Rename Feedser to Concelier

2025-10-18 20:04:15 +03:00
parent dd66f58b00
commit 89ede53cc3
1208 changed files with 4370 additions and 4370 deletions
--- a/docs/17_SECURITY_HARDENING_GUIDE.md
+++ b/docs/17_SECURITY_HARDENING_GUIDE.md
@@ -145,28 +145,28 @@ cosign verify ghcr.io/stellaops/backend@sha256:<DIGEST> \
 | Audit events | Redis stream audit; export daily to SIEM                          |
 | Alert rules  | Feed age  ≥ 48 h, P95 wall‑time > 5 s, Redis used memory > 75 %   |

-###  7.1 Feedser authorization audits
+###  7.1 Concelier authorization audits

- Enable the Authority integration for Feedser (`authority.enabled=true`). Keep
+- Enable the Authority integration for Concelier (`authority.enabled=true`). Keep
  `authority.allowAnonymousFallback` set to `true` only during migration and plan
  to disable it before **2025-12-31 UTC** so the `/jobs*` surface always demands
  a bearer token.
 - Store the Authority client secret using Docker/Kubernetes secrets and point
  `authority.clientSecretFile` at the mounted path; the value is read at startup
  and never logged.
- Watch the `Feedser.Authorization.Audit` logger. Each entry contains the HTTP
+- Watch the `Concelier.Authorization.Audit` logger. Each entry contains the HTTP
  status, subject, client ID, scopes, remote IP, and a boolean `bypass` flag
  showing whether a network bypass CIDR allowed the request. Configure your SIEM
  to alert when unauthenticated requests (`status=401`) appear with
  `bypass=true`, or when unexpected scopes invoke job triggers.
-  Detailed monitoring and response guidance lives in `docs/ops/feedser-authority-audit-runbook.md`.
+  Detailed monitoring and response guidance lives in `docs/ops/concelier-authority-audit-runbook.md`.

 ##  8 Update & patch strategy

 | Layer                | Cadence                                                  | Method                         |
 | -------------------- | -------------------------------------------------------- | ------------------------------ |
 | Backend & CLI images | Monthly or CVE‑driven docker pull + docker compose up -d |
-| Trivy DB             | 24 h scheduler via Feedser (vulnerability ingest/merge/export service) | configurable via Feedser scheduler options |
+| Trivy DB             | 24 h scheduler via Concelier (vulnerability ingest/merge/export service) | configurable via Concelier scheduler options |
 | Docker Engine        | vendor LTS                                               | distro package manager         |
 | Host OS              | security repos enabled                                   | unattended‑upgrades            |