59e7f25d96
- Create README.md for 25+ service modules with container info, API surface, storage - Document attestor-tileproxy separation rationale (air-gap network isolation) - Document opsmemory-advisoryai separation rationale (resource isolation, blast radius) - Update Timeline AGENTS.md with merged indexer info Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Concelier
Container(s): stellaops-concelier, stellaops-excititor, stellaops-excititor-worker Slot: 9 (concelier), 10 (excititor) | Port: 8080 | Consumer Group: concelier, excititor Resource Tier: medium
Purpose
Concelier is the advisory feed aggregator and SBOM correlation engine. It ingests, normalizes, and merges security advisories from multiple sources, manages advisory linksets, and supports air-gap mirror exports/imports. Excititor is the VEX (Vulnerability Exploitability eXchange) processing engine that normalizes CSAF, CycloneDX, and OpenVEX documents, verifies signatures and attestations, and maintains consensus projections across providers.
API Surface
concelier(via Router) — advisory queries, SBOM correlation, federation, observation management, canonical advisory views, mirror export/import, AoC (Attestation of Conformity) endpointsexcititor(via Router) — VEX document ingestion, normalization, provider management, signature verification, graph queries, policy integration, export
Storage
PostgreSQL (concelier schema via PostgresStorage:ConnectionString; vex schema for Excititor via Postgres:Excititor); RustFS/S3 for artifact storage; Valkey for cache
Background Workers
VexWorkerHostedService(excititor-worker) — background VEX provider polling and document ingestionVexConsensusRefreshService(excititor-worker) — periodic consensus recalculationVexWorkerHeartbeatService(excititor-worker) — orchestrator heartbeat