# Infrastructure dependencies (detailed)

StellaOps is designed to run with a small set of required infrastructure components. Everything else is optional and must not be a hidden dependency for core workflows.

## PostgreSQL (required)

Primary store for durable state. Each service owns a schema to keep boundaries clear and enable tenant isolation strategies.

| Schema | Owner (primary) | Purpose |
| --- | --- | --- |
| `authority` | Authority | Users, clients, tenants, keys, audit trails. |
| `scanner` | Scanner | Scan manifests, triage, scan results metadata. |
| `vuln` | Concelier | Advisory raw documents, linksets, observations. |
| `vex` | Excititor | VEX raw documents, consensus, provider state. |
| `scheduler` | Scheduler | Jobs, runs, schedules, impact snapshots. |
| `notify` | Notify | Channels, templates, delivery history, digests. |
| `policy` | Policy | Exception objects, snapshots, unknowns. |
| `orchestrator` | Orchestrator | Sources, runs, jobs, DAGs, pack runs. |

## Valkey (required)

Redis-compatible cache + coordination substrate.

| Pattern | Typical services | Purpose |
| --- | --- | --- |
| DPoP nonces | Authority | RFC 9449 nonce storage (short TTL). |
| Streams / events | Scanner, Notify, Scheduler | Event emission and fan-out (deterministic ordering per stream). |
| Queues | Scanner, Notify | Worker coordination (consumer groups). |
| Cache | All services | Tenant-prefixed caching with explicit TTLs. |
| Rate limiting | Gateway, Authority | Token bucket counters. |

## RustFS / S3-compatible object storage (required)

Artifact store for SBOMs, evidence bundles, and replayable outputs. The exact bucket layout depends on the deployment profile; treat deployment manifests as authoritative.

## NATS JetStream (optional)

Alternative messaging transport for environments that require persistent streams or specific operational characteristics. NATS must be explicitly configured and must not be required for core workflows.

## Deployment references
- Compose profiles: `deploy/compose/README.md`
- Deployment bundles overview: `deploy/README.md`