# Platform architecture & module dossiers Use this index to locate platform-level architecture references and per-module dossiers. ## Core views - [Architecture overview (10-minute tour)](../../ARCHITECTURE_OVERVIEW.md) - [High-level architecture (reference map)](../../ARCHITECTURE_REFERENCE.md) - [Scanner core contracts](../../scanner-core-contracts.md) - [Authority (legacy overview)](../../AUTHORITY.md) - [Console operator guide](../../UI_GUIDE.md) and deep dives under [ui/operations](../../modules/ui/operations/) and [ux](../../ux/) - [Component map](component-map.md) (quick descriptions of every module under `src/`) ## Detailed references - [Platform topology](platform-topology.md) - [Infrastructure dependencies](infrastructure-dependencies.md) - [Request and data flows](request-flows.md) - [Data isolation model](data-isolation.md) - [Security boundaries](security-boundaries.md) ## User-centric views (NEW) - [User flows (UML diagrams)](user-flows.md) - End-to-end flows from user perspective - [Module matrix](module-matrix.md) - Complete 46-module inventory with categorization - [Data flows](data-flows.md) - SBOM, advisory, VEX, and policy data lifecycles - [Schema mapping](schema-mapping.md) - PostgreSQL, Valkey, and RustFS storage reference ## Policy engine deep dives (NEW) Comprehensive documentation of how data feeds policy decisions: - [Policy Engine Data Pipeline](policy-engine-data-pipeline.md) - Master view of all data flowing to policy engine - [SBOM Analyzer Inventory](sbom-analyzer-inventory.md) - Complete inventory of 25 analyzers (11 language, 9 OS, 4 surface, 1 capability) - [Runtime Agents Architecture](runtime-agents-architecture.md) - eBPF observation, Zastava container observer, signal processing - [Call Graph Analysis](call-graph-analysis.md) - ReachGraph construction, BFS path finding, 8-state reachability - [Confidence Scoring](confidence-scoring.md) - 5-factor weighted scoring (RCH, RTS, VEX, PRV, POL) - [K4 Lattice Logic](k4-lattice-logic.md) - Four-valued logic for handling uncertainty and conflicts ## End-to-end workflow flows Comprehensive flow documentation for all major StellaOps workflows: [flows/](../../flows/) | Category | Flows | |----------|-------| | **Core Platform** | Dashboard, Scan Submission, SBOM Generation, Policy Evaluation, Notification, Export | | **Advanced** | CI/CD Gate, Advisory Drift Re-scan, VEX Auto-Generation, Evidence Bundle Export | | **Enterprise** | Multi-Tenant Policy Rollout, Exception Approval, Risk Score Dashboard | | **Specialized** | Binary Delta Attestation, Offline Sync, Reachability Drift Alert | ## Module catalogue Each module directory bundles an ownership charter (`AGENTS.md`), current work (`TASKS.md`), an architecture dossier, and an implementation plan. Operations guides live under `operations/` where applicable. | Module | Architecture | Implementation plan | Operations / extras | | --- | --- | --- | --- | | Authority | [architecture.md](../../modules/authority/architecture.md) | [implementation_plan.md](../../modules/authority/implementation_plan.md) | [operations/](../../modules/authority/operations/) | | Advisory AI | [architecture.md](../../modules/advisory-ai/architecture.md) | [implementation_plan.md](../../modules/advisory-ai/implementation_plan.md) | - | | Attestor | [architecture.md](../../modules/attestor/architecture.md) | [implementation_plan.md](../../modules/attestor/implementation_plan.md) | - | | CLI | [architecture.md](../../modules/cli/architecture.md) | [implementation_plan.md](../../modules/cli/implementation_plan.md) | [operations/release-and-packaging.md](../../modules/cli/operations/release-and-packaging.md) | | CI recipes | [architecture.md](../cicd/ci-architecture.md) | - | [recipes.md](../cicd/ci-recipes.md) | | Concelier | [architecture.md](../../modules/concelier/architecture.md) | [implementation_plan.md](../../modules/concelier/implementation_plan.md) | [operations/](../../modules/concelier/operations/) | | DevOps / release | [architecture.md](../../operations/devops/architecture.md) | - | [runbooks/](../../operations/devops/runbooks/) | | Excititor | [architecture.md](../../modules/excititor/architecture.md) | [implementation_plan.md](../../modules/excititor/implementation_plan.md) | [mirrors.md](../../modules/excititor/mirrors.md) | | Export Center | [architecture.md](../../modules/export-center/architecture.md) | [implementation_plan.md](../../modules/export-center/implementation_plan.md) | [operations/runbook.md](../../modules/export-center/operations/runbook.md) | | Graph | [architecture.md](../../modules/graph/architecture.md) | [implementation_plan.md](../../modules/graph/implementation_plan.md) | - | | Notify | [architecture.md](../../modules/notify/architecture.md) | [implementation_plan.md](../../modules/notify/implementation_plan.md) | - | | Orchestrator | [architecture.md](../../modules/orchestrator/architecture.md) | [implementation_plan.md](../../modules/orchestrator/implementation_plan.md) | - | | Platform | [architecture-overview.md](../../modules/platform/architecture-overview.md) + [architecture.md](../../modules/platform/architecture.md) | [implementation_plan.md](../../modules/platform/implementation_plan.md) | - | | Policy engine | [architecture.md](../../modules/policy/architecture.md) | [implementation_plan.md](../../modules/policy/implementation_plan.md) | - | | Registry token service | [architecture.md](../../modules/registry/architecture.md) | [implementation_plan.md](../../modules/registry/implementation_plan.md) | [operations/token-service.md](../../modules/registry/operations/token-service.md) | | Scanner | [architecture.md](../../modules/scanner/architecture.md) | [implementation_plan.md](../../modules/scanner/implementation_plan.md) | [operations/](../../modules/scanner/operations/) | | Scheduler | [architecture.md](../../modules/scheduler/architecture.md) | [implementation_plan.md](../../modules/scheduler/implementation_plan.md) | [operations/](../../modules/scheduler/operations/) | | Signer | [architecture.md](../../modules/signer/architecture.md) | [implementation_plan.md](../../modules/signer/implementation_plan.md) | - | | Telemetry stack | [architecture.md](../../modules/telemetry/architecture.md) | [implementation_plan.md](../../modules/telemetry/implementation_plan.md) | [operations/collector.md](../../modules/telemetry/operations/collector.md), [operations/storage.md](../../modules/telemetry/operations/storage.md) | | UI / Console | [architecture.md](../../modules/ui/architecture.md), [console-architecture.md](../../modules/ui/console-architecture.md) | [implementation_plan.md](../../modules/ui/implementation_plan.md) | - | | Vuln Explorer | [architecture.md](../../modules/vuln-explorer/architecture.md) | [implementation_plan.md](../../modules/vuln-explorer/implementation_plan.md) | - | | VEX Lens | [architecture.md](../../modules/vex-lens/architecture.md) | [implementation_plan.md](../../modules/vex-lens/implementation_plan.md) | - | | Excitor | [architecture.md](../../modules/excitor/architecture.md) | [implementation_plan.md](../../modules/excitor/implementation_plan.md) | [scoring.md](../../modules/excitor/scoring.md) | | Zastava | [architecture.md](../../modules/zastava/architecture.md) | [implementation_plan.md](../../modules/zastava/implementation_plan.md) | - | > Tip: every module directory also exposes `README.md`, `AGENTS.md`, and `TASKS.md` for roles, current backlog, and ownership responsibilities.