2d08f52715
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps. - Added example JSON schemas for observer events and webhook admissions. - Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control. - Created alert rules for Vuln Explorer to monitor API latency and projection errors. - Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails. - Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization. - Added expected projection SHA256 for vulnerability events. - Created k6 load testing script for Vuln Explorer API. - Added sample projection and replay event data for testing. - Implemented ReplayInputsLock for deterministic replay inputs management. - Developed tests for ReplayInputsLock to ensure stable hash computation. - Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity. - Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality. - Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
StellaOps Export Center
Export Center packages reproducible evidence bundles (JSON, Trivy DB, mirror) with provenance metadata and optional signing for offline or mirrored deployments.
Latest updates (2025-11-30)
- Sprint tracker
docs/implplan/SPRINT_0320_0001_0001_docs_modules_export_center.mdand moduleTASKS.mdadded to mirror status. - Observability runbook stub + dashboard placeholder added under
operations/(offline import). - Bundle/profile/offline manifest guidance reaffirmed (
devportal-offline*.md,mirror-bundles.md,provenance-and-signing.md).
Responsibilities
- Coordinate export jobs based on profiles and scope selectors.
- Assemble manifests, provenance documents, and cosign signatures.
- Stream bundles via HTTP/OCI and stage them for Offline Kit uses.
- Expose CLI/API surfaces for automation.
Key components
StellaOps.ExportCenter.WebServiceplanner.StellaOps.ExportCenter.Workerbundle builder.- Adapters in
StellaOps.ExportCenter.*for JSON/Trivy/mirror variants.
Profiles at a glance
- json:raw / json:policy — Evidence bundles with raw ingestion facts or policy overlays.
- trivy:db / trivy:java-db — Trivy-compatible vulnerability feeds with deterministic manifests.
- mirror:full / mirror:delta — OCI-style mirrors with provenance, TUF metadata, and optional encryption.
- devportal:offline — Developer portal static assets, specs, SDKs, and changelogs packaged with
manifest.json,checksums.txt, helper scripts, and a DSSE-signed manifest (manifest.dsse.json) for offline verification.
Integrations & dependencies
- Concelier/Excititor/Policy data stores for evidence.
- Signer/Attestor for provenance signing.
- CLI for operator-managed exports.
Operational notes
- Runbooks in ./operations/ for deployment and monitoring.
- Observability assets:
operations/observability.mdandoperations/dashboards/export-center-observability.json(offline import). - Mirror bundle instructions and validation notes.
- Telemetry dashboards for export latency and retry rates.
Related resources
- ./operations/runbook.md
- ./devportal-offline.md (bundle structure, verification workflow, DSSE signature details)
- ./provenance-and-signing.md (manifest/provenance schema, signing pipeline, verification)
Backlog references
- DOCS-EXPORT-35-001 … DOCS-EXPORT-37-002 in ../../TASKS.md.
- EXPORT-ATTEST-75-002 cross-team deliverable.
Epic alignment
- Epic 10 – Export Center: deliver canonical JSON, Trivy DB, and mirror bundle workflows with provenance, signatures, and offline parity.