stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

docs: module dossier + install/quickstart sync for truthful cutover sprints

Browse Source 
- API_CLI_REFERENCE.md, INSTALL_GUIDE.md, quickstart.md, architecture/integrations.md, dev/DEV_ENVIRONMENT_SETUP.md, integrations/LOCAL_SERVICES.md: reflect real-service wiring.
- docs/modules/**: module dossier updates across the modules touched by SPRINT_20260415_001..007 + SPRINT_20260416_003..017 + SPRINT_20260417_018..024 + SPRINT_20260418_025 + SPRINT_20260419_026.
- docs/features/checked/web/**: update feature notes where UI changed.
- docs/qa/feature-checks/runs/web/evidence-presentation-ux/: QA evidence artifacts.
- docs/setup/**, docs/technical/**: align with setup wizard contracts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-19 14:45:09 +03:00
parent ad62ba7f76
commit fdf95e0f46
67 changed files with 590 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/modules/findings-ledger/README.md
View File

@@ -33,6 +33,13 @@ Previously archived docs for RiskEngine and VulnExplorer are in `docs-archived/m
- `signedScore` is emitted only when cached or historical scoring state exists for the resolved finding.
- `proofSubjectId` is surfaced only when the projection carries replay/proof identity, allowing the Web console to enable verification only when a real proof subject exists.
## Runtime cutover status
- `RiskEngine.WebService` is PostgreSQL-backed in every non-testing environment. The previous live in-memory score-result path is no longer part of the production host composition root.
- `Findings.Ledger.WebService` keeps compatibility-only scoring state, webhook registration state, runtime traces/timeline state, and merged VulnExplorer write state isolated to `Testing`. In non-testing environments those retired write surfaces return truthful `501 problem+json` responses instead of fabricating success.
- Projection-backed read surfaces remain live and truthful: `GET /v1/vulns`, `GET /v1/vulns/{id}`, `GET /v1/evidence-subgraph/{vulnId}`, and `GET /api/v2/security/vulnerabilities/{identifier}` still resolve from persisted Findings projections.
- `LedgerDataSource` now applies UTC session defaults and `search_path=findings,public` on every PostgreSQL connection so raw-SQL repositories resolve canonical Findings tables consistently after restart.
## Implementation Status
### Delivery Phases