13 KiB
13 KiB
Router Valkey Microservice Rollout Matrix (All WebServices)
Scope
- Source route table:
devops/compose/router-gateway-local.json - Source service aliases:
devops/compose/docker-compose.stella-ops.yml - Snapshot date (UTC): 2026-02-21
- ReverseProxy routes in snapshot: 116
- Distinct target service hosts: 42
Legend:
Wave:A,B,C,D,PILOTAcceptance Owner: rollout sign-off owner for that host's cutover waveMigration Disposition: current route-level migration intent
Service Migration Matrix
| Service Host | Compose Service | Current ReverseProxy Path Prefixes | Wave | Acceptance Owner | Migration Disposition | Rollback Switch |
|---|---|---|---|---|---|---|
| advisoryai.stella-ops.local | advisory-ai-web | /advisoryai, /api/v1/advisory, /api/v1/advisory-ai, /api/v1/advisory-ai/adapters, /v1/advisory-ai, /v1/advisory-ai/adapters | A | Developer + Test Automation (Wave A) | Migrate API prefixes to Microservice; keep root compatibility path until cutover acceptance. | Route type revert in router-gateway-local.json + ADVISORYAI_ROUTER_ENABLED=false (standardized in RMW-03). |
| airgap-controller.stella-ops.local | airgap-controller | /airgapController | A | Developer + Test Automation (Wave A) | Add API-form microservice endpoint mapping and migrate root compatibility path in same wave. | Route type revert + AIRGAP_CONTROLLER_ROUTER_ENABLED=false (RMW-03). |
| airgap-time.stella-ops.local | airgap-time | /airgapTime | A | Developer + Test Automation (Wave A) | Add API-form microservice endpoint mapping and migrate root compatibility path in same wave. | Route type revert + AIRGAP_TIME_ROUTER_ENABLED=false (RMW-03). |
| attestor.stella-ops.local | attestor | /api/v1/attestations, /api/v1/attestor, /api/v1/witnesses, /attestor | B | Developer + Test Automation (Wave B) | Migrate API prefixes first; keep root compatibility route until evidence-plane acceptance sign-off. | Route type revert + ATTESTOR_ROUTER_ENABLED=false (RMW-03). |
| authority.stella-ops.local | authority | /.well-known, /api/v1/authority, /api/v1/trust, /authority, /connect, /console, /jwks | B | Developer + Test Automation (Wave B) | Migrate Authority API and OIDC identity routes to Microservice; use in-service OIDC bridge endpoints (/connect/*, /well-known/openid-configuration) for protocol compatibility. |
Route type revert + AUTHORITY_ROUTER_ENABLED=false (RMW-03). |
| binaryindex.stella-ops.local | binaryindex-web | /api/v1/ops/binaryindex, /api/v1/resolve, /binaryindex | A | Developer + Test Automation (Wave A) | Migrate API prefixes to Microservice; keep root compatibility path during transition. | Route type revert + BINARYINDEX_ROUTER_ENABLED=false (RMW-03). |
| cartographer.stella-ops.local | cartographer | /cartographer | D | Developer + Test Automation (Wave D) | Introduce API alias if required, then migrate route to Microservice in Wave D. | Route type revert + CARTOGRAPHER_ROUTER_ENABLED=false (RMW-03). |
| concelier.stella-ops.local | concelier | /api/v1/concelier, /concelier | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility route. | Route type revert + CONCELIER_ROUTER_ENABLED=false (RMW-03). |
| doctor.stella-ops.local | doctor-web | /api/doctor, /doctor | D | Developer + Test Automation (Wave D) | Migrate API prefix first; keep root compatibility path until UI/runtime consumers are validated. | Route type revert + DOCTOR_ROUTER_ENABLED=false (RMW-03). |
| doctor-scheduler.stella-ops.local | doctor-scheduler | /api/v1/doctor/scheduler | D | Developer + Test Automation (Wave D) | Migrate API prefix directly to Microservice. | Route type revert + DOCTOR_SCHEDULER_ROUTER_ENABLED=false (RMW-03). |
| evidencelocker.stella-ops.local | evidence-locker-web | /api/v1/evidence, /api/v1/proofs, /api/v1/verdicts, /api/verdicts, /evidencelocker, /v1/evidence-packs | B | Developer + Test Automation (Wave B) | Migrate API/v1 and v1 endpoints first; keep root compatibility path until evidence workflows pass QA. | Route type revert + EVIDENCELOCKER_ROUTER_ENABLED=false (RMW-03). |
| excititor.stella-ops.local | excititor | /excititor | D | Developer + Test Automation (Wave D) | Add API-form microservice mapping if needed; migrate root compatibility route in Wave D. | Route type revert + EXCITITOR_ROUTER_ENABLED=false (RMW-03). |
| exportcenter.stella-ops.local | export | /api/v1/export, /exportcenter, /v1/audit-bundles | B | Developer + Test Automation (Wave B) | Migrate API/v1 and v1 routes first; keep root compatibility path until trust/evidence export checks pass. | Route type revert + EXPORTCENTER_ROUTER_ENABLED=false (RMW-03). |
| findings.stella-ops.local | findings-ledger-web | /api/v1/findings, /findingsLedger | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + FINDINGS_ROUTER_ENABLED=false (RMW-03). |
| gateway.stella-ops.local | gateway | /gateway | D | Developer + Test Automation (Wave D) | Defer root compatibility path until downstream service migration waves are complete. | Route type revert + GATEWAY_ROUTER_ENABLED=false (RMW-03). |
| integrations.stella-ops.local | integrations-web | /api/v1/integrations, /integrations | A | Developer + Test Automation (Wave A) | Migrate API prefix first, then root compatibility path. | Route type revert + INTEGRATIONS_ROUTER_ENABLED=false (RMW-03). |
| issuerdirectory.stella-ops.local | issuer-directory | /issuerdirectory | B | Developer + Test Automation (Wave B) | Migrate route in trust-plane wave with issuer/auth verification checks. | Route type revert + ISSUERDIRECTORY_ROUTER_ENABLED=false (RMW-03). |
| notifier.stella-ops.local | notifier-web | /api/v1/notifier, /notifier | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + NOTIFIER_ROUTER_ENABLED=false (RMW-03). |
| notify.stella-ops.local | notify-web | /api/v1/notify, /notify | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + NOTIFY_ROUTER_ENABLED=false (RMW-03). |
| opsmemory.stella-ops.local | opsmemory-web | /api/v1/opsmemory, /opsmemory | A | Developer + Test Automation (Wave A) | Migrate API prefix first, then root compatibility path. | Route type revert + OPSMEMORY_ROUTER_ENABLED=false (RMW-03). |
| jobengine.stella-ops.local | orchestrator | /api/approvals, /api/jobengine, /api/release-orchestrator, /api/releases, /api/v1/jobengine, /api/v1/release-orchestrator, /api/v1/workflows, /orchestrator, /v1/runs | C | Developer + Test Automation (Wave C) | Migrate all API/v1 and v1 routes first; keep root compatibility path until control-plane acceptance. | Route type revert + ORCHESTRATOR_ROUTER_ENABLED=false (RMW-03). |
| packsregistry.stella-ops.local | packsregistry-web | /packsregistry | A | Developer + Test Automation (Wave A) | Add API-form endpoint mapping if required, then migrate root compatibility route. | Route type revert + PACKSREGISTRY_ROUTER_ENABLED=false (RMW-03). |
| platform.stella-ops.local | platform | /api, /api/admin, /api/analytics, /api/v1/authority/quotas, /api/v1/gateway/rate-limits, /api/v1/platform, /envsettings.json, /platform | C | Developer + Test Automation (Wave C) | Migrate API prefixes to Microservice; keep /platform and /envsettings.json reverse proxy for static/bootstrap behavior. |
Route type revert + PLATFORM_ROUTER_ENABLED=false (RMW-03). |
| policy-engine.stella-ops.local | policy-engine | /api/risk, /api/risk-budget, /api/v1/determinization, /policyEngine | C | Developer + Test Automation (Wave C) | Migrate API prefixes first; keep root compatibility path until control-plane verification completes. | Route type revert + POLICY_ENGINE_ROUTER_ENABLED=false (RMW-03). |
| policy-gateway.stella-ops.local | policy | /api/cvss, /api/exceptions, /api/gate, /api/policy, /api/v1/governance, /api/v1/policy, /policy, /policyGateway | C | Developer + Test Automation (Wave C) | Migrate API prefixes first; keep /policy and /policyGateway compatibility paths until final cutover. |
Route type revert + POLICY_GATEWAY_ROUTER_ENABLED=false (RMW-03). |
| reachgraph.stella-ops.local | reachgraph-web | /api/v1/reachability, /reachgraph | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + REACHGRAPH_ROUTER_ENABLED=false (RMW-03). |
| registry-token.stella-ops.local | registry-token | /registryTokenservice | A | Developer + Test Automation (Wave A) | Migrate compatibility route with token flow validation in Wave A. | Route type revert + REGISTRY_TOKEN_ROUTER_ENABLED=false (RMW-03). |
| replay.stella-ops.local | replay-web | /replay | A | Developer + Test Automation (Wave A) | Migrate compatibility route in Wave A; add API-form alias if needed. | Route type revert + REPLAY_ROUTER_ENABLED=false (RMW-03). |
| riskengine.stella-ops.local | riskengine-web | /riskengine | C | Developer + Test Automation (Wave C) | Migrate compatibility route in control-plane wave; add API alias if required. | Route type revert + RISKENGINE_ROUTER_ENABLED=false (RMW-03). |
| sbomservice.stella-ops.local | sbomservice | /api/change-traces, /api/compare, /api/sbomservice, /api/v1/lineage, /api/v1/sbom, /api/v1/sources, /sbomservice | D | Developer + Test Automation (Wave D) | Migrate API prefixes first; keep root compatibility path until graph/feed wave acceptance. | Route type revert + SBOMSERVICE_ROUTER_ENABLED=false (RMW-03). |
| scanner.stella-ops.local | scanner-web | /api/fix-verification, /api/v1/scanner, /api/v1/secrets, /api/v1/triage, /api/v1/vulnerabilities, /api/v1/watchlist, /scanner | D | Developer + Test Automation (Wave D) | Migrate API prefixes first; keep root compatibility path until scanner behavioral checks pass. | Route type revert + SCANNER_ROUTER_ENABLED=false (RMW-03). |
| scheduler.stella-ops.local | scheduler-web | /api/scheduler, /scheduler | C | Developer + Test Automation (Wave C) | Migrate API prefix first, then root compatibility path. | Route type revert + SCHEDULER_ROUTER_ENABLED=false (RMW-03). |
| signals.stella-ops.local | signals | /api/v1/signals, /signals | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + SIGNALS_ROUTER_ENABLED=false (RMW-03). |
| signer.stella-ops.local | signer | /signer | B | Developer + Test Automation (Wave B) | Migrate compatibility route in trust/evidence wave with signing validation. | Route type revert + SIGNER_ROUTER_ENABLED=false (RMW-03). |
| smremote.stella-ops.local | smremote | /smremote | A | Developer + Test Automation (Wave A) | Migrate compatibility route in Wave A; add API alias if required. | Route type revert + SMREMOTE_ROUTER_ENABLED=false (RMW-03). |
| symbols.stella-ops.local | symbols | /symbols | A | Developer + Test Automation (Wave A) | Migrate compatibility route in Wave A; add API alias if required. | Route type revert + SYMBOLS_ROUTER_ENABLED=false (RMW-03). |
| taskrunner.stella-ops.local | taskrunner-web | /taskrunner | C | Developer + Test Automation (Wave C) | Migrate compatibility route in control-plane wave; add API alias if required. | Route type revert + TASKRUNNER_ROUTER_ENABLED=false (RMW-03). |
| timelineindexer.stella-ops.local | timeline-indexer-web | /timelineindexer | PILOT | Developer (pilot accepted) | Timeline API is already microservice (/api/v1/timeline); keep root compatibility route reverse proxy until later cleanup. |
Route type revert + TIMELINE_ROUTER_ENABLED=false (already supported). |
| unknowns.stella-ops.local | unknowns-web | /unknowns | A | Developer + Test Automation (Wave A) | Migrate compatibility route in Wave A; add API alias if required. | Route type revert + UNKNOWNS_ROUTER_ENABLED=false (RMW-03). |
| vexhub.stella-ops.local | vexhub-web | /api/v1/vex, /api/vex, /vexhub | D | Developer + Test Automation (Wave D) | Migrate API prefixes first, then root compatibility path. | Route type revert + VEXHUB_ROUTER_ENABLED=false (RMW-03). |
| vexlens.stella-ops.local | vexlens-web | /api/v1/vexlens, /vexlens | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + VEXLENS_ROUTER_ENABLED=false (RMW-03). |
| vulnexplorer.stella-ops.local | api | /api/vuln-explorer, /vulnexplorer | D | Developer + Test Automation (Wave D) | Migrate API prefix first; keep root compatibility path until vuln explorer routing is validated. | Route type revert + VULNEXPLORER_ROUTER_ENABLED=false (RMW-03). |
Wave Acceptance Mapping
| Wave | Acceptance Owner |
|---|---|
| A | Developer + Test Automation (Wave A) |
| B | Developer + Test Automation (Wave B) |
| C | Developer + Test Automation (Wave C) |
| D | Developer + Test Automation (Wave D) |
| PILOT | Developer (pilot accepted) |
Notes
- This matrix is the authoritative inventory artifact for sprint task
RMW-01. - Route-level rollback is always available by reverting route
Typeback toReverseProxyindevops/compose/router-gateway-local.json. - Service env rollback keys are currently planning placeholders and are standardized in
RMW-03.