7efa424fe2
Closes 3 of 4 tasks in SPRINT_20260422_007. EXCITITOR-CFG-04 (OCI
binary-material handling) stays BLOCKED pending a secret-reference
storage-model design decision — sprint header called that out as a
scope boundary.
Mirrors the SRC-CREDS pattern (commits 838257245 + earlier) to give
Excititor VEX providers the same persisted-credentials + blocked-
readiness contract that advisory sources now have.
Persistence (EXCITITOR-CFG-01):
- New vex.provider_settings table via embedded migration
007_vex_provider_settings.sql (auto-applied by AddStartupMigrations).
Key: provider_id; columns: settings jsonb, updated_by, timestamps.
- PostgresVexProviderSettingsStore (Dapper) + ProviderSettingsRow EfCore
model + InMemoryVexProviderSettingsStore for tests.
- IVexProviderSettingsStore + VexProviderSettingsRecord added to
StellaOps.Excititor.Core/Storage.
- Existing vex.providers row (trust, discovery, base_uris, enabled)
untouched — additive only.
API surface:
- GET /excititor/providers/{id}/configuration → masked snapshot with
fields: key, label, inputType, sensitive, required, value, hasValue,
isSecretRetained, helpText, placeholder. Plaintext secrets never
returned.
- PUT /excititor/providers/{id}/configuration with { values, clearKeys }.
Sensitive fields submitted blank are retained; clearKeys explicitly
deletes.
- Field schemas shipped for excititor:cisco / msrc / suse-rancher.
Effective settings + readiness (EXCITITOR-CFG-02):
- VexProviderConfigurationService.ComputeConfigurationFailure drives
readiness. When persisted-enabled but missing required fields, the
provider status reports blockingReasonCode=PROVIDER_CONFIG_REQUIRED
(or PROVIDER_CONFIG_INVALID on validation failure), readiness=blocked.
Configuration failures take priority over retry-backoff reasons so the
actionable message surfaces first.
- VexIngestOrchestrator.ValidateConnectorAsync + ExecuteRunAsync resolve
effective settings from VexProviderRuntimeSettingsCache; same
settings flow into DefaultVexProviderRunner (worker scheduled runs).
Previously those paths validated against empty / schedule-only options.
CLI + Web (EXCITITOR-CFG-03):
- CLI: `stella vex providers configure <provider> [--set k=v] [--clear k]
[--format text|json]`. Aliases cisco/msrc/rancher → excititor:*.
- Web: VexProviderManagementApi.getConfiguration / updateConfiguration
+VexProviderConfigurationComponent (Angular standalone). Component
renders masked-secret + clear toggles + required indicators + help/
placeholder. Routing intentionally minimal (no new route added) to
avoid stepping on the parallel FE test agent.
Tests: targeted xUnit via scripts/test-targeted-xunit.ps1:
- VexProviderConfigurationServiceTests → Total: 8, Failed: 0
- ProviderManagementEndpointsTests regression → Total: 5, Failed: 0
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Stella Ops Suite Documentation
Stella Ops Suite is a centralized, auditable release control plane for non-Kubernetes container estates. It orchestrates environment promotions, gates releases using reachability-aware security and policy, and produces verifiable evidence for every decision.
Stella is designed for teams who deploy containers via Docker/Compose, hosts/VMs, and scripted automation and need certifiable security + auditable releases without building a bespoke governance pipeline.
Product framing reference: docs/product/release-with-confidence-product-card.md
What Stella delivers
Evidence-grade release governance (outside Kubernetes)
- Environment promotions (Dev -> Stage -> Prod) with explicit policy, approvals, and change control.
- Digest-first release identity: deployments are tracked by immutable OCI digests so "what is deployed where" is unambiguous.
- Deterministic decision records: every gate decision is explainable ("why blocked?") and replayable.
Reachability-aware security decisioning
- Deep scanning produces SBOM + findings + reachability and hybrid reachability evidence.
- VEX-first decisioning with consensus and conflict handling across issuers (SBOM/VEX are part of the evidence chain, not a side export).
- Policy-as-code with deterministic evaluation and traceable outcomes.
Verifiability, attestability, and audit export
- Evidence packets / decision capsules: hashable, immutable bundles that capture inputs, verdicts, and approvals.
- Attestations (DSSE/in-toto, predicates for SBOM/VEX/verdict/reachability; optional Sigstore flows where configured).
- Audit exports for compliance review, incident response, and forensic reconstruction.
Offline-first, sovereign operation
- Built for air-gapped and restricted environments: local databases, offline kits/snapshots, and deterministic replay.
- Regional crypto profiles (eIDAS/FIPS/GOST/SM and related plugin architecture) to avoid compliance lock-in.
Toolchain-agnostic integrations
- Integrates with common SCM/CI/registries/secrets managers through connectors and plugins.
- Works alongside existing pipelines: scan-on-build, gate-on-promotion, re-evaluate on advisory updates.
Core differentiators (the "why Stella" set)
These concepts appear throughout the docs and are the suite's anchor points:
- Signed, replayable risk verdicts: decisions can be re-run deterministically from the same evidence.
- Decision capsules: evidence is packaged for audit, not scattered across logs and screenshots.
- Reachability with portable proofs: exploitability is evidenced, not asserted.
- Smart-diff / semantic risk delta: focus on what materially changed between releases.
- Unknowns as first-class state: uncertainty is tracked and budgeted, not hidden.
- Non-Kubernetes-first: orchestration and evidence for Compose/hosts/agentless targets as a primary use case.
- Digest-first release identity: immutable artifacts, immutable accountability.
For exhaustive capability detail (including planned items), use the Feature Matrix referenced below.
Two levels of documentation
- High-level (canonical): curated guides in
docs/*.md. - Detailed (reference): deep dives under
docs/**(module dossiers, architecture notes, API contracts/samples, runbooks, schemas).
Entry point:docs/technical/README.md.
This documentation set is intentionally consolidated and does not maintain compatibility stubs for old paths.
Start here
Product understanding
| Goal | Open this |
|---|---|
| Understand the suite quickly | overview.md |
| Product operating card | product/release-with-confidence-product-card.md |
| Capability cards | key-features.md |
| Full capability matrix | FEATURE_MATRIX.md |
| Product vision | product/VISION.md |
Getting started
| Goal | Open this |
|---|---|
| First run and basic workflows | quickstart.md |
| Installation guide | INSTALL_GUIDE.md |
| Runtime data assets (ML models, JDK, certs) | ../devops/runtime-assets/README.md |
| Ingest advisories (Concelier + CLI) | CONCELIER_CLI_QUICKSTART.md |
| Console (Web UI) operator guide | UI_GUIDE.md |
| Offline / air-gap operations | OFFLINE_KIT.md |
Architecture
| Goal | Open this |
|---|---|
| Architecture: high-level overview | ARCHITECTURE_OVERVIEW.md |
| Architecture: canonical system overview | 07_HIGH_LEVEL_ARCHITECTURE.md |
| Architecture: platform overview dossier | modules/platform/architecture-overview.md |
| Architecture: full reference map | ARCHITECTURE_REFERENCE.md |
| Architecture: user flows (UML) | technical/architecture/user-flows.md |
| Architecture: module matrix | technical/architecture/module-matrix.md |
| Architecture: data flows | technical/architecture/data-flows.md |
| Architecture: schema mapping | technical/architecture/schema-mapping.md |
| Release Orchestration dossier | modules/release-jobengine/architecture.md |
| Telemetry federation architecture | modules/telemetry/federation-architecture.md |
| Telemetry federation runbook | runbooks/federated-telemetry-operations.md |
| Telemetry federation contracts | contracts/federated-consent-v1.md, contracts/federated-telemetry-v1.md |
Development and operations
| Goal | Open this |
|---|---|
| Develop plugins/connectors | PLUGIN_SDK_GUIDE.md |
| Console UI traversal map | qa/console-ui-traversal-map.md |
| Console UI QA strategy | qa/console-ui-qa-strategy.md |
| Security deployment hardening | SECURITY_HARDENING_GUIDE.md |
| VEX consensus and issuer trust | VEX_CONSENSUS_GUIDE.md |
| Vulnerability Explorer guide | modules/vuln-explorer/VULNERABILITY_EXPLORER_GUIDE.md |
| SBOM determinism guide | sboms/DETERMINISM.md |
| Engineering standards (for implementers) | code-of-conduct/CODE_OF_CONDUCT.md |
| Testing standards (for QA/automation) | code-of-conduct/TESTING_PRACTICES.md |
Detailed indexes
- Technical index (everything):
docs/technical/README.md - End-to-end workflow flows:
docs/flows/ - Module dossiers:
docs/modules/ - API contracts and samples:
docs/api/ - Architecture notes / ADRs:
docs/technical/architecture/,docs/technical/adr/ - Operations and deployment:
docs/operations/ - Air-gap workflows:
docs/modules/airgap/guides/ - Security deep dives:
docs/security/ - Benchmarks and fixtures:
docs/benchmarks/,docs/assets/ - Product advisories:
docs/product/advisories/ - Hybrid diff patching blueprint:
docs/hybrid-diff-patching.md
License and notices
- Project license (BUSL-1.1 + Additional Use Grant):
../LICENSE - Third-party notices:
../NOTICE.md - Legal and licensing index:
docs/legal/README.md - Full dependency inventory:
docs/legal/THIRD-PARTY-DEPENDENCIES.md - Compatibility guidance:
docs/legal/LICENSE-COMPATIBILITY.md - Cryptography compliance:
docs/legal/crypto-compliance-review.md
Design principles (non-negotiable)
- Offline-first: core operations must work in restricted/air-gapped environments.
- Deterministic replay: same inputs yield the same outputs (stable ordering, canonical hashing).
- Evidence-linked decisions: every decision links to concrete evidence artifacts.
- Digest-first identity: releases are immutable OCI digests, not mutable tags.
- Pluggable integrations: connectors and steps are extensible; the core evidence chain stays stable.