save progress

docs/modules/README.md

@@ -0,0 +1,123 @@
+# StellaOps Module Documentation Index
+
+This directory contains architecture documentation for all StellaOps modules.
+
+## Module Categories
+
+### Core Platform
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Authority](./authority/) | `src/Authority/` | Authentication, authorization, OAuth/OIDC, DPoP |
+| [Gateway](./gateway/) | `src/Gateway/` | API gateway with routing and transport abstraction |
+| [Router](./router/) | `src/Router/` | Transport-agnostic messaging (TCP/TLS/UDP/RabbitMQ/Valkey) |
+| [Platform](./platform/) | Cross-cutting | Platform architecture overview |
+
+### Data Ingestion
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Concelier](./concelier/) | `src/Concelier/` | Vulnerability advisory ingestion and merge engine |
+| [Excititor](./excititor/) | `src/Excititor/` | VEX document ingestion and export |
+| [VexLens](./vex-lens/) | `src/VexLens/` | VEX consensus computation across issuers |
+| [VexHub](./vexhub/) | `src/VexHub/` | VEX distribution and exchange hub |
+| [IssuerDirectory](./issuer-directory/) | `src/IssuerDirectory/` | Issuer trust registry (CSAF publishers) |
+| [Feedser](./feedser/) | `src/Feedser/` | Evidence collection library for backport detection |
+| [Mirror](./mirror/) | `src/Mirror/` | Vulnerability feed mirror and distribution |
+
+### Scanning & Analysis
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Scanner](./scanner/) | `src/Scanner/` | Container scanning with SBOM generation |
+| [BinaryIndex](./binaryindex/) | `src/BinaryIndex/` | Binary identity extraction and fingerprinting |
+| [AdvisoryAI](./advisory-ai/) | `src/AdvisoryAI/` | AI-assisted advisory analysis |
+| [Symbols](./symbols/) | `src/Symbols/` | Symbol resolution and debug information |
+| [ReachGraph](./reachgraph/) | `src/ReachGraph/` | Reachability graph service |
+
+### Artifacts & Evidence
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Attestor](./attestor/) | `src/Attestor/` | in-toto/DSSE attestation generation |
+| [Signer](./signer/) | `src/Signer/` | Cryptographic signing operations |
+| [SbomService](./sbomservice/) | `src/SbomService/` | SBOM storage, versioning, and lineage ledger |
+| [EvidenceLocker](./evidence-locker/) | `src/EvidenceLocker/` | Sealed evidence storage and export |
+| [ExportCenter](./export-center/) | `src/ExportCenter/` | Batch export and report generation |
+| [Provenance](./provenance/) | `src/Provenance/` | SLSA/DSSE attestation tooling |
+| [Provcache](./provcache/) | Library | Provenance cache utilities |
+
+### Policy & Risk
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Policy](./policy/) | `src/Policy/` | Policy engine with K4 lattice logic |
+| [RiskEngine](./riskengine/) | `src/RiskEngine/` | Risk scoring runtime |
+| [VulnExplorer](./vuln-explorer/) | `src/VulnExplorer/` | Vulnerability exploration and triage |
+| [Unknowns](./unknowns/) | `src/Unknowns/` | Unknown component tracking registry |
+
+### Operations
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Scheduler](./scheduler/) | `src/Scheduler/` | Job scheduling and queue management |
+| [Orchestrator](./orchestrator/) | `src/Orchestrator/` | Workflow orchestration and task coordination |
+| [TaskRunner](./taskrunner/) | `src/TaskRunner/` | Task pack execution engine |
+| [Notify](./notify/) | `src/Notify/` | Notification toolkit (Email, Slack, Teams, Webhooks) |
+| [Notifier](./notifier/) | `src/Notifier/` | Notifications Studio host |
+| [PacksRegistry](./packsregistry/) | `src/PacksRegistry/` | Task packs registry |
+| [TimelineIndexer](./timelineindexer/) | `src/TimelineIndexer/` | Timeline event indexing |
+| [Replay](./replay/) | `src/Replay/` | Deterministic replay engine |
+
+### Integration
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [CLI](./cli/) | `src/Cli/` | Command-line interface (Native AOT) |
+| [Zastava](./zastava/) | `src/Zastava/` | Container registry webhook observer |
+| [Web/UI](./ui/) | `src/Web/` | Angular 17 frontend SPA |
+| [API](./api/) | `src/Api/` | OpenAPI contracts and governance |
+| [Registry](./registry/) | `src/Registry/` | Container registry integration |
+
+### Infrastructure
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Cryptography](./cryptography/) | `src/Cryptography/` | Crypto plugins (FIPS, eIDAS, GOST, SM, PQ) |
+| [Telemetry](./telemetry/) | `src/Telemetry/` | OpenTelemetry traces, metrics, logging |
+| [Graph](./graph/) | `src/Graph/` | Call graph and reachability data structures |
+| [Signals](./signals/) | `src/Signals/` | Runtime signal collection and correlation |
+| [AirGap](./airgap/) | `src/AirGap/` | Air-gapped deployment support |
+| [AOC](./aoc/) | `src/Aoc/` | Append-Only Contract enforcement |
+
+### Testing & Benchmarks
+
+| Module | Path | Description |
+|--------|------|-------------|
+| [Benchmark](./benchmark/) | Scanner library | Competitive benchmarking (accuracy comparison) |
+| [Bench](./bench/) | `src/Bench/` | Performance benchmarks |
+
+### Cross-Cutting Concepts
+
+| Folder | Purpose |
+|--------|---------|
+| [Evidence](./evidence/) | Unified evidence model specification |
+| [Snapshot](./snapshot/) | Knowledge snapshot and replay concepts |
+| [Triage](./triage/) | Vulnerability triage workflows |
+| [DevOps](./devops/) | DevOps and CI/CD infrastructure |
+| [CI](./ci/) | CI pipeline documentation |
+
+---
+
+## Documentation Standards
+
+Each module folder should contain:
+
+| File | Purpose |
+|------|---------|
+| `README.md` | Quick overview, purpose, components |
+| `architecture.md` | Detailed architecture specification |
+| `AGENTS.md` | (Optional) Claude Code agent guidance |
+| `operations/` | (Optional) Operational runbooks |
+
+See the [Documentation Template Standard](../implplan/SPRINT_1228_0001_DOCS_module_documentation_consolidation.md#documentation-template-standard) for the full architecture.md template.