stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
f30805ad7f5457dac581340d20d3f7a1d3afcbf6
git.stella-ops.org/docs/modules/policy
History
StellaOps Bot 8768c27f30
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / sign-signals-artifacts (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / verify-signatures (push) Has been cancelled
Details
Add signal contracts for reachability, exploitability, trust, and unknown symbols 
- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.
2025-12-05 00:27:00 +02:00
..
contracts
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
design
up
2025-11-27 23:45:09 +02:00
fixtures
Add tests and implement timeline ingestion options with NATS and Redis subscribers
2025-12-03 09:46:48 +02:00
prep
feat: Implement MongoDB orchestrator storage with registry, commands, and heartbeats
2025-11-22 12:35:38 +02:00
samples
up
2025-11-27 23:45:09 +02:00
schemas
up
2025-11-24 07:52:25 +02:00
AGENTS.md
Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations.
2025-11-05 11:58:32 +02:00
architecture.md
up
2025-12-03 00:10:19 +02:00
cvss-v4.md
Add receipt input JSON and SHA256 hash for CVSS policy scoring tests
2025-12-04 07:30:42 +02:00
implementation_plan.md
Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00
README.md
feat: Add Promotion-Time Attestations for Stella Ops
2025-11-11 15:30:22 +02:00
secret-leak-detection-readiness.md
feat: Implement vulnerability token signing and verification utilities
2025-11-03 10:04:10 +02:00
TASKS.md
work
2025-11-23 23:40:10 +02:00
windows-package-readiness.md
feat: Implement vulnerability token signing and verification utilities
2025-11-03 10:04:10 +02:00

README.md

StellaOps Policy Engine

Policy Engine compiles and evaluates Stella DSL policies deterministically, producing explainable findings with full provenance.

Responsibilities

  • Compile stella-dsl@1 packs into executable graphs.
  • Join advisories, VEX evidence, and SBOM inventories to derive effective findings.
  • Expose simulation and diff APIs for UI/CLI workflows.
  • Emit change-stream driven events for Notify/Scheduler integrations.

Key components

  • StellaOps.Policy.Engine service host.
  • Shared libraries under StellaOps.Policy.* for evaluation, storage, DSL tooling.

Integrations & dependencies

  • MongoDB findings collections, RustFS explain bundles.
  • Scheduler for incremental re-evaluation triggers.
  • CLI/UI for policy authoring and runs.

Operational notes

  • DSL grammar and lifecycle docs in ../../policy/.
  • Observability guidance in ../../observability/policy.md.
  • Governance and scope mapping in ../../security/policy-governance.md.
  • Readiness briefs: ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
  • Readiness briefs: ../scanner/design/macos-analyzer.md, ../scanner/design/windows-analyzer.md, ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
  • Ruby capability predicates design: ./design/ruby-capability-predicates.md.

Backlog references

  • DOCS-POLICY-20-001 … DOCS-POLICY-20-012 (completed baseline).
  • DOCS-POLICY-23-007 (upcoming command updates).

Epic alignment

  • Epic 2 Policy Engine & Editor: deliver deterministic evaluation, DSL infrastructure, explain traces, and incremental runs.
  • Epic 4 Policy Studio: integrate registry workflows, simulation at scale, approvals, and promotion semantics.