stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat(excititor+cli+web): VEX provider control plane — CLI + Web extensions (SPRINT_20260422_004)

Browse Source 
Continues the SPRINT_20260422_004_Concelier_full_connector_control_plane
feature stream started in commit 5c1b59580 (Excititor provider management
endpoints + contracts + service + tests). Adds the CLI + Web surfaces on
top of that backend.

CLI (src/Cli/**):
- CommandHandlers + BackendOperationsClient extended with provider
  management calls
- ExcititorProviderSummary model added to the CLI's service models
- NonCoreCliCommandModule wires the new commands; tests updated
- TASKS.md entries synced

Web console (src/Web/StellaOps.Web/**):
- New vex-provider-catalog.component + vex-provider-management.api client
- advisory-source-catalog + advisory-vex-route-helpers extended to route
  users to the new VEX provider surface
- integration-hub.routes.ts registers the new route
- security-disposition-page.component.ts updated for the flow

Excititor/Concelier docs + contracts:
- docs/modules/excititor/operations/provider-control-plane.md — operator
  guide for the new control plane
- docs/modules/excititor/README.md + docs/modules/concelier/{README,
  connectors}.md — cross-links + refs
- ConfiguredAdvisorySourceService.cs — additional provider plumbing
- StellaOps.Excititor.WebService/TASKS.md synced

Sprint doc (docs/implplan/SPRINT_20260422_004_*.md) reflects the
in-flight progress.

This is external-stream work picked up during the 2026-04-22 session's
closeout — bundling it now so the working tree is clean and main stays
in sync with local feature-branch state.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-22 19:24:49 +03:00
parent feb1fae5f5
commit 3871732765
20 changed files with 1983 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/modules/concelier/README.md
View File

@@ -1,15 +1,12 @@
# StellaOps Concelier
Concelier ingests signed advisories from **32 advisory connectors** and converts them into immutable observations plus linksets under the Aggregation-Only Contract (AOC).
Concelier maintains a catalog of **78 advisory source definitions** and currently wires **31 built-in runnable advisory pipelines** in the default WebService host. It converts signed advisories into immutable observations plus linksets under the Aggregation-Only Contract (AOC).
**Advisory Sources (32 connectors):**
- **National CERTs (8):** ACSC (Australia), CCCS (Canada), CERT-Bund (Germany), CERT-CC (US), CERT-FR (France), CERT-IN (India), JVN (Japan), KISA (Korea)
- **OS Distros (5):** Alpine SecDB, Debian Security Tracker, RedHat OVAL, SUSE OVAL, Ubuntu USN
- **Vendors (7):** Apple, Adobe, Chromium, Cisco PSIRT, Microsoft MSRC, Oracle, VMware
- **Standards (5):** CVE, NVD, GHSA (GitHub), OSV, EPSS v4
- **Threat Intel (3):** KEV (CISA Exploited Vulns), CISA ICS, Kaspersky ICS
- **Regional (3):** Russia BDU, Russia NKCKI, Plus regional mirrors
- **Internal (1):** StellaOps internal mirror
Current operator references:
- Full advisory inventory and runnable-vs-catalog truth: [`connectors.md`](./connectors.md)
- Stored credential and endpoint override entry paths: [`operations/source-credentials.md`](./operations/source-credentials.md)
- Per-connector runbooks: `./operations/connectors/`
## Responsibilities
- Fetch and normalise vulnerability advisories via restart-time connectors.