Build status.

Day 1 — OpenAPI 3.1 contract

Day 2 — Docker Compose data + identity

Day 3 — vLLM and 70B model serving

Day 4 — Triton with YOLOv11 + XGBoost

Day 5 — FastAPI gateway skeleton + OIDC

Days 6–7 — /v1/chat/completions with streaming

Day 8 — /v1/embeddings + /v1/rag/query

Day 9 — /v1/vision/detect + /v1/predict

Day 10 — /v1/agents/run with LangGraph

Day 11 — SDKs from OpenAPI

Day 12 — Open WebUI demo UI

Day 13 — Developer portal (mkdocs)

Day 14 — Internal demo + v0.1.0 cut

Provision lab cluster and RKE2

Supply chain plumbing (CI, Harbor, signing)

Identity and secrets infrastructure

Big Bang and network policy

Hybrid PQC edge gateway

Observability baseline and audit plumbing

OSCAL skeleton and SSP foundation

Hardening, DR, and handoff

First Phase-1 hardening drill executions (OpenSCAP / backup-restore / break-glass / 1-day redeploy)

[WBE-506 pre-flight] Provision nested KVM VM on engaiged as 1-day-redeploy target (AC#7)

[WBE-506 pre-flight] Land 5 missing drill runbooks (40/41/42/43 + RUNBOOK-1-day-redeploy)

[WBE-506 pre-flight] OpenBao drill-paths bootstrap Job (5 paths)

[WBE-506 pre-flight] Drill-fire helper script (scripts/drills/fire-drill.sh + per-drill wrappers)

[WBE-506 pre-flight] Resolve cold-MinIO endpoint OR same-instance fallback for AC#4

[WBE-506 pre-flight] OSCAL impl additions for CP-9 / CP-10 / CP-12 / IR-3 (writ-platform component-definition)

[WBE-506 pre-flight] Fix scorecard drift — WBE-4 line + add WBE-506 + WBE-95 entries

[WBE-506 pre-flight] Pre-stage hello-platform canary ConfigMap (etcd drill round-trip target)

KServe, vLLM, and Triton serving

Data plane infrastructure

Gateway v0 with OIDC and audit

RAG path with pgvector + reranking

LangGraph agents with 2 stub tools

Training with Ray and MLflow

SDKs and developer portal

Sample mission frontend and demo

Audit chain hardening with ML-DSA signing

CUI classifier service

OPA/ABAC policy bundle

MCP tool sandbox with gVisor

Model cards and in-toto provenance

Langfuse, Falco, Wazuh SIEM integration

Crypto-agility wrapper and signing posture

Compliance Automation (OpenSCAP / InSpec / Osquery / Trestle OSCAL)

Homomorphic Encryption & PIR (Tier-3)

FL Poisoning Detection

Federated ML serving (cross-enclave model sharing)

Peering agreement enforcement (Rego bundles + revocation)

Bastion SSH CA via step-ca + Keycloak OIDC

OpenBao agent injector (when openbao-k8s image publishes)

GitOps for operator-only components (Keycloak Operator, local-path-provisioner)

Migrate OpenBao PKCS#11 seal from built-in to KMS-plugin (2.6.0 deprecation)

writ-oidc-consumer 0.3-0.5 advanced features

WBE-49 Phase E: ClickHouse queryable audit sink (NATS → ClickHouse, tamper-evident via MinIO WORM cross-check)

Audit-chain rollover marker event (resolves post-cutover seq-gap + hash-mismatch)

Rust crypto-agility placeholder package (dcrypto-rs)

Bao Transit key-rotation runbook rehearsal (§25.14 exercise)

Go Bao Transit client as dcrypto public API (retire stdlib net/http callers)

Declarative platform-lab admin role grants (move off direct-DB path)

MCP Director + OAuth scope-to-namespace mapping (Phase 3)

envoy-pqc data-plane rollout — swap istio-gateway image to envoy-pqc in writ-lab-gateway

Ingress OCSP stapling + DoD PKI bundle pin on writ-lab-gateway

OPA: gateway flip OPA_ENFORCE_MODE=enforce + JWT input enrichment

OPA: p95 decision-latency SLO ≤5ms — ServiceMonitor + PrometheusRule + k6 benchmark

OPA: PEP topology decision — central Deployment vs per-Pod sidecar

RBAC/ABAC: compartments + caveats (set-arithmetic helper + data/caveats.json)

OPA: wire opa test --coverage --threshold 90 into bundle-build CI

OPA bundle: hybrid ML-DSA cosign attestor (Dilithium key alongside ECDSA)

Audit-signer key-rotation SOP — Bao Transit + KV2 ML-DSA keypair ceremonies

Audit-signer: Phase E — wire BaoTransitMLDSASigner once OpenBao supports ML-DSA

Audit-events ClickHouse mirror: add prev_hash + sig_alg + sig_b64 columns (optional)

CUI Classifier: rule-based baseline (Presidio + DoD regex) + /v1/cui/classify endpoint

CUI Classifier: ML head — DistilBERT multi-label fine-tune + ONNX inference

CUI Classifier: marking propagation to Postgres + MinIO + pgvector + MLflow

CUI Classifier: adversarial evasion test harness (homoglyphs/zero-width/leet) — >95% AC + steward override

Speech Phase 2 — CUI marking + voice-clone guardrails + WORM hashprint + Wazuh correlation

VLM Phase 2 — image-modality CUI extension + multimodal Garak + GEOINT change detection

Time-Series Phase 2 — per-tenant Iceberg isolation + CUI marking + streaming anomaly + SIEM correlation

cui-classifier gRPC interface (Phase 2 follow-up of WBE-42 §13)

timeseries Phase-3 follow-ups: Iceberg + Ray actors + DB schema + Day-2 runbook

Production-grade bias probe corpus + real sentiment classifier (eval-runner)

Production-grade privacy PII corpus + membership-inference canaries (eval-runner)

Production-grade robustness adversarial seeds + TextAttack integration (eval-runner)

Production-grade hallucination DoD-domain factuality oracle (eval-runner)

Production-grade tool_use BFCL benchmark + ReAct sandbox + OPA/CUI enforcement (eval-runner)

TruthfulQA full-set integration (vs smoke-grade 12-question subset)

MCP Director: k8s-job dispatch mode (per-call gVisor pod-spawn)

MCP egress policy proxy (Squid/Envoy L7 enforcement)

Iron Bank image-source preference + CI gate (prefer registry1.dso.mil over public mirrors where available)

Internal mock assessment and platform freeze

Air-gap hardening and bundler

C3PAO pre-assessment execution

Findings remediation

Final OSCAL package and evidence

AO briefing and ConMon plan

Production cutover plan

IL5 enclave standup

Tenant onboarding playbook

Hybrid-to-PQC crypto evolution

Quarterly ConMon cadence and reports

Control Plane v1 migration (Go or Rust)

Capability roadmap deliveries (Year 2)

Operating rituals and sustainment

Platform KPI dashboard and quarterly scorecard

Federation identity broker (Keycloak + external IdP)

Phase gate checklist and milestone tracking

ATO RMF Pathway

CMMC Level 2 Certification

Continuous Control Evidence (ConMon)

OSCAL SSP Authoring with Trestle

Control-to-Test Mapping

FIPS module validation tracking and SSP equivalence documentation

NIST AI RMF reporting dashboard

CNSA 2.0 transition tracker and deprecation warnings

Quarterly IR playbook tabletop exercise

Audit integrity procedures SOP

OSCAL assessment-results + POA&M auto-create normalizer for Grype/Trivy findings

DoD IL4/IL5 + AI overlay OSCAL profiles + resolved writ-il4 profile

OSCAL → markdown → Pandoc PDF render pipeline + CI gate for evidence-test prop

OSCAL evidence emitter for SI-7 + CM-11 (model-weight supply chain)

ConMon: osquery DaemonSet + 5-min collection (CM-2/CM-7/CM-8/SI-7)

ConMon: InSpec hourly CronJob + control profiles (AC/IA/SC/SI)

ConMon: OpenSCAP daily CronJob + CIS baseline (CM-6/SI-2)

ConMon: OSCAL assessment-results normalizer (collector → JSON)

ConMon: evidence-WORM MinIO bucket + ML-DSA-65 signer wiring

ConMon: CI gate — block merges with missing/stale evidence-test prop

ConMon: cadence reporting — weekly completeness, monthly POA&M, quarterly attestation

Cyber Survivability Attributes (CSA) v0 matrix — CSRMC tenet 5

Establish recurring annual pen-test cadence + POA&M feedback path

OSCAL → AO submission tool adapter (eMASS / RegScale / Xacta) — selection + integration

Harbor Registry & Root of Trust

Artifact Signing with Sigstore Cosign

Build Attestations — in-toto / SLSA L3

SBOM Generation with Syft

Vulnerability Scanning — Trivy & Grype

Hybrid PQC at Ingress & Throughout

CI/CD Pipelines — Tekton + Argo Workflows

GitLab CE / Gitea Source Control

Foundation image-source policy enforcement (Kyverno allow-list)

Iron Bank / Big Bang umbrella transition (post-AO PKI access)

Cosign attestor verification for parallel-Big-Bang upstream images — remove skipImageReferences

Wire syft-sbom + grype-scan Tekton Tasks into build Pipeline

WBE-93 CI integration: dcgate Tekton Task + cosign-attest FIPS predicate

WBE-72 CI integration: Tekton Chains SLSA provenance + attestation emission

Model artifact supply-chain — SBOM + CBOM + SLSA provenance + model-card attestations

CBOM per-release generator — automate crypto-asset subset emission alongside Syft SBOM

dcgate — source-side AST + image ELF FIPS scanners (WBE-93 wave 2)

Mirror + re-sign long-tail foundation images with writ-cosign-v1 (WBE-177 alternative path)

Model weights supply-chain Tekton Pipeline (download → scan → cosign-sign → SLSA-attest → publish)

AI-runtime image mirror+sign — vLLM + Triton + TorchServe + HF server (WBE-218 pattern)

CI Task TLS trust hardening — replace INSECURE_SKIP_TLS_VERIFY with OpenBao PKI CA mount

Harbor self-hosted mirror migration — cold-start safe Kustomize sweep

Harbor mirror project public→private flip (ci-pull auth across consumer namespaces)

WBE-227 Tier B: mirror+sign Triton + vLLM production runs

WBE-227 Tier C: classical ML KServe runtimes (sklearn, xgb, pytorch, tensorflow)

Gateway base image: migrate off docker.io/library/python:3.12-slim to signed distroless

KServe storage-initializer cosign-verify-blob init container

Retire writ-cosign-v1: re-sign 5 image families with writ-cosign-v2 + enable Rekor tlog on Kyverno policies

Harbor retention policies per project (keep-last-N tags + delete older than X days)

Foundation-image rebuild scan-gate policy (VEX vs only-fixed vs ISSO exception)

Phase 2.5: re-attest SBOM / FIPS / SLSA envelopes under writ-cosign-v2 (unblock Phase 3b)

Provision Harbor mirror repos for opa-bundle-sign task images (openpolicyagent/opa, library/alpine)

WBE-226 pipeline: add HF gated-access token support via OpenBao KV2

WBE-226 pipeline: add Triton model-repository non-HF upload path

Persist nvcr.io + vLLM/Triton Harbor replication objects via harbor-projects-job

FIPS + SLSA attestation emitters for platform-image-build pipelines