feat: Implement vulnerability token signing and verification utilities

- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys. - Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries. - Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads. - Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options. - Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads. - Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features. - Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:02:29 +02:00
parent bf2bf4b395
commit b1e78fe412
215 changed files with 19441 additions and 12185 deletions
--- a/docs/modules/excitor/README.md
+++ b/docs/modules/excitor/README.md
@@ -0,0 +1,34 @@
+# StellaOps Excitor
+
+Excitor computes deterministic consensus across VEX claims, preserving conflicts and producing attestable evidence for policy suppression.
+
+## Responsibilities
+- Ingest Excititor observations and compute per-product consensus snapshots.
+- Provide APIs for querying canonical VEX positions and conflict sets.
+- Publish exports and DSSE-ready digests for downstream consumption.
+- Keep provenance weights and disagreement metadata.
+
+## Key components
+- Consensus engine and API host in `StellaOps.Excitor.*` (to-be-implemented).
+- Storage schema for consensus graphs.
+- Integration hooks for Policy Engine suppression logic.
+
+## Integrations & dependencies
+- Excititor for raw observations.
+- Policy Engine and UI for suppression stories.
+- CLI for evidence inspection.
+
+## Operational notes
+- Deterministic consensus algorithms (see architecture).
+- Planned telemetry for disagreement counts and freshness.
+- Offline exports aligning with Concelier/Excititor timelines.
+
+## Related resources
+- ./scoring.md
+
+## Backlog references
+- DOCS-EXCITOR backlog referenced in architecture doc.
+- CLI parity tracked in ../../TASKS.md (CLI-GRAPH/VEX stories).
+
+## Epic alignment
+- **Epic 7 – VEX Consensus Lens:** deliver trust-weighted consensus snapshots, disagreement metadata, and explain APIs.