stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
40e7f827da764e39ca67fc27a74813a98e9a38d2
git.stella-ops.org/docs/modules/vex-lens
History
master b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:04:10 +02:00
..
AGENTS.md
feat: Add guild charters and task boards for various components
2025-11-01 02:21:46 +02:00
architecture.md
Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00
implementation_plan.md
feat: Implement vulnerability token signing and verification utilities
2025-11-03 10:04:10 +02:00
README.md
Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00
TASKS.md
Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00

README.md

StellaOps VEX Consensus Lens

VEX Lens computes deterministic consensus across conflicting VEX statements while preserving raw provenance.

Responsibilities

  • Ingest VEX evidence from Excititor and align it to SBOM inventory.
  • Apply issuer trust weights, freshness rules, and policy-defined tie breakers.
  • Publish consensus snapshots and disagreement metadata for Policy Engine and Explorer surfaces.
  • Expose APIs for explainability and offline bundle exports.

Key components

  • Consensus computation service and job pipeline.
  • Consensus store with versioned snapshots.
  • Explain trace generator for disagreements.

Integrations & dependencies

  • Excititor for raw VEX ingestion.
  • Policy Engine for applying consensus in suppression flows.
  • Vulnerability Explorer and Advisory AI for evidence overlays.

Operational notes

  • Trust model configuration and issuer scoring dashboards.
  • Offline kit packaging of consensus snapshots.
  • Telemetry on issuer coverage and disagreement counts.

Epic alignment

  • Epic 7: VEX Consensus Lens.
  • Lens implementation stories tracked in ../../TASKS.md.