600f3a7a3c
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
- Added graph.inspect.v1 documentation outlining payload structure and determinism rules. - Created JSON schema for graph.inspect.v1 to enforce payload validation. - Defined mapping rules for graph relationships, advisories, and VEX statements. feat(notifications): establish remediation blueprint for gaps NR1-NR10 - Documented requirements, evidence, and tests for Notifier runtime. - Specified deliverables and next steps for addressing identified gaps. docs(notifications): organize operations and schemas documentation - Created README files for operations, schemas, and security notes to clarify deliverables and policies. feat(advisory): implement PostgreSQL caching for Link-Not-Merge linksets - Created database schema for advisory linkset cache. - Developed repository for managing advisory linkset cache operations. - Added tests to ensure correct functionality of the AdvisoryLinksetCacheRepository.
StellaOps Export Center
Export Center packages reproducible evidence bundles (JSON, Trivy DB, mirror) with provenance metadata and optional signing for offline or mirrored deployments.
Latest updates (2025-11-30)
- Sprint tracker
docs/implplan/SPRINT_0320_0001_0001_docs_modules_export_center.mdand moduleTASKS.mdadded to mirror status. - Observability runbook stub + dashboard placeholder added under
operations/(offline import). - Bundle/profile/offline manifest guidance reaffirmed (
devportal-offline*.md,mirror-bundles.md,provenance-and-signing.md).
Responsibilities
- Coordinate export jobs based on profiles and scope selectors.
- Assemble manifests, provenance documents, and cosign signatures.
- Stream bundles via HTTP/OCI and stage them for Offline Kit uses.
- Expose CLI/API surfaces for automation.
Key components
StellaOps.ExportCenter.WebServiceplanner.StellaOps.ExportCenter.Workerbundle builder.- Adapters in
StellaOps.ExportCenter.*for JSON/Trivy/mirror variants.
Profiles at a glance
- json:raw / json:policy — Evidence bundles with raw ingestion facts or policy overlays.
- trivy:db / trivy:java-db — Trivy-compatible vulnerability feeds with deterministic manifests.
- mirror:full / mirror:delta — OCI-style mirrors with provenance, TUF metadata, and optional encryption.
- devportal:offline — Developer portal static assets, specs, SDKs, and changelogs packaged with
manifest.json,checksums.txt, helper scripts, and a DSSE-signed manifest (manifest.dsse.json) for offline verification.
Integrations & dependencies
- Concelier/Excititor/Policy data stores for evidence.
- Signer/Attestor for provenance signing.
- CLI for operator-managed exports.
Operational notes
- Runbooks in ./operations/ for deployment and monitoring.
- Observability assets:
operations/observability.mdandoperations/dashboards/export-center-observability.json(offline import). - Mirror bundle instructions and validation notes.
- Telemetry dashboards for export latency and retry rates.
Related resources
- ./operations/runbook.md
- ./devportal-offline.md (bundle structure, verification workflow, DSSE signature details)
- ./provenance-and-signing.md (manifest/provenance schema, signing pipeline, verification)
Backlog references
- DOCS-EXPORT-35-001 … DOCS-EXPORT-37-002 in ../../TASKS.md.
- EXPORT-ATTEST-75-002 cross-team deliverable.
Epic alignment
- Epic 10 – Export Center: deliver canonical JSON, Trivy DB, and mirror bundle workflows with provenance, signatures, and offline parity.