refactor(findings): merge VulnExplorer into Findings Ledger

- Move VulnExplorer DTOs into Ledger WebService Contracts/VulnExplorer/ (VulnModels, VexDecisionModels, TriageWorkflowModels, AttestationModels, FixVerificationModels, EvidenceSubgraphContracts) - Create VulnExplorerEndpoints.cs mounting all 10 original endpoints (/v1/vulns, /v1/vex-decisions, /v1/evidence-subgraph, /v1/fix-verifications, /v1/audit-bundles) - Create adapter services (VulnExplorerAdapters.cs) that delegate to existing Ledger services (FindingSummaryService, VulnerabilityDetailService, EvidenceGraphBuilder, VexConsensusService) - Wire VulnExplorer authorization policies and service registrations in Ledger Program.cs - Comment out api (VulnExplorer) container in docker-compose.stella-ops.yml - Add vulnexplorer.stella-ops.local as network alias on findings-ledger-web - Update gateway route: /api/vuln-explorer(..) -> findings.stella-ops.local - Update STELLAOPS_VULNEXPLORER_URL -> findings.stella-ops.local - Comment out VulnExplorer in services-matrix.env and hosts file - Update docs: port-registry, component-map, module-matrix, webservice-catalog, findings-ledger README - Eliminates 1 container (stellaops-api) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 13:43:04 +03:00
parent 53f294400f
commit 6b15d9827d
18 changed files with 1615 additions and 38 deletions
--- a/docs/technical/architecture/component-map.md
+++ b/docs/technical/architecture/component-map.md
@@ -18,7 +18,7 @@ Concise descriptions of every top-level component under `src/`, summarising the
 - **Findings** — Materialises effective findings from Policy Engine outputs and evidence. Feeds UI, CLI, Notify, and Governance dashboards (`docs/modules/policy/architecture.md`, findings sections). 
 - **Cartographer** — Builds identity graphs from SBOM/advisory data for Graph Explorer and RiskEngine (`docs/modules/graph/architecture.md`). 
 - **Graph** — Graph API + indexer, exposing relationship queries to UI/CLI/Scheduler (`docs/modules/graph/architecture.md`). 
- **VulnExplorer** — Explorer for vulnerabilities that combines Concelier data, graph overlays, and Policy results for UI/CLI consumption (`docs/modules/vuln-explorer/architecture.md`). 
+- **VulnExplorer** — _(merged into Findings Ledger)_ Explorer for vulnerabilities that combines Concelier data, graph overlays, and Policy results for UI/CLI consumption. Endpoints now served by `src/Findings/StellaOps.Findings.Ledger.WebService`. 

 ## Policy & Governance
 - **Policy** — Policy Engine core libraries and services executing lattice logic across SBOM, advisory, and VEX evidence. Emits explain traces, drives Findings, Notifier, and Export Center (`docs/modules/policy/architecture.md`). 
--- a/docs/technical/architecture/module-matrix.md
+++ b/docs/technical/architecture/module-matrix.md
@@ -22,7 +22,7 @@ The solution contains **46 top-level modules** in `src/`. The architecture docum
 | Data Ingestion | 7 | Concelier, Excititor, VexLens, VexHub, IssuerDirectory, Feedser, Mirror |
 | Scanning & Analysis | 5 | Scanner, BinaryIndex, AdvisoryAI, Symbols, ReachGraph |
 | Artifacts & Evidence | 7 | Attestor, Signer, SbomService, EvidenceLocker, ExportCenter, Provenance, Provcache |
-| Policy & Risk | 4 | Policy, RiskEngine, VulnExplorer, Unknowns |
+| Policy & Risk | 3 | Policy, RiskEngine, Unknowns (VulnExplorer merged into Findings Ledger) |
 | Operations | 8 | Scheduler, Orchestrator, TaskRunner, Notify, Notifier, PacksRegistry, TimelineIndexer, Replay |
 | Integration | 5 | CLI, Zastava, Web, API, Registry |
 | Infrastructure | 6 | Cryptography, Telemetry, Graph, Signals, AirGap, AOC |
--- a/docs/technical/architecture/port-registry.md
+++ b/docs/technical/architecture/port-registry.md
@@ -28,7 +28,7 @@ This page focuses on deterministic slot/port allocation and may include legacy o
 | 10 | 10100 | 10101 | Excititor | `excititor.stella-ops.local` | `src/Concelier/StellaOps.Excititor.WebService` | `STELLAOPS_EXCITITOR_URL` |
 | 11 | 10110 | 10111 | VexHub | `vexhub.stella-ops.local` | `src/VexHub/StellaOps.VexHub.WebService` | `STELLAOPS_VEXHUB_URL` |
 | 12 | 10120 | 10121 | VexLens | `vexlens.stella-ops.local` | `src/VexLens/StellaOps.VexLens.WebService` | `STELLAOPS_VEXLENS_URL` |
-| 13 | 10130 | 10131 | VulnExplorer | `vulnexplorer.stella-ops.local` | `src/Findings/StellaOps.VulnExplorer.Api` | `STELLAOPS_VULNEXPLORER_URL` |
+| 13 | 10130 | 10131 | VulnExplorer (merged into Findings Ledger) | `vulnexplorer.stella-ops.local` (alias on findings-ledger-web) | `src/Findings/StellaOps.Findings.Ledger.WebService` | `STELLAOPS_VULNEXPLORER_URL` |
 | 14 | 10140 | 10141 | Policy Engine | `policy-engine.stella-ops.local` | `src/Policy/StellaOps.Policy.Engine` | `STELLAOPS_POLICY_ENGINE_URL` |
 | 15 | 10150 | 10151 | Policy Gateway | `policy-gateway.stella-ops.local` | `src/Policy/StellaOps.Policy.Gateway` | `STELLAOPS_POLICY_GATEWAY_URL` |
 | 16 | 10160 | 10161 | RiskEngine | `riskengine.stella-ops.local` | `src/Findings/StellaOps.RiskEngine.WebService` | `STELLAOPS_RISKENGINE_URL` |
@@ -123,7 +123,7 @@ Add the following to your hosts file (`C:\Windows\System32\drivers\etc\hosts` on
 127.1.0.10 excititor.stella-ops.local
 127.1.0.11 vexhub.stella-ops.local
 127.1.0.12 vexlens.stella-ops.local
-127.1.0.13 vulnexplorer.stella-ops.local
+# 127.1.0.13 vulnexplorer.stella-ops.local  # MERGED: alias on findings-ledger-web
 127.1.0.14 policy-engine.stella-ops.local
 127.1.0.15 policy-gateway.stella-ops.local
 127.1.0.16 riskengine.stella-ops.local
--- a/docs/technical/architecture/webservice-catalog.md
+++ b/docs/technical/architecture/webservice-catalog.md
@@ -5,7 +5,7 @@ This page is the source-of-truth inventory for Stella Ops `*.WebService` runtime
 ## Scope and contract
 - Inventory source: `rg --files src -g "*WebService.csproj"`.
 - Includes active runtime webservices only (31 services).
- Excludes non-`WebService` API binaries (for example `StellaOps.Policy.Engine`, `StellaOps.Policy.Gateway`, `StellaOps.Graph.Api`, `StellaOps.VulnExplorer.Api`, `StellaOps.Symbols.Server`, `StellaOps.Registry.TokenService`, `StellaOps.SmRemote.Service`) even though they may bind `*.stella-ops.local` aliases.
+- Excludes non-`WebService` API binaries (for example `StellaOps.Policy.Engine`, `StellaOps.Policy.Gateway`, `StellaOps.Graph.Api`, `StellaOps.Symbols.Server`, `StellaOps.Registry.TokenService`, `StellaOps.SmRemote.Service`) even though they may bind `*.stella-ops.local` aliases. Note: `StellaOps.VulnExplorer.Api` has been merged into `StellaOps.Findings.Ledger.WebService` (SPRINT_20260408_002).
 - Canonical runtime hostname form: `<service>.stella-ops.local`.

 ## Runtime hostname convention and exceptions