stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
bc4318ef971247e18c9c05f8b7838880f6584dc3
git.stella-ops.org/docs2/README.md
master bc4318ef97 Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 18:56:12 +02:00

10 KiB
Raw Blame History

StellaOps docs2

This directory is a cleaned, deduplicated documentation set rebuilt from the existing docs tree (excluding docs/implplan and docs/product-advisories). It keeps stable, product-level facts and removes old status notes, duplicated architecture snapshots, and dated implementation checklists.

Assumptions baked into docs2

  • Runtime: .NET 10 (net10.0) for services and libraries
  • UI: Angular 17 for the console
  • Data: PostgreSQL as the only canonical database
  • Cache and queues: Valkey (Redis compatible)
  • Object storage: RustFS (S3 compatible)
  • Determinism and offline-first operation are non-negotiable

How to navigate

  • product/overview.md - Vision, capabilities, and requirements
  • product/roadmap-and-requirements.md - Requirements and roadmap summary
  • product/market-positioning.md - Moats and competitive positioning
  • product/claims-and-benchmarks.md - Claims and benchmark linkage
  • architecture/overview.md - System map and dependencies
  • architecture/workflows.md - Key data and control flows
  • architecture/evidence-and-trust.md - Evidence chain, DSSE, replay, AOC
  • architecture/reachability-vex.md - Reachability, VEX consensus, unknowns
  • architecture/component-map.md - Module interaction map
  • architecture/reachability-lattice.md - Reachability lattice model
  • architecture/reachability-evidence.md - Reachability evidence schemas
  • architecture/advisory-alignment.md - Advisory architecture alignment summary
  • ingestion/aggregation-and-linksets.md - AOC rules and linkset model
  • ingestion/aoc-guardrails.md - Guard library and ingestion guardrails
  • ingestion/backfill.md - AOC linkset backfill process
  • modules/index.md - Module summaries (core and supporting)
  • advisory-ai/overview.md - Advisory AI guardrails and evidence
  • orchestrator/overview.md - Orchestrator execution model
  • orchestrator/run-ledger.md - Orchestrator run ledger schema
  • orchestrator/architecture.md - Orchestrator component architecture
  • orchestrator/api.md - Orchestrator API surface
  • orchestrator/cli.md - Orchestrator CLI commands
  • orchestrator/console.md - Orchestrator console views
  • orchestrator/runbook.md - Orchestrator operations runbook
  • operations/quickstart.md - First scan workflow
  • operations/install-deploy.md - Install and deployment guidance
  • operations/deployment-versioning.md - Versioning and promotion model
  • operations/binary-prereqs.md - Offline binary and package prerequisites
  • operations/airgap.md - Offline kit and air-gap operations
  • operations/airgap-bundles.md - Bundle formats and verification
  • operations/airgap-runbooks.md - Air-gap import and quarantine runbooks
  • operations/replay-and-determinism.md - Replay artifacts and deterministic rules
  • operations/runtime-readiness.md - Runtime readiness checks
  • operations/slo.md - Service SLO overview
  • operations/runbooks.md - Operational runbooks and incident response
  • operations/key-rotation.md - Signing key rotation runbook
  • operations/proof-verification.md - Proof verification runbook
  • operations/score-proofs.md - Score proofs and replay operations
  • operations/reachability.md - Reachability operations
  • operations/trust-lattice.md - Trust lattice operations
  • operations/unknowns-queue.md - Unknowns queue operations
  • operations/notifications.md - Notifications Studio operations
  • notifications/overview.md - Notifications overview
  • notifications/rules.md - Notification rules and routing
  • notifications/channels.md - Notification channels
  • notifications/templates.md - Notification templates
  • notifications/digests.md - Notification digests
  • notifications/pack-approvals.md - Pack approval notifications
  • notifications/runbook.md - Notifications operations runbook
  • operations/router-rate-limiting.md - Gateway rate limiting
  • release/release-engineering.md - Release and CI/CD overview
  • release/promotion-attestations.md - Promotion-time attestation predicate
  • release/release-notes.md - Release notes index and templates
  • api/overview.md - API surface and conventions
  • api/auth-and-tokens.md - Authority, OpTok, DPoP and mTLS, PoE
  • policy/policy-system.md - Policy DSL, lifecycle, and governance
  • cli-ui.md - CLI and console guide
  • cli/overview.md - CLI command groups and config
  • cli/commands.md - CLI groups and global options
  • cli/crypto.md - Crypto commands and regional compliance
  • cli/crypto-plugins.md - Crypto provider plugin model
  • cli/distribution-matrix.md - CLI regional distribution matrix
  • cli/reachability.md - Reachability, drift, and smart-diff CLI
  • cli/triage.md - Triage CLI workflows
  • cli/unknowns.md - Unknowns CLI workflows
  • cli/score-proofs.md - Scoring replay and proofs
  • cli/sbomer.md - SBOMer offline commands
  • cli/audit-pack.md - Audit pack export and replay
  • cli/keyboard-shortcuts.md - CLI interactive shortcuts
  • cli/troubleshooting.md - Common CLI issues
  • ui/console.md - Console overview and shared surfaces
  • ui/navigation.md - Console routing, shortcuts, deep links
  • ui/aoc-dashboard.md - AOC ingestion dashboard
  • ui/findings.md - Findings workspace guide
  • ui/advisories-vex.md - Advisories and VEX explorer
  • ui/downloads.md - Downloads workspace and manifest handling
  • ui/runs.md - Runs workspace and evidence bundles
  • ui/policies.md - Policies workspace and approvals
  • ui/admin.md - Admin workspace for tenants, roles, tokens
  • ui/exception-center.md - Exception and waiver workflows
  • ui/reachability-overlays.md - Reachability overlay semantics
  • ui/sbom-explorer.md - SBOM Explorer guide
  • ui/sbom-graph-explorer.md - SBOM graph explorer
  • ui/vulnerability-explorer.md - Vulnerability explorer
  • ui/explainers.md - Policy explainers UI
  • ui/airgap.md - Air-gap console UI
  • ui/attestor.md - Attestation UI
  • ui/forensics.md - Forensics UI
  • ui/observability.md - Observability UI
  • ui/risk-ui.md - Risk UI
  • ui/policy-editor.md - Policy editor workspace
  • ui/accessibility.md - Console accessibility guidance
  • ui/triage.md - Triage UX and state model
  • ui/branding.md - Tenant branding model
  • data-and-schemas.md - Storage, schemas, and determinism rules
  • data/persistence.md - Database model and migration notes
  • data/postgresql-operations.md - PostgreSQL operations guide
  • data/postgresql-patterns.md - RLS and partitioning patterns
  • data/events.md - Event envelopes and validation
  • sbom/overview.md - SBOM formats, mapping, and heuristics
  • governance/approvals.md - Approval routing and audit
  • governance/exceptions.md - Exception lifecycle and controls
  • security-and-governance.md - Security policy, hardening, governance, compliance
  • security/identity-tenancy-and-scopes.md - Authority scopes and tenancy rules
  • security/multi-tenancy.md - Tenant lifecycle and isolation model
  • security/row-level-security.md - Database RLS enforcement
  • security/crypto-and-trust.md - Crypto profiles and trust roots
  • security/crypto-compliance.md - Regional crypto profiles and licensing notes
  • security/quota-and-licensing.md - Offline quota and JWT licensing
  • security/admin-rbac.md - Console admin RBAC model
  • security/console-security.md - Console security posture
  • security/operational-hardening.md - DPoP, rate limits, secrets, exports
  • security/audit-events.md - Authority audit event schema
  • security/revocation-bundles.md - Revocation bundle format and verification
  • security/risk-model.md - Risk scoring model and explainability
  • risk/overview.md - Risk scoring overview
  • risk/factors.md - Risk factor catalog
  • risk/formulas.md - Risk scoring formulas
  • risk/profiles.md - Risk profile schema and lifecycle
  • risk/explainability.md - Risk explainability payloads
  • risk/api.md - Risk API endpoints
  • security/forensics-and-evidence-locker.md - Evidence locker and forensic storage
  • security/evidence-locker-publishing.md - Evidence locker publishing process
  • security/timeline.md - Timeline event ledger and exports
  • provenance/inline-provenance.md - DSSE metadata and transparency links
  • provenance/attestation-workflow.md - Attestation workflow and verification
  • provenance/rekor-policy.md - Rekor submission budget policy
  • provenance/backfill.md - Provenance backfill procedure
  • signals/unknowns.md - Unknowns registry and signals model
  • signals/unknowns-ranking.md - Unknowns scoring and triage bands
  • signals/uncertainty.md - Uncertainty states and tiers
  • signals/callgraph-schema.md - Callgraph schema and determinism
  • signals/contract-mapping.md - Signal contract mapping
  • contracts-and-interfaces.md - Cross-module contracts and specs
  • contracts/scanner-core.md - Scanner core DTOs and determinism helpers
  • task-packs.md - Task Runner pack format and workflow
  • interop/sbom-interop.md - SBOM interoperability and parity testing
  • interop/cosign.md - Cosign attestation integration
  • migration/overview.md - Migration paths and parity guidance
  • vex/consensus.md - VEX consensus overview
  • testing-and-quality.md - Test strategy and quality gates
  • testing/router-chaos.md - Router chaos testing scenarios
  • observability.md - Metrics, logs, tracing, telemetry stack
  • observability-standards.md - Telemetry envelope, scrubbing, sampling
  • observability-logging.md - Logging fields and redaction
  • observability-tracing.md - Trace propagation and span conventions
  • observability-metrics-slos.md - Core metrics and SLO guidance
  • observability-telemetry-controls.md - Propagation, sealed mode, incident mode
  • observability-aoc.md - AOC ingestion observability
  • observability-aggregation.md - Aggregation pipeline observability
  • observability-policy.md - Policy Engine observability
  • observability-ui-telemetry.md - Console telemetry metrics and alerts
  • observability-vuln-telemetry.md - Vulnerability explorer telemetry
  • developer/onboarding.md - Local dev setup and workflows
  • developer/plugin-sdk.md - Plugin SDK summary
  • developer/devportal.md - Developer portal publishing
  • developer/implementation-guidelines.md - Deterministic implementation rules
  • sdk/overview.md - SDK and client guidance
  • guides/compare-workflow.md - Compare workflow guide
  • guides/epss-integration.md - EPSS integration summary
  • references/examples-and-fixtures.md - Examples, samples, schemas
  • specs/symbols.md - Symbol manifest and bundle format
  • benchmarks.md - Benchmark program overview
  • vuln-explorer/overview.md - Vuln Explorer summary
  • training-and-adoption.md - Evaluation checklist and training material
  • glossary.md - Core terms

Legal and regulator view

  • legal/regulator-threat-evidence.md - Regulator threat and evidence model

Notes

  • Raw schemas, samples, and fixtures remain under docs/ and are referenced from docs2.
  • If you need a deep schema or fixture, follow the path in data-and-schemas.md.