99cb2bcb0f
Refactored 8 files across StellaOps.Provcache, StellaOps.Provcache.Postgres, and StellaOps.Provcache.Valkey: Core Provcache library: - EvidenceChunker: Added IGuidProvider for ChunkId generation in ChunkAsync/ChunkStreamAsync - LazyFetchOrchestrator: Added IGuidProvider for ChunkId generation when storing fetched chunks - MinimalProofExporter: Added IGuidProvider for ChunkId generation in ImportAsync - FeedEpochAdvancedEvent: Added optional eventId/timestamp parameters to static Create() - SignerRevokedEvent: Added optional eventId/timestamp parameters to static Create() Postgres implementation: - PostgresProvcacheRepository: Added TimeProvider and IGuidProvider for IncrementHitCountAsync, GetStatisticsAsync, LogRevocationAsync, and MapToEntity - PostgresEvidenceChunkRepository: Added TimeProvider and IGuidProvider for GetManifestAsync and MapToEntity Valkey implementation: - ValkeyProvcacheStore: Added TimeProvider for TTL calculations in GetAsync, SetAsync, SetManyAsync All constructors use optional parameters with defaults to system implementations for backward compatibility. Added StellaOps.Determinism.Abstractions project references where needed.
StellaOps Documentation
StellaOps is a deterministic, offline-first container security platform: every verdict links back to concrete evidence (SBOM slices, advisory/VEX observations, reachability proofs, policy explain traces) and can be replayed for audits.
Two Levels of Documentation
- High-level (canonical): the curated guides in
docs/*.md(usually numbered). - Detailed (reference): deep dives under
docs/**(module dossiers, architecture notes, API contracts/samples, runbooks, schemas). The entry point isdocs/technical/README.md.
This documentation set is internal and does not keep compatibility stubs for old paths. Content is consolidated to reduce duplication and outdated pages.
Start Here
| Goal | Open this |
|---|---|
| Understand the product in 2 minutes | overview.md |
| Run a first scan (CLI) | quickstart.md |
| Browse capabilities | key-features.md |
| Roadmap (priorities + definition of "done") | 05_ROADMAP.md |
| Architecture: high-level overview | 40_ARCHITECTURE_OVERVIEW.md |
| Architecture: full reference map | 07_HIGH_LEVEL_ARCHITECTURE.md |
| Architecture: user flows (UML) | technical/architecture/user-flows.md |
| Architecture: module matrix (46 modules) | technical/architecture/module-matrix.md |
| Architecture: data flows | technical/architecture/data-flows.md |
| Architecture: schema mapping | technical/architecture/schema-mapping.md |
| Offline / air-gap operations | 24_OFFLINE_KIT.md |
| Security deployment hardening | 17_SECURITY_HARDENING_GUIDE.md |
| Ingest advisories (Concelier + CLI) | 10_CONCELIER_CLI_QUICKSTART.md |
| Develop plugins/connectors | 10_PLUGIN_SDK_GUIDE.md |
| Console (Web UI) operator guide | 15_UI_GUIDE.md |
| VEX consensus and issuer trust | 16_VEX_CONSENSUS_GUIDE.md |
| Vulnerability Explorer guide | 20_VULNERABILITY_EXPLORER_GUIDE.md |
Detailed Indexes
- Technical index (everything):
docs/technical/README.md - End-to-end workflow flows:
docs/flows/(16 detailed flow documents) - Module dossiers:
docs/modules/ - API contracts and samples:
docs/api/ - Architecture notes / ADRs:
docs/architecture/,docs/adr/ - Operations and deployment:
docs/operations/,docs/deploy/,docs/deployment/ - Air-gap workflows:
docs/airgap/ - Security deep dives:
docs/security/ - Benchmarks and fixtures:
docs/benchmarks/,docs/assets/
Notes
- The product is offline-first: docs and examples should avoid network dependencies and prefer deterministic fixtures.
- Feature exposure is configuration-driven; module dossiers define authoritative schemas and contracts per component.