stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates

Browse Source 
Bundled pre-session doc + ops work:
- docs/modules/**: sync across advisory-ai, airgap, cli, excititor,
  export-center, findings-ledger, notifier, notify, platform, router,
  sbom-service, ui, web (architectural + operational updates)
- docs/features/**: updates to checked excititor vex pipeline,
  developer workspace, quick verify drawer
- docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE,
  code-of-conduct/TESTING_PRACTICES updates
- docs/qa/feature-checks/: FLOW.md + excititor state update
- docs/implplan/: remaining sprint updates + new Concelier source
  credentials sprint (SPRINT_20260422_003)
- docs-archived/implplan/: 30 sprint archival moves (ElkSharp series,
  misc completed sprints)
- devops/compose: .env + services compose + env example + router gateway
  config updates

File-level granularity preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-22 16:06:39 +03:00
parent ad77711ac2
commit 7943cfb3af
121 changed files with 10483 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/UI_GUIDE.md
View File

@@ -135,6 +135,8 @@ Some settings are controlled at the organization level:
- Use **Advisories & VEX** to see which providers contributed statements, whether signatures verified, and where conflicts exist.
- The Console should not silently hide conflicts; it should show what disagrees and why, and how policy resolved it.
- **Security Posture** and **Ops > Operations > Feeds & Airgap** now both expose a direct **Configure Sources** handoff so stale or disabled advisory feeds can be corrected from the posture and operations owner pages without drilling through secondary panels first.
- The **Configure Sources** panel now includes persisted source settings for GHSA, Cisco, Microsoft, Oracle, Adobe, and Chromium. Stored secrets are shown only as retained state; leaving a secret field blank preserves the retained server-side value unless the operator explicitly clears it.
See `docs/VEX_CONSENSUS_GUIDE.md` for the underlying concepts.
@@ -144,6 +146,7 @@ See `docs/VEX_CONSENSUS_GUIDE.md` for the underlying concepts.
- The **Suggested Setup Order** card now shows the recommended sequence, a short "why this matters" explanation for each connector class, and a completion badge driven by the live connector counts.
- The intended order is: **Registries -> Source Control -> CI/CD -> Advisory & VEX Sources -> Secrets**.
- Treat the badges as an onboarding checklist: `Done` means Stella already has at least one connector in that category; `Not started` means the category still blocks part of the release-evidence flow.
- For **Advisory & VEX Sources**, use the handoff into **Configure Sources** to enter GHSA, Cisco, and Microsoft credentials or to override Oracle, Adobe, and Chromium public endpoints for mirrored deployments.
### Contextual Helper and Educational Empty States