stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b190563d807a05af7ce0469c7b9f7e5685d288f7
git.stella-ops.org/docs/modules/concelier/README.md
master dd217b4546
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement approvals workflow and notifications integration 
- Added approvals orchestration with persistence and workflow scaffolding.
- Integrated notifications insights and staged resume hooks.
- Introduced approval coordinator and policy notification bridge with unit tests.
- Added approval decision API with resume requeue and persisted plan snapshots.
- Documented the Excitor consensus API beta and provided JSON sample payload.
- Created analyzers to flag usage of deprecated merge service APIs.
- Implemented logging for artifact uploads and approval decision service.
- Added tests for PackRunApprovalDecisionService and related components.
2025-11-06 08:48:13 +02:00

2.0 KiB
Raw Blame History

StellaOps Concelier

Concelier ingests signed advisories from dozens of sources and converts them into immutable observations plus linksets under the Aggregation-Only Contract (AOC).

Responsibilities

  • Fetch and normalise vulnerability advisories via restart-time connectors.
  • Persist observations and correlation linksets without precedence decisions.
  • Emit deterministic exports (JSON, Trivy DB) for downstream policy evaluation.
  • Coordinate offline/air-gap updates via Offline Kit bundles.

Key components

  • StellaOps.Concelier.WebService orchestration host.
  • Connector libraries under StellaOps.Concelier.Connector.*.
  • Exporter packages (StellaOps.Concelier.Exporter.*).

Integrations & dependencies

  • MongoDB for canonical observations and schedules.
  • Policy Engine / Export Center / CLI for evidence consumption.
  • Notify and UI for advisory deltas.

Operational notes

  • Connector runbooks in ./operations/connectors/.
  • Mirror operations for Offline Kit parity.
  • Grafana dashboards for connector health.
  • Authority toggle rollout (2025-10-22 update). Follow the phased table and audit checklist in ../../10_CONCELIER_CLI_QUICKSTART.md when enabling authority.enabled/authority.allowAnonymousFallback, and cross-check the refreshed ./operations/authority-audit-runbook.md before enforcement.

Related resources

  • ./operations/conflict-resolution.md
  • ./operations/mirror.md
  • ./operations/authority-audit-runbook.md
  • ../../10_CONCELIER_CLI_QUICKSTART.md (authority integration timeline & smoke tests)

Backlog references

  • DOCS-LNM-22-001, DOCS-LNM-22-007 in ../../TASKS.md.
  • Connector-specific TODOs in src/Concelier/**/TASKS.md.

Epic alignment

  • Epic 1 AOC enforcement: uphold raw observation invariants, provenance requirements, linkset-only enrichment, and AOC verifier guardrails across every connector.
  • Epic 10 Export Center: expose deterministic advisory exports and metadata required by JSON/Trivy/mirror bundles.