stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
2d08f52715816a8c27e0741f0d05a16ca4aca71b
git.stella-ops.org/docs/modules/zastava/README.md
StellaOps Bot 17d45a6d30
Some checks failed
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context 
- Added `FilesystemPackRunProvenanceWriter` to write provenance manifests to the filesystem.
- Introduced `MongoPackRunArtifactReader` to read artifacts from MongoDB.
- Created `MongoPackRunProvenanceWriter` to store provenance manifests in MongoDB.
- Developed unit tests for filesystem and MongoDB provenance writers.
- Established `ITimelineEventStore` and `ITimelineIngestionService` interfaces for timeline event handling.
- Implemented `TimelineIngestionService` to validate and persist timeline events with hashing.
- Created PostgreSQL schema and migration scripts for timeline indexing.
- Added dependency injection support for timeline indexer services.
- Developed tests for timeline ingestion and schema validation.
2025-11-30 15:38:14 +02:00

1.7 KiB
Raw Blame History

StellaOps Zastava

Zastava monitors running workloads, verifies supply chain posture, and enforces runtime policy via Kubernetes admission webhooks.

Latest updates (2025-11-30)

  • Sprint tracker docs/implplan/SPRINT_0335_0001_0001_docs_modules_zastava.md and module TASKS.md added to mirror status.
  • Observability runbook stub + dashboard placeholder added under operations/ (offline import).
  • Surface.Env/Surface.Secrets adoption remains pending platform contracts; align with platform docs before enabling sealed mode.

Responsibilities

  • Observe node/container activity and emit runtime events.
  • Validate signatures, SBOM presence, and backend verdicts before allowing containers.
  • Buffer and replay events during disconnections.
  • Trigger delta scans when runtime posture drifts.

Key components

  • StellaOps.Zastava.Observer daemonset.
  • StellaOps.Zastava.Webhook admission controller.
  • Shared contracts in StellaOps.Zastava.Core.

Integrations & dependencies

  • Authority for OpToks and mTLS.
  • Scanner/Scheduler for remediation triggers.
  • Notify/UI for runtime alerts and dashboards.

Operational notes

  • Runbook ./operations/observability.md (stub) plus dashboard placeholder ./operations/dashboards/zastava-observability.json.
  • Legacy runtime runbook assets remain under ./operations if present; keep offline kit bundles deterministic.
  • DPoP/mTLS rotation guidance shared with Authority.

Related resources

  • ./operations/runtime.md
  • ./operations/runtime-grafana-dashboard.json
  • ./operations/runtime-prometheus-rules.yaml

Backlog references

  • ZASTAVA runtime tasks in ../../TASKS.md.
  • Webhook smoke tests tracked in src/Zastava/**/TASKS.md.