# Integration Catalog Architecture > **Module:** Integrations (`src/Integrations/StellaOps.Integrations.WebService`) > **Sprint:** SPRINT_20251229_010_PLATFORM_integration_catalog_core > **Last Updated:** 2025-12-30 --- ## Overview The Integration Catalog is a centralized registry for managing external integrations in StellaOps. It provides a unified API for configuring, testing, and monitoring connections to registries, SCM providers, CI systems, runtime hosts, and feed sources. **Architecture Note:** Integration Catalog is a dedicated service (`src/Integrations`), NOT part of Gateway. Gateway handles HTTP ingress/routing only. Integration domain logic, plugins, and persistence live in the Integrations module. ## Directory Structure ``` src/Integrations/ ├── StellaOps.Integrations.WebService/ # ASP.NET Core host ├── __Libraries/ │ ├── StellaOps.Integrations.Core/ # Domain models, enums, events │ ├── StellaOps.Integrations.Contracts/ # Plugin contracts and DTOs │ └── StellaOps.Integrations.Persistence/ # PostgreSQL repositories └── __Plugins/ ├── StellaOps.Integrations.Plugin.GitHubApp/ ├── StellaOps.Integrations.Plugin.Harbor/ └── StellaOps.Integrations.Plugin.InMemory/ ``` ## Plugin Architecture Each integration provider is implemented as a plugin that implements `IIntegrationConnectorPlugin`: ```csharp public interface IIntegrationConnectorPlugin : IAvailabilityPlugin { IntegrationType Type { get; } IntegrationProvider Provider { get; } Task TestConnectionAsync(IntegrationConfig config, CancellationToken ct); Task CheckHealthAsync(IntegrationConfig config, CancellationToken ct); } ``` Plugins are loaded at startup from: 1. The configured `PluginsDirectory` (default: `plugins/`) 2. The WebService assembly (for built-in plugins) ## Integration Types | Type | Description | Examples | |------|-------------|----------| | **Registry** | Container image registries | Docker Hub, Harbor, ECR, ACR, GCR, GHCR, Quay, Artifactory | | **SCM** | Source code management | GitHub, GitLab, Gitea, Bitbucket, Azure DevOps | | **CI** | Continuous integration | GitHub Actions, GitLab CI, Gitea Actions, Jenkins, CircleCI | | **Host** | Runtime observation | Zastava (eBPF, ETW, dyld probes) | | **Feed** | Vulnerability feeds | Concelier, Excititor mirrors | | **Artifact** | SBOM/VEX uploads | Direct artifact submission | ## Entity Schema ```csharp public sealed class Integration { // Identity public Guid IntegrationId { get; init; } public string TenantId { get; init; } public string Name { get; init; } public string? Description { get; set; } // Classification public IntegrationType Type { get; init; } public IntegrationProvider Provider { get; init; } // Configuration public string? BaseUrl { get; set; } public string? AuthRef { get; set; } // Never raw secrets public JsonDocument Configuration { get; set; } // Organization public string? Environment { get; set; } // prod, staging, dev public string? Tags { get; set; } public string? OwnerId { get; set; } // Lifecycle public IntegrationStatus Status { get; private set; } public bool Paused { get; private set; } public string? PauseReason { get; private set; } // Health public DateTimeOffset? LastTestedAt { get; private set; } public bool? LastTestSuccess { get; private set; } public int ConsecutiveFailures { get; private set; } // Audit public DateTimeOffset CreatedAt { get; init; } public string CreatedBy { get; init; } public DateTimeOffset? ModifiedAt { get; private set; } public string? ModifiedBy { get; private set; } public int Version { get; private set; } } ``` ## Lifecycle States ``` ┌─────────┐ │ Draft │ ──── SubmitForVerification() ────► └─────────┘ │ ▼ ┌───────────────────┐ │ PendingVerification│ ──── Test Success ────► └───────────────────┘ │ ▼ ┌──────────┐ │ Active │ ◄──── Resume() ────┐ └──────────┘ │ │ │ Consecutive ┌─────────┐ Failures ≥ 3 │ Paused │ │ └─────────┘ ▼ ▲ ┌───────────┐ │ │ Degraded │ ──── Pause() ───────┘ └───────────┘ │ Failures ≥ 5 │ ▼ ┌──────────┐ │ Failed │ └──────────┘ ``` ## API Endpoints Base path: `/api/v1/integrations` | Method | Path | Scope | Description | |--------|------|-------|-------------| | GET | `/` | `integrations.read` | List integrations with filtering | | GET | `/{id}` | `integrations.read` | Get integration by ID | | POST | `/` | `integrations.admin` | Create integration | | PUT | `/{id}` | `integrations.admin` | Update integration | | DELETE | `/{id}` | `integrations.admin` | Delete integration | | POST | `/{id}/test` | `integrations.admin` | Test connection | | POST | `/{id}/pause` | `integrations.admin` | Pause integration | | POST | `/{id}/resume` | `integrations.admin` | Resume integration | | POST | `/{id}/activate` | `integrations.admin` | Activate integration | | GET | `/{id}/health` | `integrations.read` | Get health status | ## AuthRef Pattern **Critical:** The Integration Catalog never stores raw credentials. All secrets are referenced via `AuthRef` strings that point to Authority's secret store. ``` AuthRef format: ref://// Example: ref://integrations/github/acme-org-token ``` The AuthRef is resolved at runtime when making API calls to the integration provider. This ensures: 1. Secrets are stored centrally with proper encryption 2. Secret rotation doesn't require integration updates 3. Audit trails track secret access separately 4. Offline bundles can use different AuthRefs ## Event Pipeline Integration lifecycle events are published for consumption by Scheduler and Orchestrator: | Event | Trigger | Consumers | |-------|---------|-----------| | `integration.created` | New integration | Scheduler (schedule health checks) | | `integration.updated` | Configuration change | Scheduler (reschedule) | | `integration.deleted` | Integration removed | Scheduler (cancel jobs) | | `integration.paused` | Operator paused | Orchestrator (pause jobs) | | `integration.resumed` | Operator resumed | Orchestrator (resume jobs) | | `integration.healthy` | Test passed | Signals (status update) | | `integration.unhealthy` | Test failed | Signals, Notify (alert) | ## Audit Trail All integration actions are logged: - Create/Update/Delete with actor and timestamp - Connection tests with success/failure - Pause/Resume with reason and ticket reference - Activate with approver Audit logs are stored in the append-only audit store for compliance. ## Determinism & Offline - Integration lists are ordered deterministically by name - Timestamps are UTC ISO-8601 - Pagination uses stable cursor semantics - Health polling respects offline mode (skip network checks) - Feed integrations support allowlists for air-gap environments ## RBAC Scopes | Scope | Permission | |-------|------------| | `integrations.read` | View integrations and health | | `integrations.admin` | Create, update, delete, test, pause, resume | ## Future Extensions 1. **Provider-specific testers**: HTTP health checks, registry auth validation, SCM webhook verification 2. **PostgreSQL persistence**: Replace in-memory repository for production 3. **Messaging events**: Publish to Valkey/Kafka instead of no-op 4. **Health history**: Track uptime percentage and latency over time 5. **Bulk operations**: Import/export integrations for environment promotion