git.stella-ops.org/docs/technical/architecture/README.md

Platform architecture & module dossiers

Use this index to locate platform-level architecture references and per-module dossiers.

Core views

• Architecture overview (10-minute tour)
• High-level architecture (reference map)
• Scanner core contracts
• Authority (legacy overview)
• Console operator guide and deep dives under console and ux
• Component map (quick descriptions of every module under src/)

Detailed references

• Platform topology
• Infrastructure dependencies
• Request and data flows
• Data isolation model
• Security boundaries

User-centric views (NEW)

• User flows (UML diagrams) - End-to-end flows from user perspective
• Module matrix - Complete 46-module inventory with categorization
• Data flows - SBOM, advisory, VEX, and policy data lifecycles
• Schema mapping - PostgreSQL, Valkey, and RustFS storage reference

Policy engine deep dives (NEW)

Comprehensive documentation of how data feeds policy decisions:

• Policy Engine Data Pipeline - Master view of all data flowing to policy engine
• SBOM Analyzer Inventory - Complete inventory of 25 analyzers (11 language, 9 OS, 4 surface, 1 capability)
• Runtime Agents Architecture - eBPF observation, Zastava container observer, signal processing
• Call Graph Analysis - ReachGraph construction, BFS path finding, 8-state reachability
• Confidence Scoring - 5-factor weighted scoring (RCH, RTS, VEX, PRV, POL)
• K4 Lattice Logic - Four-valued logic for handling uncertainty and conflicts

End-to-end workflow flows

Comprehensive flow documentation for all major StellaOps workflows: flows/

Category	Flows
Core Platform	Dashboard, Scan Submission, SBOM Generation, Policy Evaluation, Notification, Export
Advanced	CI/CD Gate, Advisory Drift Re-scan, VEX Auto-Generation, Evidence Bundle Export
Enterprise	Multi-Tenant Policy Rollout, Exception Approval, Risk Score Dashboard
Specialized	Binary Delta Attestation, Offline Sync, Reachability Drift Alert

Module catalogue

Each module directory bundles an ownership charter (AGENTS.md), current work (TASKS.md), an architecture dossier, and an implementation plan. Operations guides live under operations/ where applicable.

Module	Architecture	Implementation plan	Operations / extras
Authority	architecture.md	implementation_plan.md	operations/
Advisory AI	architecture.md	implementation_plan.md	-
Attestor	architecture.md	implementation_plan.md	-
CLI	architecture.md	implementation_plan.md	operations/release-and-packaging.md
CI recipes	architecture.md	implementation_plan.md	recipes.md
Concelier	architecture.md	implementation_plan.md	operations/
DevOps / release	architecture.md	implementation_plan.md	runbooks/
Excititor	architecture.md	implementation_plan.md	mirrors.md
Export Center	architecture.md	implementation_plan.md	operations/runbook.md
Graph	architecture.md	implementation_plan.md	-
Notify	architecture.md	implementation_plan.md	-
Orchestrator	architecture.md	implementation_plan.md	-
Platform	architecture-overview.md + architecture.md	implementation_plan.md	-
Policy engine	architecture.md	implementation_plan.md	-
Registry token service	architecture.md	implementation_plan.md	operations/token-service.md
Scanner	architecture.md	implementation_plan.md	operations/
Scheduler	architecture.md	implementation_plan.md	operations/
Signer	architecture.md	implementation_plan.md	-
Telemetry stack	architecture.md	implementation_plan.md	operations/collector.md, operations/storage.md
UI / Console	architecture.md, console-architecture.md	implementation_plan.md	-
Vuln Explorer	architecture.md	implementation_plan.md	-
VEX Lens	architecture.md	implementation_plan.md	-
Excitor	architecture.md	implementation_plan.md	scoring.md
Zastava	architecture.md	implementation_plan.md	-

Tip: every module directory also exposes README.md, AGENTS.md, and TASKS.md for roles, current backlog, and ownership responsibilities.