15b4a1de6a
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys. - Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations. - Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
3.7 KiB
3.7 KiB
Interfaces, Contracts & Schemas
Specifications covering APIs, data contracts, event envelopes, and enforcement models.
External & Internal APIs
- ../09_API_CLI_REFERENCE.md – canonical REST and CLI surface (scan, policy, auth, health).
- ../api/policy.md – Policy Engine REST endpoints.
- Module APIs: see relevant module architecture docs (e.g., ../../modules/export-center/api.md).
Policy & Decisioning
- ../policy/overview.md – Policy Engine fundamentals.
- ../policy/dsl.md –
stella-dsl@1grammar. - ../policy/lifecycle.md – creation, promotion, approval flows.
- ../policy/runs.md – execution orchestrations.
- ../policy/exception-effects.md – waiver semantics.
- ../policy/gateway.md – gateway service contract.
- ../60_POLICY_TEMPLATES.md – YAML/Rego samples.
Data Schemas & Storage Contracts
- ../11_DATA_SCHEMAS.md – MongoDB/Redis/document shapes.
- JSON schemas under ../schemas/ – policy diff, explain trace, run request, run status, preview sample, report sample.
- ../../modules/scanner/architecture.md – SBOM cache and scan job contracts.
- ../../scanner-core-contracts.md – shared scanner DTOs.
Events & Messaging
- ../events/README.md – event catalogue (
scanner.scan.completed@1,scheduler.rescan.delta@1, etc.). - Payload schemas in ../events/*.json and samples in ../events/samples/.
- ../observability/policy.md and ../observability/ui-telemetry.md – telemetry event guidance.
Ingestion & Evidence Contracts
- ../ingestion/aggregation-only-contract.md – Aggregation-Only Contract reference.
- ../aoc/aoc-guardrails.md – guardrails checklist.
- ../advisories/aggregation.md – advisory observation schema.
- ../vex/aggregation.md – VEX observation schema.
- ../../modules/concelier/operations/connectors/ – connector-specific payload notes.
Identity, Quota & Licence Enforcement
- ../license-jwt-quota.md – offline quota token design.
- ../30_QUOTA_ENFORCEMENT_FLOW1.md – enforcement sequence diagram.
- ../33_333_QUOTA_OVERVIEW.md – free tier policy.
- ../30_QUOTA_ENFORCEMENT_FLOW1.md and ../33_333_QUOTA_OVERVIEW.md – pair with ../29_LEGAL_FAQ_QUOTA.md for legal framing.
- ../../modules/authority/architecture.md – OpTok issuance & validation contracts.
- ../../modules/registry/architecture.md – token service scope and audit requirements.
Transparency & Attestation
- ../../modules/attestor/architecture.md – DSSE/Rekor bundle contracts.
- ../../modules/signer/architecture.md – signing workflow contracts.
- ../../modules/export-center/provenance-and-signing.md – export bundle evidence artefacts.