release orchestrator pivot, architecture and planning
This commit is contained in:
137
docs/modules/release-orchestrator/README.md
Normal file
137
docs/modules/release-orchestrator/README.md
Normal file
@@ -0,0 +1,137 @@
|
||||
# Release Orchestrator
|
||||
|
||||
> Central release control plane for non-Kubernetes container estates.
|
||||
|
||||
**Status:** Planned (not yet implemented)
|
||||
**Source:** [Full Architecture Specification](../../product/advisories/09-Jan-2026%20-%20Stella%20Ops%20Orchestrator%20Architecture.md)
|
||||
|
||||
## Purpose
|
||||
|
||||
The Release Orchestrator extends Stella Ops from a vulnerability scanning platform into **Stella Ops Suite** — a unified release control plane for non-Kubernetes container environments. It integrates:
|
||||
|
||||
- **Existing capabilities**: SBOM generation, reachability-aware vulnerability analysis, VEX support, policy engine, evidence locker, deterministic replay
|
||||
- **New capabilities**: Environment management, release orchestration, promotion workflows, deployment execution, progressive delivery, audit-grade release governance
|
||||
|
||||
## Scope
|
||||
|
||||
| In Scope | Out of Scope |
|
||||
|----------|--------------|
|
||||
| Non-K8s container deployments (Docker, Compose, ECS, Nomad) | Kubernetes deployments (use ArgoCD, Flux) |
|
||||
| Release identity via OCI digests | Tag-based release identity |
|
||||
| Plugin-extensible integrations | Hard-coded vendor integrations |
|
||||
| SSH/WinRM + agent-based deployment | Cloud-native serverless deployments |
|
||||
| L4/L7 traffic management via router plugins | Built-in service mesh |
|
||||
|
||||
## Documentation Structure
|
||||
|
||||
### Design & Principles
|
||||
- [Design Principles](design/principles.md) — Core principles and invariants
|
||||
- [Key Decisions](design/decisions.md) — Architectural decision record
|
||||
|
||||
### Implementation
|
||||
- [Implementation Guide](implementation-guide.md) — .NET 10 patterns and best practices
|
||||
- [Test Structure](test-structure.md) — Test organization and guidelines
|
||||
|
||||
### Module Architecture
|
||||
- [Module Overview](modules/overview.md) — All modules and themes
|
||||
- [Integration Hub (INTHUB)](modules/integration-hub.md) — External integrations
|
||||
- [Environment Manager (ENVMGR)](modules/environment-manager.md) — Environments and targets
|
||||
- [Release Manager (RELMAN)](modules/release-manager.md) — Release bundles and versions
|
||||
- [Workflow Engine (WORKFL)](modules/workflow-engine.md) — DAG execution
|
||||
- [Promotion Manager (PROMOT)](modules/promotion-manager.md) — Approvals and gates
|
||||
- [Deploy Orchestrator (DEPLOY)](modules/deploy-orchestrator.md) — Deployment execution
|
||||
- [Agents (AGENTS)](modules/agents.md) — Deployment agents
|
||||
- [Progressive Delivery (PROGDL)](modules/progressive-delivery.md) — A/B and canary
|
||||
- [Release Evidence (RELEVI)](modules/evidence.md) — Evidence packets
|
||||
- [Plugin System (PLUGIN)](modules/plugin-system.md) — Plugin infrastructure
|
||||
|
||||
### Data Model
|
||||
- [Database Schema](data-model/schema.md) — PostgreSQL schema specification
|
||||
- [Entity Definitions](data-model/entities.md) — Entity descriptions
|
||||
|
||||
### API Specification
|
||||
- [API Overview](api/overview.md) — API design principles
|
||||
- [Environment APIs](api/environments.md) — Environment endpoints
|
||||
- [Release APIs](api/releases.md) — Release endpoints
|
||||
- [Promotion APIs](api/promotions.md) — Promotion endpoints
|
||||
- [Workflow APIs](api/workflows.md) — Workflow endpoints
|
||||
- [Agent APIs](api/agents.md) — Agent endpoints
|
||||
- [WebSocket APIs](api/websockets.md) — Real-time endpoints
|
||||
|
||||
### Workflow Engine
|
||||
- [Template Structure](workflow/templates.md) — Workflow template specification
|
||||
- [Execution State Machine](workflow/execution.md) — Workflow state machine
|
||||
- [Promotion State Machine](workflow/promotion.md) — Promotion state machine
|
||||
|
||||
### Security
|
||||
- [Security Overview](security/overview.md) — Security principles
|
||||
- [Authentication & Authorization](security/auth.md) — AuthN/AuthZ
|
||||
- [Agent Security](security/agent-security.md) — Agent security model
|
||||
- [Threat Model](security/threat-model.md) — Threats and mitigations
|
||||
- [Audit Trail](security/audit-trail.md) — Audit logging
|
||||
|
||||
### Integrations
|
||||
- [Integration Overview](integrations/overview.md) — Integration types
|
||||
- [Connector Interface](integrations/connectors.md) — Connector specification
|
||||
- [Webhook Architecture](integrations/webhooks.md) — Webhook handling
|
||||
- [CI/CD Patterns](integrations/ci-cd.md) — CI/CD integration patterns
|
||||
|
||||
### Deployment
|
||||
- [Deployment Overview](deployment/overview.md) — Architecture overview
|
||||
- [Deployment Strategies](deployment/strategies.md) — Deployment strategies
|
||||
- [Agent-Based Deployment](deployment/agent-based.md) — Agent deployment
|
||||
- [Agentless Deployment](deployment/agentless.md) — SSH/WinRM deployment
|
||||
- [Artifact Generation](deployment/artifacts.md) — Generated artifacts
|
||||
|
||||
### Progressive Delivery
|
||||
- [Progressive Overview](progressive-delivery/overview.md) — Progressive delivery architecture
|
||||
- [A/B Releases](progressive-delivery/ab-releases.md) — A/B release models
|
||||
- [Canary Controller](progressive-delivery/canary.md) — Canary implementation
|
||||
- [Router Plugins](progressive-delivery/routers.md) — Traffic routing plugins
|
||||
|
||||
### UI/UX
|
||||
- [Dashboard Specification](ui/dashboard.md) — Dashboard screens
|
||||
- [Workflow Editor](ui/workflow-editor.md) — Workflow editor
|
||||
- [Screen Reference](ui/screens.md) — Key UI screens
|
||||
|
||||
### Operations
|
||||
- [Metrics](operations/metrics.md) — Metrics specification
|
||||
- [Logging](operations/logging.md) — Logging patterns
|
||||
- [Tracing](operations/tracing.md) — Distributed tracing
|
||||
- [Alerting](operations/alerting.md) — Alert rules
|
||||
|
||||
### Implementation
|
||||
- [Roadmap](roadmap.md) — Implementation phases
|
||||
- [Resource Requirements](roadmap.md#resource-requirements) — Sizing
|
||||
|
||||
### Appendices
|
||||
- [Glossary](appendices/glossary.md) — Term definitions
|
||||
- [Configuration Reference](appendices/config.md) — Configuration options
|
||||
- [Error Codes](appendices/errors.md) — API error codes
|
||||
- [Evidence Schema](appendices/evidence-schema.md) — Evidence packet format
|
||||
|
||||
## Quick Reference
|
||||
|
||||
### Key Principles
|
||||
|
||||
1. **Digest-first release identity** — Releases are immutable OCI digests, not tags
|
||||
2. **Evidence for every decision** — Every promotion/deployment produces sealed evidence
|
||||
3. **Pluggable everything, stable core** — Integrations are plugins; core is stable
|
||||
4. **No feature gating** — All plans include all features
|
||||
5. **Offline-first operation** — Core works in air-gapped environments
|
||||
6. **Immutable generated artifacts** — Every deployment generates stored artifacts
|
||||
|
||||
### Platform Themes
|
||||
|
||||
| Theme | Purpose |
|
||||
|-------|---------|
|
||||
| **INTHUB** | Integration hub — external system connections |
|
||||
| **ENVMGR** | Environment management — environments, targets, agents |
|
||||
| **RELMAN** | Release management — components, versions, releases |
|
||||
| **WORKFL** | Workflow engine — DAG execution, steps |
|
||||
| **PROMOT** | Promotion — approvals, gates, decisions |
|
||||
| **DEPLOY** | Deployment — execution, artifacts, rollback |
|
||||
| **AGENTS** | Agents — Docker, Compose, ECS, Nomad |
|
||||
| **PROGDL** | Progressive delivery — A/B, canary |
|
||||
| **RELEVI** | Evidence — packets, stickers, audit |
|
||||
| **PLUGIN** | Plugins — registry, loader, SDK |
|
||||
Reference in New Issue
Block a user