stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

refactor(graph): absorb Cartographer into graph-api + wire Graph Indexer

Browse Source 
- Wire Graph Indexer library + Persistence into graph-api (csproj refs + DI)
- Add build/overlay endpoints matching Scheduler HTTP contracts
  (POST/GET /api/graphs/builds, POST/GET /api/graphs/overlays)
- Add PostgresGraphRepository for reading from graph.graph_nodes/edges
- Register SBOM ingest, analytics, change-stream, and inspector pipelines
- Comment out Cartographer container in compose (empty shell, Slot 21)
- Add cartographer.stella-ops.local as backwards-compat alias on graph-api
- Update Scheduler config to target graph.stella-ops.local
- Update services-matrix.env, hosts file, port-registry, module-matrix
- Update component-map, architecture docs, Scanner/Graph READMEs
- Eliminates 1 container (stellaops-cartographer)

All 133 existing tests pass (77 Api + 37 Indexer + 19 Core).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-08 15:48:18 +03:00
parent 13c4811e32
commit 6592cdcc9b
16 changed files with 592 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Scanner/README.md
View File

@@ -1,15 +1,18 @@
# Scanner
**Container(s):** stellaops-scanner-web, stellaops-scanner-worker, stellaops-cartographer
**Slot:** 8 (web + worker), 21 (cartographer) | **Port:** 8444 (web) | **Consumer Group:** scanner (web), cartographer
**Resource Tier:** heavy (web + worker), light (cartographer)
**Container(s):** stellaops-scanner-web, stellaops-scanner-worker
**Slot:** 8 (web + worker) | **Port:** 8444 (web) | **Consumer Group:** scanner (web)
**Resource Tier:** heavy (web + worker)
> **Note:** Cartographer (Slot 21) has been retired and merged into graph-api (Slot 20).
> See `src/Graph/README.md` for the merged service.
## Purpose
The Scanner module performs SBOM generation, vulnerability analysis, reachability mapping, and supply-chain security scanning of container images. The web service exposes scan APIs (triage, SBOM queries, offline-kit management, replay commands), while the worker processes scan jobs from Valkey queues through a multi-stage pipeline (analyzers, EPSS enrichment, secrets detection, crypto analysis, build provenance, PoE generation, verdict push).
## API Surface
- `scanner` (via Router) — SBOM queries, scan submissions, triage, reachability slices, offline-kit import/export, smart-diff, policy gate evaluation
- `cartographer` (via Router) — dependency graph construction and mapping
- `cartographer` — RETIRED; merged into graph-api (Slot 20)
## Storage
PostgreSQL schema `scanner` (via `ScannerStorage:Postgres`); RustFS object store for artifacts (`scanner-artifacts` bucket)