save progress

docs/modules/mirror/architecture.md

@@ -0,0 +1,60 @@
+# component_architecture_mirror.md - **Stella Ops Mirror** (2025Q4)
+
+> Vulnerability feed mirror and distribution service.
+
+> **Scope.** Architecture for **Mirror**: mirroring vulnerability feeds from upstream sources for offline distribution and reduced external dependencies.
+
+---
+
+## 0) Mission & boundaries
+
+**Mission.** Provide **local mirrors** of vulnerability feeds (NVD, OSV, GHSA, etc.) for offline operation and reduced latency. Enable air-gapped deployments to receive updates via bundle import.
+
+**Boundaries.**
+
+* Mirror **caches upstream feeds**; it does not originate vulnerability data.
+* Mirror **produces bundles** for air-gapped distribution.
+* Feeds are **cryptographically verified** before distribution.
+
+---
+
+## 1) Integration with Concelier
+
+Mirror is primarily integrated as part of Concelier's federation layer:
+
+```
+src/Concelier/__Libraries/
+ └─ StellaOps.Concelier.Federation/    # Bundle export/import for offline
+```
+
+The `StellaOpsMirror` connector in Concelier handles:
+- Upstream feed synchronization
+- Local cache management
+- Bundle generation for offline distribution
+
+---
+
+## 2) Bundle Format
+
+```json
+{
+  "bundleId": "mirror-nvd-2025-01-15",
+  "source": "nvd",
+  "timestamp": "2025-01-15T10:30:00Z",
+  "contents": [
+    {
+      "path": "nvd/CVE-2025-*.json",
+      "digest": "sha256:abc123..."
+    }
+  ],
+  "signature": { /* DSSE envelope */ }
+}
+```
+
+---
+
+## Related Documentation
+
+* Concelier: `../concelier/architecture.md`
+* AirGap: `../airgap/architecture.md`
+* Provenance observers: `./provenance/observers.md`