fd5ac22afb
Closes SPRINT_20260421_006 — all 4 tasks DONE. Full Tier 2c behavioral
verification per docs/qa/feature-checks/FLOW.md. Evidence directories
include per-route screenshots + tier2-ui-check JSON with PASS/FAIL/DEFERRED
assertions.
FE-QA-REL-001 — Release Control: 9/9 PASS
/environments/overview, /releases, /releases/deployments, /releases/bundles,
/releases/promotions, /releases/approvals, /releases/hotfixes,
/releases/investigation/timeline, /releases/workflows
FE-QA-REL-002 — Release Policy: 7/9 PASS, 2 DEFERRED
/ops/policy/{packs, governance, vex, simulation, governance/budget,
governance/profiles, vex/exceptions} — all PASS.
DEFERRED: /ops/policy/governance/audit (redirects to sprint-007-owned
/ops/operations/audit — scope lock), /ops/policy/governance/trust-weights
(tab URL doesn't persist — flagged as follow-up).
FE-QA-SEC-003 — Security: 10/10 effective PASS
Direct PASS: /security{,/images,/risk,/advisory-sources,/findings,
/vulnerabilities,/reachability}
Redirect PASS matching SEC-005/006/007 consolidation contracts:
/security/vex → /ops/policy/vex, /security/artifacts → /triage/artifacts,
/security/exceptions → /ops/policy/vex/exceptions.
FE-QA-RELSEC-004 — Retention coverage:
New e2e/routes/release-security-identity.e2e.spec.ts with 24 route-identity
assertions + 1 Release interaction guard. Uses auth.fixture.ts test-session
so CI does not require live Authority credentials.
Environmental gap surfaced (worked around in-session, NOT a code fix here):
stellaops_authority was missing the `default` tenant row, breaking setup-
wizard Admin bootstrap with FK users_tenant_id_fkey=(default) and causing
admin login to return invalid_grant. Manually seeded `default` into
authority.tenants and finalized the setup session via Platform Setup API.
Should be addressed in a follow-up Authority sprint — the default tenant
seed needs to land in startup migrations or StandardPluginRegistrar init.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Stella Ops Suite Documentation
Stella Ops Suite is a centralized, auditable release control plane for non-Kubernetes container estates. It orchestrates environment promotions, gates releases using reachability-aware security and policy, and produces verifiable evidence for every decision.
Stella is designed for teams who deploy containers via Docker/Compose, hosts/VMs, and scripted automation and need certifiable security + auditable releases without building a bespoke governance pipeline.
Product framing reference: docs/product/release-with-confidence-product-card.md
What Stella delivers
Evidence-grade release governance (outside Kubernetes)
- Environment promotions (Dev -> Stage -> Prod) with explicit policy, approvals, and change control.
- Digest-first release identity: deployments are tracked by immutable OCI digests so "what is deployed where" is unambiguous.
- Deterministic decision records: every gate decision is explainable ("why blocked?") and replayable.
Reachability-aware security decisioning
- Deep scanning produces SBOM + findings + reachability and hybrid reachability evidence.
- VEX-first decisioning with consensus and conflict handling across issuers (SBOM/VEX are part of the evidence chain, not a side export).
- Policy-as-code with deterministic evaluation and traceable outcomes.
Verifiability, attestability, and audit export
- Evidence packets / decision capsules: hashable, immutable bundles that capture inputs, verdicts, and approvals.
- Attestations (DSSE/in-toto, predicates for SBOM/VEX/verdict/reachability; optional Sigstore flows where configured).
- Audit exports for compliance review, incident response, and forensic reconstruction.
Offline-first, sovereign operation
- Built for air-gapped and restricted environments: local databases, offline kits/snapshots, and deterministic replay.
- Regional crypto profiles (eIDAS/FIPS/GOST/SM and related plugin architecture) to avoid compliance lock-in.
Toolchain-agnostic integrations
- Integrates with common SCM/CI/registries/secrets managers through connectors and plugins.
- Works alongside existing pipelines: scan-on-build, gate-on-promotion, re-evaluate on advisory updates.
Core differentiators (the "why Stella" set)
These concepts appear throughout the docs and are the suite's anchor points:
- Signed, replayable risk verdicts: decisions can be re-run deterministically from the same evidence.
- Decision capsules: evidence is packaged for audit, not scattered across logs and screenshots.
- Reachability with portable proofs: exploitability is evidenced, not asserted.
- Smart-diff / semantic risk delta: focus on what materially changed between releases.
- Unknowns as first-class state: uncertainty is tracked and budgeted, not hidden.
- Non-Kubernetes-first: orchestration and evidence for Compose/hosts/agentless targets as a primary use case.
- Digest-first release identity: immutable artifacts, immutable accountability.
For exhaustive capability detail (including planned items), use the Feature Matrix referenced below.
Two levels of documentation
- High-level (canonical): curated guides in
docs/*.md. - Detailed (reference): deep dives under
docs/**(module dossiers, architecture notes, API contracts/samples, runbooks, schemas).
Entry point:docs/technical/README.md.
This documentation set is intentionally consolidated and does not maintain compatibility stubs for old paths.
Start here
Product understanding
| Goal | Open this |
|---|---|
| Understand the suite quickly | overview.md |
| Product operating card | product/release-with-confidence-product-card.md |
| Capability cards | key-features.md |
| Full capability matrix | FEATURE_MATRIX.md |
| Product vision | product/VISION.md |
Getting started
| Goal | Open this |
|---|---|
| First run and basic workflows | quickstart.md |
| Installation guide | INSTALL_GUIDE.md |
| Runtime data assets (ML models, JDK, certs) | ../devops/runtime-assets/README.md |
| Ingest advisories (Concelier + CLI) | CONCELIER_CLI_QUICKSTART.md |
| Console (Web UI) operator guide | UI_GUIDE.md |
| Offline / air-gap operations | OFFLINE_KIT.md |
Architecture
| Goal | Open this |
|---|---|
| Architecture: high-level overview | ARCHITECTURE_OVERVIEW.md |
| Architecture: canonical system overview | 07_HIGH_LEVEL_ARCHITECTURE.md |
| Architecture: platform overview dossier | modules/platform/architecture-overview.md |
| Architecture: full reference map | ARCHITECTURE_REFERENCE.md |
| Architecture: user flows (UML) | technical/architecture/user-flows.md |
| Architecture: module matrix | technical/architecture/module-matrix.md |
| Architecture: data flows | technical/architecture/data-flows.md |
| Architecture: schema mapping | technical/architecture/schema-mapping.md |
| Release Orchestration dossier | modules/release-jobengine/architecture.md |
| Telemetry federation architecture | modules/telemetry/federation-architecture.md |
| Telemetry federation runbook | runbooks/federated-telemetry-operations.md |
| Telemetry federation contracts | contracts/federated-consent-v1.md, contracts/federated-telemetry-v1.md |
Development and operations
| Goal | Open this |
|---|---|
| Develop plugins/connectors | PLUGIN_SDK_GUIDE.md |
| Console UI traversal map | qa/console-ui-traversal-map.md |
| Console UI QA strategy | qa/console-ui-qa-strategy.md |
| Security deployment hardening | SECURITY_HARDENING_GUIDE.md |
| VEX consensus and issuer trust | VEX_CONSENSUS_GUIDE.md |
| Vulnerability Explorer guide | modules/vuln-explorer/VULNERABILITY_EXPLORER_GUIDE.md |
| SBOM determinism guide | sboms/DETERMINISM.md |
| Engineering standards (for implementers) | code-of-conduct/CODE_OF_CONDUCT.md |
| Testing standards (for QA/automation) | code-of-conduct/TESTING_PRACTICES.md |
Detailed indexes
- Technical index (everything):
docs/technical/README.md - End-to-end workflow flows:
docs/flows/ - Module dossiers:
docs/modules/ - API contracts and samples:
docs/api/ - Architecture notes / ADRs:
docs/technical/architecture/,docs/technical/adr/ - Operations and deployment:
docs/operations/ - Air-gap workflows:
docs/modules/airgap/guides/ - Security deep dives:
docs/security/ - Benchmarks and fixtures:
docs/benchmarks/,docs/assets/ - Product advisories:
docs/product/advisories/ - Hybrid diff patching blueprint:
docs/hybrid-diff-patching.md
License and notices
- Project license (BUSL-1.1 + Additional Use Grant):
../LICENSE - Third-party notices:
../NOTICE.md - Legal and licensing index:
docs/legal/README.md - Full dependency inventory:
docs/legal/THIRD-PARTY-DEPENDENCIES.md - Compatibility guidance:
docs/legal/LICENSE-COMPATIBILITY.md - Cryptography compliance:
docs/legal/crypto-compliance-review.md
Design principles (non-negotiable)
- Offline-first: core operations must work in restricted/air-gapped environments.
- Deterministic replay: same inputs yield the same outputs (stable ordering, canonical hashing).
- Evidence-linked decisions: every decision links to concrete evidence artifacts.
- Digest-first identity: releases are immutable OCI digests, not mutable tags.
- Pluggable integrations: connectors and steps are extensible; the core evidence chain stays stable.