stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
efd6850c38b0f11fd2c4eabf28e6bd552391142e
git.stella-ops.org/docs/modules/zastava
History
StellaOps Bot 18d87c64c5 feat: add PolicyPackSelectorComponent with tests and integration 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
2025-12-05 21:24:34 +02:00
..
evidence
feat: add PolicyPackSelectorComponent with tests and integration
2025-12-05 21:24:34 +02:00
exports
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
gaps
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
kit
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
operations
up
2025-12-01 21:16:22 +02:00
prep
prep docs and service updates
2025-11-21 06:56:36 +00:00
schemas
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
AGENTS.md
feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context
2025-11-30 15:38:14 +02:00
architecture.md
feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context
2025-11-30 15:38:14 +02:00
implementation_plan.md
feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context
2025-11-30 15:38:14 +02:00
README.md
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
SHA256SUMS
feat: add PolicyPackSelectorComponent with tests and integration
2025-12-05 21:24:34 +02:00
TASKS.md
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
thresholds.yaml
feat: Add VEX Lens CI and Load Testing Plan
2025-12-02 07:18:28 +02:00
thresholds.yaml.dsse
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00

README.md

StellaOps Zastava

Zastava monitors running workloads, verifies supply chain posture, and enforces runtime policy via Kubernetes admission webhooks.

Latest updates (2025-12-02)

  • DSSE-signed schemas, thresholds, exports, and deterministic zastava-kit bundle published under docs/modules/zastava; verification via kit/verify.sh and hashes in SHA256SUMS.
  • Sprint tracker docs/implplan/SPRINT_0335_0001_0001_docs_modules_zastava.md and module TASKS.md added to mirror status.
  • Observability runbook stub + dashboard placeholder added under operations/ (offline import).
  • Surface.Env/Surface.Secrets adoption remains pending platform contracts; align with platform docs before enabling sealed mode.

Responsibilities

  • Observe node/container activity and emit runtime events.
  • Validate signatures, SBOM presence, and backend verdicts before allowing containers.
  • Buffer and replay events during disconnections.
  • Trigger delta scans when runtime posture drifts.

Key components

  • StellaOps.Zastava.Observer daemonset.
  • StellaOps.Zastava.Webhook admission controller.
  • Shared contracts in StellaOps.Zastava.Core.

Integrations & dependencies

  • Authority for OpToks and mTLS.
  • Scanner/Scheduler for remediation triggers.
  • Notify/UI for runtime alerts and dashboards.

Operational notes

  • Runbook ./operations/observability.md (stub) plus dashboard placeholder ./operations/dashboards/zastava-observability.json.
  • Legacy runtime runbook assets remain under ./operations if present; keep offline kit bundles deterministic.
  • DPoP/mTLS rotation guidance shared with Authority.

Related resources

  • ./operations/runtime.md
  • ./operations/runtime-grafana-dashboard.json
  • ./operations/runtime-prometheus-rules.yaml

Backlog references

  • ZASTAVA runtime tasks in ../../TASKS.md.
  • Webhook smoke tests tracked in src/Zastava/**/TASKS.md.