5a923d968c
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added PackRunApprovalDecisionService to manage approval workflows for pack runs. - Introduced PackRunApprovalDecisionRequest and PackRunApprovalDecisionResult records. - Implemented logic to apply approval decisions and schedule run resumes based on approvals. - Updated related tests to validate approval decision functionality. test: Enhance tests for PackRunApprovalDecisionService - Created PackRunApprovalDecisionServiceTests to cover various approval scenarios. - Added in-memory stores for approvals and states to facilitate testing. - Validated behavior for applying approvals, including handling missing states. test: Add FilesystemPackRunArtifactUploaderTests for artifact uploads - Implemented tests for FilesystemPackRunArtifactUploader to ensure correct file handling. - Verified that missing files are recorded without exceptions and outputs are written as expected. fix: Update PackRunState creation to include plan reference - Modified PackRunState creation logic to include the plan in the state. chore: Refactor service registration in Program.cs - Updated service registrations in Program.cs to include new approval store and dispatcher services. - Ensured proper dependency injection for PackRunApprovalDecisionService. chore: Enhance TaskRunnerServiceOptions for approval store paths - Added ApprovalStorePath and other paths to TaskRunnerServiceOptions for better configuration. chore: Update PackRunWorkerService to handle artifact uploads - Integrated artifact uploading into PackRunWorkerService upon successful run completion. docs: Update TASKS.md for sprint progress - Documented progress on approvals workflow and related tasks in TASKS.md.
Stella Ops
Stella Ops is the sovereign, SBOM‑first security platform that proves every container decision with deterministic scans, explainable policy verdicts, and offline‑ready provenance.
- Sovereign by design – bring your own trust roots, vulnerability advisory sources, VEX sources, regional crypto, and Offline Update Kits that never phone home.
- Deterministic + replayable – every scan can be reproduced bit‑for‑bit with DSSE + OpenVEX evidence.
- Actionable signal – lattice logic ranks exploitability, and the policy engine lets you tailor VEX handling, muting, and expiration rules for your environment.
Proof points: SBOM dependency and vulnerability dependency cartographing work, deterministic replay manifests, lattice policy UI with OpenVEX, and post‑quantum trust packs ready for regulated sectors.
Choose Your Path
| If you want to… | Open this | Read time |
|---|---|---|
| Understand the promise and pain we solve | overview.md |
≈ 2 min |
| Run a first scan and see the CLI | quickstart.md |
≈ 5 min |
| Browse key capabilities at a glance | key-features.md |
≈ 3 min |
| Check architecture, road to production, or evaluate fit | See “Dig deeper” below | ≤ 30 min curated set |
Explore the Essentials
- Value in context – Overview compresses the “Why” + “What” stories and shows how Stella Ops stands apart.
- Try it fast – Quickstart walks through fetching the signed bundles, configuring
.env, and verifying the first scan. - Feature confidence – Key Features gives five capability cards covering Delta SBOM, VEX‑first policy, Sovereign crypto, Deterministic replay, and Transparent quotas.
- Up‑next checkpoints – Evaluation checklist helps teams plan Day‑0 to Day‑30 adoption milestones.
Dig Deeper (curated reading)
- Install & operations: Installation guide, Offline Update Kit, Security hardening.
- Architecture & modules: High‑level architecture, Module dossiers, Strategic differentiators.
- Policy & governance: Policy templates, Legal & quota FAQ, Governance charter.
- UI & glossary: Console guide, Accessibility, Glossary.
- Technical documentation: Full technical index for architecture, APIs, module dossiers, and operations playbooks.
- FAQs & readiness: FAQ matrix, Roadmap (external), Release engineering playbook.
Need more? The full documentation tree – ADRs, per‑module operations, schemas, developer references – stays untouched under the existing directories (modules/, api/, dev/, ops/), ready when you are.
© 2025 Stella Ops contributors – AGPL‑3.0‑or‑later