refactor: JobEngine cleanup + crypto compose refactor + sprint plans + timeline merge prep

- Remove zombie JobEngine WebService (no container runs it) - Remove dangling STELLAOPS_JOBENGINE_URL, replace with RELEASE_ORCHESTRATOR_URL - Update Timeline audit paths to release-orchestrator - Extract smremote to docker-compose.crypto-provider.smremote.yml - Rename crypto compose files for consistent naming - Add crypto provider health probe API (CP-001) + tenant preferences (CP-002) - Create sprint plans: crypto picker, VulnExplorer merge, scheduler plugins - Timeline merge prep: ingestion worker relocated to infrastructure lib Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 13:45:19 +03:00
parent 59e7f25d96
commit 886ff6f9d2
118 changed files with 1593 additions and 17761 deletions
--- a/devops/compose/docker-compose.stella-services.yml
+++ b/devops/compose/docker-compose.stella-services.yml
@@ -263,11 +263,12 @@ services:
      STELLAOPS_EXCITITOR_URL: "http://excititor.stella-ops.local"
      STELLAOPS_VEXHUB_URL: "http://vexhub.stella-ops.local"
      STELLAOPS_VEXLENS_URL: "http://vexlens.stella-ops.local"
-      STELLAOPS_VULNEXPLORER_URL: "http://vulnexplorer.stella-ops.local"
+      STELLAOPS_VULNEXPLORER_URL: "http://findings.stella-ops.local"
      STELLAOPS_POLICY_ENGINE_URL: "http://policy-engine.stella-ops.local"
      # STELLAOPS_POLICY_GATEWAY_URL removed: gateway merged into policy-engine
      STELLAOPS_RISKENGINE_URL: "http://riskengine.stella-ops.local"
-      STELLAOPS_JOBENGINE_URL: "http://jobengine.stella-ops.local"
+      # STELLAOPS_JOBENGINE_URL removed: WebService retired; audit/first-signal now served by release-orchestrator
+      STELLAOPS_RELEASE_ORCHESTRATOR_URL: "http://release-orchestrator.stella-ops.local"
      STELLAOPS_TASKRUNNER_URL: "http://taskrunner.stella-ops.local"
      STELLAOPS_SCHEDULER_URL: "http://scheduler.stella-ops.local"
      STELLAOPS_GRAPH_URL: "http://graph.stella-ops.local"
@@ -807,32 +808,33 @@ services:
      <<: *healthcheck-tcp
    labels: *release-labels

-  # --- Slot 13: VulnExplorer (api) [src/Findings/StellaOps.VulnExplorer.Api] ---
-  api:
-    <<: *resources-light
-    image: stellaops/api:dev
-    container_name: stellaops-api
-    restart: unless-stopped
-    environment:
-      ASPNETCORE_URLS: "http://+:8080"
-      <<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
-      ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
-      ConnectionStrings__Redis: "cache.stella-ops.local:6379"
-      Router__Enabled: "${VULNEXPLORER_ROUTER_ENABLED:-true}"
-      Router__Messaging__ConsumerGroup: "vulnexplorer"
-    volumes:
-      - ${STELLAOPS_CERT_VOLUME}
-    ports:
-      - "127.1.0.13:80:80"
-    networks:
-      stellaops:
-        aliases:
-          - vulnexplorer.stella-ops.local
-      frontdoor: {}
-    healthcheck:
-      test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
-      <<: *healthcheck-tcp
-    labels: *release-labels
+  # --- Slot 13: VulnExplorer (api) - MERGED into findings-ledger-web (SPRINT_20260408_002) ---
+  # VulnExplorer endpoints are now served by the Findings Ledger WebService.
+  # api:
+  #   <<: *resources-light
+  #   image: stellaops/api:dev
+  #   container_name: stellaops-api
+  #   restart: unless-stopped
+  #   environment:
+  #     ASPNETCORE_URLS: "http://+:8080"
+  #     <<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
+  #     ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
+  #     ConnectionStrings__Redis: "cache.stella-ops.local:6379"
+  #     Router__Enabled: "${VULNEXPLORER_ROUTER_ENABLED:-true}"
+  #     Router__Messaging__ConsumerGroup: "vulnexplorer"
+  #   volumes:
+  #     - ${STELLAOPS_CERT_VOLUME}
+  #   ports:
+  #     - "127.1.0.13:80:80"
+  #   networks:
+  #     stellaops:
+  #       aliases:
+  #         - vulnexplorer.stella-ops.local
+  #     frontdoor: {}
+  #   healthcheck:
+  #     test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
+  #     <<: *healthcheck-tcp
+  #   labels: *release-labels

  # --- Slot 14: Policy Engine ------------------------------------------------
  policy-engine:
@@ -1198,55 +1200,26 @@ services:
      <<: *healthcheck-tcp
    labels: *release-labels

-  # --- Slot 23: Timeline Indexer ---------------------------------------------
-  timeline-indexer-web:
-    <<: *resources-light
-    image: stellaops/timeline-indexer-web:dev
-    container_name: stellaops-timeline-indexer-web
-    restart: unless-stopped
-    environment:
-      ASPNETCORE_URLS: "http://+:8080"
-      <<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
-      ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
-      ConnectionStrings__Redis: "cache.stella-ops.local:6379"
-      TIMELINE_Postgres__Timeline__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}"
-      Router__Enabled: "${TIMELINE_ROUTER_ENABLED:-true}"
-      Router__Messaging__ConsumerGroup: "timelineindexer"
-    volumes:
-      - ${STELLAOPS_CERT_VOLUME}
-    ports:
-      - "127.1.0.23:80:80"
-    networks:
-      stellaops:
-        aliases:
-          - timelineindexer.stella-ops.local
-      frontdoor: {}
-    healthcheck:
-      test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
-      <<: *healthcheck-tcp
-    labels: *release-labels
+  # --- Slot 23: Timeline Indexer (MERGED into timeline-web in Slot 24) --------
+  # timeline-indexer-web and timeline-indexer-worker have been merged into
+  # timeline-web. The indexer endpoints, DI services, and background ingestion
+  # worker now run inside the unified timeline-web container.
+  # Network alias timelineindexer.stella-ops.local is preserved on timeline-web
+  # for backwards compatibility.

-  timeline-indexer-worker:
-    <<: *resources-light
-    image: stellaops/timeline-indexer-worker:dev
-    container_name: stellaops-timeline-indexer-worker
-    restart: unless-stopped
-    environment:
-      <<: [*kestrel-cert, *gc-light]
-      ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
-      ConnectionStrings__Redis: "cache.stella-ops.local:6379"
-      TIMELINE_Postgres__Timeline__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}"
-    volumes:
-      - ${STELLAOPS_CERT_VOLUME}
-    healthcheck:
-      <<: *healthcheck-worker
-    networks:
-      stellaops:
-        aliases:
-          - timeline-indexer-worker.stella-ops.local
-    labels: *release-labels
+  # timeline-indexer-web:
+  #   <<: *resources-light
+  #   image: stellaops/timeline-indexer-web:dev
+  #   container_name: stellaops-timeline-indexer-web
+  #   ...

-  # --- Slot 24: Timeline ----------------------------------------------------
+  # timeline-indexer-worker:
+  #   <<: *resources-light
+  #   image: stellaops/timeline-indexer-worker:dev
+  #   container_name: stellaops-timeline-indexer-worker
+  #   ...
+
+  # --- Slot 24: Timeline (unified: includes merged timeline-indexer) ----------
  timeline-web:
    <<: *resources-light
    image: stellaops/timeline-web:dev
@@ -1262,6 +1235,7 @@ services:
      Authority__ResourceServer__Audiences__0: ""
      Authority__ResourceServer__BypassNetworks__0: "172.19.0.0/16"
      Authority__ResourceServer__BypassNetworks__1: "172.20.0.0/16"
+      TIMELINE_Postgres__Timeline__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}"
      Router__Enabled: "${TIMELINE_SERVICE_ROUTER_ENABLED:-true}"
      Router__Messaging__ConsumerGroup: "timeline"
    volumes:
@@ -1272,6 +1246,7 @@ services:
      stellaops:
        aliases:
          - timeline.stella-ops.local
+          - timelineindexer.stella-ops.local
      frontdoor: {}
    healthcheck:
      test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]