b851aa8300
P0 fixes (clean-start + route contracts): - VexHub: fix migration 002 table name + add repair migration 003 - Gateway: add /console/admin and /api/v1/unknowns routes - IDP: add platform.idp.admin scope to OAuth client + web config - Risk: fix URL construction from authority to gateway base - Unknowns: fix client path from /api/v1/scanner/unknowns to /api/v1/unknowns P1 fixes (trust + shell integrity): - Audit: fix module name normalization, add Authority audit source - Stage: add persistence across web store, API contracts, DB migration 059 - Posture: add per-source error tracking + degradation banner P2 fixes (adoption + workflow clarity): - Rename Triage to Findings in navigation + breadcrumbs - Command palette: show quick actions for plain text queries, fix scan routes - Scan: add local-mode limitation messaging + queue hints - Release: add post-seal promotion CTA with pre-filled release ID - Welcome: rewrite around operator adoption model (Get Started + What Stella Replaces) UX improvements: - Status rail: convert to icon-only with color state + tooltips - Event Stream Monitor: new page at /ops/operations/event-stream - Sidebar: collapse Operations by default - User menu: embed theme switcher (Day/Night/System), remove standalone toggle - Settings: add Profile section with email editing + PUT /api/v1/platform/preferences/email endpoint - Docs viewer: replace custom parser with ngx-markdown (marked) for proper table/code/blockquote rendering Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DevOps
Deployment infrastructure for StellaOps.
Stack
| Component | Technology |
|---|---|
| Database | PostgreSQL 18.1 |
| Cache/Queue | Valkey 9.0.1 |
| Storage | RustFS |
| Transparency | Rekor v2 |
Structure
devops/
├── compose/ # Docker Compose files
├── helm/ # Kubernetes Helm chart
├── docker/ # Dockerfiles
├── runtime-assets/ # Runtime data assets (ML models, JDK, Ghidra, certs)
├── database/ # PostgreSQL migrations
├── scripts/ # Operational scripts
├── offline/ # Air-gap support
├── telemetry/ # Alerts & dashboards
├── logging/ # Log config templates
├── release/ # Release tools
├── releases/ # Release manifests
├── secrets/ # Secret templates
└── tools/ # Validation scripts
Runtime Data Assets
Services require certain files at runtime that are not produced by dotnet publish
or npm run build: ML model weights, JDK/Ghidra for binary analysis, certificates,
and more. Before building Docker images or creating offline bundles, run:
./devops/runtime-assets/acquire.sh --all # download and verify
./devops/runtime-assets/acquire.sh --verify # check existing assets
./devops/runtime-assets/acquire.sh --package # create air-gap tarball
See devops/runtime-assets/README.md for the full inventory and provisioning guide.
Quick Start
# Local stack
docker compose -f devops/compose/docker-compose.stella-ops.yml up -d
# With telemetry
docker compose -f devops/compose/docker-compose.stella-ops.yml \
-f devops/compose/docker-compose.telemetry.yml up -d
# Kubernetes
helm install stellaops devops/helm/stellaops \
-f devops/helm/stellaops/values-prod.yaml \
-n stellaops --create-namespace
Compose Files
| File | Purpose |
|---|---|
stella-ops.yml |
Main stack |
telemetry.yml |
Observability |
testing.yml |
CI infrastructure |
compliance-china.yml |
SM2/SM3/SM4 |
compliance-russia.yml |
GOST |
compliance-eu.yml |
eIDAS |