b444284be5
Archive completed sprint documentation and deliverables: ## SPRINT_3500 - Proof of Exposure (PoE) Implementation (COMPLETE ✅) - Windows filesystem hash sanitization (colon → underscore) - Namespace conflict resolution (Subgraph → PoESubgraph) - Mock test improvements with It.IsAny<>() - Direct orchestrator unit tests - 8/8 PoE tests passing (100% success) - Archived to: docs/implplan/archived/2025-12-23-sprint-3500-poe/ ## SPRINT_7100.0001 - Proof-Driven Moats Core (COMPLETE ✅) - Four-tier backport detection system - 9 production modules (4,044 LOC) - Binary fingerprinting (TLSH + instruction hashing) - VEX integration with proof-carrying verdicts - 42+ unit tests passing (100% success) - Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/ ## SPRINT_7100.0002 - Proof Moats Storage Layer (COMPLETE ✅) - PostgreSQL repository implementations - Database migrations (4 evidence tables + audit) - Test data seed scripts (12 evidence records, 3 CVEs) - Integration tests with Testcontainers - <100ms proof generation performance - Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/ ## SPRINT_3000_0200 - Authority Admin & Branding (COMPLETE ✅) - Console admin RBAC UI components - Branding editor with tenant isolation - Authority backend endpoints - Archived to: docs/implplan/archived/ ## Additional Documentation - CLI command reference and compliance guides - Module architecture docs (26 modules documented) - Data schemas and contracts - Operations runbooks - Security risk models - Product roadmap All archived sprints achieved 100% completion of planned deliverables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
35 lines
1.4 KiB
Markdown
35 lines
1.4 KiB
Markdown
# Persistence and database
|
|
|
|
StellaOps uses PostgreSQL as the canonical system of record. This document
|
|
summarizes the persistence rules, schema layout, and migration approach.
|
|
|
|
Principles
|
|
- Determinism first: stable ordering, UTC timestamps, canonical JSON for hashes.
|
|
- Tenant isolation: every row carries tenant_id and row level security is used.
|
|
- Gradual migration: Mongo to Postgres via a strangler approach with rollback.
|
|
- JSONB for flexibility: semi structured payloads stay JSONB; core entities are normalized.
|
|
|
|
Schema families (authoritative DDLs)
|
|
- authority, vuln, vex, scheduler, notify, policy
|
|
- packs are included with policy
|
|
- issuer and audit are staged or proposed
|
|
|
|
Operational inputs
|
|
- Config template: docs/db/persistence-config-template.yaml
|
|
- Cluster provisioning: docs/db/cluster-provisioning.md
|
|
- Local dev: docs/db/local-postgres.md
|
|
|
|
Change control and verification
|
|
- Follow rules in docs/db/RULES.md for naming, constraints, and RLS.
|
|
- Use docs/db/SPECIFICATION.md as the schema source of truth.
|
|
- Verify changes using docs/db/VERIFICATION.md before release.
|
|
|
|
Migration notes
|
|
- Conversion planning: docs/db/CONVERSION_PLAN.md
|
|
- Module phased tasks: docs/db/tasks/PHASE_*.md
|
|
- Reports and verification evidence live under docs/db/reports/
|
|
|
|
Related references
|
|
- ADR: docs/adr/0001-postgresql-for-control-plane.md
|
|
- Module architecture: docs/modules/*/architecture.md
|