Initial commit

2025-08-30 21:05:34 +00:00
commit b04557a923
40 changed files with 5469 additions and 0 deletions
--- a/docs/23_FAQ_MATRIX.md
+++ b/docs/23_FAQ_MATRIX.md
@@ -0,0 +1,61 @@
+# Stella Ops — Frequently Asked Questions (Matrix)
+
+## Quick glance
+
+| Question | Short answer |
+|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| What is Stella Ops? | A lightning‑fast, SBOM‑first container‑security scanner written in **.NET {{ dotnet }}** with an **Angular {{ angular }}** web UI. |
+| How fast is it? | Warm scans finish in **\< 5 s** on a 4‑vCPU runner; first scans stay **\< 30 s**. |
+| Is it free? | Yes – **{{ quota_anon }} scans / day** anonymously. Requesting a free JWT lifts the limit to **{{ quota_token }}**. A gentle reminder shows at 200; exceeding the cap throttles speed but never blocks. |
+| Does it run offline? | Yes — download the signed **Offline Update Kit**; see `/offline/`. |
+| Can I extend it? | Yes — restart‑time plug‑ins (`ISbomMutator`, `IVulnerabilityProvider`, `IResultSink`, OPA Rego). Marketplace GA in v1.0. |
+
+---
+
+## Road‑map (authoritative link)
+
+The full, always‑up‑to‑date roadmap lives at <https://stella‑ops.org/roadmap/>.  
+Snapshot:
+
+| Version | Target date | Locked‑in scope (freeze at β) |
+|---------|-------------|--------------------------------|
+| **v0.1 α** | *Late 2025* | Δ‑SBOM engine, nightly re‑scan, Offline Kit v1, {{ quota_anon }}/ {{ quota_token }} quota |
+| **v0.2 β** | Q1 2026 | *Zastava* forbidden‑image scanner, registry sweeper, SDK β |
+| **v0.3 β** | Q2 2026 | YAML/Rego policy‑as‑code, SARIF output, OUK auto‑import |
+| **v0.4 RC** | Q3 2026 | AI remediation advisor, LDAP/AD SSO, pluggable TLS providers |
+| **v1.0 GA** | Q4 2026 | SLSA L3 provenance, signed plug‑in marketplace |
+
+---
+
+## Technical matrix
+
+| Category | Detail |
+|----------|--------|
+| **Core runtime** | C# 14 on **.NET {{ dotnet }}** |
+| **UI stack** | **Angular {{ angular }}** + TailwindCSS |
+| **Container base** | Distroless glibc (x86‑64 & arm64) |
+| **Data stores** | MongoDB 7 (SBOM + findings), Redis 7 (LRU cache + quota) |
+| **Release integrity** | Cosign‑signed images & TGZ, reproducible build, SPDX 2.3 SBOM |
+| **Extensibility** | Plug‑ins in any .NET language (restart load); OPA Rego policies |
+| **Default quotas** | Anonymous **{{ quota_anon }} scans/day** · JWT **{{ quota_token }}** |
+
+---
+
+## Quota enforcement (overview)
+
+* Counters live in Redis with 24 h keys: `quota:ip:<sha256>` or `quota:tid:<hash>`.
+* Soft reminder banner at 200 daily scans.
+* Past the limit: first 30 excess requests delayed 5 s; afterwards 60 s.
+* Behaviour is identical online and offline (validation local).
+
+For full flow see `docs/30_QUOTA_ENFORCEMENT_FLOW1.md`.
+
+---
+
+## Further reading
+
+* **Install guide:** `/install/`  
+* **Offline mode:** `/offline/`  
+* **Security policy:** `/security/`  
+* **Governance:** `/governance/`  
+* **Community chat:** Matrix `#stellaops:libera.chat`