stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates

Browse Source 
Bundled pre-session doc + ops work:
- docs/modules/**: sync across advisory-ai, airgap, cli, excititor,
  export-center, findings-ledger, notifier, notify, platform, router,
  sbom-service, ui, web (architectural + operational updates)
- docs/features/**: updates to checked excititor vex pipeline,
  developer workspace, quick verify drawer
- docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE,
  code-of-conduct/TESTING_PRACTICES updates
- docs/qa/feature-checks/: FLOW.md + excititor state update
- docs/implplan/: remaining sprint updates + new Concelier source
  credentials sprint (SPRINT_20260422_003)
- docs-archived/implplan/: 30 sprint archival moves (ElkSharp series,
  misc completed sprints)
- devops/compose: .env + services compose + env example + router gateway
  config updates

File-level granularity preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-22 16:06:39 +03:00
parent ad77711ac2
commit 7943cfb3af
121 changed files with 10483 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
docs/modules/cli/guides/commands/db.md
View File

@@ -1,11 +1,60 @@
# stella db - Command Guide
The `stella db` command group triggers Concelier database operations via backend jobs (connector stages, merge reconciliation, exports).
The `stella db` command group triggers Concelier database operations via backend jobs and advisory-source management APIs.
These commands are operational: they typically require Authority authentication and appropriate Concelier scopes.
## Commands
### db connectors configure
Inspect or update persisted advisory source configuration.
```bash
stella db connectors configure ghsa --server https://concelier.example.internal
stella db connectors configure ghsa \
--server https://concelier.example.internal \
--set apiToken=github_pat_xxx
stella db connectors configure cisco \
--server https://concelier.example.internal \
--set clientId=... \
--set clientSecret=...
stella db connectors configure microsoft \
--server https://concelier.example.internal \
--set tenantId=... \
--set clientId=... \
--set clientSecret=...
stella db connectors configure oracle \
--server https://concelier.example.internal \
--set calendarUris=https://www.oracle.com/security-alerts/,https://mirror.example.internal/oracle/
stella db connectors configure adobe \
--server https://concelier.example.internal \
--set indexUri=https://mirror.example.internal/adobe/security-bulletin.html
stella db connectors configure chromium \
--server https://concelier.example.internal \
--set feedUri=https://mirror.example.internal/chromium/atom.xml
```
Options:
- `--set key=value`: set a field value. Repeat for multiple fields.
- `--clear <field>`: clear a stored field. Repeat for multiple fields.
- `--server`: Concelier API base URL.
- `--tenant`, `-t`: tenant override.
- `--format`, `-f`: `text` or `json`.
Notes:
- Sensitive fields are returned as retained or not-set markers, not plaintext values.
- Multi-value URI fields accept comma-, semicolon-, or newline-separated absolute URIs.
- The current CLI path sends literal values on the command line. Use the Web UI path if command-history exposure is unacceptable for a secret.
### db fetch
Trigger a connector stage (`fetch`, `parse`, or `map`) for a given source.
@@ -17,9 +66,10 @@ stella db fetch --source osv --stage map
```
Options:
- `--source` (required): connector identifier (for example `osv`, `redhat`, `ghsa`).
- `--stage` (optional): `fetch`, `parse`, or `map` (defaults to `fetch`).
- `--mode` (optional): connector-specific mode (for example `init`, `resume`, `cursor`).
- `--source` (required): connector identifier such as `osv`, `redhat`, `ghsa`, or `cisco`
- `--stage` (optional): `fetch`, `parse`, or `map` (defaults to `fetch`)
- `--mode` (optional): connector-specific mode such as `init`, `resume`, or `cursor`
### db merge
@@ -39,22 +89,24 @@ stella db export --format trivy-db --delta
```
Options:
- `--format` (optional): `json` or `trivy-db` (defaults to `json`).
- `--delta` (optional): request a delta export when supported.
- `--publish-full` / `--publish-delta` (optional): override whether exports are published (true/false).
- `--bundle-full` / `--bundle-delta` (optional): override whether offline bundles include full/delta exports (true/false).
- `--format` (optional): `json` or `trivy-db`
- `--delta` (optional): request a delta export when supported
- `--publish-full` or `--publish-delta` (optional): override publish behavior
- `--bundle-full` or `--bundle-delta` (optional): override offline bundle behavior
## Common setup
Point the CLI at the Concelier base URL:
```bash
export STELLAOPS_BACKEND_URL="https://concelier.example.internal"
```
Authenticate:
```bash
stella auth login
```
See: `docs/CONCELIER_CLI_QUICKSTART.md` and `docs/modules/concelier/operations/authority-audit-runbook.md`.
See `docs/CONCELIER_CLI_QUICKSTART.md` and `docs/modules/concelier/operations/authority-audit-runbook.md`.