Rename Feedser to Concelier

docs/07_HIGH_LEVEL_ARCHITECTURE.md

@@ -36,7 +36,7 @@ It **absorbs** all content from `components.md` so you have a single, authoritat
 | **Scanner.Worker**              | `stellaops/scanner-worker` | Runs analyzers (OS, Lang: Java/Node/Python/Go/.NET/Rust, Native ELF/PE/Mach‑O, EntryTrace); emits per‑layer SBOMs and composes image SBOMs. | Horizontal; queue‑driven; sharded by layer digest. |
 | **Scanner.Sbomer.BuildXPlugin** | `stellaops/sbom-indexer`   | BuildKit **generator** for build‑time SBOMs as OCI **referrers**.                                                                           | CI‑side; ephemeral.                                |
 | **Scanner.Sbomer.DockerImage**  | `stellaops/scanner-cli`    | CLI‑orchestrated scanner container for post‑build scans.                                                                                    | Local/CI; ephemeral.                               |
-| **Feedser.WebService**          | `stellaops/feedser-web`    | Vulnerability ingest/normalize/merge/export (JSON + Trivy DB).                                                                              | HA via Mongo locks.                                |
+| **Concelier.WebService**          | `stellaops/concelier-web`    | Vulnerability ingest/normalize/merge/export (JSON + Trivy DB).                                                                              | HA via Mongo locks.                                |
 | **Excititor.WebService**            | `stellaops/excititor-web`      | VEX ingest/normalize/consensus; conflict retention; exports.                                                                                | HA via Mongo locks.                                |
 | **Policy Engine**               | (in `scanner-web`)         | YAML DSL evaluator (waivers, vendor preferences, KEV/EPSS, license, usage‑gating); produces **policy digest**.                              | In‑process; cache per digest.                      |
 | **Signer**                      | `stellaops/signer`         | **Hard gate:** validates entitlement + release integrity; mints signing cert (Fulcio keyless) or uses KMS; signs DSSE.                      | Stateless; HPA by QPS.                             |
@@ -71,7 +71,7 @@ flowchart LR
     Auth[Authority (OIDC)\nOpTok (DPoP/mTLS)]
     SW[Scanner.WebService]
     WK[Scanner.Worker xN]
-    FEED[Feedser]
+    FEED[Concelier]
     VEX[Excititor]
     POL[Policy Engine (in Scanner.Web)]
     SGN[Signer\n(entitlement + signing)]
@@ -177,7 +177,7 @@ LS --> IA: PoE (mTLS client cert or JWT with cnf=K_inst), CRL/OCSP/introspect
 
 ## 4) Backend evaluation (decider)
 
-### 4.1 Feedser (advisories)
+### 4.1 Concelier (advisories)
 
 * Ingests vendor, distro, OSS feeds; normalizes & merges; persists canonical advisories in Mongo; exports **deterministic JSON** and **Trivy DB**.
 * Offline kit bundles for air‑gapped sites.
@@ -194,7 +194,7 @@ LS --> IA: PoE (mTLS client cert or JWT with cnf=K_inst), CRL/OCSP/introspect
 
 ### 4.4 PASS/FAIL flow
 
-1. SBOM (Inventory / Usage) → join with **Feedser** advisories.
+1. SBOM (Inventory / Usage) → join with **Concelier** advisories.
 2. Apply **Excititor** consensus (statuses & justifications).
 3. Apply **Policy**; compute PASS/FAIL with waiver TTLs.
 4. Sign the **final report** (DSSE via **Signer**) and log to **Rekor v2** via **Attestor**.
@@ -349,9 +349,9 @@ services:
     image: stellaops/scanner-worker
     deploy: { replicas: 4 }
     depends_on: [scanner-web]
-  feedser:    { image: stellaops/feedser-web, depends_on: [mongo] }
+  concelier:    { image: stellaops/concelier-web, depends_on: [mongo] }
   excititor:      { image: stellaops/excititor-web, depends_on: [mongo] }
-  ui:         { image: stellaops/ui, depends_on: [scanner-web, feedser, excititor] }
+  ui:         { image: stellaops/ui, depends_on: [scanner-web, concelier, excititor] }
 ```
 
 * **Backups:** Mongo dumps; MinIO versioned buckets & replication; Rekor v2 DB snapshots; JWKS/Fulcio/KMS key rotation.