ui fixes

devops/compose/env/stellaops.env.example

@@ -16,7 +16,7 @@
 
 # PostgreSQL Database
 POSTGRES_USER=stellaops
-POSTGRES_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
+POSTGRES_PASSWORD=stellaops           # Change for production
 POSTGRES_DB=stellaops_platform
 POSTGRES_PORT=5432
 
@@ -31,12 +31,12 @@ RUSTFS_HTTP_PORT=8080
 # =============================================================================
 
 # Authority (OAuth2/OIDC)
-AUTHORITY_ISSUER=https://authority.example.com
+AUTHORITY_ISSUER=https://authority.stella-ops.local/
 AUTHORITY_PORT=8440
 AUTHORITY_OFFLINE_CACHE_TOLERANCE=00:30:00
 
 # Signer
-SIGNER_POE_INTROSPECT_URL=https://licensing.example.com/introspect
+SIGNER_POE_INTROSPECT_URL=http://authority.stella-ops.local/.well-known/openid-configuration
 SIGNER_PORT=8441
 
 # Attestor
@@ -62,18 +62,18 @@ UI_PORT=8443
 SCANNER_WEB_PORT=8444
 
 # Queue configuration (Valkey only - NATS removed)
-SCANNER__QUEUE__BROKER=valkey://valkey:6379
+SCANNER__QUEUE__BROKER=valkey://cache.stella-ops.local:6379
 
 # Event streaming
 SCANNER_EVENTS_ENABLED=false
 SCANNER_EVENTS_DRIVER=valkey
-SCANNER_EVENTS_DSN=valkey:6379
+SCANNER_EVENTS_DSN=cache.stella-ops.local:6379
 SCANNER_EVENTS_STREAM=stella.events
 SCANNER_EVENTS_PUBLISH_TIMEOUT_SECONDS=5
 SCANNER_EVENTS_MAX_STREAM_LENGTH=10000
 
 # Surface cache configuration
-SCANNER_SURFACE_FS_ENDPOINT=http://rustfs:8080
+SCANNER_SURFACE_FS_ENDPOINT=http://s3.stella-ops.local
 SCANNER_SURFACE_FS_BUCKET=surface-cache
 SCANNER_SURFACE_CACHE_ROOT=/var/lib/stellaops/surface
 SCANNER_SURFACE_CACHE_QUOTA_MB=4096
@@ -102,8 +102,8 @@ SCANNER_OFFLINEKIT_REKOR_SNAPSHOT_HOST_PATH=./offline/rekor-snapshot
 
 # Queue configuration (Valkey only - NATS removed)
 SCHEDULER__QUEUE__KIND=Valkey
-SCHEDULER__QUEUE__VALKEY__URL=valkey:6379
-SCHEDULER_SCANNER_BASEADDRESS=http://scanner-web:8444
+SCHEDULER__QUEUE__VALKEY__URL=cache.stella-ops.local:6379
+SCHEDULER_SCANNER_BASEADDRESS=http://scanner.stella-ops.local
 
 # =============================================================================
 # REKOR / SIGSTORE CONFIGURATION
@@ -121,7 +121,7 @@ REKOR_TILES_IMAGE=ghcr.io/sigstore/rekor-tiles:latest
 # =============================================================================
 
 ADVISORY_AI_WEB_PORT=8448
-ADVISORY_AI_SBOM_BASEADDRESS=http://scanner-web:8444
+ADVISORY_AI_SBOM_BASEADDRESS=http://scanner.stella-ops.local
 ADVISORY_AI_INFERENCE_MODE=Local
 ADVISORY_AI_REMOTE_BASEADDRESS=
 ADVISORY_AI_REMOTE_APIKEY=
@@ -135,7 +135,7 @@ STELLAOPS_CRYPTO_PROFILE=default
 
 # Enable crypto simulation (for testing)
 STELLAOPS_CRYPTO_ENABLE_SIM=0
-STELLAOPS_CRYPTO_SIM_URL=http://sim-crypto:8080
+STELLAOPS_CRYPTO_SIM_URL=http://crypto-sim.stella-ops.local:8080
 
 # CryptoPro (Russia only) - requires EULA acceptance
 CRYPTOPRO_PORT=18080

devops/compose/hosts.stellaops.local

@@ -0,0 +1,62 @@
+# Stella Ops local development hostnames
+# Each service gets a unique loopback IP so all can bind :443/:80 simultaneously.
+#
+# Source of truth: devops/compose/hosts.stellaops.local
+# Install automatically via: scripts/setup.ps1 (Windows) or scripts/setup.sh (Linux/macOS)
+# Manual install: append this file to your hosts file
+#   Windows: C:\Windows\System32\drivers\etc\hosts (run editor as Administrator)
+#   Linux/macOS: /etc/hosts (use sudo)
+
+# ── Platform services ────────────────────────────────────────────────────────
+127.1.0.1  stella-ops.local
+127.1.0.2  router.stella-ops.local
+127.1.0.3  platform.stella-ops.local
+127.1.0.4  authority.stella-ops.local
+127.1.0.5  gateway.stella-ops.local
+127.1.0.6  attestor.stella-ops.local
+127.1.0.7  evidencelocker.stella-ops.local
+127.1.0.8  scanner.stella-ops.local
+127.1.0.9  concelier.stella-ops.local
+127.1.0.10 excititor.stella-ops.local
+127.1.0.11 vexhub.stella-ops.local
+127.1.0.12 vexlens.stella-ops.local
+127.1.0.13 vulnexplorer.stella-ops.local
+127.1.0.14 policy-engine.stella-ops.local
+127.1.0.15 policy-gateway.stella-ops.local
+127.1.0.16 riskengine.stella-ops.local
+127.1.0.17 orchestrator.stella-ops.local
+127.1.0.18 taskrunner.stella-ops.local
+127.1.0.19 scheduler.stella-ops.local
+127.1.0.20 graph.stella-ops.local
+127.1.0.21 cartographer.stella-ops.local
+127.1.0.22 reachgraph.stella-ops.local
+127.1.0.23 timelineindexer.stella-ops.local
+127.1.0.24 timeline.stella-ops.local
+127.1.0.25 findings.stella-ops.local
+127.1.0.26 doctor.stella-ops.local
+127.1.0.27 opsmemory.stella-ops.local
+127.1.0.28 notifier.stella-ops.local
+127.1.0.29 notify.stella-ops.local
+127.1.0.30 signer.stella-ops.local
+127.1.0.31 smremote.stella-ops.local
+127.1.0.32 airgap-controller.stella-ops.local
+127.1.0.33 airgap-time.stella-ops.local
+127.1.0.34 packsregistry.stella-ops.local
+127.1.0.35 registry-token.stella-ops.local
+127.1.0.36 binaryindex.stella-ops.local
+127.1.0.37 issuerdirectory.stella-ops.local
+127.1.0.38 symbols.stella-ops.local
+127.1.0.39 sbomservice.stella-ops.local
+127.1.0.40 exportcenter.stella-ops.local
+127.1.0.41 replay.stella-ops.local
+127.1.0.42 integrations.stella-ops.local
+127.1.0.43 signals.stella-ops.local
+127.1.0.44 advisoryai.stella-ops.local
+127.1.0.45 unknowns.stella-ops.local
+
+# ── Infrastructure (local dev containers) ────────────────────────────────────
+127.1.1.1  db.stella-ops.local
+127.1.1.2  cache.stella-ops.local
+127.1.1.3  s3.stella-ops.local
+127.1.1.4  rekor.stella-ops.local
+127.1.1.5  registry.stella-ops.local