StellaOps Concelier & CLI

This repository hosts the StellaOps Concelier service, its plug-in ecosystem, and the first-party CLI (stellaops-cli). Concelier ingests vulnerability advisories from authoritative sources, stores them in PostgreSQL, and exports deterministic JSON and Trivy DB artefacts. The CLI drives scanner distribution, scan execution, and job control against the Concelier API.

Quickstart

1. Prepare a PostgreSQL instance and (optionally) install trivy-db/oras.
2. Copy etc/concelier.yaml.sample to etc/concelier.yaml and update the storage + telemetry settings.
3. Copy etc/authority.yaml.sample to etc/authority.yaml, review the issuer, token lifetimes, and plug-in descriptors, then edit the companion manifests under etc/authority.plugins/*.yaml to match your deployment.
4. Start the web service with dotnet run --project src/Concelier/StellaOps.Concelier.WebService.
5. Configure the CLI via environment variables (e.g. STELLAOPS_BACKEND_URL) and trigger jobs with dotnet run --project src/Cli/StellaOps.Cli -- db merge.

Detailed operator guidance is available in docs/10_CONCELIER_CLI_QUICKSTART.md. API and command reference material lives in docs/09_API_CLI_REFERENCE.md.

Pipeline note: deployment workflows should template etc/concelier.yaml during CI/CD, injecting environment-specific PostgreSQL connection strings and telemetry endpoints. Upcoming releases will add Microsoft OAuth (Entra ID) authentication support—track the quickstart for integration steps once available.

Documentation

• docs/README.md now consolidates the platform index and points to the updated high-level architecture.
• Module architecture dossiers now live under docs/modules/<module>/. The most relevant here are docs/modules/concelier/ARCHITECTURE.md (service layout, merge engine, exports) and docs/modules/cli/ARCHITECTURE.md (command surface, AOT packaging, auth flows). Related services such as the Signer, Attestor, Authority, Scanner, UI, Excititor, Zastava, and DevOps pipeline each have their own dossier in the same hierarchy.
• Offline operation guidance moved to docs/24_OFFLINE_KIT.md, which details bundle composition, verification, and delta workflows. Concelier-specific connector operations stay in docs/modules/concelier/operations/connectors/*.md with companion runbooks in docs/modules/concelier/operations/.