6592cdcc9b
- Wire Graph Indexer library + Persistence into graph-api (csproj refs + DI) - Add build/overlay endpoints matching Scheduler HTTP contracts (POST/GET /api/graphs/builds, POST/GET /api/graphs/overlays) - Add PostgresGraphRepository for reading from graph.graph_nodes/edges - Register SBOM ingest, analytics, change-stream, and inspector pipelines - Comment out Cartographer container in compose (empty shell, Slot 21) - Add cartographer.stella-ops.local as backwards-compat alias on graph-api - Update Scheduler config to target graph.stella-ops.local - Update services-matrix.env, hosts file, port-registry, module-matrix - Update component-map, architecture docs, Scanner/Graph READMEs - Eliminates 1 container (stellaops-cartographer) All 133 existing tests pass (77 Api + 37 Indexer + 19 Core). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Platform architecture & module dossiers
Use this index to locate platform-level architecture references and per-module dossiers.
Core views
- Architecture overview (10-minute tour)
- High-level architecture (reference map)
- Scanner core contracts
- Authority (legacy overview)
- Console operator guide and deep dives under ui/operations and ux
- Component map (quick descriptions of every module under
src/)
Detailed references
- Canonical webservice catalog
- Platform topology
- Infrastructure dependencies
- Request and data flows
- Data isolation model
- Security boundaries
Docs validation
Use the architecture docs validation check to detect service-path and hostname drift:
powershell -NoProfile -ExecutionPolicy Bypass -File ./docs/technical/architecture/scripts/validate-webservice-docs.ps1
Intentional failing fixture (sanity check for the validator):
powershell -NoProfile -ExecutionPolicy Bypass -File ./docs/technical/architecture/scripts/validate-webservice-docs.ps1 `
-Files "docs/technical/architecture/fixtures/webservice-docs-invalid-fixture.md"
User-centric views (NEW)
- User flows (UML diagrams) - End-to-end flows from user perspective
- Module matrix - Complete 46-module inventory with categorization
- Data flows - SBOM, advisory, VEX, and policy data lifecycles
- Schema mapping - PostgreSQL, Valkey, and RustFS storage reference
Policy engine deep dives (NEW)
Comprehensive documentation of how data feeds policy decisions:
- Policy Engine Data Pipeline - Master view of all data flowing to policy engine
- SBOM Analyzer Inventory - Complete inventory of 25 analyzers (11 language, 9 OS, 4 surface, 1 capability)
- Runtime Agents Architecture - eBPF observation, Zastava container observer, signal processing
- Call Graph Analysis - ReachGraph construction, BFS path finding, 8-state reachability
- Confidence Scoring - 5-factor weighted scoring (RCH, RTS, VEX, PRV, POL)
- K4 Lattice Logic - Four-valued logic for handling uncertainty and conflicts
End-to-end workflow flows
Comprehensive flow documentation for all major StellaOps workflows: flows/
| Category | Flows |
|---|---|
| Core Platform | Dashboard, Scan Submission, SBOM Generation, Policy Evaluation, Notification, Export |
| Advanced | CI/CD Gate, Advisory Drift Re-scan, VEX Auto-Generation, Evidence Bundle Export |
| Enterprise | Multi-Tenant Policy Rollout, Exception Approval, Risk Score Dashboard |
| Specialized | Binary Delta Attestation, Offline Sync, Reachability Drift Alert |
Module catalogue
Each module directory bundles an ownership charter (AGENTS.md), current work (TASKS.md), an architecture dossier, and an implementation plan. Operations guides live under operations/ where applicable.
Tip: every module directory also exposes
README.md,AGENTS.md, andTASKS.mdfor roles, current backlog, and ownership responsibilities.