Add integration connector plugins and compose fixtures

Scaffold connector plugins for DockerRegistry, GitLab, Gitea,
Jenkins, and Nexus. Wire plugin discovery in IntegrationService
and add compose fixtures for local integration testing.

- 5 new connector plugins under src/Integrations/__Plugins/
- docker-compose.integrations.yml for local fixture services
- Advisory source catalog and source management API updates
- Integration e2e test specs and Playwright config
- Integration hub docs under docs/integrations/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

devops/compose/docker-compose.integration-fixtures.yml

@@ -57,3 +57,25 @@ services:
     labels:
       com.stellaops.profile: "qa-fixtures"
       com.stellaops.environment: "local-qa"
+
+  advisory-fixture:
+    image: nginx:1.27-alpine
+    container_name: stellaops-advisory-fixture
+    restart: unless-stopped
+    ports:
+      - "127.1.1.8:80:80"
+    volumes:
+      - ./fixtures/integration-fixtures/advisory/default.conf:/etc/nginx/conf.d/default.conf:ro
+    networks:
+      stellaops:
+        aliases:
+          - advisory-fixture.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/health | grep -q 'healthy'"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 5s
+    labels:
+      com.stellaops.profile: "qa-fixtures"
+      com.stellaops.environment: "local-qa"

devops/compose/docker-compose.integrations.yml

@@ -0,0 +1,347 @@
+# =============================================================================
+# STELLA OPS - THIRD-PARTY INTEGRATION SERVICES
+# =============================================================================
+# Real 3rd-party services for local integration testing.
+# These are NOT mocks — they are fully functional instances.
+#
+# Prerequisites:
+#   The main stellaops network must exist (started via docker-compose.stella-ops.yml).
+#
+# Usage:
+#   # Start all integration services
+#   docker compose -f devops/compose/docker-compose.integrations.yml up -d
+#
+#   # Start specific services only
+#   docker compose -f devops/compose/docker-compose.integrations.yml up -d gitea jenkins vault
+#
+#   # Start integration services + mock fixtures together
+#   docker compose \
+#     -f devops/compose/docker-compose.integrations.yml \
+#     -f devops/compose/docker-compose.integration-fixtures.yml \
+#     up -d
+#
+# Hosts file entries (add to C:\Windows\System32\drivers\etc\hosts):
+#   127.1.2.1  gitea.stella-ops.local
+#   127.1.2.2  jenkins.stella-ops.local
+#   127.1.2.3  nexus.stella-ops.local
+#   127.1.2.4  vault.stella-ops.local
+#   127.1.2.5  registry.stella-ops.local
+#   127.1.2.6  minio.stella-ops.local
+#   127.1.2.7  gitlab.stella-ops.local
+#
+# Default credentials (all services):
+#   See the environment variables below or docs/integrations/LOCAL_SERVICES.md
+# =============================================================================
+
+networks:
+  stellaops:
+    external: true
+    name: stellaops
+
+volumes:
+  gitea-data:
+    name: stellaops-gitea-data
+  gitea-db:
+    name: stellaops-gitea-db
+  jenkins-data:
+    name: stellaops-jenkins-data
+  nexus-data:
+    name: stellaops-nexus-data
+  vault-data:
+    name: stellaops-vault-data
+  registry-data:
+    name: stellaops-registry-data
+  minio-data:
+    name: stellaops-minio-data
+  gitlab-config:
+    name: stellaops-gitlab-config
+  gitlab-data:
+    name: stellaops-gitlab-data
+  gitlab-logs:
+    name: stellaops-gitlab-logs
+
+services:
+  # ===========================================================================
+  # GITEA — Lightweight Git SCM + CI (Gitea Actions)
+  # ===========================================================================
+  # Integration type: SCM (Gitea provider)
+  # URL: http://gitea.stella-ops.local:3000
+  # Admin: stellaops / Stella2026!
+  # API: http://gitea.stella-ops.local:3000/api/v1
+  # ===========================================================================
+  gitea:
+    image: gitea/gitea:1.22-rootless
+    container_name: stellaops-gitea
+    restart: unless-stopped
+    ports:
+      - "127.1.2.1:3000:3000"
+      - "127.1.2.1:2222:2222"
+    environment:
+      - GITEA__database__DB_TYPE=sqlite3
+      - GITEA__server__ROOT_URL=http://gitea.stella-ops.local:3000
+      - GITEA__server__DOMAIN=gitea.stella-ops.local
+      - GITEA__server__HTTP_PORT=3000
+      - GITEA__server__SSH_PORT=2222
+      - GITEA__server__SSH_DOMAIN=gitea.stella-ops.local
+      - GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__REQUIRE_SIGNIN_VIEW=false
+      - GITEA__actions__ENABLED=true
+      - GITEA__api__ENABLE_SWAGGER=true
+      - GITEA__security__INSTALL_LOCK=true
+      - GITEA__security__SECRET_KEY=stellaops-dev-secret-key-2026
+      - GITEA__security__INTERNAL_TOKEN=stellaops-internal-token-2026-dev
+    volumes:
+      - gitea-data:/var/lib/gitea
+      - gitea-db:/var/lib/gitea/db
+    networks:
+      stellaops:
+        aliases:
+          - gitea.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/api/v1/version || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 30s
+    labels:
+      com.stellaops.integration: "scm"
+      com.stellaops.provider: "gitea"
+      com.stellaops.profile: "integrations"
+
+  # ===========================================================================
+  # JENKINS — CI/CD Pipeline Server
+  # ===========================================================================
+  # Integration type: CI/CD (Jenkins provider)
+  # URL: http://jenkins.stella-ops.local:8080
+  # Admin: admin / Stella2026!
+  # API: http://jenkins.stella-ops.local:8080/api/json
+  # ===========================================================================
+  jenkins:
+    image: jenkins/jenkins:lts-jdk21
+    container_name: stellaops-jenkins
+    restart: unless-stopped
+    ports:
+      - "127.1.2.2:8080:8080"
+      - "127.1.2.2:50000:50000"
+    environment:
+      - JENKINS_OPTS=--prefix=/
+      - JAVA_OPTS=-Djenkins.install.runSetupWizard=false -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
+    volumes:
+      - jenkins-data:/var/jenkins_home
+    networks:
+      stellaops:
+        aliases:
+          - jenkins.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8080/api/json || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 120s
+    labels:
+      com.stellaops.integration: "ci-cd"
+      com.stellaops.provider: "jenkins"
+      com.stellaops.profile: "integrations"
+
+  # ===========================================================================
+  # NEXUS — Repository Manager (Docker Registry + npm/Maven/NuGet/PyPI)
+  # ===========================================================================
+  # Integration type: Registry (Nexus provider)
+  # URL: http://nexus.stella-ops.local:8081
+  # Admin: admin / (initial password in /nexus-data/admin.password)
+  # Docker registry: nexus.stella-ops.local:8082 (hosted)
+  # Docker proxy:    nexus.stella-ops.local:8083 (Docker Hub proxy)
+  # ===========================================================================
+  nexus:
+    image: sonatype/nexus3:3.75.0
+    container_name: stellaops-nexus
+    restart: unless-stopped
+    ports:
+      - "127.1.2.3:8081:8081"   # Nexus UI + API
+      - "127.1.2.3:8082:8082"   # Docker hosted registry
+      - "127.1.2.3:8083:8083"   # Docker proxy registry
+    environment:
+      - INSTALL4J_ADD_VM_PARAMS=-Xms512m -Xmx1g -XX:MaxDirectMemorySize=512m
+    volumes:
+      - nexus-data:/nexus-data
+    networks:
+      stellaops:
+        aliases:
+          - nexus.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8081/service/rest/v1/status || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 120s
+    labels:
+      com.stellaops.integration: "registry"
+      com.stellaops.provider: "nexus"
+      com.stellaops.profile: "integrations"
+
+  # ===========================================================================
+  # HASHICORP VAULT — Secrets Management
+  # ===========================================================================
+  # Integration type: Secrets (Vault provider)
+  # URL: http://vault.stella-ops.local:8200
+  # Root token: stellaops-dev-root-token-2026
+  # API: http://vault.stella-ops.local:8200/v1/sys/health
+  # ===========================================================================
+  vault:
+    image: hashicorp/vault:1.18
+    container_name: stellaops-vault
+    restart: unless-stopped
+    ports:
+      - "127.1.2.4:8200:8200"
+    environment:
+      - VAULT_DEV_ROOT_TOKEN_ID=stellaops-dev-root-token-2026
+      - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
+      - VAULT_ADDR=http://127.0.0.1:8200
+      - VAULT_API_ADDR=http://vault.stella-ops.local:8200
+    cap_add:
+      - IPC_LOCK
+    volumes:
+      - vault-data:/vault/data
+    networks:
+      stellaops:
+        aliases:
+          - vault.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:8200/v1/sys/health || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+    labels:
+      com.stellaops.integration: "secrets"
+      com.stellaops.provider: "vault"
+      com.stellaops.profile: "integrations"
+
+  # ===========================================================================
+  # DOCKER REGISTRY — OCI Distribution Registry v2
+  # ===========================================================================
+  # Integration type: Registry (Docker Hub / generic OCI)
+  # URL: http://registry.stella-ops.local:5000
+  # API: http://registry.stella-ops.local:5000/v2/
+  # No auth (dev mode) — push/pull freely
+  # ===========================================================================
+  docker-registry:
+    image: registry:2.8
+    container_name: stellaops-docker-registry
+    restart: unless-stopped
+    ports:
+      - "127.1.2.5:5000:5000"
+    environment:
+      - REGISTRY_STORAGE_DELETE_ENABLED=true
+      - REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin=['*']
+      - REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods=['HEAD','GET','OPTIONS','DELETE']
+    volumes:
+      - registry-data:/var/lib/registry
+    networks:
+      stellaops:
+        aliases:
+          - oci-registry.stella-ops.local
+          - docker-registry.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5000/v2/ || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 5s
+    labels:
+      com.stellaops.integration: "registry"
+      com.stellaops.provider: "docker-registry"
+      com.stellaops.profile: "integrations"
+
+  # ===========================================================================
+  # MINIO — S3-compatible Object Storage
+  # ===========================================================================
+  # Integration type: Storage / Evidence / Airgap bundles
+  # Console: http://minio.stella-ops.local:9001
+  # API:     http://minio.stella-ops.local:9000
+  # Access key:  stellaops
+  # Secret key:  Stella2026!
+  # ===========================================================================
+  minio:
+    image: minio/minio:RELEASE.2025-02-28T09-55-16Z
+    container_name: stellaops-minio
+    restart: unless-stopped
+    ports:
+      - "127.1.2.6:9000:9000"   # S3 API
+      - "127.1.2.6:9001:9001"   # Console UI
+    environment:
+      - MINIO_ROOT_USER=stellaops
+      - MINIO_ROOT_PASSWORD=Stella2026!
+      - MINIO_BROWSER_REDIRECT_URL=http://minio.stella-ops.local:9001
+    command: server /data --console-address ":9001"
+    volumes:
+      - minio-data:/data
+    networks:
+      stellaops:
+        aliases:
+          - minio.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "mc ready local || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+    labels:
+      com.stellaops.integration: "storage"
+      com.stellaops.provider: "s3"
+      com.stellaops.profile: "integrations"
+
+  # ===========================================================================
+  # GITLAB CE — Full Git SCM + CI/CD + Container Registry (optional, heavy)
+  # ===========================================================================
+  # Integration type: SCM (GitLab provider) + CI/CD (GitLab CI) + Registry
+  # URL: http://gitlab.stella-ops.local:8929
+  # Admin: root / Stella2026!
+  # Container Registry: gitlab.stella-ops.local:5050
+  # Requires: ~4 GB RAM, ~2 min startup
+  #
+  # Profile: heavy — only start when explicitly requested:
+  #   docker compose -f docker-compose.integrations.yml up -d gitlab
+  # ===========================================================================
+  gitlab:
+    image: gitlab/gitlab-ce:17.8.1-ce.0
+    container_name: stellaops-gitlab
+    restart: unless-stopped
+    ports:
+      - "127.1.2.7:8929:8929"   # HTTP
+      - "127.1.2.7:2224:22"     # SSH
+      - "127.1.2.7:5050:5050"   # Container Registry
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'http://gitlab.stella-ops.local:8929'
+        gitlab_rails['initial_root_password'] = 'Stella2026!'
+        gitlab_rails['gitlab_shell_ssh_port'] = 2224
+        registry_external_url 'http://gitlab.stella-ops.local:5050'
+        registry['enable'] = true
+        prometheus_monitoring['enable'] = false
+        sidekiq['max_concurrency'] = 5
+        puma['workers'] = 2
+        puma['min_threads'] = 1
+        puma['max_threads'] = 2
+        postgresql['shared_buffers'] = '128MB'
+        gitlab_rails['env'] = { 'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000' }
+    volumes:
+      - gitlab-config:/etc/gitlab
+      - gitlab-logs:/var/log/gitlab
+      - gitlab-data:/var/opt/gitlab
+    networks:
+      stellaops:
+        aliases:
+          - gitlab.stella-ops.local
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8929/-/readiness || exit 1"]
+      interval: 60s
+      timeout: 30s
+      retries: 10
+      start_period: 300s
+    labels:
+      com.stellaops.integration: "scm,ci-cd,registry"
+      com.stellaops.provider: "gitlab"
+      com.stellaops.profile: "integrations-heavy"
+    profiles:
+      - heavy

devops/compose/fixtures/integration-fixtures/advisory/default.conf

@@ -0,0 +1,55 @@
+server {
+    listen 80;
+    server_name advisory-fixture.stella-ops.local;
+
+    default_type application/json;
+
+    # CERT-In (India) - unreachable from most networks
+    location /cert-in {
+        return 200 '{"status":"healthy","source":"cert-in","description":"CERT-In fixture proxy"}';
+    }
+
+    # FSTEC BDU (Russia) - unreachable from most networks
+    location /fstec-bdu {
+        return 200 '{"status":"healthy","source":"fstec-bdu","description":"FSTEC BDU fixture proxy"}';
+    }
+
+    # StellaOps Mirror - does not exist yet
+    location /stella-mirror {
+        return 200 '{"status":"healthy","source":"stella-mirror","version":"1.0.0","description":"StellaOps Advisory Mirror fixture"}';
+    }
+
+    # VEX Hub - local fixture
+    location /vex {
+        return 200 '{"status":"healthy","source":"vex","description":"VEX Hub fixture proxy"}';
+    }
+
+    # Exploit-DB - blocks automated requests
+    location /exploitdb {
+        return 200 '{"status":"healthy","source":"exploitdb","description":"Exploit-DB fixture proxy"}';
+    }
+
+    # AMD Security - blocks automated requests
+    location /amd {
+        return 200 '{"status":"healthy","source":"amd","description":"AMD Security fixture proxy"}';
+    }
+
+    # Siemens ProductCERT - blocks automated requests
+    location /siemens {
+        return 200 '{"status":"healthy","source":"siemens","description":"Siemens ProductCERT fixture proxy"}';
+    }
+
+    # Ruby Advisory DB (bundler-audit) - GitHub raw content issues
+    location /bundler-audit {
+        return 200 '{"status":"healthy","source":"bundler-audit","description":"Ruby Advisory DB fixture proxy"}';
+    }
+
+    # Catch-all health endpoint
+    location /health {
+        return 200 '{"status":"healthy","service":"advisory-fixture"}';
+    }
+
+    location / {
+        return 200 '{"status":"healthy","service":"advisory-fixture"}';
+    }
+}