old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions

docs/product/stella_ops_offer_pricing.md

@@ -0,0 +1,234 @@
+# Stella Ops Suite (On‑Prem) — Offer & Pricing
+
+_Self-hosted release governance + reachability-aware security gating for **non‑Kubernetes** container deployments._
+
+**All features are included at every tier.**  
+You pay only for:
+
+1) **Environments** (policy/config boundaries)  
+2) **New digests deep‑scanned per month** (evidence-grade analysis of new container artifacts)  
+…and optionally support **tickets** if you want help.
+
+---
+
+## 1) What Stella Ops Suite is
+
+**Stella Ops Suite is a release control plane + evidence engine for containerized applications outside Kubernetes.**
+
+It provides:
+- **Centralized release orchestration** (environments, promotions, approvals, rollbacks, templates)
+- **Practical security signal** (reachability + hybrid reachability) to reduce noise and focus on exploitable risk
+- **Auditability and attestability** (evidence packets, deterministic decision records, exportable audit trail)
+- **Toolchain interoperability** (plugins for SCM/CI/registry/vault/agents)
+
+This is designed for:
+- **Small teams** that want a real, usable free tier (not a toy)
+- **Mid-size companies (10–100 people)** that need **certifiable**, audit-friendly releases with practical security gates, without running Kubernetes
+- **On‑prem or air‑gapped environments** where SaaS-based governance is not an option
+
+---
+
+## 2) Key outcomes for customers
+
+### Secure and certifiable releases (without Kubernetes)
+- Gate promotions on **evidence** (SBOM + reachability + policy explain traces)
+- Produce **audit-grade proof** of “who approved what, why, and based on which evidence”
+- Keep “what is deployed where” authoritative, digest-based, and reproducible
+
+### Reduce security noise and engineering churn
+- Reachability-aware prioritization focuses attention on vulnerabilities that are actually on exploitable paths (vs. raw CVE count)
+
+### Predictable cost
+- No per-user cost  
+- No per-project/microservice tax  
+- No per-target/machine tax  
+- No surprise overages (add-ons are explicit and self-serve)
+
+---
+
+## 3) What every tier includes (no feature gating)
+
+All tiers (including Free) include the full Stella Ops capability set:
+
+### Release orchestration (non‑K8s)
+- Environments, promotions, approvals, rollbacks
+- Templates and step graphs (sequential/parallel)
+- UI visualization of deployments in progress (per-step logs)
+- Deployment inventory view (“what is deployed where”)
+
+### Deployment execution (non‑K8s)
+- Docker Compose deployments
+- Scripted deployments (**.NET 10 scripting only**)
+- Immutable generated deployment artifacts
+- “Version sticker” written to deployment directory for traceability
+- Support for replicas and controlled restarts/reloads (e.g., config update + nginx reload)
+
+### Security & evidence
+- Scan on build, gate on release, continuous re-evaluation on vuln intel updates
+- Reachability + hybrid reachability
+- Evidence packets and deterministic decision records (hashable, replayable)
+- Exportable audit trail (for compliance, internal audit, incident reviews)
+
+### Extensibility
+- Plugin model for SCM/CI/registry/vault/agent providers
+- Plugin-specific deployment steps supported by the workflow engine
+
+### Operability
+- **Doctor tooling** for self-service diagnostics (connectivity, agent health, configuration sanity, “why blocked?” traces)
+
+---
+
+## 4) Verified releases vs Unverified releases
+
+Stella supports both operational styles.
+
+### Verified releases (recommended for production)
+A **Verified Release** is one where promotions require Stella evidence for each new digest:
+- SBOM + reachability evidence
+- policy evaluation records
+- approval records (where required)
+- exportable evidence packet
+
+Verified releases are intended for teams that need “certifiable” releases and practical security.
+
+### Unverified releases (CD-only usage)
+Stella can also run “CD-only” workflows where evidence gates are bypassed:
+- still orchestrated, logged, and visible
+- useful for teams that want orchestration without security certification
+
+**Note:** CD-only users are not the primary target audience for Stella Ops Suite. The product is optimized for verified releases and auditable security.
+
+---
+
+## 5) Pricing (On‑Prem Suite)
+
+**Annual billing:** pay annually and get **1 month free** (pay for 11 months).
+
+> **Important:** All tiers have the same features. Only the scale limits and included support channels differ.
+
+### 5.1 Stella Ops Suite tiers
+
+| Tier | Monthly | Annual (11×) | Environments | New digests deep‑scanned / month | Deployment targets | Support |
+|---|---:|---:|---:|---:|---:|---|
+| **Free** | $0 | $0 | **10** | **1,000** | **Unlimited** | Self-service (Doctor) + community forum |
+| **Plus** | **$199** | **$2,189** | **10** | **10,000** | **Unlimited** | Same as Free |
+| **Pro** | **$599** | **$6,589** | **100** | **100,000** | **Unlimited** | Priority forum + **2 tickets/month** (typical response ~3 business days; best-effort) |
+| **Business** | **$2,999** | **$32,989** | **1,000** | **1,000,000** | **Unlimited** | Priority forum + email channel + **20 tickets/month** (typical response ~24 hours; best-effort) + fair use |
+
+### 5.2 Add-ons (self-serve)
+
+| Add-on | Price | Notes |
+|---|---:|---|
+| **+10 support tickets** | **$249** | For bursts/incidents or expansion without tier change |
+| **+10,000 new digest deep scans** | **$249** | Burst capacity (premium) |
+
+---
+
+## 6) Definitions and how metering works
+
+### Environment
+An **Environment** is a policy/config boundary (e.g., dev/stage/prod; region splits; customer isolation boundaries), with its own:
+- policy profile
+- targets/agents selection
+- secrets/config bindings
+- promotion rules
+
+### Deployment target
+A **Deployment Target** is any endpoint that can receive a deployment (Docker host group, script target via SSH/WinRM provider, etc.).  
+**Targets are unlimited in licensing**. Fair use applies only in extreme abuse scenarios.
+
+### New digest deep scan
+A **New Digest Deep Scan** occurs the first time Stella deeply analyzes a unique OCI digest to produce:
+- SBOM
+- reachability/hybrid reachability evidence
+- vulnerability findings + verdict
+- evidence references for gating and audit
+
+#### What does NOT consume deep scan quota
+- Re-deploying or promoting an already-scanned digest
+- Re-evaluation when vulnerability intelligence updates (CVE feed updates); Stella re-computes risk using existing evidence
+
+### Tickets
+A **ticket** is a support request handled by maintainers via the paid ticket channel. For fast resolution, tickets require:
+- a clear problem statement
+- reproduction steps
+- the **Doctor bundle** output (when applicable)
+
+Tickets are designed to be bounded, so Stella can remain self-serve by default.
+
+---
+
+## 7) Fair use (Business tier)
+
+Business tier includes very high scale limits and support capacity. To keep pricing predictable and sustainable, fair use applies to:
+
+- vulnerability feed mirroring bandwidth and frequency (if mirroring is enabled)
+- audit confirmation/verification traffic (if configured)
+- excessive support ticket volume beyond included entitlements
+- abusive automation patterns that intentionally generate excessive duplicate work
+
+Fair use is intended to prevent abuse, not to penalize normal operational usage.
+
+---
+
+## 8) Why Stella pricing is simpler than typical alternatives
+
+### The common pain with “legacy” stacks
+Many release and security tools charge based on organizational and deployment complexity:
+- per developer/committer
+- per project/microservice
+- per deployment target/machine
+- per add-on module
+
+That pricing becomes unpredictable as your architecture grows.
+
+### Stella’s approach
+Stella is priced like infrastructure:
+- **Scale with environments and new artifacts** (the two things that actually grow with your release and security footprint)
+- Keep all features available at all tiers
+- Keep adoption friction low for on‑prem teams
+
+Stella is designed to replace (or reduce dependence on) a multi-tool stack:
+- one tool for CD governance + evidence
+- another tool for scanning
+- plus “glue” for approvals, audit, and exceptions
+
+---
+
+## 9) Which tier is right for you?
+
+### Free
+Best for:
+- startups and small teams
+- evaluation in real workflows
+- internal PoCs
+- teams learning the verified-release model
+
+### Plus ($199/month)
+Best for:
+- mid-size teams that want verified releases but do not want vendor support
+- organizations that need a predictable monthly cost and on‑prem control
+
+### Pro ($599/month)
+Best for:
+- teams operating many environments and high artifact churn
+- those who want occasional maintainer help without a heavy support relationship
+
+### Business ($2,999/month)
+Best for:
+- regulated and compliance-driven teams
+- platform teams supporting multiple product groups
+- customers who want best-effort response channels and bounded ticket entitlements
+
+---
+
+## 10) Commercial notes (On‑Prem)
+
+- License delivered as an on‑prem entitlement (offline-friendly where required)
+- Includes product updates during the subscription term
+- Customer is responsible for compute/storage required for scanning and evidence retention
+- Support channel access depends on tier and ticket entitlements
+
+---
+
+_This document is intended as a customer-facing offer summary. Final terms and definitions may be refined in the Stella Ops subscription agreement._