git.stella-ops.org/docs/modules/README.md

# StellaOps Module Documentation Index

This directory contains architecture documentation for all StellaOps modules.

## Module Categories

### Core Platform

| Module | Path | Description |
|--------|------|-------------|
| [Authority](./authority/) | `src/Authority/` | Authentication, authorization, OAuth/OIDC, DPoP |
| [Gateway](./gateway/) | `src/Gateway/` | API gateway with routing and transport abstraction |
| [Router](./router/) | `src/Router/` | Transport-agnostic messaging (TCP/TLS/UDP/RabbitMQ/Valkey) |
| [Platform](./platform/) | Cross-cutting | Platform architecture overview |

### Data Ingestion

| Module | Path | Description |
|--------|------|-------------|
| [Concelier](./concelier/) | `src/Concelier/` | Vulnerability advisory ingestion and merge engine |
| [Excititor](./excititor/) | `src/Excititor/` | VEX document ingestion and export |
| [VexLens](./vex-lens/) | `src/VexLens/` | VEX consensus computation across issuers |
| [VexHub](./vexhub/) | `src/VexHub/` | VEX distribution and exchange hub |
| [IssuerDirectory](./issuer-directory/) | `src/IssuerDirectory/` | Issuer trust registry (CSAF publishers) |
| [Feedser](./feedser/) | `src/Feedser/` | Evidence collection library for backport detection |
| [Mirror](./mirror/) | `src/Mirror/` | Vulnerability feed mirror and distribution |

### Scanning & Analysis

| Module | Path | Description |
|--------|------|-------------|
| [Scanner](./scanner/) | `src/Scanner/` | Container scanning with SBOM generation |
| [BinaryIndex](./binaryindex/) | `src/BinaryIndex/` | Binary identity extraction and fingerprinting |
| [AdvisoryAI](./advisory-ai/) | `src/AdvisoryAI/` | AI-assisted advisory analysis |
| [Symbols](./symbols/) | `src/Symbols/` | Symbol resolution and debug information |
| [ReachGraph](./reachgraph/) | `src/ReachGraph/` | Reachability graph service |

### Artifacts & Evidence

| Module | Path | Description |
|--------|------|-------------|
| [Attestor](./attestor/) | `src/Attestor/` | in-toto/DSSE attestation generation |
| [Signer](./signer/) | `src/Signer/` | Cryptographic signing operations |
| [SbomService](./sbomservice/) | `src/SbomService/` | SBOM storage, versioning, and lineage ledger |
| [EvidenceLocker](./evidence-locker/) | `src/EvidenceLocker/` | Sealed evidence storage and export |
| [ExportCenter](./export-center/) | `src/ExportCenter/` | Batch export and report generation |
| [Provenance](./provenance/) | `src/Provenance/` | SLSA/DSSE attestation tooling |
| [Provcache](./provcache/) | Library | Provenance cache utilities |

### Policy & Risk

| Module | Path | Description |
|--------|------|-------------|
| [Policy](./policy/) | `src/Policy/` | Policy engine with K4 lattice logic |
| [RiskEngine](./riskengine/) | `src/RiskEngine/` | Risk scoring runtime |
| [VulnExplorer](./vuln-explorer/) | `src/VulnExplorer/` | Vulnerability exploration and triage |
| [Unknowns](./unknowns/) | `src/Unknowns/` | Unknown component tracking registry |

### Operations

| Module | Path | Description |
|--------|------|-------------|
| [Scheduler](./scheduler/) | `src/Scheduler/` | Job scheduling and queue management |
| [Orchestrator](./orchestrator/) | `src/Orchestrator/` | Workflow orchestration and task coordination |
| [TaskRunner](./taskrunner/) | `src/TaskRunner/` | Task pack execution engine |
| [Notify](./notify/) | `src/Notify/` | Notification toolkit (Email, Slack, Teams, Webhooks) |
| [Notifier](./notifier/) | `src/Notifier/` | Notifications Studio host |
| [PacksRegistry](./packsregistry/) | `src/PacksRegistry/` | Task packs registry |
| [TimelineIndexer](./timelineindexer/) | `src/TimelineIndexer/` | Timeline event indexing |
| [Replay](./replay/) | `src/Replay/` | Deterministic replay engine |

### Integration

| Module | Path | Description |
|--------|------|-------------|
| [CLI](./cli/) | `src/Cli/` | Command-line interface (Native AOT) |
| [Zastava](./zastava/) | `src/Zastava/` | Container registry webhook observer |
| [Web/UI](./ui/) | `src/Web/` | Angular 17 frontend SPA |
| [API](./api/) | `src/Api/` | OpenAPI contracts and governance |
| [Registry](./registry/) | `src/Registry/` | Container registry integration |

### Infrastructure

| Module | Path | Description |
|--------|------|-------------|
| [Cryptography](./cryptography/) | `src/Cryptography/` | Crypto plugins (FIPS, eIDAS, GOST, SM, PQ) |
| [Telemetry](./telemetry/) | `src/Telemetry/` | OpenTelemetry traces, metrics, logging |
| [Graph](./graph/) | `src/Graph/` | Call graph and reachability data structures |
| [Signals](./signals/) | `src/Signals/` | Runtime signal collection and correlation |
| [AirGap](./airgap/) | `src/AirGap/` | Air-gapped deployment support |
| [AOC](./aoc/) | `src/Aoc/` | Append-Only Contract enforcement |

### Testing & Benchmarks

| Module | Path | Description |
|--------|------|-------------|
| [Benchmark](./benchmark/) | Scanner library | Competitive benchmarking (accuracy comparison) |
| [Bench](./bench/) | `src/Bench/` | Performance benchmarks |

### Cross-Cutting Concepts

| Folder | Purpose |
|--------|---------|
| [Evidence](./evidence/) | Unified evidence model specification |
| [Snapshot](./snapshot/) | Knowledge snapshot and replay concepts |
| [Triage](./triage/) | Vulnerability triage workflows |
| [DevOps](./devops/) | DevOps and CI/CD infrastructure |
| [CI](./ci/) | CI pipeline documentation |

---

## Documentation Standards

Each module folder should contain:

| File | Purpose |
|------|---------|
| `README.md` | Quick overview, purpose, components |
| `architecture.md` | Detailed architecture specification |
| `AGENTS.md` | (Optional) Claude Code agent guidance |
| `operations/` | (Optional) Operational runbooks |

See the [Documentation Template Standard](../implplan/SPRINT_1228_0001_DOCS_module_documentation_consolidation.md#documentation-template-standard) for the full architecture.md template.