git.stella-ops.org/docs/modules

StellaOps Module Documentation Index

This directory contains architecture documentation for all StellaOps modules.

Module Categories

Core Platform

Module	Path	Description
Authority	src/Authority/	Authentication, authorization, OAuth/OIDC, DPoP
Gateway	src/Gateway/	API gateway with routing and transport abstraction
Router	src/Router/	Transport-agnostic messaging (TCP/TLS/UDP/RabbitMQ/Valkey)
Platform	Cross-cutting	Platform architecture overview

Data Ingestion

Module	Path	Description
Concelier	src/Concelier/	Vulnerability advisory ingestion and merge engine
Excititor	src/Excititor/	VEX document ingestion and export
VexLens	src/VexLens/	VEX consensus computation across issuers
VexHub	src/VexHub/	VEX distribution and exchange hub
IssuerDirectory	src/IssuerDirectory/	Issuer trust registry (CSAF publishers)
Feedser	src/Feedser/	Evidence collection library for backport detection
Mirror	src/Mirror/	Vulnerability feed mirror and distribution

Scanning & Analysis

Module	Path	Description
Scanner	src/Scanner/	Container scanning with SBOM generation
BinaryIndex	src/BinaryIndex/	Binary identity extraction and fingerprinting
AdvisoryAI	src/AdvisoryAI/	AI-assisted advisory analysis
Symbols	src/Symbols/	Symbol resolution and debug information
ReachGraph	src/ReachGraph/	Reachability graph service

Artifacts & Evidence

Module	Path	Description
Attestor	src/Attestor/	in-toto/DSSE attestation generation
Signer	src/Signer/	Cryptographic signing operations
SbomService	src/SbomService/	SBOM storage, versioning, and lineage ledger
EvidenceLocker	src/EvidenceLocker/	Sealed evidence storage and export
ExportCenter	src/ExportCenter/	Batch export and report generation
Provenance	src/Provenance/	SLSA/DSSE attestation tooling
Provcache	Library	Provenance cache utilities

Policy & Risk

Module	Path	Description
Policy	src/Policy/	Policy engine with K4 lattice logic
RiskEngine	src/RiskEngine/	Risk scoring runtime
VulnExplorer	src/VulnExplorer/	Vulnerability exploration and triage
Unknowns	src/Unknowns/	Unknown component tracking registry

Operations

Module	Path	Description
Scheduler	src/Scheduler/	Job scheduling and queue management
Orchestrator	src/Orchestrator/	Workflow orchestration and task coordination
TaskRunner	src/TaskRunner/	Task pack execution engine
Notify	src/Notify/	Notification toolkit (Email, Slack, Teams, Webhooks)
Notifier	src/Notifier/	Notifications Studio host
PacksRegistry	src/PacksRegistry/	Task packs registry
TimelineIndexer	src/TimelineIndexer/	Timeline event indexing
Replay	src/Replay/	Deterministic replay engine

Integration

Module	Path	Description
CLI	src/Cli/	Command-line interface (Native AOT)
Zastava	src/Zastava/	Container registry webhook observer
Web/UI	src/Web/	Angular 17 frontend SPA
API	src/Api/	OpenAPI contracts and governance
Registry	src/Registry/	Container registry integration

Infrastructure

Module	Path	Description
Cryptography	src/Cryptography/	Crypto plugins (FIPS, eIDAS, GOST, SM, PQ)
Telemetry	src/Telemetry/	OpenTelemetry traces, metrics, logging
Graph	src/Graph/	Call graph and reachability data structures
Signals	src/Signals/	Runtime signal collection and correlation
AirGap	src/AirGap/	Air-gapped deployment support
AOC	src/Aoc/	Append-Only Contract enforcement

Testing & Benchmarks

Module	Path	Description
Benchmark	Scanner library	Competitive benchmarking (accuracy comparison)
Bench	src/Bench/	Performance benchmarks

Cross-Cutting Concepts

Folder	Purpose
Evidence	Unified evidence model specification
Snapshot	Knowledge snapshot and replay concepts
Triage	Vulnerability triage workflows
DevOps	DevOps and CI/CD infrastructure
CI	CI pipeline documentation

---

Documentation Standards

Each module folder should contain:

File	Purpose
README.md	Quick overview, purpose, components
architecture.md	Detailed architecture specification
AGENTS.md	(Optional) Claude Code agent guidance
operations/	(Optional) Operational runbooks

See the Documentation Template Standard for the full architecture.md template.