|
| 1 | +# Wave 8 execution — threat intel + DNA content depth |
| 2 | + |
| 3 | +You are resuming a long-running program on the DojoLM monorepo. Wave 7B |
| 4 | +merged to `main` on 2026-04-20 via ADRs 0061-0072 and PRs #46-59. |
| 5 | +Post-merge audit closed 4 findings (severity mix, DNA auto-load, |
| 6 | +physical fixture emission, TS errors) in ADR-0072. |
| 7 | + |
| 8 | +**Wave 8 is threat-intel + DNA content depth — the intel feeds return |
| 9 | +rich structured data; we currently collapse it to skeleton records. |
| 10 | +Stop doing that. Build the structured fields operators actually want |
| 11 | +to filter / aggregate on.** 6 core tickets + 5 gap-fill tickets from |
| 12 | +the Wave 7B.10 audit, ~4-5 weeks single-agent. |
| 13 | + |
| 14 | +## Repo state |
| 15 | + |
| 16 | +- **Branch:** new worktree, branch from `main`. |
| 17 | +- **Gates on the Wave 7B close commit:** dojolm-web 6903/6903, |
| 18 | + bu-tpi 6175/6175, verify:docs ALL METRICS MATCH (3,465 fixtures), |
| 19 | + test:tools 11/11. |
| 20 | +- **Pre-existing TS errors:** 40+ in admin/login/etc route tests — |
| 21 | + NOT Wave 8 scope; runtime tests pass. |
| 22 | +- **Pre-existing lint:** `eslint-plugin-react` vs ESLint 10 — |
| 23 | + inherited, not Wave 8 scope. |
| 24 | + |
| 25 | +## Read first |
| 26 | + |
| 27 | +1. [`team/docs/IMPLEMENTATION-RULES.md`](../IMPLEMENTATION-RULES.md) — |
| 28 | + every time. Auto-approval, parallel subagent research, Ollama test |
| 29 | + endpoint, BlackUnicorn branding, closure checklist. |
| 30 | +2. [`team/docs/FUTURE-IMPLEMENTATIONS.md`](../FUTURE-IMPLEMENTATIONS.md) |
| 31 | + — deferred / speculative items with trigger. |
| 32 | +3. [`team/docs/adr/WAVES-5-10-ROADMAP.md`](WAVES-5-10-ROADMAP.md) |
| 33 | + §"Wave 8" — the 6 core ticket specs. |
| 34 | +4. [`team/docs/adr/wave-0/0071-fixture-gap-audit.md`](wave-0/0071-fixture-gap-audit.md) |
| 35 | + — 5 additional Wave 8+ tickets (Atemi / Arena / Bushido / Kagami / |
| 36 | + Mitsuke corpora) proposed with effort + shape. |
| 37 | +5. `team/docs/adr/wave-0/0062-0072-*.md` — every Wave 7B + audit ADR. |
| 38 | +6. `team/backlog/README.md` — every Wave 0-7B + audit ticket |
| 39 | + `~~shipped~~`. |
| 40 | +7. `team/docs/adr/WAVE-7B-HANDOVER.md` — prior handover (closed |
| 41 | + 2026-04-20). |
| 42 | + |
| 43 | +## What Wave 8 IS |
| 44 | + |
| 45 | +Two concurrent themes. |
| 46 | + |
| 47 | +### Theme A — Intel depth (6 core tickets per roadmap) |
| 48 | + |
| 49 | +| # | Ticket | Effort | Status | |
| 50 | +|---|---|---|---| |
| 51 | +| 8.1 | `I-FIELD-NORMALIZATION` — extract structured fields (CVSS vector, CWE id, affected products, reference type) from upstream JSON; extend `IntelligenceEntryRecord` with optional typed fields; adapters populate; `LibraryPageTemplate` renders. | ~3d | open | |
| 52 | +| 8.2 | `I-SEVERITY-RECONCILIATION` — when NVD says HIGH and EPSS says LOW for same CVE, surface both side-by-side with composite score. Add "signal conflict" badge. | ~2d | open | |
| 53 | +| 8.3 | `I-ATLAS-STIX` — upgrade MITRE ATLAS adapter from `case-studies.json` to STIX 2.1 bundle. Richer relationships (technique → tactic → mitigation). Preserves existing `IntelligenceEntryRecord` shape. | ~3d | open | |
| 54 | +| 8.4 | `DNA-LINEAGE-UI` — Amaterasu DNA UI surface for the Wave 7B.6 corpus (28 nodes in `DEFAULT_ATTACK_NODES`). Tree view with family → technique → variant drill-down. Click-through to linked Sengoku plans via `metadata.sengokuPlanIds`. | ~3d | open | |
| 55 | +| 8.5 | `MITSUKE-INDICATOR-TYPES` — current indicators flat strings. Add typed categories (domain, IP, hash, URL-pattern, TTP-id) with per-type rendering + filters. **Fold in the Wave 7B.10 Mitsuke corpus gap** (60+ indicators + 15+ triage templates). | ~2-4d | open | |
| 56 | +| 8.6 | `KAGAMI-CORPUS-IF-EXISTS` — promote from FUTURE per ADR-0071: `src/lib/kagami/` doesn't exist. Create `src/lib/kagami/fixtures.ts` with 40+ behaviour-test pairs + 10+ model-pair comparisons. | ~3d | open (promote) | |
| 57 | + |
| 58 | +**Theme A total: ~18 days.** |
| 59 | + |
| 60 | +### Theme B — Wave 7B.10 gap-fill (3 additional corpus tickets) |
| 61 | + |
| 62 | +| # | Ticket | Effort | Source | |
| 63 | +|---|---|---|---| |
| 64 | +| 8.7 | `ATEMI-CORPUS` — new `src/lib/atemi/fixtures.ts`: 20+ Attack Tools, 30+ Playbooks, 15+ Campaigns. Cross-references Wave 7B.6 DNA families. | ~3d | ADR-0071 | |
| 65 | +| 8.8 | `ARENA-MATCH-CORPUS` — new `src/lib/arena/fixtures.ts`: 25+ multi-agent matches + 5+ historical leaderboard snapshots. | ~3d | ADR-0071 | |
| 66 | +| 8.9 | `BUSHIDO-FRAMEWORK-CORPUS` — new `src/lib/bushido/fixtures.ts`: 8+ compliance frameworks (NIST/ISO27001/SOC2/HIPAA/GDPR/FedRAMP/EU-AI-Act/BU-Internal) + 50+ mappings/framework + 30+ evidence templates. | ~5d | ADR-0071 | |
| 67 | + |
| 68 | +**Theme B total: ~11 days.** |
| 69 | + |
| 70 | +## Total effort |
| 71 | + |
| 72 | +| Theme | Tickets | Days | |
| 73 | +|---|---|---| |
| 74 | +| A — Intel depth | 6 | ~18 | |
| 75 | +| B — 7B.10 gap-fill | 3 | ~11 | |
| 76 | +| **Total Wave 8** | **9** | **~29 (~5 weeks)** | |
| 77 | + |
| 78 | +## Working rules (inherited) |
| 79 | + |
| 80 | +- Auto-approval / parallel subagents / live tests / 100% pass / no |
| 81 | + force-push / ADR per ticket (start at 0073 — 0072 was audit |
| 82 | + follow-up). |
| 83 | +- BU branding target: every new fixture / indicator / corpus entry |
| 84 | + uses the QA-MASTER-PLAN §737-754 id convention |
| 85 | + `<target>-<attack-shortname>-<severity>-<nnn>` and references a |
| 86 | + fictional LLM (DojoLM / BonkLM / Basileak / PantheonLM / Marfaak). |
| 87 | +- Criticity mix: 10% CRITICAL / 20% HIGH / 30% MEDIUM / 30% LOW / |
| 88 | + 10% INFO on every net-new corpus. |
| 89 | + |
| 90 | +## PR contract |
| 91 | + |
| 92 | +- One ticket = one PR (large), unless explicitly bundled. |
| 93 | +- Every ticket has its own ADR (start at 0073). |
| 94 | +- Admin-merge pattern: pre-existing CI rot blocks normal merge; |
| 95 | + confirm with user before admin-merging the first Wave 8 PR, then |
| 96 | + proceed autonomously. |
| 97 | + |
| 98 | +## Wave 9+ direction |
| 99 | + |
| 100 | +See [`WAVES-5-10-ROADMAP.md`](WAVES-5-10-ROADMAP.md) §"Wave 9" — |
| 101 | +UX polish + test depth (~2 weeks, 5 tickets) — and §"Wave 10" — |
| 102 | +demo / provider coverage / operator docs (~2 weeks, 5 tickets). |
| 103 | + |
| 104 | +## First task |
| 105 | + |
| 106 | +Recommended: ticket **8.4 DNA-LINEAGE-UI** first — it consumes the |
| 107 | +Wave 7B.6 corpus that already exists (`DEFAULT_ATTACK_NODES`) and |
| 108 | +gives operators a visible win. No new corpus needed to start. |
| 109 | + |
| 110 | +Alternatively: **8.1 I-FIELD-NORMALIZATION** for breadth — every |
| 111 | +downstream ticket (8.2/8.3/8.5) benefits from the richer record |
| 112 | +shape. |
| 113 | + |
| 114 | +Ask the user which Wave 8 ticket to ship first; default to **8.4 |
| 115 | +DNA-LINEAGE-UI**. |
| 116 | + |
| 117 | +For whichever ticket is accepted: |
| 118 | + |
| 119 | +1. Read the matching roadmap section + ADR-0066 (DNA corpus) + |
| 120 | + ADR-0069 (plan annotations) if 8.4. |
| 121 | +2. Draft an implementation brief. |
| 122 | +3. Build → test → lint → verify:docs → audit → re-audit until CLEAN. |
| 123 | +4. Create `team/docs/adr/wave-0/0073-<slug>.md`. |
| 124 | +5. Update `team/backlog/README.md` when shipped. |
| 125 | +6. Commit + report + ask for the next ticket. |
| 126 | + |
| 127 | +Under 100 words for your first response. |
0 commit comments