61f963fd52
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added `LedgerMetrics` class to record write latency and total events for ledger operations. - Created comprehensive tests for Ruby packages endpoints, covering scenarios for missing inventory, successful retrieval, and identifier handling. - Introduced `TestSurfaceSecretsScope` for managing environment variables during tests. - Developed `ProvenanceMongoExtensions` for attaching DSSE provenance and trust information to event documents. - Implemented `EventProvenanceWriter` and `EventWriter` classes for managing event provenance in MongoDB. - Established MongoDB indexes for efficient querying of events based on provenance and trust. - Added models and JSON parsing logic for DSSE provenance and trust information.
3.0 KiB
3.0 KiB
StellaOps Excititor
Excititor converts heterogeneous VEX feeds into raw observations and linksets that honour the Aggregation-Only Contract.
Latest updates (2025-11-05)
- Link-Not-Merge readiness: release note Excitor consensus beta captures how Excititor feeds power the Excititor consensus beta (sample payload in consensus JSON).
- Added observability guide describing the evidence metrics emitted by
EXCITITOR-AIAI-31-003(request counters, statement histogram, signature status, guard violations) so Ops/Lens can alert on misuse. - README now points policy/UI teams to the upcoming consensus integration work.
- DSSE packaging for consensus bundles and Export Center hooks are documented in the beta release note; operators mirroring Excititor exports must verify detached JWS artefacts (
bundle.json.jws) alongside each bundle. - Follow-ups called out in the release note (Policy weighting knobs
POLICY-ENGINE-30-101, CLI verbCLI-VEX-30-002) remain in-flight and are tracked in/docs/implplan/SPRINT_200_documentation_process.md.
Release references
- Consensus beta payload reference: docs/vex/consensus-json.md
- Export Center offline packaging: docs/modules/export-center/devportal-offline.md
- Historical release log: docs/updates/
Responsibilities
- Fetch OpenVEX/CSAF/CycloneDX statements via restart-only connectors.
- Store immutable VEX observations with full provenance.
- Publish linksets and events that drive policy suppression decisions.
- Provide deterministic exports for Offline Kit and downstream tooling.
Key components
StellaOps.Excititor.WebServicescheduler/API host.- Connector libraries under
StellaOps.Excititor.Connector.*. - Normalization helpers and exporters in
StellaOps.Excititor.*.
Integrations & dependencies
- Policy Engine for evidence queries.
- UI/CLI for conflict visibility and explanation.
- Notify for VEX-driven alerts.
Operational notes
- MongoDB for observation storage and job metadata.
- Offline kit packaging aligned with Concelier merges.
- Connector-specific runbooks (see
docs/modules/concelier/operations/connectors). - Ubuntu CSAF provenance knobs:
operations/ubuntu-csaf.mdcaptures TrustWeight/Tier, cosign, and fingerprint configuration for the sprint 120 enrichment.
Backlog references
- DOCS-LNM-22-006 / DOCS-LNM-22-007 (shared with Concelier).
- CLI-EXC-25-001..002 follow-up for CLI parity.
Epic alignment
- Epic 1 – AOC enforcement: maintain immutable VEX observations, provenance, and AOC verifier coverage.
- Epic 7 – VEX Consensus Lens: supply trustworthy raw inputs, trust metadata, and consensus hooks for the lens computations.
- Epic 8 – Advisory AI: expose citation-ready VEX payloads for the advisory assistant pipeline.