stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
82a49f6743202b4828f46f369474f26ec0a0edf9
git.stella-ops.org/docs/modules/concelier/README.md
StellaOps Bot 82a49f6743 docs consolidation work
2025-12-25 18:50:33 +02:00

4.5 KiB
Raw Blame History

StellaOps Concelier

Concelier ingests signed advisories from 32 advisory connectors and converts them into immutable observations plus linksets under the Aggregation-Only Contract (AOC).

Advisory Sources (32 connectors):

  • National CERTs (8): ACSC (Australia), CCCS (Canada), CERT-Bund (Germany), CERT-CC (US), CERT-FR (France), CERT-IN (India), JVN (Japan), KISA (Korea)
  • OS Distros (5): Alpine SecDB, Debian Security Tracker, RedHat OVAL, SUSE OVAL, Ubuntu USN
  • Vendors (7): Apple, Adobe, Chromium, Cisco PSIRT, Microsoft MSRC, Oracle, VMware
  • Standards (5): CVE, NVD, GHSA (GitHub), OSV, EPSS v4
  • Threat Intel (3): KEV (CISA Exploited Vulns), CISA ICS, Kaspersky ICS
  • Regional (3): Russia BDU, Russia NKCKI, Plus regional mirrors
  • Internal (1): StellaOps internal mirror

Responsibilities

  • Fetch and normalise vulnerability advisories via restart-time connectors.
  • Persist observations and correlation linksets without precedence decisions.
  • Emit deterministic exports (JSON, Trivy DB) for downstream policy evaluation.
  • Coordinate offline/air-gap updates via Offline Kit bundles.
  • Serve paragraph-anchored advisory chunks for Advisory AI consumers without breaking the Aggregation-Only Contract.

Key components

  • StellaOps.Concelier.WebService orchestration host.
  • Connector libraries under StellaOps.Concelier.Connector.*.
  • Exporter packages (StellaOps.Concelier.Exporter.*).

Recent updates

Integrations & dependencies

  • PostgreSQL (schema vuln) for canonical observations and schedules.
  • Policy Engine / Export Center / CLI for evidence consumption.
  • Notify and UI for advisory deltas.

Operational notes

  • Connector runbooks in ./operations/connectors/.
  • Mirror operations for Offline Kit parity.
  • Grafana dashboards for connector health.
  • Authority toggle rollout (2025-10-22 update). Follow the phased table and audit checklist in ../../10_CONCELIER_CLI_QUICKSTART.md when enabling authority.enabled/authority.allowAnonymousFallback, and cross-check the refreshed ./operations/authority-audit-runbook.md before enforcement.

Related resources

  • ./operations/conflict-resolution.md
  • ./operations/mirror.md
  • ./operations/authority-audit-runbook.md
  • ../../10_CONCELIER_CLI_QUICKSTART.md (authority integration timeline & smoke tests)

Backlog references

  • DOCS-LNM-22-001, DOCS-LNM-22-007 in ../../TASKS.md.
  • Connector-specific TODOs in src/Concelier/**/TASKS.md.

Epic alignment

  • Epic 1 AOC enforcement: uphold raw observation invariants, provenance requirements, linkset-only enrichment, and AOC verifier guardrails across every connector.
  • Epic 10 Export Center: expose deterministic advisory exports and metadata required by JSON/Trivy/mirror bundles.

Implementation Status

Delivery Phases:

  • Phase 1 (Guardrails & schema) PostgreSQL validators, AOCWriteGuard interceptor, deterministic linkset builders operational
  • Phase 2 (API & observability) Ingestion/verification endpoints with Authority scopes, telemetry, Offline Kit packaging
  • Phase 3 (Experience polish) CLI/Console affordances, Export Center hand-off metadata, CI enforcement

Acceptance Criteria:

  • PostgreSQL validators and runtime guards reject forbidden fields and missing provenance with ERR_AOC_00x codes
  • Linksets and supersedes chains deterministic; identical payloads yield byte-identical documents
  • CLI stella aoc verify exits non-zero on violations, zero on clean datasets
  • Export Center consumes advisory datasets without legacy normalized fields
  • CI fails on lint violations or guard test regressions

Key Risks & Mitigations:

  • Collector drift: guard middleware + CI lint + schema validation; RFC required for linkset changes
  • Migration complexity: staged cutover with backup copies, temporary views for Policy Engine parity
  • Performance overhead: guard remains O(number of keys), index review for insert latency targets
  • Tenancy leakage: tenant required in schema, Authority claims enforced, observability alerts

Recent Milestones:

  • Sprint 110 attestation chain validated, evidence bundle tests green
  • Link-Not-Merge cache and console consumption docs frozen
  • Observation events transport reviewed, NATS/air-gap guidance updated