stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

consolidation of some of the modules, localization fixes, product advisories work, qa work

Browse Source
This commit is contained in:
master
2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
docs/INDEX.md
View File

@@ -1,7 +1,7 @@
# StellaOps Documentation Index
> **Master index of all StellaOps documentation.**
> Last updated: 2026-01-07 (Pass 8 deep content audit)
> Last updated: 2026-03-04 (Sprint 218 consolidation sweep)
This index provides a complete map of documentation organized by audience and topic. The documentation follows a two-level hierarchy:
- **Canonical guides** (`docs/*.md`) - High-level entry points
@@ -87,59 +87,47 @@ Module dossiers contain architecture, operations, and API documentation per comp
### Core Platform
| Module | Directory | Description |
|--------|-----------|-------------|
| Authority | [authority/](modules/authority/) | OAuth/OIDC, DPoP authentication |
| Gateway | [gateway/](modules/gateway/) | API gateway, routing |
| Router | [router/](modules/router/) | Transport-agnostic messaging |
| Authority | [authority/](modules/authority/) | OAuth/OIDC, DPoP authentication. Includes IssuerDirectory (Sprint 216). |
| Router | [router/](modules/router/) | Transport-agnostic messaging and HTTP ingress gateway |
| Platform | [platform/](modules/platform/) | Console backend aggregation |
### Data Ingestion
| Module | Directory | Description |
|--------|-----------|-------------|
| Concelier | [concelier/](modules/concelier/) | Advisory ingestion |
| Excititor | [excititor/](modules/excititor/) | VEX document ingestion |
| Concelier | [concelier/](modules/concelier/) | Advisory ingestion. Includes Feedser and Excititor (Sprint 203). |
| VexLens | [vex-lens/](modules/vex-lens/) | VEX consensus computation |
| VexHub | [vex-hub/](modules/vex-hub/) | VEX distribution hub |
| IssuerDirectory | [issuer-directory/](modules/issuer-directory/) | Issuer trust registry |
| Feedser | [feedser/](modules/feedser/) | Backport detection evidence |
### Scanning & Analysis
| Module | Directory | Description |
|--------|-----------|-------------|
| Scanner | [scanner/](modules/scanner/) | Container scanning, SBOM generation |
| BinaryIndex | [binary-index/](modules/binary-index/) | Binary fingerprinting |
| AdvisoryAI | [advisory-ai/](modules/advisory-ai/) | AI-assisted analysis |
| Symbols | [symbols/](modules/symbols/) | Symbol resolution |
| Scanner | [scanner/](modules/scanner/) | Container scanning, SBOM generation. Includes Cartographer (Sprint 201). |
| BinaryIndex | [binary-index/](modules/binary-index/) | Binary fingerprinting. Includes Symbols (Sprint 202). |
| AdvisoryAI | [advisory-ai/](modules/advisory-ai/) | AI-assisted analysis. Includes OpsMemory (Sprint 213). |
| ReachGraph | [reach-graph/](modules/reach-graph/) | Reachability graphs |
### Artifacts & Evidence
| Module | Directory | Description |
|--------|-----------|-------------|
| Attestor | [attestor/](modules/attestor/) | DSSE/in-toto attestations |
| Signer | [signer/](modules/signer/) | Cryptographic signing |
| Attestor | [attestor/](modules/attestor/) | DSSE/in-toto attestations. Includes Signer and Provenance (Sprint 204). |
| SbomService | [sbom-service/](modules/sbom-service/) | SBOM storage, lineage |
| EvidenceLocker | [evidence-locker/](modules/evidence-locker/) | Sealed evidence storage |
| ExportCenter | [export-center/](modules/export-center/) | Batch export |
| Provenance | [provenance/](modules/provenance/) | SLSA attestation |
### Policy & Risk
| Module | Directory | Description |
|--------|-----------|-------------|
| Policy | [policy/](modules/policy/) | K4 lattice policy engine |
| RiskEngine | [risk-engine/](modules/risk-engine/) | Risk scoring |
| VulnExplorer | [vuln-explorer/](modules/vuln-explorer/) | Vulnerability triage |
| Unknowns | [unknowns/](modules/unknowns/) | Unknown component tracking |
| FindingsLedger | [findings-ledger/](modules/findings-ledger/) | Findings tracking |
| Unknowns | [unknowns/](modules/unknowns/) | Unknown component tracking (boundary preserved, Sprint 206) |
| Findings | [findings-ledger/](modules/findings-ledger/) | Findings tracking. Includes RiskEngine and VulnExplorer (Sprint 207). |
### Operations
| Module | Directory | Description |
|--------|-----------|-------------|
| Scheduler | [scheduler/](modules/scheduler/) | Job scheduling |
| Orchestrator | [orchestrator/](modules/orchestrator/) | Workflow orchestration |
| TaskRunner | [taskrunner/](modules/taskrunner/) | Task pack execution |
| Notify | [notify/](modules/notify/) | Notifications |
| Notifier | [notifier/](modules/notifier/) | Notifications Studio |
| PacksRegistry | [packs-registry/](modules/packs-registry/) | Task packs registry |
| TimelineIndexer | [timeline-indexer/](modules/timeline-indexer/) | Event indexing |
| JobEngine | [jobengine/](modules/jobengine/) | Workflow orchestration, scheduling, task execution, pack registry. Includes Scheduler, TaskRunner, PacksRegistry (Sprint 208); renamed from Orchestrator (Sprint 221). |
| Notify | [notify/](modules/notify/) | Notifications (boundary preserved with Notifier, Sprint 209) |
| Notifier | [notifier/](modules/notifier/) | Notifications Studio (boundary preserved with Notify, Sprint 209) |
| Timeline | [timeline/](modules/timeline/) | Event indexing and timeline query. Includes TimelineIndexer (Sprint 210). |
| Replay | [replay/](modules/replay/) | Deterministic replay |
### Integration
@@ -165,8 +153,11 @@ Module dossiers contain architecture, operations, and API documentation per comp
| Snapshot | [snapshot/](modules/snapshot/) | Point-in-time captures |
| Triage | [triage/](../docs-archived/modules/triage/) | Vulnerability triage workflows (archived — see vuln-explorer, ui) |
| Provcache | [prov-cache/](../docs-archived/modules/prov-cache/) | Provenance cache (archived — see provenance) |
| Benchmark | [benchmark/](../docs-archived/modules/benchmark/) | Competitive benchmarking (archived — see bench) |
| Bench | [bench/](modules/bench/) | Performance benchmarks |
| Benchmark | [benchmark/](../docs-archived/modules/benchmark/) | Competitive benchmarking (archived — see tools) |
| Bench | [bench/](../docs-archived/modules/bench/) | Performance benchmarks (archived — absorbed into tools) |
| Verifier | [verifier/](../docs-archived/modules/verifier/) | Standalone bundle verifier (archived — absorbed into tools) |
| SDK | [sdk/](../docs-archived/modules/sdk/) | SDK generation (archived — absorbed into tools) |
| DevPortal | [devportal/](../docs-archived/modules/devportal/) | Developer portal (archived — absorbed into tools) |
---
@@ -256,7 +247,7 @@ Module dossiers contain architecture, operations, and API documentation per comp
### Risk Scoring
| Area | Path | Description |
|------|------|-------------|
| Risk Samples | [modules/risk-engine/samples/](modules/risk-engine/samples/) | Risk scoring examples |
| Risk Samples | [modules/findings-ledger/](modules/findings-ledger/) | Risk scoring (now part of Findings, Sprint 207) |
### Operations & Deployment
| Area | Path | Description |
@@ -295,13 +286,14 @@ Module dossiers contain architecture, operations, and API documentation per comp
| Date | Change |
|------|--------|
| 2026-03-04 | **Sprint 218 sweep**: Aligned module index with consolidation wave outcomes. Removed Gateway (deleted Sprint 200), absorbed modules (Feedser/Excititor into Concelier, Signer/Provenance into Attestor, RiskEngine/VulnExplorer into Findings, Scheduler/TaskRunner/PacksRegistry into JobEngine, TimelineIndexer into Timeline, IssuerDirectory into Authority, Symbols into BinaryIndex, Cartographer into Scanner, OpsMemory into AdvisoryAI, Extensions into Integrations, Bench/Verifier/Sdk/DevPortal into Tools). Reflected boundary-preserved decisions (Policy/Unknowns, Notify/Notifier, ExportCenter/AirGap). Updated Orchestrator references to JobEngine. |
| 2026-01-07 | **Pass 10**: Deep module-by-module audit. **Concelier consolidation**: Merged `federation-setup.md` into `federation-operations.md` (eliminated duplicate federation setup/operations content, added bundle format, cursor format, multi-site topologies, DSSE signature format, monitoring metrics, security considerations sections). Deleted `federation-setup.md`. **Verified module patterns**: advisory-ai (architecture→architecture-detail hierarchy correct), authority (AUTHORITY.md=operational config, architecture.md=component spec - different purposes), concelier guides (aggregation.md=LNM implementation, aggregation-only-contract.md=formal AOC spec), notify (architecture+architecture-detail=hierarchical), policy (determinization-api.md=API ref, determinization-architecture.md=design doc), telemetry (guides/observability.md=AOC-specific, operations/observability.md=collector/storage). Scanner has 104 files well-organized by design/, operations/, guides/, fixtures/ subdirectories. |
| 2026-01-07 | **Pass 9**: Deep consolidation analysis of major themes. **Crypto cluster consolidation**: Merged `docs/security/crypto-simulation-services.md` into `docs/security/crypto-profile-configuration.md` (eliminated duplication, preserved all unique content including algorithm coverage list, curl examples, `run-sim-smoke.ps1` reference). Deleted redundant file. **Verified well-organized structures**: API/Contracts (distinct purposes - contracts for formal specs, api for reference), technical/architecture (proper index + detailed views), operations runbooks (complementary runbook + troubleshooting patterns), module cross-cutting (architecture + architecture-overview correctly separate index vs content). **Kept compatibility shims**: `07_HIGH_LEVEL_ARCHITECTURE.md` retained as alias (100+ references across AGENTS.md files). **RootPack RU files**: Confirmed `rootpack_ru_validation.md`, `rootpack_ru_package.md`, `rootpack_ru_crypto_fork.md` serve distinct purposes (validation runbook, packaging guide, fork notes) - no consolidation needed. |
| 2026-01-07 | **Pass 8**: Deep content audit across all major themes. Launched 5 parallel analysis agents covering docs/technical/, docs/security/, docs/operations/, docs/api/+docs/contracts/, and docs/modules/. **Critical fixes**: Fixed 29 files with incorrect `deploy/` paths (changed to `devops/`); fixed 6 files with `scripts/crypto/` paths (changed to `ops/crypto/`). **Placeholder cleanup**: Deleted `docs/security/auth-scopes.md` and `docs/security/redaction-and-privacy.md` (stub files with no content). **Missing READMEs**: Created 9 module README files for: devportal, facet, feedser, packs-registry, provenance, reach-graph, replay, risk-engine, timeline-indexer. **Identified issues for future passes**: API endpoint inconsistencies between docs/api/ and docs/contracts/ (different path formats); duplicate crypto documentation (13 overlapping files); scope definitions in 3 locations (should canonicalize to authority-scopes.md); missing mirror-bundle.schema.json. |
| 2026-01-07 | **Pass 7**: Final theme consolidation. Thorough analysis confirmed 5 directory pairs should remain separate (distinct purposes/audiences). Executed 4 consolidations: docs/cicd/ (9 files) → docs/technical/cicd/; docs/modules/ci/ (4 files) merged into docs/technical/cicd/ (CI recipes); docs/modules/devops/ (15 files) → docs/operations/devops/ (not a code module); docs/onboarding/ (10 files) → docs/dev/onboarding/ (developer onboarding subsection). Removed duplicate schemas from docs/schemas/ (already in sbom-service/schemas/ and policy/schemas/). Top-level directories reduced from 18 to 15. Module directories reduced from 58 to 55 (removed ci/, devops/, removed duplicates). Fixed 15+ broken references. Verified docs/modules/ alignment with src/ - found Integrations and SmRemote modules lack documentation (stub candidates). |
| 2026-01-07 | **Pass 6**: Theme-based consolidation and cleanup. Directory consolidations: docs/governance/ (1 file) to operations/governance/; docs/adr/ (4 files) to technical/adr/; docs/contributing/ (3 files) to dev/contributing/; docs/schemas/ (3 files) to modules/sbom-service/schemas/ and modules/policy/schemas/; docs/scripts/sbom-vex/ (9 files) to modules/attestor/samples/sbom-vex/; docs/modules/snapshot/ (3 files) to technical/concepts/snapshot/ (cross-cutting concept); docs/modules/triage/ (3 files) to modules/vuln-explorer/concepts/triage/ (triage implemented in VulnExplorer); docs/modules/testing/ (1 file) to technical/testing/ (cross-cutting testing docs). Removed duplicate template directory: docs/dev/templates/excitor-connector/ (typo, kept excititor-connector/). Verified prov-cache/ and facet/ document real implementations (src/__Libraries/StellaOps.Provcache, src/__Libraries/StellaOps.Facet). Top-level directories reduced from 22 to 18. Fixed 5 broken references to docs/adr/. |
| 2026-01-06 | **Pass 5**: Reduced top-level directories from 41 to 22, and top-level markdown files from 48 to 25. Directory consolidations: docs/accessibility/ to modules/ui/guides/accessibility/; docs/advisories/ to modules/concelier/guides/; docs/events/ to modules/signals/events/; docs/handoff/ to operations/handoff/; docs/roadmap/ to product/roadmap/; docs/schemas/ to modules/attestor/schemas/; docs/sdks/ to dev/sdks/; docs/specs/ to modules/symbols/specs/; docs/task-packs/ to modules/packs-registry/guides/; docs/ux/ to modules/ui/guides/ux/; docs/rfcs/ to adr/; docs/architecture/ to technical/architecture/; docs/data/ to modules/replay/schemas/; docs/testing/ (26 files) to technical/testing/; docs/diagrams/ to technical/diagrams/; docs/migration/ to technical/migration/; docs/process/ to operations/process/; docs/samples/ distributed to respective module samples/. Top-level file moves: 07_HIGH_LEVEL_ARCHITECTURE.md to technical/architecture/; claims-index.md to product/; cli-vs-ui-parity.md to modules/cli/; LEGAL_*.md to legal/; PERFORMANCE_WORKBOOK.md, DATA_SCHEMAS.md, SYSTEM_REQUIREMENTS_SPEC.md, reproducibility.md to technical/; scanner-core-contracts.md to modules/scanner/; TEST_SUITE_OVERVIEW.md to technical/testing/; VULNERABILITY_EXPLORER_GUIDE.md to modules/vuln-explorer/; PROOF_MOATS_FINAL_SIGNOFF.md, moat.md, VISION.md to product/; QUOTA_*.md to modules/policy/guides/; POLICY_TEMPLATES.md to modules/policy/; AUTHORITY.md to modules/authority/; FAQ_MATRIX.md to onboarding/; RELEASE_ENGINEERING_PLAYBOOK.md to releases/. Fixed ui/guides file to guides-overview.md. Archived QUICKSTART_HYBRID_DEBUG.md. Removed duplicate accessibility.md. |
| 2026-01-06 | **Pass 4**: Consolidated docs/airgap/ (38 files) into modules/airgap/guides/, runbooks/, gaps/, schemas/, samples/; consolidated docs/aoc/ into modules/aoc/guides/; consolidated docs/policy/ (20 files + fixtures/schemas) into modules/policy/guides/, fixtures/, schemas/; consolidated docs/replay/ into modules/replay/guides/; consolidated docs/uncertainty/ into modules/unknowns/guides/; consolidated docs/forensics/ into modules/evidence-locker/, provenance/, timeline-indexer/ guides/; consolidated docs/ingestion/ into modules/concelier/guides/; consolidated docs/interop/ into modules/attestor/guides/; consolidated docs/observability/ (14 files + dashboards) into modules/telemetry/guides/ and dashboards/; consolidated docs/runtime/ into modules/scanner/guides/; consolidated docs/slo/ into modules/orchestrator/guides/; created modules/devportal/guides/; moved docs/evaluate/ to product/; moved docs/metrics/ to modules/telemetry/guides/ |
| 2026-01-06 | **Pass 4**: Consolidated docs/airgap/ (38 files) into modules/airgap/guides/, runbooks/, gaps/, schemas/, samples/; consolidated docs/aoc/ into modules/aoc/guides/; consolidated docs/policy/ (20 files + fixtures/schemas) into modules/policy/guides/, fixtures/, schemas/; consolidated docs/replay/ into modules/replay/guides/; consolidated docs/uncertainty/ into modules/unknowns/guides/; consolidated docs/forensics/ into modules/evidence-locker/, provenance/, timeline-indexer/ guides/; consolidated docs/ingestion/ into modules/concelier/guides/; consolidated docs/interop/ into modules/attestor/guides/; consolidated docs/observability/ (14 files + dashboards) into modules/telemetry/guides/ and dashboards/; consolidated docs/runtime/ into modules/scanner/guides/; consolidated docs/slo/ into modules/jobengine/guides/; created modules/devportal/guides/; moved docs/evaluate/ to product/; moved docs/metrics/ to modules/telemetry/guides/ |
| 2026-01-06 | **Pass 3**: Consolidated docs/router/ into modules/router/ (archived 25 sprints to docs-archived/implplan/router/, moved transports/ and guides/); consolidated docs/reachability/ (23 files) into modules/reach-graph/guides/ and schemas/; consolidated docs/risk/ into modules/risk-engine/guides/ and samples/; consolidated docs/attestor/ and docs/provenance/ into respective modules; consolidated docs/vuln/ into modules/vuln-explorer/guides/; consolidated docs/sbom/ and docs/evidence-locker/ into respective modules; consolidated docs/marketing/ and docs/market/ into docs/product/ (strategy, competitive analysis); archived docs/artifacts/ to docs-archived/ |
| 2026-01-06 | **Pass 2**: Consolidated CLI docs into modules/cli/guides/ (removed docs/cli/); consolidated runbooks into operations/runbooks/ (removed docs/runbooks/); merged examples/ into samples/; consolidated signals/ into modules/signals/guides/; merged training/ into onboarding/ with concepts/ and faq/ subdirs; distributed guides/ into relevant module locations (risk-engine, signer, vex-lens, ui, authority); merged ci/ into cicd/; merged ops/ into operations/; moved faq/policy-faq.md to policy/faq.md |
| 2026-01-06 | Consolidated UI/Console docs into modules/ui/; consolidated deploy/deployment/install into operations/deployment/; consolidated docs/vex/ into modules/vex-lens/guides/; consolidated docs/release/ into docs/releases/; consolidated security docs (removed technical/security/) |