Files

master 541a936d03 feat: Complete MongoDB/MinIO removal and integrate CLI consolidation

This commit completes the MongoDB and MinIO removal from the StellaOps
platform and integrates the CLI consolidation work from remote.

## Infrastructure Changes

- PostgreSQL v16+ is now the ONLY supported database
- Valkey v8.0 replaces Redis for caching, DPoP security, and event streams
- RustFS is the primary object storage (MinIO fully removed)
- NATS is OPTIONAL for messaging (Valkey is default transport)

## Docker Compose Updates

Updated all deployment profiles:
- deploy/compose/docker-compose.dev.yaml
- deploy/compose/docker-compose.airgap.yaml
- deploy/compose/docker-compose.stage.yaml
- deploy/compose/docker-compose.prod.yaml

All profiles now use PostgreSQL + Valkey + RustFS stack.

## Environment Configuration

Updated all env.example files with:
- Removed: MONGO_*, MINIO_* variables
- Added: POSTGRES_*, VALKEY_* variables
- Updated: SCANNER_QUEUE_BROKER to use Valkey by default
- Enhanced: Surface.Env and Offline Kit configurations

## Aoc.Cli Changes

- Removed --mongo option entirely
- Made --postgres option required
- Removed VerifyMongoAsync method
- PostgreSQL is now the only supported backend

## CLI Consolidation (from merge)

Integrated plugin architecture for unified CLI:
- stella aoc verify (replaces stella-aoc)
- stella symbols (replaces stella-symbols)
- Plugin manifests and command modules
- Migration guide for users

## Documentation Updates

- README.md: Updated deployment workflow notes
- DEVELOPER_ONBOARDING.md: Complete Valkey-centric flow diagrams
- QUICKSTART_HYBRID_DEBUG.md: Removed MongoDB/MinIO references
- VERSION_MATRIX.md: Updated infrastructure dependencies
- CLEANUP_SUMMARY.md: Marked all cleanup tasks complete
- 07_HIGH_LEVEL_ARCHITECTURE.md: Corrected infrastructure stack
- 11_DATA_SCHEMAS.md: Valkey keyspace documentation

## Merge Resolution

Resolved merge conflicts by accepting incoming changes which had more
complete Surface.Env and Offline Kit configurations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2025-12-23 10:40:20 +02:00

7.5 KiB

Raw Blame History

StellaOps Deployment Version Matrix

Last Updated: 2025-12-04 Purpose: Single source of truth for service versions across deployment environments Unblocks: COMPOSE-44-001, 44-001, 44-002, 44-003, 45-001, 45-002, 45-003 (7 tasks)

Quick Reference

Environment	Core Version	Status
Development	`2025.10.0-edge`	Active
Staging	`2025.09.2`	Stable
Production	`2025.09.2`	Stable
Air-Gap	`2025.09.2-airgap`	Certified

Service Version Matrix

Core Services

Service	Dev	Staging	Prod	Air-Gap	Notes
Authority	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	OAuth 2.1 / mTLS
Signer	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	ECDSA/RSA/EdDSA
Attestor	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	in-toto/DSSE
Concelier	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Advisory ingestion
Scanner	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	SBOM/Vuln scanning
Excititor	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	VEX export
Policy	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	OPA/Rego engine
Scheduler	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Job scheduling
Notify	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Notifications

Platform Services

Service	Dev	Staging	Prod	Air-Gap	Notes
Orchestrator Web	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	API Gateway
Orchestrator Worker	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Background jobs
Graph API	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Graph queries
Graph Indexer	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Graph ingest
Timeline Indexer	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Event timeline
Findings Ledger	`2025.10.0-edge`	`2025.09.2`	`2025.09.2`	`2025.09.2-airgap`	Finding storage

Infrastructure Dependencies

Component	Version	Digest	Notes
PostgreSQL	`16-alpine`	N/A	Primary database (REQUIRED)
Valkey	`8.0`	N/A	Cache, DPoP security (REQUIRED)
RustFS	`2025.10.0-edge`	N/A	Object storage (REQUIRED)
NATS	`2.10`	`sha256:c82559e4476289481a8a5196e675ebfe67eea81d95e5161e3e78eccfe766608e`	Message queue (optional)

Container Image Registry

Primary Registry

registry.stella-ops.org/stellaops/<service>:<version>

Image Naming Convention

Pattern	Example	Use Case
`<service>:<version>`	`authority:2025.09.2`	Tagged releases
`<service>:<version>-<variant>`	`authority:2025.09.2-airgap`	Environment variants
`<service>:edge`	`authority:edge`	Latest dev build
`<service>@sha256:<digest>`	`authority@sha256:abc123...`	Immutable reference

Air-Gap Bundle Images

Air-gap deployments use pre-bundled images with all dependencies:

registry.stella-ops.org/stellaops/airgap-bundle:2025.09.2

Bundle contents:

All core services at matching version
Infrastructure containers (PostgreSQL, Valkey, RustFS, NATS)
CLI tools and migration utilities
Offline kit documentation

Version Promotion Workflow

Stages

Dev (edge) → Staging → Production → Air-Gap (certified)

Promotion Criteria

Stage	Criteria
Dev → Staging	All unit tests pass, integration tests pass
Staging → Prod	E2E tests pass, security scan clean, performance benchmarks pass
Prod → Air-Gap	Offline validation complete, bundle integrity verified, documentation updated

Promotion Commands

# Promote dev to staging
./scripts/promote.sh --from dev --to staging --version 2025.10.0

# Promote staging to production
./scripts/promote.sh --from staging --to prod --version 2025.10.0

# Create air-gap certified bundle
./scripts/create-airgap-bundle.sh --version 2025.09.2

Helm Chart Values

Development (`values-dev.yaml`)

global:
  imageTag: "2025.10.0-edge"
  imagePullPolicy: Always
  environment: development

services:
  authority:
    replicaCount: 1
    resources:
      requests:
        memory: "256Mi"
        cpu: "100m"

Production (`values-prod.yaml`)

global:
  imageTag: "2025.09.2"
  imagePullPolicy: IfNotPresent
  environment: production

services:
  authority:
    replicaCount: 3
    resources:
      requests:
        memory: "512Mi"
        cpu: "250m"

Air-Gap (`values-airgap.yaml`)

global:
  imageTag: "2025.09.2-airgap"
  imagePullPolicy: Never  # Images pre-loaded
  environment: airgap
  offlineMode: true

airgap:
  enabled: true
  bundleVersion: "2025.09.2"
  stalenessThresholdSeconds: 604800  # 7 days

Docker Compose Reference

Quick Start (Development)

# docker-compose.dev.yaml
version: "3.8"
services:
  authority:
    image: registry.stella-ops.org/stellaops/authority:2025.10.0-edge

  concelier:
    image: registry.stella-ops.org/stellaops/concelier:2025.10.0-edge

  scanner:
    image: registry.stella-ops.org/stellaops/scanner:2025.10.0-edge

Production

# docker-compose.prod.yaml
version: "3.8"
services:
  authority:
    image: registry.stella-ops.org/stellaops/authority@sha256:...
    deploy:
      replicas: 3

  concelier:
    image: registry.stella-ops.org/stellaops/concelier@sha256:...
    deploy:
      replicas: 2

Service Dependencies

Startup Order

1. Infrastructure (PostgreSQL, Valkey, RustFS, NATS)
   ↓
2. Core Auth (Authority, Signer)
   ↓
3. Data Services (Concelier, Excititor)
   ↓
4. Compute Services (Scanner, Policy, Scheduler)
   ↓
5. Platform Services (Orchestrator, Graph, Timeline)
   ↓
6. UI/CLI

Health Check Endpoints

Service	Health Endpoint	Ready Endpoint
All	`/health`	`/ready`
Authority	`/health`	`/ready` (includes JWKS)
Scanner	`/health`	`/ready` (includes analyzer check)

Breaking Changes Log

2025.10.0 (Upcoming)

Authority: New OAuth 2.1 endpoints (backward compatible)
Scanner: Analyzer plugin format v2 (migration required)
Concelier: LNM API v2 (v1 deprecated, removed in 2025.11.0)

2025.09.2 (Current Stable)

All: Initial GA release
Air-Gap: First certified offline bundle

Rollback Procedure

Helm Rollback

# List releases
helm history stellaops -n stellaops

# Rollback to previous
helm rollback stellaops 1 -n stellaops

Compose Rollback

# Stop current
docker-compose down

# Edit .env to previous version
# VERSION=2025.09.1

# Start previous
docker-compose up -d

Changelog

Date	Change	Author
2025-12-04	Initial version matrix created	Claude
2025-12-04	Added air-gap certification workflow	Claude

7.5 KiB Raw Blame History

StellaOps Deployment Version Matrix

Quick Reference

Service Version Matrix

Core Services

Platform Services

Infrastructure Dependencies

Container Image Registry

Primary Registry

Image Naming Convention

Air-Gap Bundle Images

Version Promotion Workflow

Stages

Promotion Criteria

Promotion Commands

Helm Chart Values

Development (values-dev.yaml)

Production (values-prod.yaml)

Air-Gap (values-airgap.yaml)

Docker Compose Reference

Quick Start (Development)

Production

Service Dependencies

Startup Order

Health Check Endpoints

Breaking Changes Log

2025.10.0 (Upcoming)

2025.09.2 (Current Stable)

Rollback Procedure

Helm Rollback

Compose Rollback

Related Documents

Changelog

7.5 KiB

Raw Blame History

Development (`values-dev.yaml`)

Production (`values-prod.yaml`)

Air-Gap (`values-airgap.yaml`)