fdf95e0f46
- API_CLI_REFERENCE.md, INSTALL_GUIDE.md, quickstart.md, architecture/integrations.md, dev/DEV_ENVIRONMENT_SETUP.md, integrations/LOCAL_SERVICES.md: reflect real-service wiring. - docs/modules/**: module dossier updates across the modules touched by SPRINT_20260415_001..007 + SPRINT_20260416_003..017 + SPRINT_20260417_018..024 + SPRINT_20260418_025 + SPRINT_20260419_026. - docs/features/checked/web/**: update feature notes where UI changed. - docs/qa/feature-checks/runs/web/evidence-presentation-ux/: QA evidence artifacts. - docs/setup/**, docs/technical/**: align with setup wizard contracts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5.4 KiB
5.4 KiB
StellaOps Export Center
Export Center packages reproducible evidence bundles (JSON, Trivy DB, mirror) with provenance metadata and optional signing for offline or mirrored deployments.
Latest updates (2025-11-30)
- Sprint tracker
docs/implplan/SPRINT_0320_0001_0001_docs_modules_export_center.mdand moduleTASKS.mdadded to mirror status. - Observability runbook stub + dashboard placeholder added under
operations/(offline import). - Bundle/profile/offline manifest guidance reaffirmed (
devportal-offline*.md,mirror-bundles.md,provenance-and-signing.md). - 2026-04-16 truthful-runtime cutover: non-testing
StellaOps.ExportCenter.WebServicenow uses PostgreSQL-backed canonical export repositories plus a real Evidence Locker client, while non-durable verification, attestation, incident, risk-bundle, simulation-export, audit-bundle, and exception-report host paths return explicit501 problem+jsonuntil durable backends exist. Timeline publication also no longer defaults to an in-memory sink outsideTesting.
Responsibilities
- Coordinate export jobs based on profiles and scope selectors.
- Assemble manifests, provenance documents, and cosign signatures.
- Stream bundles via HTTP/OCI and stage them for Offline Kit uses.
- Expose CLI/API surfaces for automation.
Key components
StellaOps.ExportCenter.WebServiceplanner.StellaOps.ExportCenter.Workerbundle builder.- Adapters in
StellaOps.ExportCenter.*for JSON/Trivy/mirror variants.
Profiles at a glance
- json:raw / json:policy — Evidence bundles with raw ingestion facts or policy overlays.
- trivy:db / trivy:java-db — Trivy-compatible vulnerability feeds with deterministic manifests.
- mirror:full / mirror:delta — OCI-style mirrors with provenance, TUF metadata, and optional encryption.
- devportal:offline — Developer portal static assets, specs, SDKs, and changelogs packaged with
manifest.json,checksums.txt, helper scripts, and a DSSE-signed manifest (manifest.dsse.json) for offline verification.
Integrations & dependencies
- Concelier/Excititor/Policy data stores for evidence.
- Signer/Attestor for provenance signing.
- CLI for operator-managed exports.
Operational notes
- Runbooks in ./operations/ for deployment and monitoring.
- Observability assets:
operations/observability.mdandoperations/dashboards/export-center-observability.json(offline import). - Mirror bundle instructions and validation notes.
- Telemetry dashboards for export latency and retry rates.
- Testing-only in-memory runtime switches are explicit (
Export:AllowInMemoryRepositories,Export:UseInMemoryEvidenceLocker,Export:UseInMemoryVerificationArtifactStore,Export:UseInMemoryAttestationStore,Export:UseInMemoryPromotionAttestationStore,Export:UseInMemoryIncidentManager,Export:UseInMemoryRiskBundleJobHandler,Export:UseInMemorySimulationExporter,Export:UseInMemoryAuditBundleJobHandler,Export:UseInMemoryExceptionReportGenerator,Export:UseInMemoryTimelineNotificationSink). Non-testing runtime must use durable services or truthful501gaps.
Related resources
- ./operations/runbook.md
- ./devportal-offline.md (bundle structure, verification workflow, DSSE signature details)
- ./provenance-and-signing.md (manifest/provenance schema, signing pipeline, verification)
Backlog references
- DOCS-EXPORT-35-001 … DOCS-EXPORT-37-002 in ../../TASKS.md.
- EXPORT-ATTEST-75-002 cross-team deliverable.
Epic alignment
- Epic 10 – Export Center: deliver canonical JSON, Trivy DB, and mirror bundle workflows with provenance, signatures, and offline parity.
Implementation Status
Delivery Phases
- Phase 1 – JSON & mirror foundations: Stand up service + worker, deliver canonical JSON and mirror profiles, seed schema migrations, publish manifest/provenance formats
- Phase 2 – Trivy adapters & distribution: Implement Trivy DB/Java DB adapters, wire OCI/object storage distribution, expose policy snapshot embedding + verification
- Phase 3 – Delta, encryption, scheduling: Release mirror deltas, bundle encryption, advanced scheduling/automation, resumable downloads, CLI/Console verification workflows
Acceptance Criteria
- Operators can create, monitor, and download exports; verification succeeds against manifest + provenance
- Trivy bundles import cleanly; mirror bundles run in Offline Kit reference environment (full + delta)
- Policy snapshot runs reproduce deterministic decisions with embedded policyVersion + inputsHash
- Tenant scoping and RBAC block unauthorized actions; encryption-enabled bundles lock data to recipient keys
- Metrics and dashboards reflect live runs; alerts trigger on sustained failure rates
- Retried runs remain idempotent with matching manifests, hashes, and distribution artefacts
Key Risks & Mitigations
- Schema drift: Versioned adapters with compatibility gates, CI integration tests, fail-fast with actionable errors
- Bundle bloat: zstd compression, sharding, delta exports, OCI dedupe
- Data leakage: Strict schema allowlists, tenancy filters, redaction enforcement, encryption options
- Non-determinism: Embed policy snapshots, enforce deterministic ordering, include content hashes in manifest
Recent Updates
- Sprint tracker and module TASKS.md added to mirror status
- Observability runbook stub + dashboard placeholder added under operations/
- Bundle/profile/offline manifest guidance reaffirmed