stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
3a92c77a045b6fc3df311c02ae67fb91542387e1
git.stella-ops.org/docs/modules/platform/architecture.md
StellaOps Bot 71e9a56cfd
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
feat: Add Scanner CI runner and related artifacts 
- Implemented `run-scanner-ci.sh` to build and run tests for the Scanner solution with a warmed NuGet cache.
- Created `excititor-vex-traces.json` dashboard for monitoring Excititor VEX observations.
- Added Docker Compose configuration for the OTLP span sink in `docker-compose.spansink.yml`.
- Configured OpenTelemetry collector in `otel-spansink.yaml` to receive and process traces.
- Developed `run-spansink.sh` script to run the OTLP span sink for Excititor traces.
- Introduced `FileSystemRiskBundleObjectStore` for storing risk bundle artifacts in the filesystem.
- Built `RiskBundleBuilder` for creating risk bundles with associated metadata and providers.
- Established `RiskBundleJob` to execute the risk bundle creation and storage process.
- Defined models for risk bundle inputs, entries, and manifests in `RiskBundleModels.cs`.
- Implemented signing functionality for risk bundle manifests with `HmacRiskBundleManifestSigner`.
- Created unit tests for `RiskBundleBuilder`, `RiskBundleJob`, and signing functionality to ensure correctness.
- Added filesystem artifact reader tests to validate manifest parsing and artifact listing.
- Included test manifests for egress scenarios in the task runner tests.
- Developed timeline query service tests to verify tenant and event ID handling.
2025-11-30 19:12:35 +02:00

1.1 KiB
Raw Blame History

Platform architecture (summary)

This module aggregates cross-cutting contracts and guardrails that every StellaOps service must follow.

Anchors

  • High-level system view: ../../07_HIGH_LEVEL_ARCHITECTURE.md
  • Platform overview: architecture-overview.md
  • Aggregation-Only Contract: ../ingestion/aggregation-only-contract.md (referenced across ingestion/observability docs)

Scope

  • Identity & tenancy: Authority-issued OpToks, tenant scoping, RBAC, short TTLs; see Authority module docs.
  • AOC & provenance: services ingest evidence without mutating/merging; provenance preserved; determinism required.
  • Offline posture: Offline Kit parity, sealed-mode defaults, deterministic bundles.
  • Observability baseline: metrics/logging/tracing patterns reused across modules; collectors documented under Telemetry module.
  • Determinism: stable ordering, UTC timestamps, content-addressed artifacts, reproducible exports.

Coordination

Platform docs are the starting point for new contributors; keep this summary in sync with module-specific dossiers and sprint references.