stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
a81b524a8927439c9f7881a72c258b5a6a80d423
git.stella-ops.org/docs/modules/vex-hub
History
master 291c3d3ad4 feat(vex): Postgres persistence for Excititor + VexLens + VexHub hardening 
Excititor: new migration 003_vex_claim_store.sql and PostgresVexClaimStore
replace the in-memory claim tracking. ExcititorPersistenceExtensions wires
the store; ExcititorMigrationTests updated. Archives S001 demo seed.

VexLens: new migration 002_noise_gating_state.sql with
PostgresGatingStatisticsStore, PostgresSnapshotStore, and
PostgresNoiseGatingJson bring noise-gating state onto disk. New
VexLensRuntimeDatabaseOptions + AuthorityIssuerDirectoryAdapter +
VexHubStatementProvider provide the runtime wiring. WebService tests cover
the persistence, the issuer-directory adapter, and the statement provider.

VexHub: WebService Program, endpoints, middleware, models, and policies
tightened; VexExportCompatibilityTests exercise the Concelier↔VexHub export
contract.

Docs: excititor, vex-hub (architecture + integration guide), and vex-lens
architecture pages updated to match the new persistence and verification
paths.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 11:15:31 +03:00
..
architecture.md
feat(vex): Postgres persistence for Excititor + VexLens + VexHub hardening
2026-04-15 11:15:31 +03:00
integration-guide.md
feat(vex): Postgres persistence for Excititor + VexLens + VexHub hardening
2026-04-15 11:15:31 +03:00
README.md
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00

README.md

VexHub

Status: Implemented Source: src/VexHub/ Owner: VEX Guild

Purpose

VexHub aggregates, validates, and distributes VEX statements from multiple upstream sources. Provides the canonical VEX distribution layer with deterministic outputs, conflict detection, and offline-friendly operation for internal services and external tools (Trivy/Grype).

Components

Services:

  • StellaOps.VexHub.WebService - Minimal API host for distribution endpoints and admin controls
  • StellaOps.VexHub.Worker - Background workers for scheduled ingestion and validation (planned)

Libraries:

  • Normalization Pipeline - Canonicalizes statements to OpenVEX-compatible structures
  • Validation Pipeline - Schema validation (OpenVEX/CycloneDX/CSAF) and signature checks

Configuration

Configuration is typically embedded in module settings.

Key settings:

  • PostgreSQL connection (schema: vexhub)
  • Ingestion source connectors
  • Validation policies (schema, signature)
  • Export snapshot settings
  • Conflict detection rules

API Surface

  • GET /api/v1/vex/cve/{cve-id} - Query VEX statements by CVE
  • GET /api/v1/vex/package/{purl} - Query VEX statements by PURL
  • GET /api/v1/vex/source/{source-id} - Query statements from specific source
  • GET /api/v1/vex/export - Bulk OpenVEX feed (deterministic)
  • GET /api/v1/vex/index - VEX index metadata (vex-index.json)

All responses use deterministic ordering: timestamp DESC, then source_id ASC, then statement_hash ASC.

Dependencies

  • PostgreSQL (schema: vexhub with tables: statement, provenance, conflict, export_cursor)
  • Authority (authentication)
  • IssuerDirectory (issuer trust registry)
  • VexLens (consumes VexHub data for consensus)
  • Excititor (VEX ingestion source)

Related Documentation

  • Architecture: ./architecture.md
  • VexLens: ../vex-lens/
  • IssuerDirectory: ../issuer-directory/
  • Excititor: ../excititor/

Current Status

WebService implemented with distribution API. Normalization and validation pipelines in place. Supports conflict detection and deterministic exports. Worker component planned for scheduled ingestion.