18 KiB
18 KiB
StellaOps Documentation Index
Master index of all StellaOps documentation. Last updated: 2026-01-06 (Pass 5 consolidation)
This index provides a complete map of documentation organized by audience and topic. The documentation follows a two-level hierarchy:
- Canonical guides (
docs/*.md) - High-level entry points - Detailed references (
docs/**/*) - Module dossiers, API contracts, runbooks
Quick Navigation by Audience
| Audience | Start Here |
|---|---|
| New Users | quickstart.md, overview.md |
| Developers | DEVELOPER_ONBOARDING.md, CODING_STANDARDS.md |
| Architects | ARCHITECTURE_OVERVIEW.md, ARCHITECTURE_REFERENCE.md |
| Operators/SREs | SECURITY_HARDENING_GUIDE.md, OFFLINE_KIT.md |
| Plugin Developers | PLUGIN_SDK_GUIDE.md, dev/ |
Canonical Guides (docs/*.md)
Getting Started
| Document | Purpose |
|---|---|
| README.md | Documentation overview and navigation |
| overview.md | 2-minute product summary |
| quickstart.md | First scan walkthrough |
| DEVELOPER_ONBOARDING.md | Developer setup guide |
| CONCELIER_CLI_QUICKSTART.md | Advisory ingestion quickstart |
Architecture
| Document | Purpose |
|---|---|
| ARCHITECTURE_OVERVIEW.md | 10-minute architecture tour |
| ARCHITECTURE_REFERENCE.md | Full architecture index/map |
| technical/architecture/ | Detailed architecture views |
Features & Capabilities
| Document | Purpose |
|---|---|
| key-features.md | Capability cards with evidence |
| FEATURE_MATRIX.md | Tier-by-tier feature availability |
| full-features-list.md | Complete capability catalog |
Product Strategy
| Document | Purpose |
|---|---|
| product/ | Product strategy and positioning hub |
| product/competitive-landscape.md | 15-vendor competitive analysis |
| product/decision-capsules.md | Decision Capsules concept |
| product/moat-strategy-summary.md | Strategic positioning |
Operations & Security
| Document | Purpose |
|---|---|
| SECURITY_HARDENING_GUIDE.md | Deployment security guide |
| SECURITY_POLICY.md | Security incident policy |
| OFFLINE_KIT.md | Air-gapped operation guide |
| UI_GUIDE.md | Console operator guide |
Development
| Document | Purpose |
|---|---|
| CODING_STANDARDS.md | Code quality rules |
| PLUGIN_SDK_GUIDE.md | Plugin development guide |
| VEX_CONSENSUS_GUIDE.md | VEX consensus and trust |
Reference
| Document | Purpose |
|---|---|
| API_CLI_REFERENCE.md | API and CLI reference hub |
| GLOSSARY.md | Platform terminology |
| ROADMAP.md | Product roadmap |
Module Documentation (docs/modules/)
Module dossiers contain architecture, operations, and API documentation per component.
Naming Convention: Module directories use kebab-case (e.g.,
binary-index,sbom-service)
Core Platform
| Module | Directory | Description |
|---|---|---|
| Authority | authority/ | OAuth/OIDC, DPoP authentication |
| Gateway | gateway/ | API gateway, routing |
| Router | router/ | Transport-agnostic messaging |
| Platform | platform/ | Console backend aggregation |
Data Ingestion
| Module | Directory | Description |
|---|---|---|
| Concelier | concelier/ | Advisory ingestion |
| Excititor | excititor/ | VEX document ingestion |
| VexLens | vex-lens/ | VEX consensus computation |
| VexHub | vex-hub/ | VEX distribution hub |
| IssuerDirectory | issuer-directory/ | Issuer trust registry |
| Feedser | feedser/ | Backport detection evidence |
Scanning & Analysis
| Module | Directory | Description |
|---|---|---|
| Scanner | scanner/ | Container scanning, SBOM generation |
| BinaryIndex | binary-index/ | Binary fingerprinting |
| AdvisoryAI | advisory-ai/ | AI-assisted analysis |
| Symbols | symbols/ | Symbol resolution |
| ReachGraph | reach-graph/ | Reachability graphs |
Artifacts & Evidence
| Module | Directory | Description |
|---|---|---|
| Attestor | attestor/ | DSSE/in-toto attestations |
| Signer | signer/ | Cryptographic signing |
| SbomService | sbom-service/ | SBOM storage, lineage |
| EvidenceLocker | evidence-locker/ | Sealed evidence storage |
| ExportCenter | export-center/ | Batch export |
| Provenance | provenance/ | SLSA attestation |
Policy & Risk
| Module | Directory | Description |
|---|---|---|
| Policy | policy/ | K4 lattice policy engine |
| RiskEngine | risk-engine/ | Risk scoring |
| VulnExplorer | vuln-explorer/ | Vulnerability triage |
| Unknowns | unknowns/ | Unknown component tracking |
| FindingsLedger | findings-ledger/ | Findings tracking |
Operations
| Module | Directory | Description |
|---|---|---|
| Scheduler | scheduler/ | Job scheduling |
| Orchestrator | orchestrator/ | Workflow orchestration |
| TaskRunner | taskrunner/ | Task pack execution |
| Notify | notify/ | Notifications |
| Notifier | notifier/ | Notifications Studio |
| PacksRegistry | packs-registry/ | Task packs registry |
| TimelineIndexer | timeline-indexer/ | Event indexing |
| Replay | replay/ | Deterministic replay |
Integration
| Module | Directory | Description |
|---|---|---|
| CLI | cli/ | Command-line interface |
| Zastava | zastava/ | Registry webhooks |
| Web/UI | ui/, web/ | Frontend SPA |
Infrastructure
| Module | Directory | Description |
|---|---|---|
| Cryptography | cryptography/ | Crypto profiles |
| Telemetry | telemetry/ | Observability |
| Graph | graph/ | Call graph structures |
| Signals | signals/ | Runtime signals |
| AirGap | airgap/ | Air-gap support |
| AOC | aoc/ | Append-Only Contract |
Cross-Cutting Concepts
| Concept | Directory | Description |
|---|---|---|
| Snapshot | snapshot/ | Point-in-time captures |
| Triage | triage/ | Vulnerability triage workflows |
| Provcache | prov-cache/ | Provenance cache (library) |
| Benchmark | benchmark/ | Competitive benchmarking |
| Bench | bench/ | Performance benchmarks |
Specialized Documentation Areas
API Documentation
| Area | Path | Description |
|---|---|---|
| API Overview | api/overview.md | API conventions |
| Gateway APIs | api/gateway/ | Gateway endpoints |
| Console APIs | api/console/ | Console endpoints |
| Signal Contracts | api/signals/ | Signal contracts |
Air-Gap Operations
| Area | Path | Description |
|---|---|---|
| Overview | modules/airgap/ | Air-gap module dossier |
| Guides | modules/airgap/guides/ | Air-gap operational guides |
| Runbooks | modules/airgap/runbooks/ | Air-gap runbooks |
| Samples | modules/airgap/samples/ | Air-gap bundle samples |
Database
| Area | Path | Description |
|---|---|---|
| Specification | db/SPECIFICATION.md | Database spec |
| Migrations | db/tasks/ | Migration phases |
| Schemas | db/schemas/ | Schema definitions |
CLI Reference
| Area | Path | Description |
|---|---|---|
| CLI Module | modules/cli/ | CLI module dossier |
| Quickstart | modules/cli/guides/quickstart.md | CLI quickstart guide |
| Command Reference | modules/cli/guides/commands/reference.md | Complete CLI reference |
| Admin Commands | modules/cli/guides/admin/admin-reference.md | Admin commands |
| Crypto Commands | modules/cli/guides/crypto/crypto-commands.md | Crypto operations |
End-to-End Flows
| Area | Path | Description |
|---|---|---|
| Flow Index | flows/README.md | All workflow flows |
| Scan Flow | flows/02-scan-submission-flow.md | Scan submission |
| Policy Flow | flows/04-policy-evaluation-flow.md | Policy evaluation |
| CI/CD Flow | flows/10-cicd-gate-flow.md | CI/CD gating |
Technical Deep Dives
| Area | Path | Description |
|---|---|---|
| Architecture Index | technical/architecture/ | Architecture views |
| User Flows | technical/architecture/user-flows.md | UML diagrams |
| Module Matrix | technical/architecture/module-matrix.md | 46-module matrix |
Contracts & ADRs
| Area | Path | Description |
|---|---|---|
| Contracts | contracts/ | Technical contracts |
| ADRs | adr/ | Architecture decisions |
Development Guides
| Area | Path | Description |
|---|---|---|
| Plugin Development | dev/ | Plugin guides & templates |
| Scanner Engine | dev/scanning-engine.md | Scanner internals |
| SDK Documentation | dev/sdks/ | Language SDKs and plugin templates |
Testing & Quality
| Area | Path | Description |
|---|---|---|
| Testing Guides | technical/testing/ | Testing strategy and guides |
| Determinism | technical/testing/DETERMINISM_DEVELOPER_GUIDE.md | Determinism verification |
| Performance | technical/testing/PERFORMANCE_BASELINES.md | Performance baselines |
| CI Quality Gates | technical/testing/ci-quality-gates.md | CI quality gates |
Migration & Upgrades
| Area | Path | Description |
|---|---|---|
| Migration Guides | technical/migration/ | Schema and API migrations |
| CycloneDX 1.6 to 1.7 | technical/migration/cyclonedx-1-6-to-1-7.md | CycloneDX migration |
| Policy Parity | technical/migration/policy-parity.md | Policy migration |
Benchmarks & Testing
| Area | Path | Description |
|---|---|---|
| Benchmarks | benchmarks/ | Performance & accuracy |
| Ground Truth | benchmarks/ground-truth-corpus.md | Test datasets |
Risk Scoring
| Area | Path | Description |
|---|---|---|
| Risk Samples | modules/risk-engine/samples/ | Risk scoring examples |
Operations & Deployment
| Area | Path | Description |
|---|---|---|
| Deployment | operations/deployment/ | Docker, containers, version matrix |
| Runbooks | operations/ | Operational runbooks |
| Releases | releases/ | Release process, versioning |
Security
| Area | Path | Description |
|---|---|---|
| Security Index | security/README.md | Security documentation hub |
| Threat Models | security/ | Authority, console security |
| Hardening | SECURITY_HARDENING_GUIDE.md | Deployment hardening |
Implementation Planning
| Area | Path | Description |
|---|---|---|
| Sprint Files | implplan/ | Active implementation sprints |
| Archived Sprints | ../docs-archived/implplan/ | Completed sprints |
External References
- CLAUDE.md (repository root) - Claude Code instructions and module table
- src/__Tests/AGENTS.md - Test infrastructure guidance
- Module AGENTS.md files - Per-module development instructions
Changelog
| Date | Change |
|---|---|
| 2026-01-06 | Pass 5: Reduced top-level directories from 41 to 22, and top-level markdown files from 48 to 25. Directory consolidations: docs/accessibility/ to modules/ui/guides/accessibility/; docs/advisories/ to modules/concelier/guides/; docs/events/ to modules/signals/events/; docs/handoff/ to operations/handoff/; docs/roadmap/ to product/roadmap/; docs/schemas/ to modules/attestor/schemas/; docs/sdks/ to dev/sdks/; docs/specs/ to modules/symbols/specs/; docs/task-packs/ to modules/packs-registry/guides/; docs/ux/ to modules/ui/guides/ux/; docs/rfcs/ to adr/; docs/architecture/ to technical/architecture/; docs/data/ to modules/replay/schemas/; docs/testing/ (26 files) to technical/testing/; docs/diagrams/ to technical/diagrams/; docs/migration/ to technical/migration/; docs/process/ to operations/process/; docs/samples/ distributed to respective module samples/. Top-level file moves: 07_HIGH_LEVEL_ARCHITECTURE.md to technical/architecture/; claims-index.md to product/; cli-vs-ui-parity.md to modules/cli/; LEGAL_.md to legal/; PERFORMANCE_WORKBOOK.md, DATA_SCHEMAS.md, SYSTEM_REQUIREMENTS_SPEC.md, reproducibility.md to technical/; scanner-core-contracts.md to modules/scanner/; TEST_SUITE_OVERVIEW.md to technical/testing/; VULNERABILITY_EXPLORER_GUIDE.md to modules/vuln-explorer/; PROOF_MOATS_FINAL_SIGNOFF.md, moat.md, VISION.md to product/; QUOTA_.md to modules/policy/guides/; POLICY_TEMPLATES.md to modules/policy/; AUTHORITY.md to modules/authority/; FAQ_MATRIX.md to onboarding/; RELEASE_ENGINEERING_PLAYBOOK.md to releases/. Fixed ui/guides file to guides-overview.md. Archived QUICKSTART_HYBRID_DEBUG.md. Removed duplicate accessibility.md. |
| 2026-01-06 | Pass 4: Consolidated docs/airgap/ (38 files) into modules/airgap/guides/, runbooks/, gaps/, schemas/, samples/; consolidated docs/aoc/ into modules/aoc/guides/; consolidated docs/policy/ (20 files + fixtures/schemas) into modules/policy/guides/, fixtures/, schemas/; consolidated docs/replay/ into modules/replay/guides/; consolidated docs/uncertainty/ into modules/unknowns/guides/; consolidated docs/forensics/ into modules/evidence-locker/, provenance/, timeline-indexer/ guides/; consolidated docs/ingestion/ into modules/concelier/guides/; consolidated docs/interop/ into modules/attestor/guides/; consolidated docs/observability/ (14 files + dashboards) into modules/telemetry/guides/ and dashboards/; consolidated docs/runtime/ into modules/scanner/guides/; consolidated docs/slo/ into modules/orchestrator/guides/; created modules/devportal/guides/; moved docs/evaluate/ to product/; moved docs/metrics/ to modules/telemetry/guides/ |
| 2026-01-06 | Pass 3: Consolidated docs/router/ into modules/router/ (archived 25 sprints to docs-archived/implplan/router/, moved transports/ and guides/); consolidated docs/reachability/ (23 files) into modules/reach-graph/guides/ and schemas/; consolidated docs/risk/ into modules/risk-engine/guides/ and samples/; consolidated docs/attestor/ and docs/provenance/ into respective modules; consolidated docs/vuln/ into modules/vuln-explorer/guides/; consolidated docs/sbom/ and docs/evidence-locker/ into respective modules; consolidated docs/marketing/ and docs/market/ into docs/product/ (strategy, competitive analysis); archived docs/artifacts/ to docs-archived/ |
| 2026-01-06 | Pass 2: Consolidated CLI docs into modules/cli/guides/ (removed docs/cli/); consolidated runbooks into operations/runbooks/ (removed docs/runbooks/); merged examples/ into samples/; consolidated signals/ into modules/signals/guides/; merged training/ into onboarding/ with concepts/ and faq/ subdirs; distributed guides/ into relevant module locations (risk-engine, signer, vex-lens, ui, authority); merged ci/ into cicd/; merged ops/ into operations/; moved faq/policy-faq.md to policy/faq.md |
| 2026-01-06 | Consolidated UI/Console docs into modules/ui/; consolidated deploy/deployment/install into operations/deployment/; consolidated docs/vex/ into modules/vex-lens/guides/; consolidated docs/release/ into docs/releases/; consolidated security docs (removed technical/security/) |
| 2026-01-05 | Created index; renamed module directories to kebab-case; updated CLAUDE.md with missing modules; fixed 80+ old numbered file references; consolidated docs/advisory-ai/ into docs/modules/advisory-ai/ |