f6c22854a4
Some checks failed
AOC Guard CI / aoc-verify (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
mock-dev-release / package-mock-release (push) Has been cancelled
- Introduced OpenAPI specification for the StellaOps Policy Registry API, covering endpoints for verification policies, policy packs, snapshots, violations, overrides, sealed mode operations, and advisory staleness tracking. - Defined schemas, parameters, and responses for comprehensive API documentation. chore(scanner): Add global usings for scanner analyzers - Created GlobalUsings.cs to simplify namespace usage across analyzer libraries. feat(scanner): Implement Surface Service Collection Extensions - Added SurfaceServiceCollectionExtensions for dependency injection registration of surface analysis services. - Included methods for adding surface analysis, surface collectors, and entry point collectors to the service collection.
StellaOps Contracts
This directory contains formal contract specifications for cross-module interfaces. These contracts define the data models, APIs, and integration points used throughout StellaOps.
Purpose
Contracts serve as the authoritative source for:
- Data model definitions (request/response shapes)
- API endpoint specifications
- Integration requirements between modules
- Dependency documentation for sprint planning
Contract Index
| Contract | ID | Unblocks | Status |
|---|---|---|---|
| Advisory Key | CONTRACT-ADVISORY-KEY-001 | 6+ tasks | Published |
| Risk Scoring | CONTRACT-RISK-SCORING-002 | 5+ tasks | Published |
| Mirror Bundle | CONTRACT-MIRROR-BUNDLE-003 | 8+ tasks | Published |
| Sealed Mode | CONTRACT-SEALED-MODE-004 | 4+ tasks | Published |
| VEX Lens | CONTRACT-VEX-LENS-005 | 2+ tasks | Published |
| Verification Policy | CONTRACT-VERIFICATION-POLICY-006 | 4+ tasks | Published |
| Policy Studio | CONTRACT-POLICY-STUDIO-007 | 3+ tasks | Published |
| Authority Effective Write | CONTRACT-AUTHORITY-EFFECTIVE-WRITE-008 | 2+ tasks | Published |
| Export Bundle | CONTRACT-EXPORT-BUNDLE-009 | 1+ tasks | Published |
| Crypto Provider Registry | CONTRACT-CRYPTO-PROVIDER-REGISTRY-010 | 1+ tasks | Published |
| Findings Ledger RLS | CONTRACT-FINDINGS-LEDGER-RLS-011 | 2 tasks | Published |
| API Governance Baseline | CONTRACT-API-GOVERNANCE-BASELINE-012 | 10+ tasks | Published |
| Scanner PHP Analyzer | CONTRACT-SCANNER-PHP-ANALYZER-013 | 1 task | Published |
| Scanner Surface | CONTRACT-SCANNER-SURFACE-014 | 1 task | Published |
| RichGraph v1 | CONTRACT-RICHGRAPH-V1-015 | 40+ tasks | Published |
Contract Categories
Core Data Models
- Advisory Key - Vulnerability ID canonicalization
- VEX Lens - VEX observation correlation
- Risk Scoring - Finding prioritization
Air-Gap / Offline
- Mirror Bundle - Bundle format for offline transport
- Sealed Mode - Sealed environment operation
Security / Attestation
- Verification Policy - Attestation verification rules
- Crypto Provider Registry - Pluggable crypto
Policy Management
- Policy Studio - Policy editing and compilation
- Authority Effective Write - Policy attachment
Export
- Export Bundle - Scheduled export jobs
Tenancy / Database
- Findings Ledger RLS - Row-Level Security and partitioning
SDK & API Governance
- API Governance Baseline - OpenAPI freeze and SDK generation
Scanner
- Scanner PHP Analyzer - PHP language analyzer bootstrap
- Scanner Surface - Surface analysis framework
Reachability / Evidence
- RichGraph v1 - Function-level reachability graph schema
Related Resources
API Documentation
Module Architecture
JSON Schemas
Contract Lifecycle
- Draft - Contract under development
- Published - Contract is stable and ready for implementation
- Deprecated - Contract is being phased out
- Retired - Contract is no longer valid
Contributing
When updating contracts:
- Increment version number
- Update
Last Updateddate - Document breaking changes
- Update
Unblockssection if tasks change - Add cross-references to related contracts
Sprint Integration
Contracts unblock BLOCKED tasks in sprint files. When a contract is published:
- Update the sprint file task status from
BLOCKEDtoTODO - Add note:
Unblocked by CONTRACT-xxx (docs/contracts/xxx.md) - Remove the blocked reason