stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

audit, advisories and doctors/setup work

Browse Source
This commit is contained in:
master
2026-01-13 18:53:39 +02:00
parent 9ca7cb183e
commit d7be6ba34b
811 changed files with 54242 additions and 4056 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docs/key-features.md
View File

@@ -130,11 +130,20 @@ Components:
**Modules (planned):** `PluginRegistry`, `PluginLoader`, `PluginSandbox`, `PluginSDK`
### 6. Doctor Self Service Diagnostics (Planned)
**Operators can self-diagnose integrations and services.** Doctor auto-discovers installed packs,
runs deterministic checks, and prints exact CLI fixes for every failure. Output includes JSONL
evidence logs and optional DSSE summaries for audits.
**Modules (planned):** `Doctor`, `IntegrationHub`, `CLI`, `Web`
**Spec:** `docs/doctor/doctor-capabilities.md`
---
## Security Capabilities (Operational)
### 6. Decision Capsules — Audit-Grade Evidence Bundles
### 7. Decision Capsules — Audit-Grade Evidence Bundles
**Every scan and release decision is sealed.** A Decision Capsule is a content-addressed bundle containing everything needed to reproduce and verify the decision.
@@ -149,7 +158,7 @@ Components:
**Modules:** `EvidenceLocker`, `Attestor`, `Replay`
### 7. Lattice Policy + OpenVEX (K4 Logic)
### 8. Lattice Policy + OpenVEX (K4 Logic)
**VEX as a logical claim system, not a suppression file.** The policy engine uses Belnap K4 four-valued logic.
@@ -164,7 +173,7 @@ Components:
**Modules:** `VexLens`, `TrustLatticeEngine`, `Policy`
### 8. Signed Reachability Proofs
### 9. Signed Reachability Proofs
**Proof of exploitability, not just a badge.** Every reachability graph is sealed with DSSE.
@@ -178,7 +187,7 @@ Components:
**Modules:** `ReachGraph`, `PathWitnessBuilder`
### 9. Deterministic Replay
### 10. Deterministic Replay
**The audit-grade guarantee.** Every scan produces a DSSE + SRM bundle that can be replayed.
@@ -192,7 +201,7 @@ stella replay srm.yaml --assert-digest sha256:abc123...
**Modules:** `Replay`, `Scanner`, `Policy`
### 10. Sovereign Crypto Profiles
### 11. Sovereign Crypto Profiles
**Regional compliance without code changes.** FIPS, eIDAS, GOST, SM, and PQC profiles are configuration toggles.
@@ -206,7 +215,7 @@ stella replay srm.yaml --assert-digest sha256:abc123...
**Modules:** `Cryptography`, `CryptoProfile`
### 11. Offline Operations (Air-Gap Parity)
### 12. Offline Operations (Air-Gap Parity)
**Full functionality without network.** Offline Update Kits bundle everything needed.
@@ -218,11 +227,22 @@ stella replay srm.yaml --assert-digest sha256:abc123...
**Modules:** `AirGap.Controller`, `TrustStore`
### 13. Controlled Conversational Advisor
**Ask Stella with guardrails.** Operators can query evidence and receive cited answers while tool actions remain policy-gated and audited.
Key controls:
- Chat Gateway quotas and token budgets per user/org.
- Scrubber for secrets/PII and allowlisted tool calls only.
- Immutable audit log for prompts, redactions, tool calls, and model fingerprints.
**Modules:** `AdvisoryAI`, `Policy`, `Authority`, `CLI`, `Web`, `Gateway`
---
## Competitive Moats Summary
**Six capabilities no competitor offers together:**
**Seven capabilities no competitor offers together:**
| # | Capability | Category |
|---|-----------|----------|
@@ -232,6 +252,7 @@ stella replay srm.yaml --assert-digest sha256:abc123...
| 4 | **Signed Reachability Proofs** | Security |
| 5 | **Deterministic Replay** | Security |
| 6 | **Sovereign + Offline Operation** | Operations |
| 7 | **Controlled Conversational Advisor** | Security |
**Pricing moat:** No per-seat, per-project, or per-deployment tax. Limits are environments + new digests/day.
@@ -247,3 +268,4 @@ stella replay srm.yaml --assert-digest sha256:abc123...
- **Competitive Landscape**: [`docs/product/competitive-landscape.md`](product/competitive-landscape.md)
- **Quickstart**: [`docs/quickstart.md`](quickstart.md)
- **Feature Matrix**: [`docs/FEATURE_MATRIX.md`](FEATURE_MATRIX.md)
- **Controlled Conversational Interface Advisory**: [`docs-archived/product/advisories/13-Jan-2026 - Controlled Conversational Interface.md`](../docs-archived/product/advisories/13-Jan-2026%20-%20Controlled%20Conversational%20Interface.md)