Files

StellaOps Bot 47168fec38 feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports

- Introduced a new VEX compact fixture for testing purposes.
- Implemented `verify_export.py` script to validate Findings Ledger exports, ensuring deterministic ordering and applying redaction manifests.
- Added a lightweight stub `HarnessRunner` for unit tests to validate ledger hashing expectations.
- Documented tasks related to the Mirror Creator.
- Created models for entropy signals and implemented the `EntropyPenaltyCalculator` to compute penalties based on scanner outputs.
- Developed unit tests for `EntropyPenaltyCalculator` to ensure correct penalty calculations and handling of edge cases.
- Added tests for symbol ID normalization in the reachability scanner.
- Enhanced console status service with comprehensive unit tests for connection handling and error recovery.
- Included Cosign tool version 2.6.0 with checksums for various platforms.

2025-12-02 21:08:01 +02:00

contracts

work

2025-11-23 23:40:10 +02:00

design

2025-11-27 23:45:09 +02:00

prep

feat: Implement MongoDB orchestrator storage with registry, commands, and heartbeats

2025-11-22 12:35:38 +02:00

samples

2025-11-27 23:45:09 +02:00

schemas

2025-11-24 07:52:25 +02:00

AGENTS.md

Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations.

2025-11-05 11:58:32 +02:00

architecture.md

feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports

2025-12-02 21:08:01 +02:00

cvss-v4.md

feat(zastava): add evidence locker plan and schema examples

2025-12-02 09:27:31 +02:00

implementation_plan.md

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

README.md

feat: Add Promotion-Time Attestations for Stella Ops

2025-11-11 15:30:22 +02:00

secret-leak-detection-readiness.md

feat: Implement vulnerability token signing and verification utilities

2025-11-03 10:04:10 +02:00

TASKS.md

work

2025-11-23 23:40:10 +02:00

windows-package-readiness.md

feat: Implement vulnerability token signing and verification utilities

2025-11-03 10:04:10 +02:00

README.md

StellaOps Policy Engine

Policy Engine compiles and evaluates Stella DSL policies deterministically, producing explainable findings with full provenance.

Responsibilities

Compile stella-dsl@1 packs into executable graphs.
Join advisories, VEX evidence, and SBOM inventories to derive effective findings.
Expose simulation and diff APIs for UI/CLI workflows.
Emit change-stream driven events for Notify/Scheduler integrations.

Key components

StellaOps.Policy.Engine service host.
Shared libraries under StellaOps.Policy.* for evaluation, storage, DSL tooling.

Integrations & dependencies

MongoDB findings collections, RustFS explain bundles.
Scheduler for incremental re-evaluation triggers.
CLI/UI for policy authoring and runs.

Operational notes

DSL grammar and lifecycle docs in ../../policy/.
Observability guidance in ../../observability/policy.md.
Governance and scope mapping in ../../security/policy-governance.md.
Readiness briefs: ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
Readiness briefs: ../scanner/design/macos-analyzer.md, ../scanner/design/windows-analyzer.md, ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
Ruby capability predicates design: ./design/ruby-capability-predicates.md.

Backlog references

DOCS-POLICY-20-001 … DOCS-POLICY-20-012 (completed baseline).
DOCS-POLICY-23-007 (upcoming command updates).

Epic alignment

Epic 2 – Policy Engine & Editor: deliver deterministic evaluation, DSL infrastructure, explain traces, and incremental runs.
Epic 4 – Policy Studio: integrate registry workflows, simulation at scale, approvals, and promotion semantics.

README.md Unescape Escape

StellaOps Policy Engine

Responsibilities

Key components

Integrations & dependencies

Operational notes

Backlog references

Epic alignment

README.md