stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7cfb683a52ea19cb49686d6e2e95380513708909
git.stella-ops.org/docs/README.md

121 lines
6.5 KiB
Markdown
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Stella Ops Suite Documentation
**Stella Ops Suite** is a centralized, auditable release control plane for **nonKubernetes** container estates. It orchestrates environment promotions, gates releases using reachability-aware security and policy, and produces verifiable evidence for every decision.
The platform combines:
- **Release orchestration** — UI-driven promotion (Dev -> Stage -> Prod), approvals, policy gates, rollbacks, and step-graph execution (sequential/parallel) with per-step logs
- **Security decisioning as a gate** — scan on build, evaluate on release, re-evaluate on vulnerability intel updates
- **OCI-digest-first releases** — immutable digest-based release identity with authoritative "what is deployed where" tracking
- **Toolchain-agnostic integrations** — plug into any SCM, CI, registry, secrets system, and host access method via plugins
- **Auditability + standards** — evidence packets, SBOM/VEX/attestation support, deterministic replay and explainable decisions
---
## Verified vs Unverified Releases
Stella supports two operational modes:
- **Verified releases (recommended):** promotions require Stella evidence for each new digest (SBOM + reachability + policy decision record + approvals where configured). Intended for certifiable security and audit-grade releases.
- **Unverified releases (CD-only):** orchestration is allowed with evidence gates bypassed. Still tracked and logged, but not intended for security certification.
This documentation emphasizes the **verified release** path as the primary product value.
---
## Licensing model (documentation-level summary)
Stella Ops Suite uses **no feature gating** across plans. Licensing limits apply only to:
- **Environments**
- **New digests deep-scanned per month** (evidence-grade analysis of previously unseen OCI digests)
**Deployment targets are not licensed** (unlimited targets; fair use may apply only under abusive automation patterns).
(See your offer/pricing document if present in the repo; commonly stored under `docs/product/`.)
---
## Two Levels of Documentation
- **High-level (canonical):** curated guides in `docs/*.md`.
- **Detailed (reference):** deep dives under `docs/**` (module dossiers, architecture notes, API contracts/samples, runbooks, schemas). Entry point: `docs/technical/README.md`.
This documentation set is internal and does not keep compatibility stubs for old paths. Content is consolidated to reduce duplication and outdated pages.
---
## Start Here
### Product Understanding
| Goal | Open this |
| --- | --- |
| Understand the product in 2 minutes | [overview.md](overview.md) |
| Browse capabilities | [key-features.md](key-features.md) |
| Feature matrix | [FEATURE_MATRIX.md](FEATURE_MATRIX.md) |
| Product vision | [product/VISION.md](product/VISION.md) |
| Roadmap (priorities + definition of "done") | [ROADMAP.md](ROADMAP.md) |
| Verified release model (concepts + evidence) | [VERIFIED_RELEASES.md](VERIFIED_RELEASES.md) |
### Getting Started
| Goal | Open this |
| --- | --- |
| First run (minimal install) | [quickstart.md](quickstart.md) |
| Run a first scan (CLI) | [quickstart.md](quickstart.md) |
| Run a first verified promotion (Dev -> Stage -> Prod) | [RELEASE_PROCESS.md](releases/RELEASE_PROCESS.md) |
| Ingest advisories (Concelier + CLI) | [CONCELIER_CLI_QUICKSTART.md](CONCELIER_CLI_QUICKSTART.md) |
| Console (Web UI) operator guide | [UI_GUIDE.md](UI_GUIDE.md) |
| Doctor / self-service diagnostics | [DOCTOR_GUIDE.md](doctor/README.md) |
| Offline / air-gap operations | [OFFLINE_KIT.md](OFFLINE_KIT.md) |
### Architecture
| Goal | Open this |
| --- | --- |
| Architecture: high-level overview | [ARCHITECTURE_OVERVIEW.md](ARCHITECTURE_OVERVIEW.md) |
| Architecture: full reference map | [ARCHITECTURE_REFERENCE.md](ARCHITECTURE_REFERENCE.md) |
| Architecture: user flows (UML) | [technical/architecture/user-flows.md](technical/architecture/user-flows.md) |
| Architecture: module matrix | [technical/architecture/module-matrix.md](technical/architecture/module-matrix.md) |
| Architecture: data flows | [technical/architecture/data-flows.md](technical/architecture/data-flows.md) |
| Architecture: schema mapping | [technical/architecture/schema-mapping.md](technical/architecture/schema-mapping.md) |
| Release Orchestrator architecture | [modules/release-orchestrator/architecture.md](modules/release-orchestrator/architecture.md) |
| Evidence and attestations | [modules/evidence/README.md](modules/evidence/README.md) |
### Development & Operations
| Goal | Open this |
| --- | --- |
| Engineering rules (determinism, security, docs discipline) | [code-of-conduct/CODE_OF_CONDUCT.md](code-of-conduct/CODE_OF_CONDUCT.md) |
| Testing standards and evidence expectations | [code-of-conduct/TESTING_PRACTICES.md](code-of-conduct/TESTING_PRACTICES.md) |
| Develop plugins/connectors | [PLUGIN_SDK_GUIDE.md](PLUGIN_SDK_GUIDE.md) |
| Security deployment hardening | [SECURITY_HARDENING_GUIDE.md](SECURITY_HARDENING_GUIDE.md) |
| VEX consensus and issuer trust | [VEX_CONSENSUS_GUIDE.md](VEX_CONSENSUS_GUIDE.md) |
| Vulnerability Explorer guide | [VULNERABILITY_EXPLORER_GUIDE.md](VULNERABILITY_EXPLORER_GUIDE.md) |
---
## Detailed Indexes
- **Technical index (everything):** [docs/technical/README.md](/docs/technical/)
- **End-to-end workflow flows:** [docs/flows/](/docs/flows/)
- **Module dossiers:** [docs/modules/](/docs/modules/)
- **API contracts and samples:** [docs/api/](/docs/api/)
- **Architecture notes / ADRs:** [docs/technical/architecture/](/docs/technical/architecture/), [docs/technical/adr/](/docs/technical/adr/)
- **Operations and deployment:** [docs/operations/](/docs/operations/)
- **Air-gap workflows:** [docs/modules/airgap/guides/](/docs/modules/airgap/guides/)
- **Security deep dives:** [docs/security/](/docs/security/)
- **Benchmarks and fixtures:** [docs/benchmarks/](/docs/benchmarks/), [docs/assets/](/docs/assets/)
- **Product advisories:** [docs/product/advisories/](/docs/product/advisories/)
---
## Design Principles
- **Offline-first**: core operations work in air-gapped environments
- **Deterministic replay**: same inputs yield same outputs (stable ordering, canonical hashing)
- **Evidence-linked decisions**: every verified release decision links to concrete evidence artifacts
- **Digest-first release identity**: releases are immutable OCI digests, not mutable tags
- **Pluggable everything**: integrations are plugins; core orchestration is stable
- **No feature gating**: all plans include all features; licensing limits are environments + new digests deep-scanned per month; deployment targets are not licensed
Reference in New Issue View Git Blame Copy Permalink