90c244948a
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`. - Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
StellaOps Concelier
Concelier ingests signed advisories from dozens of sources and converts them into immutable observations plus linksets under the Aggregation-Only Contract (AOC).
Responsibilities
- Fetch and normalise vulnerability advisories via restart-time connectors.
- Persist observations and correlation linksets without precedence decisions.
- Emit deterministic exports (JSON, Trivy DB) for downstream policy evaluation.
- Coordinate offline/air-gap updates via Offline Kit bundles.
Key components
StellaOps.Concelier.WebServiceorchestration host.- Connector libraries under
StellaOps.Concelier.Connector.*. - Exporter packages (
StellaOps.Concelier.Exporter.*).
Integrations & dependencies
- MongoDB for canonical observations and schedules.
- Policy Engine / Export Center / CLI for evidence consumption.
- Notify and UI for advisory deltas.
Operational notes
- Connector runbooks in ./operations/connectors/.
- Mirror operations for Offline Kit parity.
- Grafana dashboards for connector health.
Related resources
- ./operations/conflict-resolution.md
- ./operations/mirror.md
Backlog references
- DOCS-LNM-22-001, DOCS-LNM-22-007 in ../../TASKS.md.
- Connector-specific TODOs in
src/Concelier/**/TASKS.md.
Epic alignment
- Epic 1 – AOC enforcement: uphold raw observation invariants, provenance requirements, linkset-only enrichment, and AOC verifier guardrails across every connector.
- Epic 10 – Export Center: expose deterministic advisory exports and metadata required by JSON/Trivy/mirror bundles.