2fef38b093
Backend: - Add SecretsManager=9 type, Vault=550 and Consul=551 providers to IntegrationEnums - Create VaultConnectorPlugin (GET /v1/sys/health), ConsulConnectorPlugin (GET /v1/status/leader), EbpfAgentConnectorPlugin (GET /api/v1/health) - Register all 3 plugins in Program.cs and WebService.csproj - Extend Concelier JobRegistrationExtensions with 20 additional advisory source connectors (ghsa, kev, epss, debian, ubuntu, alpine, suse, etc.) - Add connector project references to Concelier WebService.csproj so Type.GetType() can resolve job classes at runtime - Fix job kind names to match SourceDefinitions IDs (jpcert not jvn, oracle not vndr-oracle, etc.) Infrastructure: - Add Consul service to docker-compose.integrations.yml (127.1.2.8:8500) - Add runtime-host nginx fixture to docker-compose.integration-fixtures.yml (127.1.1.9:80) Frontend: - Mirror SecretsManager/Vault/Consul enum additions in integration.models.ts - Fix Secrets tab route type from RepoSource to SecretsManager - Add SecretsManager to parseType() and TYPE_DISPLAY_NAMES E2E tests (117/117 passing): - vault-consul-secrets.e2e.spec.ts: compose health, probes, CRUD, UI - runtime-hosts.e2e.spec.ts: fixture probe, CRUD, hosts tab - advisory-sync.e2e.spec.ts: 21 sources sync accepted, catalog, management - ui-onboarding-wizard.e2e.spec.ts: wizard steps for registry/scm/ci - ui-integration-detail.e2e.spec.ts: detail tabs, health data - ui-crud-operations.e2e.spec.ts: search, sort, delete - helpers.ts: shared configs, API helpers, screenshot util - Updated playwright.integrations.config.ts with reporter and CI retries Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DevOps
Deployment infrastructure for StellaOps.
Stack
| Component | Technology |
|---|---|
| Database | PostgreSQL 18.1 |
| Cache/Queue | Valkey 9.0.1 |
| Storage | RustFS |
| Transparency | Rekor v2 |
Structure
devops/
├── compose/ # Docker Compose files
├── helm/ # Kubernetes Helm chart
├── docker/ # Dockerfiles
├── runtime-assets/ # Runtime data assets (ML models, JDK, Ghidra, certs)
├── database/ # PostgreSQL migrations
├── scripts/ # Operational scripts
├── offline/ # Air-gap support
├── telemetry/ # Alerts & dashboards
├── logging/ # Log config templates
├── release/ # Release tools
├── releases/ # Release manifests
├── secrets/ # Secret templates
└── tools/ # Validation scripts
Runtime Data Assets
Services require certain files at runtime that are not produced by dotnet publish
or npm run build: ML model weights, JDK/Ghidra for binary analysis, certificates,
and more. Before building Docker images or creating offline bundles, run:
./devops/runtime-assets/acquire.sh --all # download and verify
./devops/runtime-assets/acquire.sh --verify # check existing assets
./devops/runtime-assets/acquire.sh --package # create air-gap tarball
See devops/runtime-assets/README.md for the full inventory and provisioning guide.
Quick Start
# Local stack
docker compose -f devops/compose/docker-compose.stella-ops.yml up -d
# With telemetry
docker compose -f devops/compose/docker-compose.stella-ops.yml \
-f devops/compose/docker-compose.telemetry.yml up -d
# Kubernetes
helm install stellaops devops/helm/stellaops \
-f devops/helm/stellaops/values-prod.yaml \
-n stellaops --create-namespace
Compose Files
| File | Purpose |
|---|---|
stella-ops.yml |
Main stack |
telemetry.yml |
Observability |
testing.yml |
CI infrastructure |
compliance-china.yml |
SM2/SM3/SM4 |
compliance-russia.yml |
GOST |
compliance-eu.yml |
eIDAS |