git.stella-ops.org/docs/modules/graph/README.md

# StellaOps Graph

Graph module (upcoming) will power graph-indexed queries for SBOM relationships, lineage, and blast-radius analysis.

## Responsibilities
- Model SBOM and advisory entities as a navigable graph.
- Provide APIs for dependency impact, provenance chains, and reachability analysis.
- Integrate with Scheduler/Policy for graph-driven re-evaluation.
- Expose tooling for offline explorers.
- Maintain [Graph Index Canonical Schema](schema.md) with deterministic identities, fixtures, and attribute dictionary.

### Domain highlights (Epic 5)
- **Nodes:** artifacts/images, SBOM components, packages/versions, files/paths, licences, advisories, VEX statements, provenance attestations, policy versions.
- **Edges:** `depends_on`, `contains`, `built_from`, `declared_in`, `affected_by`, `vex_exempts`, `governs_with`, `produced_by`, each timestamped and tenant-scoped.
- **Overlays:** policy verdict overlays, VEX consensus, runtime telemetry, and export-ready snapshots with diff support.
- **Queries:** reachability (`impact(graph, advisory)`), blast radius (`reverseDepends(component)`), provenance timeline, saved query library with semantic zoom for Console.

## Key components
- Planned services documented in implementation plan (to be delivered).

## Integrations & dependencies
- SBOM Service / Cartographer for data ingestion.
- Policy & CLI for query surfaces.

## Operational notes
- Pending — see implementation plan for staged milestones.

## Backlog references
- DOCS-GRAPH-24-003 (architecture index) and SCHED-MODELS-21-001 tasks.

## Epic alignment
- **Epic 5 – SBOM Graph Explorer:** deliver graph indexer, API, Console explorer, saved queries, overlays, and exports.