stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
572 Commits 2 Branches 0 Tags
a927d924e318b8251159d3159ea33983fedba0be
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
master a927d924e3 refactor OFFER.md for clarity and structure; update product description and pricing model
2026-01-16 00:02:54 +02:00
.claude
feat: Add in-memory implementations for issuer audit, key, repository, and trust management
2025-12-11 19:47:43 +02:00
.config
Add comprehensive security tests for OWASP A03 (Injection) and A10 (SSRF)
2025-12-16 13:11:57 +02:00
.gitea
sln build fix (again), tests fixes, audit work and doctors work
2026-01-12 22:15:51 +02:00
.github
Add property-based tests for SBOM/VEX document ordering and Unicode normalization determinism
2025-12-26 15:17:58 +02:00
.venv
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
bench/golden-corpus/golden-sets
Complete batch 012 (golden set diff) and 013 (advisory chat), fix build errors
2026-01-11 10:09:07 +02:00
datasets/golden-pairs
audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration
2026-01-14 10:48:00 +02:00
devops
old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions
2026-01-15 18:38:18 +02:00
docs
refactor OFFER.md for clarity and structure; update product description and pricing model
2026-01-16 00:02:54 +02:00
docs-archived
new advisories work and features gaps work
2026-01-14 18:39:19 +02:00
etc
audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration
2026-01-14 10:48:00 +02:00
evidence-locker
Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org
2025-12-09 13:08:17 +02:00
offline/rules/secrets
warnings fixes, tests fixes, sprints completions
2026-01-08 08:38:27 +02:00
opt/cryptopro/downloads
Refactor code structure and optimize performance across multiple modules
2025-12-26 21:38:12 +02:00
policies
new advisories work and features gaps work
2026-01-14 18:39:19 +02:00
samples
audit, advisories and doctors/setup work
2026-01-13 18:53:39 +02:00
scripts
Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements.
2025-12-29 07:45:03 +02:00
src
old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions
2026-01-15 18:38:18 +02:00
third-party-licenses
Refactor code structure and optimize performance across multiple modules
2025-12-26 21:38:12 +02:00
tools/slntools
Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements.
2025-12-29 07:45:03 +02:00
.actrc
Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements.
2025-12-29 07:45:03 +02:00
.dockerignore
Refactor compare-view component to use observables for data loading, enhancing performance and responsiveness. Update compare service interfaces and methods for improved delta computation. Modify audit log component to handle optional event properties gracefully. Optimize Monaco editor worker loading to reduce bundle size. Introduce shared SCSS mixins for consistent styling across components. Add Gitea test instance setup and NuGet package publishing test scripts for CI/CD validation. Update documentation paths and ensure all references are accurate.
2025-12-26 21:39:36 +02:00
.editorconfig
feat: Add new provenance and crypto registry documentation
2025-11-18 23:47:13 +02:00
.gitattributes
up
2025-12-13 02:22:15 +02:00
.gitignore
Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements.
2025-12-29 07:45:03 +02:00
.spectral.yaml
feat: Add in-memory implementations for issuer audit, key, repository, and trust management
2025-12-11 19:47:43 +02:00
AGENTS.md
old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions
2026-01-15 18:38:18 +02:00
CLAUDE.md
old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions
2026-01-15 18:38:18 +02:00
coverage-exemptions.yaml
save progress
2026-01-06 09:42:20 +02:00
dead-paths-baseline.json
save progress
2026-01-06 09:42:20 +02:00
global.json
up the blokcing tasks
2025-12-11 02:32:18 +02:00
LICENSE
Initial commit (history squashed)
2025-10-11 23:28:35 +03:00
NOTICE.md
Refactor code structure and optimize performance across multiple modules
2025-12-26 21:38:12 +02:00
NuGet.config
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
package-lock.json
sln build fix (again), tests fixes, audit work and doctors work
2026-01-12 22:15:51 +02:00
package.json
sln build fix (again), tests fixes, audit work and doctors work
2026-01-12 22:15:51 +02:00
stryker-config.json
Add comprehensive security tests for OWASP A03 (Injection) and A10 (SSRF)
2025-12-16 13:11:57 +02:00
validation-results.csv
audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration
2026-01-14 10:48:00 +02:00

docs/README.md

Stella Ops Suite Documentation

Stella Ops Suite is a centralized, auditable release control plane for nonKubernetes container estates. It orchestrates environment promotions, gates releases using reachability-aware security and policy, and produces verifiable evidence for every decision.

The platform combines:

  • Release orchestration — UI-driven promotion (Dev -> Stage -> Prod), approvals, policy gates, rollbacks, and step-graph execution (sequential/parallel) with per-step logs
  • Security decisioning as a gate — scan on build, evaluate on release, re-evaluate on vulnerability intel updates
  • OCI-digest-first releases — immutable digest-based release identity with authoritative "what is deployed where" tracking
  • Toolchain-agnostic integrations — plug into any SCM, CI, registry, secrets system, and host access method via plugins
  • Auditability + standards — evidence packets, SBOM/VEX/attestation support, deterministic replay and explainable decisions

Verified vs Unverified Releases

Stella supports two operational modes:

  • Verified releases (recommended): promotions require Stella evidence for each new digest (SBOM + reachability + policy decision record + approvals where configured). Intended for certifiable security and audit-grade releases.
  • Unverified releases (CD-only): orchestration is allowed with evidence gates bypassed. Still tracked and logged, but not intended for security certification.

This documentation emphasizes the verified release path as the primary product value.

Licensing model (documentation-level summary)

Stella Ops Suite uses no feature gating across plans. Licensing limits apply only to:

  • Environments
  • New digests deep-scanned per month (evidence-grade analysis of previously unseen OCI digests)

Deployment targets are not licensed (unlimited targets; fair use may apply only under abusive automation patterns).

(See your offer/pricing document if present in the repo; commonly stored under docs/product/.)

Two Levels of Documentation

  • High-level (canonical): curated guides in docs/*.md.
  • Detailed (reference): deep dives under docs/** (module dossiers, architecture notes, API contracts/samples, runbooks, schemas). Entry point: docs/technical/README.md.

This documentation set is internal and does not keep compatibility stubs for old paths. Content is consolidated to reduce duplication and outdated pages.

Start Here

Product Understanding

Goal Open this
Understand the product in 2 minutes overview.md
Browse capabilities key-features.md
Feature matrix FEATURE_MATRIX.md
Product vision product/VISION.md
Roadmap (priorities + definition of "done") ROADMAP.md
Verified release model (concepts + evidence) VERIFIED_RELEASES.md

Getting Started

Goal Open this
First run (minimal install) quickstart.md
Run a first scan (CLI) quickstart.md
Run a first verified promotion (Dev -> Stage -> Prod) RELEASE_PROCESS.md
Ingest advisories (Concelier + CLI) CONCELIER_CLI_QUICKSTART.md
Console (Web UI) operator guide UI_GUIDE.md
Doctor / self-service diagnostics DOCTOR_GUIDE.md
Offline / air-gap operations OFFLINE_KIT.md

Architecture

Goal Open this
Architecture: high-level overview ARCHITECTURE_OVERVIEW.md
Architecture: full reference map ARCHITECTURE_REFERENCE.md
Architecture: user flows (UML) technical/architecture/user-flows.md
Architecture: module matrix technical/architecture/module-matrix.md
Architecture: data flows technical/architecture/data-flows.md
Architecture: schema mapping technical/architecture/schema-mapping.md
Release Orchestrator architecture modules/release-orchestrator/architecture.md
Evidence and attestations modules/evidence/README.md

Development & Operations

Goal Open this
Engineering rules (determinism, security, docs discipline) code-of-conduct/CODE_OF_CONDUCT.md
Testing standards and evidence expectations code-of-conduct/TESTING_PRACTICES.md
Develop plugins/connectors PLUGIN_SDK_GUIDE.md
Security deployment hardening SECURITY_HARDENING_GUIDE.md
VEX consensus and issuer trust VEX_CONSENSUS_GUIDE.md
Vulnerability Explorer guide VULNERABILITY_EXPLORER_GUIDE.md

Detailed Indexes

Design Principles

  • Offline-first: core operations work in air-gapped environments
  • Deterministic replay: same inputs yield same outputs (stable ordering, canonical hashing)
  • Evidence-linked decisions: every verified release decision links to concrete evidence artifacts
  • Digest-first release identity: releases are immutable OCI digests, not mutable tags
  • Pluggable everything: integrations are plugins; core orchestration is stable
  • No feature gating: all plans include all features; licensing limits are environments + new digests deep-scanned per month; deployment targets are not licensed
Description
No description provided
Readme AGPL-3.0 2.8 GiB
Languages
C# 91.7%
TypeScript 4.3%
Python 1%
Shell 0.8%
HTML 0.7%
Other 1.3%