# StellaOps docs2

This directory is a cleaned, deduplicated documentation set rebuilt from the existing docs tree
(excluding docs/implplan and docs/product-advisories). It keeps stable, product-level facts and
removes old status notes, duplicated architecture snapshots, and dated implementation checklists.

Assumptions baked into docs2
- Runtime: .NET 10 (net10.0) for services and libraries
- UI: Angular 17 for the console
- Data: PostgreSQL as the only canonical database
- Cache and queues: Valkey (Redis compatible)
- Object storage: RustFS (S3 compatible)
- Determinism and offline-first operation are non-negotiable

How to navigate
- product/overview.md - Vision, capabilities, and requirements
- product/roadmap-and-requirements.md - Requirements and roadmap summary
- product/market-positioning.md - Moats and competitive positioning
- product/claims-and-benchmarks.md - Claims and benchmark linkage
- architecture/overview.md - System map and dependencies
- architecture/workflows.md - Key data and control flows
- architecture/evidence-and-trust.md - Evidence chain, DSSE, replay, AOC
- architecture/reachability-vex.md - Reachability, VEX consensus, unknowns
- architecture/component-map.md - Module interaction map
- architecture/reachability-lattice.md - Reachability lattice model
- architecture/reachability-evidence.md - Reachability evidence schemas
- architecture/advisory-alignment.md - Advisory architecture alignment summary
- ingestion/aggregation-and-linksets.md - AOC rules and linkset model
- ingestion/aoc-guardrails.md - Guard library and ingestion guardrails
- ingestion/backfill.md - AOC linkset backfill process
- modules/index.md - Module summaries (core and supporting)
- advisory-ai/overview.md - Advisory AI guardrails and evidence
- orchestrator/overview.md - Orchestrator execution model
- orchestrator/run-ledger.md - Orchestrator run ledger schema
- orchestrator/architecture.md - Orchestrator component architecture
- orchestrator/api.md - Orchestrator API surface
- orchestrator/cli.md - Orchestrator CLI commands
- orchestrator/console.md - Orchestrator console views
- operations/quickstart.md - First scan workflow
- operations/install-deploy.md - Install and deployment guidance
- operations/deployment-versioning.md - Versioning and promotion model
- operations/binary-prereqs.md - Offline binary and package prerequisites
- operations/airgap.md - Offline kit and air-gap operations
- operations/airgap-bundles.md - Bundle formats and verification
- operations/airgap-runbooks.md - Air-gap import and quarantine runbooks
- operations/replay-and-determinism.md - Replay artifacts and deterministic rules
- operations/runtime-readiness.md - Runtime readiness checks
- operations/slo.md - Service SLO overview
- operations/runbooks.md - Operational runbooks and incident response
- operations/notifications.md - Notifications Studio operations
- notifications/overview.md - Notifications overview
- notifications/rules.md - Notification rules and routing
- notifications/channels.md - Notification channels
- notifications/templates.md - Notification templates
- notifications/digests.md - Notification digests
- notifications/pack-approvals.md - Pack approval notifications
- operations/router-rate-limiting.md - Gateway rate limiting
- release/release-engineering.md - Release and CI/CD overview
- api/overview.md - API surface and conventions
- api/auth-and-tokens.md - Authority, OpTok, DPoP and mTLS, PoE
- policy/policy-system.md - Policy DSL, lifecycle, and governance
- cli-ui.md - CLI and console guide
- cli/overview.md - CLI command groups and config
- cli/commands.md - CLI groups and global options
- cli/crypto.md - Crypto commands and regional compliance
- cli/crypto-plugins.md - Crypto provider plugin model
- cli/distribution-matrix.md - CLI regional distribution matrix
- cli/reachability.md - Reachability, drift, and smart-diff CLI
- cli/triage.md - Triage CLI workflows
- cli/unknowns.md - Unknowns CLI workflows
- cli/score-proofs.md - Scoring replay and proofs
- cli/sbomer.md - SBOMer offline commands
- cli/audit-pack.md - Audit pack export and replay
- cli/keyboard-shortcuts.md - CLI interactive shortcuts
- cli/troubleshooting.md - Common CLI issues
- ui/console.md - Console overview and shared surfaces
- ui/navigation.md - Console routing, shortcuts, deep links
- ui/aoc-dashboard.md - AOC ingestion dashboard
- ui/findings.md - Findings workspace guide
- ui/advisories-vex.md - Advisories and VEX explorer
- ui/downloads.md - Downloads workspace and manifest handling
- ui/runs.md - Runs workspace and evidence bundles
- ui/policies.md - Policies workspace and approvals
- ui/admin.md - Admin workspace for tenants, roles, tokens
- ui/exception-center.md - Exception and waiver workflows
- ui/reachability-overlays.md - Reachability overlay semantics
- ui/sbom-explorer.md - SBOM Explorer guide
- ui/sbom-graph-explorer.md - SBOM graph explorer
- ui/vulnerability-explorer.md - Vulnerability explorer
- ui/explainers.md - Policy explainers UI
- ui/airgap.md - Air-gap console UI
- ui/attestor.md - Attestation UI
- ui/forensics.md - Forensics UI
- ui/observability.md - Observability UI
- ui/risk-ui.md - Risk UI
- ui/policy-editor.md - Policy editor workspace
- ui/accessibility.md - Console accessibility guidance
- ui/triage.md - Triage UX and state model
- ui/branding.md - Tenant branding model
- data-and-schemas.md - Storage, schemas, and determinism rules
- data/persistence.md - Database model and migration notes
- data/events.md - Event envelopes and validation
- sbom/overview.md - SBOM formats, mapping, and heuristics
- governance/approvals.md - Approval routing and audit
- governance/exceptions.md - Exception lifecycle and controls
- security-and-governance.md - Security policy, hardening, governance, compliance
- security/identity-tenancy-and-scopes.md - Authority scopes and tenancy rules
- security/crypto-and-trust.md - Crypto profiles and trust roots
- security/crypto-compliance.md - Regional crypto profiles and licensing notes
- security/quota-and-licensing.md - Offline quota and JWT licensing
- security/admin-rbac.md - Console admin RBAC model
- security/console-security.md - Console security posture
- security/operational-hardening.md - DPoP, rate limits, secrets, exports
- security/audit-events.md - Authority audit event schema
- security/revocation-bundles.md - Revocation bundle format and verification
- security/risk-model.md - Risk scoring model and explainability
- security/forensics-and-evidence-locker.md - Evidence locker and forensic storage
- provenance/inline-provenance.md - DSSE metadata and transparency links
- signals/unknowns.md - Unknowns registry and signals model
- signals/unknowns-ranking.md - Unknowns scoring and triage bands
- signals/uncertainty.md - Uncertainty states and tiers
- signals/callgraph-schema.md - Callgraph schema and determinism
- signals/contract-mapping.md - Signal contract mapping
- contracts-and-interfaces.md - Cross-module contracts and specs
- contracts/scanner-core.md - Scanner core DTOs and determinism helpers
- task-packs.md - Task Runner pack format and workflow
- interop/sbom-interop.md - SBOM interoperability and parity testing
- interop/cosign.md - Cosign attestation integration
- migration/overview.md - Migration paths and parity guidance
- vex/consensus.md - VEX consensus overview
- testing-and-quality.md - Test strategy and quality gates
- observability.md - Metrics, logs, tracing, telemetry stack
- developer/onboarding.md - Local dev setup and workflows
- developer/plugin-sdk.md - Plugin SDK summary
- developer/devportal.md - Developer portal publishing
- developer/implementation-guidelines.md - Deterministic implementation rules
- sdk/overview.md - SDK and client guidance
- guides/compare-workflow.md - Compare workflow guide
- guides/epss-integration.md - EPSS integration summary
- references/examples-and-fixtures.md - Examples, samples, schemas
- specs/symbols.md - Symbol manifest and bundle format
- benchmarks.md - Benchmark program overview
- vuln-explorer/overview.md - Vuln Explorer summary
- training-and-adoption.md - Evaluation checklist and training material
- glossary.md - Core terms

Legal and regulator view
- legal/regulator-threat-evidence.md - Regulator threat and evidence model

Notes
- Raw schemas, samples, and fixtures remain under docs/ and are referenced from docs2.
- If you need a deep schema or fixture, follow the path in data-and-schemas.md.