-002 TODO Deliver component lookup endpoints powering global search and Graph overlays (component neighborhoods, license overlays, policy deltas) with caching hints and tenant enforcement. Dependencies: SBOM-CONSOLE-23-001. SBOM Service Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-ORCH-32-001 TODO Register SBOM ingest/index sources with orchestrator, embed worker SDK, and emit artifact hashes + job metadata. SBOM Service Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-ORCH-33-001 TODO Report backpressure metrics, honor orchestrator pause/throttle signals, and classify error outputs for sbom jobs. Dependencies: SBOM-ORCH-32-001. SBOM Service Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-ORCH-34-001 TODO Implement orchestrator backfill + watermark reconciliation for SBOM ingest/index, ensuring idempotent artifact reuse. Dependencies: SBOM-ORCH-33-001. SBOM Service Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-SERVICE-21-001 BLOCKED (2025-10-27) Publish normalized SBOM projection schema (components, relationships, scopes, entrypoints) and implement read API with pagination + tenant enforcement. SBOM Service Guild, Cartographer Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-SERVICE-21-002 BLOCKED (2025-10-27) Emit change events (sbom.version.created) carrying digest/version metadata for Graph Indexer builds; add replay/backfill tooling. Dependencies: SBOM-SERVICE-21-001. SBOM Service Guild, Scheduler Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-SERVICE-21-003 BLOCKED (2025-10-27) Provide entrypoint/service node management API (list/update overrides) feeding Cartographer path relevance with deterministic defaults. Dependencies: SBOM-SERVICE-21-002. SBOM Service Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-SERVICE-21-004 BLOCKED (2025-10-27) Wire observability: metrics (sbom_projection_seconds, sbom_projection_size), traces, structured logs with tenant info; set alerts for backlog. Dependencies: SBOM-SERVICE-21-003. SBOM Service Guild, Observability Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-SERVICE-23-001 TODO Extend projections to include asset metadata (criticality, owner, environment, exposure flags) required by policy rules; update schema docs. Dependencies: SBOM-SERVICE-21-004. SBOM Service Guild, Policy Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-SERVICE-23-002 TODO Emit sbom.asset.updated events when metadata changes; ensure idempotent payloads and documentation. Dependencies: SBOM-SERVICE-23-001. SBOM Service Guild, Platform Events Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-VULN-29-001 TODO Emit inventory evidence with scope, runtime_flag, dependency paths, and nearest safe version hints, streaming change events for resolver jobs. SBOM Service Guild (src/SbomService/StellaOps.SbomService/TASKS.md)
SBOM-VULN-29-002 TODO Provide resolver feed (artifact, purl, version, paths) via queue/topic for Vuln Explorer candidate generation; ensure idempotent delivery. Dependencies: SBOM-VULN-29-001. SBOM Service Guild, Findings Ledger Guild (src/SbomService/StellaOps.SbomService/TASKS.md)

[Runtime & Signals] 140.C) Signals Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner Summary: Runtime & Signals focus on Signals).

Task ID State Task description Owners (Source)
SIGNALS-24-003 BLOCKED (2025-10-27) Implement runtime facts ingestion endpoint and normalizer (process, sockets, container metadata) populating context_facts with AOC provenance. Signals Guild, Runtime Guild (src/Signals/StellaOps.Signals/TASKS.md)
SIGNALS-24-004 BLOCKED (2025-10-27) Deliver reachability scoring engine producing states/scores and writing to reachability_facts; expose configuration for weights. Dependencies: SIGNALS-24-003. Signals Guild, Data Science (src/Signals/StellaOps.Signals/TASKS.md)
SIGNALS-24-005 BLOCKED (2025-10-27) Implement Redis caches (reachability_cache:*), invalidation on new facts, and publish signals.fact.updated events. Dependencies: SIGNALS-24-004. Signals Guild, Platform Events Guild (src/Signals/StellaOps.Signals/TASKS.md)

[Runtime & Signals] 140.D) Zastava Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner Summary: Runtime & Signals focus on Zastava).

Task ID State Task description Owners (Source)
ZASTAVA-ENV-01 TODO Adopt Surface.Env helpers for cache endpoints, secret refs, and feature toggles. Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer/TASKS.md)
ZASTAVA-ENV-02 TODO Switch to Surface.Env helpers for webhook configuration (cache endpoint, secret refs, feature toggles). Dependencies: ZASTAVA-ENV-01. Zastava Webhook Guild (src/Zastava/StellaOps.Zastava.Webhook/TASKS.md)
ZASTAVA-SECRETS-01 TODO Retrieve CAS/attestation access via Surface.Secrets instead of inline secret stores. Zastava Observer Guild, Security Guild (src/Zastava/StellaOps.Zastava.Observer/TASKS.md)
ZASTAVA-SECRETS-02 TODO Retrieve attestation verification secrets via Surface.Secrets. Dependencies: ZASTAVA-SECRETS-01. Zastava Webhook Guild, Security Guild (src/Zastava/StellaOps.Zastava.Webhook/TASKS.md)
ZASTAVA-SURFACE-01 TODO Integrate Surface.FS client for runtime drift detection (lookup cached layer hashes/entry traces). Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer/TASKS.md)
ZASTAVA-SURFACE-02 TODO Enforce Surface.FS availability during admission (deny when cache missing/stale) and embed pointer checks in webhook response. Dependencies: ZASTAVA-SURFACE-01. Zastava Webhook Guild (src/Zastava/StellaOps.Zastava.Webhook/TASKS.md)

If all tasks are done - read next sprint section - SPRINT_150_scheduling_automation.md