# IssuerDirectory

**Status:** Implemented (source relocated by Sprint 216)
**Source:** `src/Authority/StellaOps.IssuerDirectory/` (previously `src/IssuerDirectory/`)
**Owner:** Authority domain (Identity & Trust)

## Latest updates (2026-04-16)

- IssuerDirectory web runtime no longer silently falls back to in-memory persistence outside `Testing`; non-testing hosts now require PostgreSQL wiring.
- Canonical configuration now lives under `IssuerDirectory:Persistence:*`, while legacy `IssuerDirectory:Postgres:*` settings remain supported for compatibility.
- Focused runtime coverage lives in `StellaOps.IssuerDirectory.WebService.Tests`.

## Purpose

IssuerDirectory maintains a trust registry of CSAF publishers and VEX statement issuers. Provides discovery, validation, and trust scoring for upstream vulnerability advisories and VEX statements.

## Domain ownership

As of Sprint 216, IssuerDirectory source is owned by the Authority domain. The runtime service identity, container, and database schema remain independent. Schema isolation from AuthorityDbContext is a deliberate security feature.

See `docs/modules/authority/architecture.md` (sections 21.1--21.4) for schema ownership and the no-merge ADR.

## Components

**Services:**
- `StellaOps.IssuerDirectory` - Main service for issuer registry management and API

## Configuration

See `etc/issuer-directory.yaml.sample` for configuration options.

Key settings:
- `IssuerDirectory:Persistence:Provider=Postgres`
- `IssuerDirectory:Persistence:PostgresConnectionString`
- `IssuerDirectory:Persistence:SchemaName` (defaults to `issuer`)
- Authority integration settings
- Issuer discovery endpoints
- Trust validation policies
- CSAF provider metadata validation

## Dependencies

- PostgreSQL (schema: `issuer_directory`)
- Authority (authentication)
- Concelier (consumes issuer metadata)
- VexHub (consumes issuer trust data)
- VexLens (trust scoring integration)

## Related Documentation

- Architecture: `../authority/architecture.md` (sections 21.1--21.4)
- Archived original: `docs-archived/modules/issuer-directory/`
- Concelier: `../concelier/`
- VexHub: `../vexhub/`
- VexLens: `../vex-lens/`