# Data isolation model (PostgreSQL)

StellaOps uses PostgreSQL as the canonical durable store. Isolation is achieved by:
- One schema per service (clear ownership boundaries).
- Tenant identifiers on all tenant-scoped records (enabling row-level strategies where required).
- Append-only patterns for specific evidence stores to preserve replayability.

## Schema ownership map

| Schema | Owner (primary) | Data class |
| --- | --- | --- |
| `authority` | Authority | Identity, clients, keys, auth audit trails. |
| `scanner` | Scanner | Scan manifests, triage, scan result metadata. |
| `vuln` | Concelier | Advisory raw documents, linksets, observations. |
| `vex` | Excititor | VEX raw statements and consensus state. |
| `scheduler` | Scheduler | Job orchestration state. |
| `notify` | Notify | Notifications state and delivery history. |
| `policy` | Policy | Exceptions, policy snapshots, unknown tracking. |
| `orchestrator` | Orchestrator | Workflow orchestration state. |

## Where to find authoritative schemas

This document is descriptive. The authoritative contract is:
- Module dossiers and migration notes under `docs/modules/<module>/`
- Database schema reference: `docs/11_DATA_SCHEMAS.md`