stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
1,328 Commits 2 Branches 0 Tags
77b88cbfa3391c03935bc90c6f53592fc873a5f0
Commit Graph

29 Commits

Author SHA1 Message Date
master
9efe5cdb64 feat(timeline): truthful ingestion transport + indexer wiring 
Sprint SPRINT_20260416_005_Timeline_truthful_ingestion_transport_contract.

Timeline WebService + TimelineIndexer worker program wiring; infrastructure
DI extension with null subscriber fallback; startup registration +
ingestion runtime registration tests.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 14:39:14 +03:00
master
4a8e2758cd refactor(timeline): renumber migrations to sequential 002-004 format 
Renames date-prefixed migrations (20260107_002, 20260408_003, 20260409_004)
to plain sequential numbers (002, 003, 004) to match the convention used by
other service migration directories. Adds TimelineCoreMigrationCategoryTests
to verify the unified-audit migration registers under the correct category
for the StartupMigrationHost transaction classifier.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 21:56:52 +03:00
master
3a36aefd81 fix: resolve 4 unhealthy services from fresh volume rebuild 
- router-gateway: sync 10 missing jobengine routes to local config (prevent array merge bleed-through)
- findings-ledger-web: add VulnExplorer tables to postgres-init bootstrap script
- timeline-web: replace competing migration hosted service with standard AddStartupMigrations
- graph-api: handle null PostgresGraphRepository gracefully, add graph schema to init
- scheduler-web: add failure_signatures table to init bootstrap

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 16:23:52 +03:00
master
537f4f17fc test(audit): comprehensive tests for emission, PII redaction, hash chain, enrichers 
- AuditPiiRedactorTests: 10 tests for recursive redaction + edge cases
- AuditActionFilterTests: 14 tests for capture, enrichment, fallback
- AuditModulesAndActionsTests: 3 tests for constant validation
- PostgresUnifiedAuditEventStoreTests: 8 tests for hash chain integrity
- UnifiedAuditAggregationServiceTests: 6 tests for new query filters
- AuditCleanseJobPluginTests: 7 tests for retention logic + validation
- PluginRegistryTests: 9 tests for plugin discovery
- Authority/Policy enricher tests: 8 tests for GUID resolution
- Total: ~65 new tests across 5 test projects
- Added InternalsVisibleTo for Audit.Emission and Timeline.WebService
- Created AuditCleanseJobPlugin implementation for retention-based cleanup

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 13:00:18 +03:00
master
7f40f8d678 feat(audit-api): fix 7 gaps — module catalog, Diff ingest, filters, chain verify 
- Add release/doctor/signals/advisory-ai/riskengine to module catalog (Gap 1)
- Add Diff to UnifiedAuditIngestRequest for before/after state (Gap 2)
- Add resourceName, actorIp, actorEmail query parameters (Gap 3, 8)
- Add GIN index on details_jsonb for future JSONB queries (Gap 6)
- Map chain verification endpoint GET /api/v1/audit/chain/verify (Gap 7)
- Expose content_hash + previous_entry_hash in API response (Gap 9)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 12:09:27 +03:00
master
f5a9f874d0 feat(audit): wire AddAuditEmission into 9 services (AUDIT-002) 
- Wire StellaOps.Audit.Emission DI in: Authority, Policy, Release-Orchestrator,
  EvidenceLocker, Notify, Scanner, Scheduler, Integrations, Platform
- Add AuditEmission__TimelineBaseUrl to compose defaults
- Endpoint filter annotation deferred to follow-up pass

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-08 16:20:39 +03:00
master
886ff6f9d2 refactor: JobEngine cleanup + crypto compose refactor + sprint plans + timeline merge prep 
- Remove zombie JobEngine WebService (no container runs it)
- Remove dangling STELLAOPS_JOBENGINE_URL, replace with RELEASE_ORCHESTRATOR_URL
- Update Timeline audit paths to release-orchestrator
- Extract smremote to docker-compose.crypto-provider.smremote.yml
- Rename crypto compose files for consistent naming
- Add crypto provider health probe API (CP-001) + tenant preferences (CP-002)
- Create sprint plans: crypto picker, VulnExplorer merge, scheduler plugins
- Timeline merge prep: ingestion worker relocated to infrastructure lib

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-08 13:45:19 +03:00
master
59e7f25d96 docs: add service README.md files + update AGENTS.md decisions 
- Create README.md for 25+ service modules with container info, API surface, storage
- Document attestor-tileproxy separation rationale (air-gap network isolation)
- Document opsmemory-advisoryai separation rationale (resource isolation, blast radius)
- Update Timeline AGENTS.md with merged indexer info

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-08 13:45:03 +03:00
master
4d82c346e3 Tag all Valkey/Redis connections with service-specific ClientName 
Set ClientName on every Redis/Valkey connection across Scanner, Signals,
Concelier, Notify, Scheduler, Timeline, and Router for easier connection
attribution in monitoring.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-06 08:51:27 +03:00
master
b851aa8300 Fix journey cluster defects + UX improvements across 7 clusters 
P0 fixes (clean-start + route contracts):
- VexHub: fix migration 002 table name + add repair migration 003
- Gateway: add /console/admin and /api/v1/unknowns routes
- IDP: add platform.idp.admin scope to OAuth client + web config
- Risk: fix URL construction from authority to gateway base
- Unknowns: fix client path from /api/v1/scanner/unknowns to /api/v1/unknowns

P1 fixes (trust + shell integrity):
- Audit: fix module name normalization, add Authority audit source
- Stage: add persistence across web store, API contracts, DB migration 059
- Posture: add per-source error tracking + degradation banner

P2 fixes (adoption + workflow clarity):
- Rename Triage to Findings in navigation + breadcrumbs
- Command palette: show quick actions for plain text queries, fix scan routes
- Scan: add local-mode limitation messaging + queue hints
- Release: add post-seal promotion CTA with pre-filled release ID
- Welcome: rewrite around operator adoption model (Get Started + What Stella Replaces)

UX improvements:
- Status rail: convert to icon-only with color state + tooltips
- Event Stream Monitor: new page at /ops/operations/event-stream
- Sidebar: collapse Operations by default
- User menu: embed theme switcher (Day/Night/System), remove standalone toggle
- Settings: add Profile section with email editing + PUT /api/v1/platform/preferences/email endpoint
- Docs viewer: replace custom parser with ngx-markdown (marked) for proper table/code/blockquote rendering

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-17 15:10:36 +02:00
master
4d8a48a05f Sprint 7+8: Journey UX fixes + identity envelope shared middleware 
Sprint 7 — Deep journey fixes:
  S7-T01: Trust & Signing empty state with "Go to Signing Keys" CTA
  S7-T02: Notifications 3-step setup guide (channel→rule→test)
  S7-T03: Topology validate step skip — "Skip Validation" when API fails,
    with validateSkipped signal matching agentSkipped pattern
  S7-T04: VEX export note on Risk Report tab linking to VEX Ledger

Sprint 8 — Identity envelope shared middleware (ARCHITECTURE):
  S8-T01: New UseIdentityEnvelopeAuthentication() extension in
    StellaOps.Router.AspNet. Reads X-StellaOps-Identity-Envelope headers,
    verifies HMAC-SHA256 via GatewayIdentityEnvelopeCodec, creates
    ClaimsPrincipal with sub/tenant/scopes/roles. 5min clock skew.
  S8-T02: Concelier refactored — removed 78 lines of inline impl,
    now uses shared one-liner
  S8-T03: Scanner — UseIdentityEnvelopeAuthentication() added
  S8-T04: JobEngine — UseIdentityEnvelopeAuthentication() added
  S8-T05: Timeline — UseIdentityEnvelopeAuthentication() added
  S8-T06: Integrations — UseIdentityEnvelopeAuthentication() added
  S8-T07: docs/modules/router/IDENTITY_ENVELOPE_MIDDLEWARE.md

All services now authenticate ReverseProxy requests via gateway envelope.
Scanner scan submit should now work with authenticated identity.

Angular: 0 errors. .NET (6 services): 0 errors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 18:27:46 +02:00
master
189171c594 Sidebar 5-group restructure + demo data badges + audit emission infrastructure 
Sprint 4 — Sidebar restructure (S4-T01+T02):
  5 groups: Release Control, Security, Operations, Audit & Evidence, Setup & Admin
  Groups 4+5 collapsed by default for new users
  Operations extracted from Release Control into own group
  Audit extracted from Security into own group
  groupOrder and resolveMenuGroupLabel updated
  Approvals badge moved to section-level

Sprint 2 — Demo data badges (S2-T04+T05):
  Backend: isDemo=true on all compatibility/seed responses in
    PackAdapterEndpoints, QuotaCompatibilityEndpoints, VulnerabilitiesController
  Frontend: "(Demo)" badges on Usage & Limits page quotas
  Frontend: "(Demo)" badges on triage artifact list when seed data
  New PlatformItemResponse/PlatformListResponse with IsDemo field

Sprint 6 — Audit emission infrastructure (S6-T01+T02):
  New shared library: src/__Libraries/StellaOps.Audit.Emission/
    - AuditActionAttribute: [AuditAction("module", "action")] endpoint tag
    - AuditActionFilter: IEndpointFilter that auto-emits UnifiedAuditEvent
    - HttpAuditEventEmitter: POSTs to Timeline /api/v1/audit/ingest
    - Single-line DI: services.AddAuditEmission(configuration)
  Timeline service: POST /api/v1/audit/ingest ingestion endpoint
    - IngestAuditEventStore: 10k-event ring buffer
    - CompositeUnifiedAuditEventProvider: merges HTTP-polled + ingested
  Documentation: docs/modules/audit/AUDIT_EMISSION_GUIDE.md

Angular build: 0 errors. .NET builds: 0 errors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 14:48:18 +02:00
master
8e1cb9448d consolidation of some of the modules, localization fixes, product advisories work, qa work 2026-03-05 03:54:22 +02:00
master
b07d27772e search and ai stabilization work, localization stablized. 2026-02-24 23:29:36 +02:00
master
4f947a8b61 tenant fixes 2026-02-23 23:44:50 +02:00
master
e746577380 wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10 2026-02-23 15:30:50 +02:00
master
bd8fee6ed8 stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search 2026-02-22 19:27:54 +02:00
master
49cdebe2f1 compose and authority fixes. finish sprints. 2026-02-18 12:00:10 +02:00
master
cf5b72974f save checkpoint 2026-02-11 01:32:14 +02:00
master
5548cf83bf part #2 2026-02-04 19:59:20 +02:00
master
557feefdc3 stabilizaiton work - projects rework for maintenanceability and ui livening 2026-02-03 23:40:04 +02:00
master
5d5e80b2e4 stabilize tests 2026-02-01 21:37:40 +02:00
master
6e687b523a fix tests. new product advisories enhancements 2026-01-25 19:11:36 +02:00
master
c32fff8f86 license switch agpl -> busl1, sprints work, new product advisories 2026-01-20 15:32:20 +02:00
master
da27b9faa9 release orchestration strengthening 2026-01-17 21:32:08 +02:00
master
d7be6ba34b audit, advisories and doctors/setup work 2026-01-13 18:53:39 +02:00
master
9873f80830 release orchestrator v1 draft and build fixes 2026-01-12 12:24:17 +02:00
master
a21d3dbc1f save progress 2026-01-09 18:27:46 +02:00
master
608a7f85c0 audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories 2026-01-07 18:50:11 +02:00