git.stella-ops.org/docs/modules/policy/README.md

StellaOps Policy Engine

Policy Engine compiles and evaluates Stella DSL policies deterministically, producing explainable findings with full provenance.

Responsibilities

• Compile stella-dsl@1 packs into executable graphs.
• Join advisories, VEX evidence, and SBOM inventories to derive effective findings.
• Expose simulation and diff APIs for UI/CLI workflows.
• Emit change-stream driven events for Notify/Scheduler integrations.

Key components

• StellaOps.Policy.Engine service host.
• Shared libraries under StellaOps.Policy.* for evaluation, storage, DSL tooling.

Integrations & dependencies

• MongoDB findings collections, RustFS explain bundles.
• Scheduler for incremental re-evaluation triggers.
• CLI/UI for policy authoring and runs.

Operational notes

• DSL grammar and lifecycle docs in ../../policy/.
• Observability guidance in ../../observability/policy.md.
• Governance and scope mapping in ../../security/policy-governance.md.

Backlog references

• DOCS-POLICY-20-001 … DOCS-POLICY-20-012 (completed baseline).
• DOCS-POLICY-23-007 (upcoming command updates).

Epic alignment

• Epic 2 – Policy Engine & Editor: deliver deterministic evaluation, DSL infrastructure, explain traces, and incremental runs.
• Epic 4 – Policy Studio: integrate registry workflows, simulation at scale, approvals, and promotion semantics.