stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

docs consolidation and others

Browse Source
This commit is contained in:
master
2026-01-06 19:02:21 +02:00
parent d7bdca6d97
commit 4789027317
849 changed files with 16551 additions and 66770 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/__Libraries/StellaOps.Verdict/PolicyLockGenerator.cs
View File

@@ -18,15 +18,17 @@ namespace StellaOps.Verdict;
public sealed class PolicyLockGenerator : IPolicyLockGenerator
{
private readonly ILogger<PolicyLockGenerator> _logger;
private readonly TimeProvider _timeProvider;
private const string SchemaVersion = "1.0";
private const string EngineVersion = "1.0.0";
// TODO: Inject actual policy repository when available
// private readonly IPolicyRepository _policyRepository;
public PolicyLockGenerator(ILogger<PolicyLockGenerator> logger)
public PolicyLockGenerator(ILogger<PolicyLockGenerator> logger, TimeProvider? timeProvider = null)
{
_logger = logger;
_timeProvider = timeProvider ?? TimeProvider.System;
}
public async ValueTask<PolicyLock> GenerateAsync(
@@ -41,10 +43,10 @@ public sealed class PolicyLockGenerator : IPolicyLockGenerator
var policyLock = new PolicyLock(
SchemaVersion: SchemaVersion,
PolicyVersion: $"{policyId}-{DateTimeOffset.UtcNow:yyyyMMddHHmmss}",
PolicyVersion: $"{policyId}-{_timeProvider.GetUtcNow():yyyyMMddHHmmss}",
RuleHashes: ruleHashes,
EngineVersion: EngineVersion,
GeneratedAt: DateTimeOffset.UtcNow
GeneratedAt: _timeProvider.GetUtcNow()
);
_logger.LogInformation(
@@ -74,7 +76,7 @@ public sealed class PolicyLockGenerator : IPolicyLockGenerator
PolicyVersion: version,
RuleHashes: ruleHashes,
EngineVersion: EngineVersion,
GeneratedAt: DateTimeOffset.UtcNow
GeneratedAt: _timeProvider.GetUtcNow()
);
return policyLock;
@@ -101,7 +103,7 @@ public sealed class PolicyLockGenerator : IPolicyLockGenerator
if (policyLock.RuleHashes.Count == 0)
errors.Add("At least one rule hash is required");
if (policyLock.GeneratedAt > DateTimeOffset.UtcNow.AddMinutes(5))
if (policyLock.GeneratedAt > _timeProvider.GetUtcNow().AddMinutes(5))
errors.Add("GeneratedAt timestamp is in the future");
// TODO: Validate rule hashes against stored policy configurations

8
src/__Libraries/StellaOps.Verdict/VerdictBuilderService.cs
View File

@@ -21,6 +21,7 @@ public sealed class VerdictBuilderService : IVerdictBuilder
{
private readonly ILogger<VerdictBuilderService> _logger;
private readonly IDsseSigner? _signer;
private readonly TimeProvider _timeProvider;
private static readonly JsonSerializerOptions CanonicalJsonOptions = new()
{
WriteIndented = false,
@@ -33,12 +34,15 @@ public sealed class VerdictBuilderService : IVerdictBuilder
/// </summary>
/// <param name="logger">Logger instance</param>
/// <param name="signer">Optional DSSE signer (e.g., KeylessDsseSigner for Fulcio). Null for air-gapped deployments.</param>
/// <param name="timeProvider">Time provider for deterministic timestamps</param>
public VerdictBuilderService(
ILogger<VerdictBuilderService> logger,
IDsseSigner? signer = null)
IDsseSigner? signer = null,
TimeProvider? timeProvider = null)
{
_logger = logger;
_signer = signer;
_timeProvider = timeProvider ?? TimeProvider.System;
if (_signer == null)
{
@@ -73,7 +77,7 @@ public sealed class VerdictBuilderService : IVerdictBuilder
Verdict: verdict,
Dsse: dsse,
Trace: trace,
ComputedAt: DateTimeOffset.UtcNow
ComputedAt: _timeProvider.GetUtcNow()
);
var signingMode = _signer != null ? "signed" : "unsigned (air-gap)";