Refactor code structure and optimize performance across multiple modules

etc/README.md

@@ -0,0 +1,83 @@
+# StellaOps Configuration (`etc/`)
+
+This directory contains all configuration for StellaOps services. It is the **single source of truth** for deployment configuration.
+
+## Directory Structure
+
+```
+etc/
+├── authority/            # Authentication & authorization service
+├── certificates/         # Trust anchors and signing keys
+├── concelier/            # Advisory ingestion service
+├── crypto/               # Regional cryptographic profiles
+├── env/                  # Environment-specific profiles (dev/stage/prod/airgap)
+├── llm-providers/        # AI/LLM provider configurations
+├── notify/               # Notification service & templates
+├── plugins/              # Plugin manifests (configuration, not binaries)
+├── policy/               # Policy engine configuration & packs
+├── router/               # Transport router configuration
+├── scanner/              # Container scanning service
+├── scheduler/            # Job scheduling service
+├── scm-connectors/       # Source control integrations
+├── secrets/              # Development secrets only (NEVER for production)
+├── signals/              # Runtime signals configuration
+└── vex/                  # VEX processing services
+```
+
+## File Naming Convention
+
+| Pattern | Purpose | Git Status |
+|---------|---------|------------|
+| `*.yaml.sample` | Documented template with all options | Committed |
+| `*.yaml` | Active configuration | Git-ignored |
+| `*.env.sample` | Environment variable template | Committed |
+| `env.*` | Active environment file | Git-ignored |
+
+## Quick Start
+
+```bash
+# 1. Copy sample to active config
+cp etc/scanner/scanner.yaml.sample etc/scanner/scanner.yaml
+
+# 2. Edit for your environment
+vi etc/scanner/scanner.yaml
+
+# 3. Copy environment profile
+cp etc/env/dev.env.sample etc/env/dev.env
+```
+
+## Regional Crypto Profiles
+
+For compliance with regional cryptographic standards:
+
+| Profile | Standard | Use Case |
+|---------|----------|----------|
+| `us-fips` | FIPS 140-3 | US Federal, DoD |
+| `eu` | eIDAS | EU qualified signatures |
+| `ru` | GOST R 34.10/11/12 | Russian Federation |
+| `cn` | GM/T (SM2/SM3/SM4) | China |
+| `kr` | KCMVP | South Korea |
+
+Activate via:
+```bash
+export STELLAOPS_CRYPTO_PROFILE=us-fips
+```
+
+## What Lives Elsewhere
+
+| Directory | Purpose |
+|-----------|---------|
+| `plugins/` | Compiled plugin binaries (runtime artifacts) |
+| `opt/` | Optional vendor packages (CryptoPro, etc.) |
+| `offline/` | Air-gap operational state (feeds, packages) |
+
+## Security
+
+- **NEVER commit active configs** (`.yaml` files are git-ignored)
+- **Secrets via environment variables** or external secret managers
+- **`etc/secrets/`** contains ONLY development/sample keys - never for production
+- **Production signing keys** must come from HSM, Vault, or KMS
+
+## Documentation
+
+Full guide: [docs/operations/configuration-guide.md](../docs/operations/configuration-guide.md)