stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 14 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/docs/modules/excititor
History
StellaOps Bot bc0762e97d up
2025-12-09 00:20:52 +02:00
..
api
Add unit tests for Router configuration and transport layers
2025-12-05 08:01:47 +02:00
connectors
Add new features and tests for AirGap and Time modules
2025-11-20 23:29:54 +02:00
observability
up
2025-11-24 07:52:25 +02:00
operations
up
2025-11-25 22:09:44 +02:00
prep
blockers 2
2025-11-23 14:54:17 +02:00
schemas
up
2025-11-25 22:09:44 +02:00
AGENTS.md
Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations.
2025-11-05 11:58:32 +02:00
architecture.md
up
2025-12-09 00:20:52 +02:00
attestation-plan.md
Add new features and tests for AirGap and Time modules
2025-11-20 23:29:54 +02:00
evidence-contract.md
work
2025-11-25 08:01:23 +02:00
implementation_plan.md
feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context
2025-11-30 15:38:14 +02:00
mirrors.md
Implement MongoDB-based storage for Pack Run approval, artifact, log, and state management
2025-11-07 10:01:47 +02:00
OPENAPI_FREEZE_CHECKLIST.md
Add unit tests for Router configuration and transport layers
2025-12-05 08:01:47 +02:00
README.md
Add unit tests for Router configuration and transport layers
2025-12-05 08:01:47 +02:00
scoring.md
feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules
2025-10-30 00:09:39 +02:00
TASKS.md
Add unit tests for Router configuration and transport layers
2025-12-05 08:01:47 +02:00
vex_linksets_api.md
up
2025-11-27 23:45:09 +02:00
vex_observations.md
up
2025-11-27 23:45:09 +02:00

README.md

StellaOps Excititor

Excititor converts heterogeneous VEX feeds into raw observations and linksets that honour the Aggregation-Only Contract.

Latest updates (2025-12-05)

  • OpenAPI freeze gate added at OPENAPI_FREEZE_CHECKLIST.md; EXCITITOR-DOCS-0001 remains BLOCKED until chunk API CI passes and pinned spec + hashed samples are delivered.
  • Sprint tracker docs/implplan/SPRINT_0333_0001_0001_docs_modules_excititor.md and module TASKS.md mirror status.
  • Observability/runbook assets remain in operations/observability.md and observability/ (timeline, locker manifests); dashboards stay offline-import friendly.
  • Prior updates (2025-11-05): Link-Not-Merge readiness and consensus beta note (../../updates/2025-11-05-excitor-consensus-beta.md), observability guide additions, DSSE packaging guidance, and Policy/CLI follow-ups tracked in SPRINT_200.
  • Link-Not-Merge readiness: release note Excitor consensus beta captures how Excititor feeds power the Excititor consensus beta (sample payload in consensus JSON).
  • Added observability guide describing the evidence metrics emitted by EXCITITOR-AIAI-31-003 (request counters, statement histogram, signature status, guard violations) so Ops/Lens can alert on misuse.
  • README now points policy/UI teams to the upcoming consensus integration work.
  • DSSE packaging for consensus bundles and Export Center hooks are documented in the beta release note; operators mirroring Excititor exports must verify detached JWS artefacts (bundle.json.jws) alongside each bundle.
  • Follow-ups called out in the release note (Policy weighting knobs POLICY-ENGINE-30-101, CLI verb CLI-VEX-30-002) remain in-flight and are tracked in /docs/implplan/SPRINT_200_documentation_process.md.

Release references

Responsibilities

  • Fetch OpenVEX/CSAF/CycloneDX statements via restart-only connectors.
  • Store immutable VEX observations with full provenance.
  • Publish linksets and events that drive policy suppression decisions.
  • Provide deterministic exports for Offline Kit and downstream tooling.

Key components

  • StellaOps.Excititor.WebService scheduler/API host.
  • Connector libraries under StellaOps.Excititor.Connector.*.
  • Normalization helpers and exporters in StellaOps.Excititor.*.

Integrations & dependencies

  • Policy Engine for evidence queries.
  • UI/CLI for conflict visibility and explanation.
  • Notify for VEX-driven alerts.

Operational notes

  • MongoDB for observation storage and job metadata.
  • Offline kit packaging aligned with Concelier merges.
  • Connector-specific runbooks (see docs/modules/concelier/operations/connectors).
  • Ubuntu CSAF provenance knobs: operations/ubuntu-csaf.md captures TrustWeight/Tier, cosign, and fingerprint configuration for the sprint 120 enrichment.

Backlog references

  • DOCS-LNM-22-006 / DOCS-LNM-22-007 (shared with Concelier).
  • CLI-EXC-25-001..002 follow-up for CLI parity.

Epic alignment

  • Epic 1 AOC enforcement: maintain immutable VEX observations, provenance, and AOC verifier coverage.
  • Epic 7 VEX Consensus Lens: supply trustworthy raw inputs, trust metadata, and consensus hooks for the lens computations.
  • Epic 8 Advisory AI: expose citation-ready VEX payloads for the advisory assistant pipeline.