15 KiB
15 KiB
Module Landscape Overview
The Stella Ops Suite comprises existing modules (vulnerability scanning) and new modules (release orchestration). Modules are organized into themes (functional areas).
Architecture Diagram
┌─────────────────────────────────────────────────────────────────────────────────┐
│ STELLA OPS SUITE │
│ │
│ ┌───────────────────────────────────────────────────────────────────────────┐ │
│ │ EXISTING THEMES (Vulnerability) │ │
│ │ │ │
│ │ INGEST VEXOPS REASON SCANENG EVIDENCE │ │
│ │ ├─concelier ├─excititor ├─policy ├─scanner ├─locker │ │
│ │ └─advisory-ai └─linksets └─opa-runtime ├─sbom-gen ├─export │ │
│ │ └─reachability └─timeline │ │
│ │ │ │
│ │ RUNTIME JOBCTRL OBSERVE REPLAY DEVEXP │ │
│ │ ├─signals ├─scheduler ├─notifier └─replay-core ├─cli │ │
│ │ ├─graph ├─orchestrator └─telemetry ├─web-ui │ │
│ │ └─zastava └─task-runner └─sdk │ │
│ └───────────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────────────────────┐ │
│ │ NEW THEMES (Release Orchestration) │ │
│ │ │ │
│ │ INTHUB (Integration Hub) │ │
│ │ ├─integration-manager Central registry of configured integrations │ │
│ │ ├─connection-profiles Default settings + credential management │ │
│ │ ├─connector-runtime Plugin connector execution environment │ │
│ │ └─doctor-checks Integration health diagnostics │ │
│ │ │ │
│ │ ENVMGR (Environment & Inventory) │ │
│ │ ├─environment-manager Environment CRUD, ordering, config │ │
│ │ ├─target-registry Deployment targets (hosts/services) │ │
│ │ ├─agent-manager Agent registration, health, capabilities │ │
│ │ └─inventory-sync Drift detection, state reconciliation │ │
│ │ │ │
│ │ RELMAN (Release Management) │ │
│ │ ├─component-registry Image repos → components mapping │ │
│ │ ├─version-manager Tag/digest → semver mapping │ │
│ │ ├─release-manager Release bundle lifecycle │ │
│ │ └─release-catalog Release history, search, compare │ │
│ │ │ │
│ │ WORKFL (Workflow Engine) │ │
│ │ ├─workflow-designer Template creation, step graph editor │ │
│ │ ├─workflow-engine DAG execution, state machine │ │
│ │ ├─step-executor Step dispatch, retry, timeout │ │
│ │ └─step-registry Built-in + plugin-provided steps │ │
│ │ │ │
│ │ PROMOT (Promotion & Approval) │ │
│ │ ├─promotion-manager Promotion request lifecycle │ │
│ │ ├─approval-gateway Approval collection, SoD enforcement │ │
│ │ ├─decision-engine Gate evaluation, policy integration │ │
│ │ └─gate-registry Built-in + custom gates │ │
│ │ │ │
│ │ DEPLOY (Deployment Execution) │ │
│ │ ├─deploy-orchestrator Deployment job coordination │ │
│ │ ├─target-executor Target-specific deployment logic │ │
│ │ ├─runner-executor Script/hook execution sandbox │ │
│ │ ├─artifact-generator Compose/script artifact generation │ │
│ │ └─rollback-manager Rollback orchestration │ │
│ │ │ │
│ │ AGENTS (Deployment Agents) │ │
│ │ ├─agent-core Shared agent runtime │ │
│ │ ├─agent-docker Docker host agent │ │
│ │ ├─agent-compose Docker Compose agent │ │
│ │ ├─agent-ssh SSH remote executor │ │
│ │ ├─agent-winrm WinRM remote executor │ │
│ │ ├─agent-ecs AWS ECS agent │ │
│ │ └─agent-nomad HashiCorp Nomad agent │ │
│ │ │ │
│ │ PROGDL (Progressive Delivery) │ │
│ │ ├─ab-manager A/B release coordination │ │
│ │ ├─traffic-router Router plugin orchestration │ │
│ │ ├─canary-controller Canary ramp automation │ │
│ │ └─rollout-strategy Strategy templates │ │
│ │ │ │
│ │ RELEVI (Release Evidence) │ │
│ │ ├─evidence-collector Evidence aggregation │ │
│ │ ├─evidence-signer Cryptographic signing │ │
│ │ ├─sticker-writer Version sticker generation │ │
│ │ └─audit-exporter Compliance report generation │ │
│ │ │ │
│ │ PLUGIN (Plugin Infrastructure) │ │
│ │ ├─plugin-registry Plugin discovery, versioning │ │
│ │ ├─plugin-loader Plugin lifecycle management │ │
│ │ ├─plugin-sandbox Isolation, resource limits │ │
│ │ └─plugin-sdk SDK for plugin development │ │
│ └───────────────────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────────────────┘
Theme Summary
Existing Themes (Vulnerability Scanning)
| Theme | Purpose | Key Modules |
|---|---|---|
| INGEST | Advisory ingestion | concelier, advisory-ai |
| VEXOPS | VEX document handling | excititor, linksets |
| REASON | Policy and decisioning | policy, opa-runtime |
| SCANENG | Scanning and SBOM | scanner, sbom-gen, reachability |
| EVIDENCE | Evidence and attestation | locker, export, timeline |
| RUNTIME | Runtime signals | signals, graph, zastava |
| JOBCTRL | Job orchestration | scheduler, orchestrator, task-runner |
| OBSERVE | Observability | notifier, telemetry |
| REPLAY | Deterministic replay | replay-core |
| DEVEXP | Developer experience | cli, web-ui, sdk |
New Themes (Release Orchestration)
| Theme | Purpose | Key Modules | Documentation |
|---|---|---|---|
| INTHUB | Integration hub | integration-manager, connection-profiles, connector-runtime, doctor-checks | Details |
| ENVMGR | Environment & inventory | environment-manager, target-registry, agent-manager, inventory-sync | Details |
| RELMAN | Release management | component-registry, version-manager, release-manager, release-catalog | Details |
| WORKFL | Workflow engine | workflow-designer, workflow-engine, step-executor, step-registry | Details |
| PROMOT | Promotion & approval | promotion-manager, approval-gateway, decision-engine, gate-registry | Details |
| DEPLOY | Deployment execution | deploy-orchestrator, target-executor, runner-executor, artifact-generator, rollback-manager | Details |
| AGENTS | Deployment agents | agent-core, agent-docker, agent-compose, agent-ssh, agent-winrm, agent-ecs, agent-nomad | Details |
| PROGDL | Progressive delivery | ab-manager, traffic-router, canary-controller, rollout-strategy | Details |
| RELEVI | Release evidence | evidence-collector, evidence-signer, sticker-writer, audit-exporter | Details |
| PLUGIN | Plugin infrastructure | plugin-registry, plugin-loader, plugin-sandbox, plugin-sdk | Details |
Module Dependencies
┌──────────────┐
│ AUTHORITY │
└──────┬───────┘
│
┌──────────────────┼──────────────────┐
│ │ │
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ INTHUB │ │ ENVMGR │ │ PLUGIN │
│ (Integrations)│ │ (Environments)│ │ (Plugins) │
└───────┬───────┘ └───────┬───────┘ └───────┬───────┘
│ │ │
└──────────┬───────┴──────────────────┘
│
▼
┌───────────────┐
│ RELMAN │
│ (Releases) │
└───────┬───────┘
│
▼
┌───────────────┐
│ WORKFL │
│ (Workflows) │
└───────┬───────┘
│
┌──────────┴──────────┐
│ │
▼ ▼
┌───────────────┐ ┌───────────────┐
│ PROMOT │ │ DEPLOY │
│ (Promotion) │ │ (Deployment) │
└───────┬───────┘ └───────┬───────┘
│ │
│ ▼
│ ┌───────────────┐
│ │ AGENTS │
│ │ (Agents) │
│ └───────┬───────┘
│ │
└──────────┬──────────┘
│
▼
┌───────────────┐
│ RELEVI │
│ (Evidence) │
└───────────────┘
Communication Patterns
| Pattern | Usage |
|---|---|
| Synchronous API | User-initiated operations (CRUD, queries) |
| Event Bus | Cross-module notifications (domain events) |
| Task Queue | Long-running operations (deployments, syncs) |
| WebSocket/SSE | Real-time UI updates |
| gRPC Streams | Agent communication |
Database Schema Organization
Each theme owns a PostgreSQL schema:
| Schema | Owner Theme |
|---|---|
release.integrations |
INTHUB |
release.environments |
ENVMGR |
release.components |
RELMAN |
release.workflows |
WORKFL |
release.promotions |
PROMOT |
release.deployments |
DEPLOY |
release.agents |
AGENTS |
release.evidence |
RELEVI |
release.plugins |
PLUGIN |