stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
607ce619fee70a7904b3dad5bd7d49f4b29b6845
git.stella-ops.org/docs/modules/concelier/README.md
master 607ce619fe feat(concelier): multi-sprint batch (mirror domain + advisory sources + durable runtime + credentials) 
Bundled commit covering pre-session work from multiple Concelier sprints
already archived or in-flight:
- SPRINT_20260419_006: mirror domain / source key validation
- SPRINT_20260419_029 / 030: durable jobs orchestrator runtime + endpoint verification
- SPRINT_20260421_001: advisory source projection truthful counts
- SPRINT_20260421_002: FE advisory source consistency (connector-side bits)
- SPRINT_20260421_003: advisory connector runtime alignment
- SPRINT_20260422_003: source credential entry paths (in-flight)

Includes connector internals (ACSC / Adobe / CERT-BUND / Chromium / Cisco /
CVE-KEV / GHSA / JVN / KISA / MSRC / Oracle / Ubuntu), source management
endpoints, mirror domain management, federation endpoints, topology setup,
job registration, and associated dossier updates under
docs/modules/concelier/.

This commit groups ~229 file changes that accumulated across the above
sprints; individual changes are preserved at file granularity so blame
remains useful.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:05:53 +03:00

80 lines
4.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# StellaOps Concelier
Concelier ingests signed advisories from **32 advisory connectors** and converts them into immutable observations plus linksets under the Aggregation-Only Contract (AOC).
**Advisory Sources (32 connectors):**
- **National CERTs (8):** ACSC (Australia), CCCS (Canada), CERT-Bund (Germany), CERT-CC (US), CERT-FR (France), CERT-IN (India), JVN (Japan), KISA (Korea)
- **OS Distros (5):** Alpine SecDB, Debian Security Tracker, RedHat OVAL, SUSE OVAL, Ubuntu USN
- **Vendors (7):** Apple, Adobe, Chromium, Cisco PSIRT, Microsoft MSRC, Oracle, VMware
- **Standards (5):** CVE, NVD, GHSA (GitHub), OSV, EPSS v4
- **Threat Intel (3):** KEV (CISA Exploited Vulns), CISA ICS, Kaspersky ICS
- **Regional (3):** Russia BDU, Russia NKCKI, Plus regional mirrors
- **Internal (1):** StellaOps internal mirror
## Responsibilities
- Fetch and normalise vulnerability advisories via restart-time connectors.
- Persist observations and correlation linksets without precedence decisions.
- Emit deterministic exports (JSON, Trivy DB) for downstream policy evaluation.
- Coordinate offline/air-gap updates via Offline Kit bundles.
- Serve paragraph-anchored advisory chunks for Advisory AI consumers without breaking the Aggregation-Only Contract.
- Do not emit promotion PASS/FAIL decisions; promotion gate decisions are owned by Policy Engine.
## Key components
- `StellaOps.Concelier.WebService` orchestration host.
- Connector libraries under `StellaOps.Concelier.Connector.*`.
- Exporter packages (`StellaOps.Concelier.Exporter.*`).
## Recent updates
- **2025-11-07:** Paragraph-anchored `/advisories/{advisoryKey}/chunks` endpoint shipped for Advisory AI paragraph retrieval. Details and rollout notes live in [`../../implplan/archived/updates/2025-11-07-concelier-advisory-chunks.md`](../../implplan/archived/updates/2025-11-07-concelier-advisory-chunks.md).
## Integrations & dependencies
- PostgreSQL (schema `vuln`) for canonical observations and schedules.
- Policy Engine / Export Center / CLI for evidence consumption.
- Notify and UI for advisory deltas.
## Operational notes
- Connector runbooks in ./operations/connectors/.
- Mirror operations for Offline Kit parity.
- Grafana dashboards for connector health.
- **Authority toggle rollout (2025-10-22 update).** Follow the phased table and audit checklist in `../../CONCELIER_CLI_QUICKSTART.md` when enabling `authority.enabled`/`authority.allowAnonymousFallback`, and cross-check the refreshed `./operations/authority-audit-runbook.md` before enforcement.
## Related resources
- ./operations/conflict-resolution.md
- ./operations/mirror.md
- ./operations/authority-audit-runbook.md
- ../../CONCELIER_CLI_QUICKSTART.md (authority integration timeline & smoke tests)
## Backlog references
- DOCS-LNM-22-001, DOCS-LNM-22-007 in ../../TASKS.md.
- Connector-specific TODOs in `src/Concelier/**/TASKS.md`.
## Epic alignment
- **Epic 1 AOC enforcement:** uphold raw observation invariants, provenance requirements, linkset-only enrichment, and AOC verifier guardrails across every connector.
- **Epic 10 Export Center:** expose deterministic advisory exports and metadata required by JSON/Trivy/mirror bundles.
## Implementation Status
**Delivery Phases:**
- Phase 1 (Guardrails & schema) PostgreSQL validators, AOCWriteGuard interceptor, deterministic linkset builders operational
- Phase 2 (API & observability) Ingestion/verification endpoints with Authority scopes, telemetry, Offline Kit packaging
- Phase 3 (Experience polish) CLI/Console affordances, Export Center hand-off metadata, CI enforcement
**Acceptance Criteria:**
- PostgreSQL validators and runtime guards reject forbidden fields and missing provenance with ERR_AOC_00x codes
- Linksets and supersedes chains deterministic; identical payloads yield byte-identical documents
- CLI `stella aoc verify` exits non-zero on violations, zero on clean datasets
- Export Center consumes advisory datasets without legacy normalized fields
- CI fails on lint violations or guard test regressions
**Key Risks & Mitigations:**
- Collector drift: guard middleware + CI lint + schema validation; RFC required for linkset changes
- Migration complexity: staged cutover with backup copies, temporary views for Policy Engine parity
- Performance overhead: guard remains O(number of keys), index review for insert latency targets
- Tenancy leakage: tenant required in schema, Authority claims enforced, observability alerts
**Recent Milestones:**
- Sprint 110 attestation chain validated, evidence bundle tests green
- Link-Not-Merge cache and console consumption docs frozen
- Observation events transport reviewed, NATS/air-gap guidance updated
- Testing-only legacy `AddInMemoryStorage()` compatibility moved into explicit web-service test harnesses, and runtime observation-event defaults no longer imply an undocumented `"inmemory"` transport
Reference in New Issue View Git Blame Copy Permalink