stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9a08d10b89184ad2181fa33ec8244e34c22329f8
git.stella-ops.org/docs/technical/architecture/infrastructure-dependencies.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

2.0 KiB
Raw Blame History

Infrastructure dependencies (detailed)

StellaOps is designed to run with a small set of required infrastructure components. Everything else is optional and must not be a hidden dependency for core workflows.

PostgreSQL (required)

Primary store for durable state. Each service owns a schema to keep boundaries clear and enable tenant isolation strategies.

Schema Owner (primary) Purpose
authority Authority Users, clients, tenants, keys, audit trails.
scanner Scanner Scan manifests, triage, scan results metadata.
vuln Concelier Advisory raw documents, linksets, observations.
vex Excititor VEX raw documents, consensus, provider state.
scheduler Scheduler Jobs, runs, schedules, impact snapshots.
notify Notify Channels, templates, delivery history, digests.
policy Policy Exception objects, snapshots, unknowns.
orchestrator Orchestrator Sources, runs, jobs, DAGs, pack runs.

Valkey (required)

Redis-compatible cache + coordination substrate.

Pattern Typical services Purpose
DPoP nonces Authority RFC 9449 nonce storage (short TTL).
Streams / events Scanner, Notify, Scheduler Event emission and fan-out (deterministic ordering per stream).
Queues Scanner, Notify Worker coordination (consumer groups).
Cache All services Tenant-prefixed caching with explicit TTLs.
Rate limiting Gateway, Authority Token bucket counters.

RustFS / S3-compatible object storage (required)

Artifact store for SBOMs, evidence bundles, and replayable outputs. The exact bucket layout depends on the deployment profile; treat deployment manifests as authoritative.

NATS JetStream (optional)

Alternative messaging transport for environments that require persistent streams or specific operational characteristics. NATS must be explicitly configured and must not be required for core workflows.

Deployment references

  • Compose profiles: deploy/compose/README.md
  • Deployment bundles overview: deploy/README.md