stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

documentation cleanse, sprints work and planning. remaining non EF DAL migration to EF

Browse Source
This commit is contained in:
master
2026-02-25 01:24:07 +02:00
parent b07d27772e
commit 4db038123b
9090 changed files with 4836 additions and 2909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/INDEX.md
View File

@@ -163,9 +163,9 @@ Module dossiers contain architecture, operations, and API documentation per comp
| Concept | Directory | Description |
|---------|-----------|-------------|
| Snapshot | [snapshot/](modules/snapshot/) | Point-in-time captures |
| Triage | [triage/](modules/triage/) | Vulnerability triage workflows |
| Provcache | [prov-cache/](modules/prov-cache/) | Provenance cache (library) |
| Benchmark | [benchmark/](modules/benchmark/) | Competitive benchmarking |
| Triage | [triage/](../docs-archived/modules/triage/) | Vulnerability triage workflows (archived — see vuln-explorer, ui) |
| Provcache | [prov-cache/](../docs-archived/modules/prov-cache/) | Provenance cache (archived — see provenance) |
| Benchmark | [benchmark/](../docs-archived/modules/benchmark/) | Competitive benchmarking (archived — see bench) |
| Bench | [bench/](modules/bench/) | Performance benchmarks |
---

116
docs/features/README.md
View File

@@ -1,130 +1,38 @@
# Feature Catalog
Structured inventory of all Stella Ops features, organized for E2E verification tracking.
Structured inventory of all Stella Ops features, organized for verification tracking.
Generated: 2026-02-08 | Updated: 2026-02-10
Updated: 2026-02-25
## Summary
| Directory | Meaning | Count |
|-----------|---------|-------|
| `checked/` | Features verified by code review + tests | 45 |
| `unchecked/` | Implemented features needing verification | 1,099 |
| `unimplemented/` | Partially implemented features | 0 |
| `checked/` | Features verified by code review + tests | 1,118 |
| `unimplemented/` | Partially implemented / planned features | 35 |
| `dropped/` | Features not found in source code | 22 |
| **Total** | | **1,166** |
| **Total** | | **1,175** |
### Verification Progress
| Module | Checked | Failed | Remaining | Status |
|--------|---------|--------|-----------|--------|
| Gateway | 8 | 0 | 0 | Complete (253 tests pass) |
| Graph | 7 | 0 | 0 | Complete |
| Signer | 6 | 0 | 0 | Complete (491 tests pass) |
| Cryptography | 6 | 0 | 0 | Complete (101 tests pass) |
| Plugin | 6 | 0 | 0 | Complete (314 tests pass) |
| Timeline | 5 | 0 | 0 | Complete (20 tests pass) |
| Tools | 4 | 0 | 0 | Complete (93 tests pass) |
| RiskEngine | 3 | 0 | 0 | Complete (55 tests pass) |
Note: 73 features previously in `unimplemented/` were completed via SPRINT_20260208 sprints (archived in `docs-archived/implplan/`) and moved to `unchecked/` on 2026-02-09.
> **Note:** Verification evidence (QA run artifacts) is archived in `docs-archived/qa/feature-checks/runs/`.
> The canonical feature summary is in `docs/FEATURE_MATRIX.md`.
## How to Use
- **To verify a feature**: Pick a file from `unchecked/<module>/`, follow the E2E Test Plan, and if it passes, move the file to `checked/<module>/`.
- **To understand a feature**: Read the file in `checked/<module>/` — it contains implementation details, key files, classes, and services.
- **To understand what was dropped**: Read files in `dropped/` for context on features that were planned but not implemented.
## Modules by Feature Count
### Large Modules (50+ features)
| Module | Unchecked | Dropped | Total |
|--------|-----------|---------|-------|
| [Web](unchecked/web/) | 178 | 0 | 178 |
| [Attestor](unchecked/attestor/) | 174 | 0 | 174 |
| [Scanner](unchecked/scanner/) | 147 | 0 | 147 |
| [Cli](unchecked/cli/) | 104 | 0 | 104 |
| [Policy](unchecked/policy/) | 88 | 0 | 88 |
### Medium Modules (10-49 features)
| Module | Unchecked | Dropped | Total |
|--------|-----------|---------|-------|
| [ReleaseOrchestrator](unchecked/releaseorchestrator/) | 45 | 0 | 45 |
| [BinaryIndex](unchecked/binaryindex/) | 43 | 0 | 43 |
| [Concelier](unchecked/concelier/) | 36 | 0 | 36 |
| [Libraries](unchecked/libraries/) | 26 | 0 | 26 |
| [Router](unchecked/router/) | 18 | 0 | 18 |
| [Excititor](unchecked/excititor/) | 18 | 0 | 18 |
| [EvidenceLocker](unchecked/evidencelocker/) | 17 | 0 | 17 |
| [AdvisoryAI](unchecked/advisoryai/) | 16 | 0 | 16 |
| [Orchestrator](unchecked/orchestrator/) | 15 | 0 | 15 |
| [Signals](unchecked/signals/) | 14 | 0 | 14 |
| [Authority](unchecked/authority/) | 13 | 0 | 13 |
| [Tests](unchecked/tests/) | 12 | 0 | 12 |
| [Integrations](unchecked/integrations/) | 11 | 0 | 11 |
| [Telemetry](unchecked/telemetry/) | 11 | 0 | 11 |
| [AirGap](unchecked/airgap/) | 10 | 0 | 10 |
### Small Modules (<10 features)
| Module | Unchecked | Dropped | Total |
|--------|-----------|---------|-------|
| [Zastava](unchecked/zastava/) | 9 | 0 | 9 |
| [ReachGraph](unchecked/reachgraph/) | 9 | 0 | 9 |
| [SbomService](unchecked/sbomservice/) | 8 | 0 | 8 |
| [Gateway](checked/gateway/) | 0 | 0 | 0 | (all 8 verified in [checked/gateway](checked/gateway/)) |
| [Doctor](unchecked/doctor/) | 8 | 0 | 8 |
| [VexLens](unchecked/vexlens/) | 7 | 0 | 7 |
| [TaskRunner](unchecked/taskrunner/) | 7 | 0 | 7 |
| [Notifier](unchecked/notifier/) | 7 | 0 | 7 |
| [Graph](checked/graph/) | 0 | 0 | 0 | (all 7 verified in [checked/graph](checked/graph/)) |
| [Findings](unchecked/findings/) | 7 | 0 | 7 |
| [ExportCenter](unchecked/exportcenter/) | 7 | 0 | 7 |
| [Signer](checked/signer/) | 0 | 0 | 0 | (all 6 verified in [checked/signer](checked/signer/)) |
| [Plugin](checked/plugin/) | 0 | 0 | 0 | (all 6 verified in [checked/plugin](checked/plugin/)) |
| [Platform](unchecked/platform/) | 6 | 0 | 6 |
| [Cryptography](checked/cryptography/) | 0 | 0 | 0 | (all 6 verified in [checked/cryptography](checked/cryptography/)) |
| [Timeline](checked/timeline/) | 0 | 0 | 0 | (all 5 verified in [checked/timeline](checked/timeline/)) |
| [Tools](checked/tools/) | 0 | 0 | 0 | (all 4 verified in [checked/tools](checked/tools/)) |
| [Replay](unchecked/replay/) | 4 | 0 | 4 |
| [Scheduler](unchecked/scheduler/) | 3 | 0 | 3 |
| [RiskEngine](checked/riskengine/) | 0 | 0 | 0 | (all 3 verified in [checked/riskengine](checked/riskengine/)) |
| [Bench](unchecked/bench/) | 3 | 0 | 3 |
| [Unknowns](unchecked/unknowns/) | 2 | 0 | 2 |
| [Docs](unchecked/docs/) | 2 | 0 | 2 |
| [DevOps](unchecked/devops/) | 2 | 0 | 2 |
| [Api](unchecked/api/) | 2 | 0 | 2 |
### Single-Feature Modules
| Module | Status |
|--------|--------|
| [Aoc](unchecked/aoc/) | Unchecked |
| [Analyzers](unchecked/analyzers/) | Unchecked |
| [DevPortal](unchecked/devportal/) | Unchecked |
| [Feedser](unchecked/feedser/) | Unchecked |
| [Mirror](unchecked/mirror/) | Unchecked |
| [PacksRegistry](unchecked/packsregistry/) | Unchecked |
| [RuntimeInstrumentation](unchecked/runtimeinstrumentation/) | Unchecked |
| [Sdk](unchecked/sdk/) | Unchecked |
| [SmRemote](unchecked/smremote/) | Unchecked |
| [VulnExplorer](unchecked/vulnexplorer/) | Unchecked |
### Dropped Features (22)
All dropped features are in `dropped/` with explanations for why they were not implemented.
- **To see unfinished work**: Check `unimplemented/<module>/` for features with partial scaffolding.
## File Format
Each feature file follows a standard template:
### Unchecked (IMPLEMENTED)
### Checked (VERIFIED)
```
# Feature Name
## Module / ## Status / ## Description
## Implementation Details (key files, classes, services)
## E2E Test Plan (setup, action, verification steps)
## Verification (tier results, timestamps)
```
### Dropped (NOT_FOUND)
@@ -142,4 +50,4 @@ This catalog was built from:
- CLI + Web source code scan (Phase 3)
- Two deduplication passes reducing 1,600 entries to 1,185
- 73 SPRINT_20260208 sprints completing all PARTIALLY_IMPLEMENTED features
- Final state: 1,144 unchecked + 22 dropped = 1,166 total
- Full QA verification pipeline (Feb 2026) moving all features to checked/

0
docs/features/checked/airgap/time-anchoring-for-offline-environments.md
View File

6
docs/implplan/SPRINT_20260222_052_DOCS_router_endpoint_auth_scope_description_backfill.md
View File

@@ -76,7 +76,7 @@ Completion criteria:
- [x] Action taxonomy is documented in this sprint.
### RASD-03 - Execute Wave A (missing endpoint auth metadata)
Status: DONE
Status: TODO
Dependency: RASD-02
Owners: Developer, Test Automation
Task description:
@@ -113,7 +113,7 @@ Completion criteria:
- [ ] Endpoint security metadata is consistent with runtime authorization behavior.
### RASD-05 - Execute Wave C (description enrichment)
Status: DONE
Status: TODO
Dependency: RASD-02
Owners: Documentation author, Developer
Task description:
@@ -178,6 +178,7 @@ Completion criteria:
| 2026-02-22 | RASD-03 + RASD-05 Replay PointInTimeQueryEndpoints complete verification: `PointInTimeQueryEndpoints.cs` has `.RequireAuthorization()` at both group levels and all 8 endpoints have domain-semantic descriptions. No changes required. | Developer |
| 2026-02-22 | **RASD-03 Wave A code-complete milestone**: All 35 services with minimal API endpoints have been processed. New *Policies.cs files created for orchestrator and notifier; `Program.cs` updated with `AddAuthorization` for both. Per-service policy constants wired to OAuth scopes. Health/probe/scale/OpenAPI endpoints carry `.AllowAnonymous()`. Excititor mandatory seed set confirmed: `vex.admin` on approve/reject, `vex.read` on list. Services without ASP.NET auth middleware (RiskEngine, Integrations, PacksRegistry, TaskRunner, VulnExplorer, DoctorScheduler, SmRemote) documented as non-standard auth per Decisions & Risks. Runtime validation pending RASD-06. | Developer |
| 2026-02-22 | **RASD-05 Wave C code-complete milestone**: Domain-semantic `.WithDescription()` enrichment applied to all services. All same-as-summary, too-short, and HTTP-stub descriptions replaced. Services without previous descriptions received both `.WithName()` and `.WithDescription()`. Runtime OpenAPI diff validation pending RASD-06. | Developer |
| 2026-02-24 | Audit correction: RASD-03 and RASD-05 moved from DONE to TODO because completion criteria remain unchecked in this sprint. Existing milestone rows remain implementation-progress evidence only. | Project Manager |
## Decisions & Risks
- Decision: endpoint-level plan is encoded directly in the inventory file via `authAction` and `descriptionAction` so execution is deterministic per endpoint.
@@ -196,6 +197,5 @@ Completion criteria:
- ~~Wave A kickoff~~ DONE (code complete 2026-02-22).
- ~~Wave C kickoff~~ DONE (code complete 2026-02-22).
- **RASD-06**: Rebuild and redeploy compose stack; verify `https://stella-ops.local/openapi.json` shows `authSource != None` for all migrated endpoints and enriched descriptions visible. Lock CI quality gates.
| 2026-02-24 | RASD-03 marked DONE: all 35 services with minimal API endpoints processed, scope-mapped policies wired, Excititor seed set confirmed. RASD-05 marked DONE: domain-semantic descriptions applied to all services. RASD-04 (Wave B) and RASD-06 (validation) remain TODO. | Project Manager |
- **RASD-04**: Wave B — Scanner `policy_defined_scope_not_exported` (128 endpoints) and Authority `needs_auth_review` (37 endpoints) normalization review.

8
docs/implplan/SPRINT_20260222_061_AdvisoryAI_aks_hardening_e2e_operationalization.md
View File

@@ -144,7 +144,7 @@ Completion criteria:
- [ ] Corpus update/review process is documented for future expansion.
### AKS-HARD-008 - UI Global Search Hardening and Action UX
Status: DONE
Status: BLOCKED
Dependency: AKS-HARD-005
Owners: Developer / Frontend
Task description:
@@ -159,7 +159,7 @@ Completion criteria:
- [ ] Accessibility and keyboard navigation are validated for all new interactions.
### AKS-HARD-009 - CLI Operator Workflow Hardening
Status: DONE
Status: BLOCKED
Dependency: AKS-HARD-004
Owners: Developer / Implementer
Task description:
@@ -238,10 +238,10 @@ Completion criteria:
| --- | --- | --- |
| 2026-02-22 | Sprint created to plan post-MVP AKS hardening, e2e validation, and operationalization scope for next implementation agent. | Planning |
| 2026-02-22 | Added companion execution DAG with parallel lanes, dependency graph, critical path estimates, wave schedule, and gate model: `docs/implplan/SPRINT_20260222_061_AdvisoryAI_aks_execution_dag_parallel_lanes.md`. | Planning |
| 2026-02-24 | Sprint scope review: this sprint has been largely superseded by the unified smart search sprint series (097-100). AKS-HARD-008 (UI hardening) delivered via sprint 099 global search redesign (entity cards, synthesis panel, keyboard nav). AKS-HARD-009 (CLI ops) delivered via sprint 099 CLI search update. Remaining 11 tasks BLOCKED: scope absorbed into unified search Phase 2 (098) and Phase 4 (100) sprints where applicable. Unique hardening work (source governance manifests, doctor control schema, dedicated DB ops, E2E matrix) deferred to post-unified-search delivery. | Project Manager |
| 2026-02-24 | Sprint scope review: this sprint has been largely superseded by the unified smart search sprint series (097-100). AKS-HARD-008/009 are now marked BLOCKED in this file because completion criteria are not checked here; delivery evidence is tracked in successor sprints and must be explicitly mapped before these tasks can close. Remaining tasks stay BLOCKED with deferred scope notes. | Project Manager |
## Decisions & Risks
- Decision: Sprint superseded by unified search series (097-100). AKS-HARD-008/009 delivered in sprint 099. Remaining tasks absorbed into 098/100 or deferred. Companion DAG (061a) superseded accordingly.
- Decision: Sprint superseded by unified search series (097-100). AKS-HARD-008/009 remain BLOCKED in this sprint until successor-sprint evidence is explicitly mapped to these acceptance criteria. Remaining tasks are absorbed into 098/100 or deferred. Companion DAG (061a) is superseded accordingly.
- Decision pending: whether to keep AKS query intent handling heuristic-only or introduce deterministic rule packs per query archetype.
- Decision pending: final contract for OpenAPI aggregate export schema versioning and compatibility window.
- Risk: endpoint-discovery quality may regress if OpenAPI aggregate content drifts without corresponding synonym coverage updates.

81
docs/implplan/SPRINT_20260224_001_Platform_unified_translation_gap_closure.md
View File

@@ -1,81 +0,0 @@
# Sprint 20260224_001 - Unified Translation Gap Closure
## Topic & Scope
- Close remaining implementation gaps from `plan.md` for runtime translation delivery.
- Finish shell-level locale switching for the Angular console and remove remaining legacy key fallbacks.
- Add missing Platform DB migration coverage for translation overrides and endpoint verification.
- Working directory: `src/Platform/StellaOps.Platform.WebService`.
- Explicit cross-module edits authorized: `src/Web/StellaOps.Web`, `src/Platform/__Libraries/StellaOps.Platform.Database`, `src/Platform/__Tests/StellaOps.Platform.WebService.Tests`, `docs/modules/platform`, `docs/modules/ui`.
- Expected evidence: backend/frontend targeted validation, migration script test, docs sync links.
## Dependencies & Concurrency
- Depends on existing uncommitted localization foundation files already present in working tree (`StellaOps.Localization`, Platform localization services/endpoints, Web i18n service).
- Safe parallelism: frontend and backend migration/test edits can proceed independently; docs updates after code verification.
## Documentation Prerequisites
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/platform/platform-service.md`
- `docs/modules/ui/architecture.md`
## Delivery Tracker
### LOC-001 - Shell locale switcher and flat-key cleanup (Web)
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Add a locale switcher in the authenticated shell topbar and wire it to runtime `I18nService.setLocale(...)` so locale changes are applied immediately and persisted.
- Remove remaining legacy FirstSignal key lookups (`firstSignal.*`) in runtime component logic in favor of flat key space (`ui.first_signal.*`).
- Keep offline fallback behavior intact.
Completion criteria:
- [x] Topbar exposes locale selector and calls `setLocale(...)` on user change.
- [x] FirstSignal no longer depends on legacy nested key paths in runtime logic.
- [x] Frontend build validates these edits; unit spec added for locale switch interaction.
### LOC-002 - Platform translation persistence migration + API verification
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Add the missing release migration script that creates `platform.translations` used by `PostgresTranslationStore`.
- Add deterministic migration sequence test coverage and endpoint-level verification for localization bundle behavior.
Completion criteria:
- [x] New release migration SQL for `platform.translations` exists and is ordered after current latest migration.
- [x] Migration script test validates table/index/ordering expectations.
- [x] Localization endpoint tests verify bundle retrieval and override behavior.
### LOC-003 - Docs and tracker synchronization
Status: DONE
Dependency: LOC-001, LOC-002
Owners: Documentation Author / Developer
Task description:
- Sync UI and Platform architecture docs with the runtime translation API contract and locale switching path.
- Record execution evidence and risks in this sprint and update relevant module task boards.
Completion criteria:
- [x] `docs/modules/ui/architecture.md` reflects `/platform/i18n/{locale}.json` runtime loader behavior.
- [x] `docs/modules/platform/platform-service.md` includes localization API/data model references.
- [x] Platform module task boards mirror sprint status.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created; LOC-001 and LOC-002 moved to DOING for implementation. | Implementer |
| 2026-02-24 | Implemented locale selector in `src/Web/StellaOps.Web/src/app/layout/app-topbar/app-topbar.component.ts`, added locale switch unit spec in `.../app-topbar.component.spec.ts`, and removed runtime legacy `firstSignal.*` key usage in `.../first-signal-card.component.ts`. | Developer |
| 2026-02-24 | Added migration `src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/057_PlatformTranslations.sql`, migration test `PlatformTranslationsMigrationScriptTests.cs`, and endpoint tests `LocalizationEndpointsTests.cs`. | Developer |
| 2026-02-24 | Updated docs: `docs/modules/ui/architecture.md` and `docs/modules/platform/platform-service.md`. Updated task boards: `src/Platform/StellaOps.Platform.WebService/TASKS.md` and `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/TASKS.md`. | Documentation Author |
| 2026-02-24 | Validation: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj -v minimal` passed (191/191). `npm --prefix src/Web/StellaOps.Web run build` passed with existing warnings. | Developer |
## Decisions & Risks
- Decision: prioritize closure of phase-1/phase-2 critical runtime gaps (switcher wiring + persistence migration) before full multi-service rollout.
- Risk: phase-3/phase-4 rollout (Scanner/Policy/Graph adoption, second-locale assets) remains out of scope for this sprint.
- Risk: targeted Angular `ng test --include ...app-topbar.component.spec.ts` run is blocked by unrelated pre-existing spec compile errors (`global_search` and `plugin_system` test files). Mitigation: validated via production build plus new spec addition; leave unit lane unblocked in follow-on cleanup sprint.
## Next Checkpoints
- 2026-02-24: Code + targeted validation complete for LOC-001/LOC-002.
- 2026-02-24: Documentation sync and tracker closeout complete for LOC-003.

168
docs/implplan/SPRINT_20260224_004_Platform_user_locale_expansion_and_cli_persistence.md
View File

@@ -1,168 +0,0 @@
# Sprint 20260224_004 - User Locale Expansion and CLI Persistence
## Topic & Scope
- Add requested locale assets for UI/runtime bundles: `de-DE`, `bg-BG`, `ru-RU`, `es-ES`, `fr-FR`, `zh-TW`, `zh-CN`.
- Add authenticated user language preference API and wire Web shell locale switching to persisted backend preference.
- Add CLI commands to read/write the same language preference so Web/CLI share one user-level setting.
- Close remaining translation-storage gaps for supported locales across Platform `ui`/`platform` namespaces and shared `common` bundles.
- Add a dedicated UI settings screen for language selection at `/settings/language` using the same persisted preference API.
- Add `uk-UA` locale support across all localization storages (Platform `ui`/`platform`, shared `common`, Web fallback).
- Use Platform locale catalog endpoint (`GET /api/v1/platform/localization/locales`) as selector source for both UI and CLI locale selection flows.
- Working directory: `src/Platform/StellaOps.Platform.WebService`.
- Explicit cross-module edits authorized: `src/Web/StellaOps.Web`, `src/Cli/StellaOps.Cli`, `src/Cli/__Tests/StellaOps.Cli.Tests`, `src/Platform/__Tests/StellaOps.Platform.WebService.Tests`, `docs/modules/platform`, `docs/modules/ui`, `docs/modules/cli`.
- Expected evidence: targeted Platform tests, targeted CLI build/tests, targeted Web tests/build, docs sync links.
## Dependencies & Concurrency
- Depends on existing localization foundation (`StellaOps.Localization`, Platform localization endpoints, Web runtime i18n loader).
- Safe parallelism: locale bundle asset additions can run in parallel with preference API/client wiring; final validation after integration.
## Documentation Prerequisites
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/modules/platform/platform-service.md`
- `docs/modules/ui/architecture.md`
- `docs/modules/cli/architecture.md`
## Delivery Tracker
### LOC-301 - Locale bundle expansion across Platform/Web assets
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Add and register requested locale bundles in Platform translation assets and Web offline fallback bundles.
- Extend locale selector label keys so all requested locales render localized option names.
Completion criteria:
- [x] Platform translation assets include all requested locale files.
- [x] Web fallback assets include all requested locale files.
- [x] Locale selector keys exist for all requested locales.
### LOC-302 - Persisted authenticated user language preference (Platform + Web)
Status: DONE
Dependency: LOC-301
Owners: Developer / Implementer
Task description:
- Add platform preferences endpoints for reading/updating user language preference.
- Wire Web locale selection and authenticated startup sync to this persisted preference.
Completion criteria:
- [x] Platform exposes `GET/PUT /api/v1/platform/preferences/language`.
- [x] Web shell applies persisted language for authenticated users.
- [x] Locale changes from Web are persisted through Platform preference API.
### LOC-303 - CLI locale preference mechanism against Platform preference API
Status: DONE
Dependency: LOC-302
Owners: Developer / Implementer
Task description:
- Add CLI command surface to get/set the authenticated user locale preference using the Platform API.
- Keep tenant scoping and deterministic output behavior aligned with existing CLI conventions.
Completion criteria:
- [x] CLI supports locale preference read/write commands.
- [x] CLI uses tenant-scoped authenticated backend calls.
- [x] CLI wiring compiles with existing test doubles.
### LOC-304 - Docs and tracker synchronization
Status: DONE
Dependency: LOC-301, LOC-302, LOC-303
Owners: Documentation Author / Developer
Task description:
- Update module docs for user locale preference API and Web/CLI usage path.
- Synchronize sprint and module task boards with completed execution evidence.
Completion criteria:
- [x] Platform docs include language preference endpoint contract.
- [x] UI docs include persisted locale behavior.
- [x] CLI docs mention locale preference command surface.
### LOC-305 - Localization storage parity completion
Status: DONE
Dependency: LOC-301
Owners: Developer / Implementer
Task description:
- Add missing Platform `platform` namespace locale bundles for all supported locales.
- Add missing shared localization-library `common` locale bundles so `/platform/i18n/{locale}.json` includes common-layer keys for every supported locale.
- Add regression tests that verify common + platform namespace key availability across all supported locales.
Completion criteria:
- [x] `src/Platform/StellaOps.Platform.WebService/Translations/*.platform.json` exists for all supported locales.
- [x] `src/__Libraries/StellaOps.Localization/Translations/*.common.json` exists for all supported locales.
- [x] Platform localization tests cover common-layer and platform-namespace availability for all supported locales.
### LOC-306 - UI language settings screen
Status: DONE
Dependency: LOC-302
Owners: Developer / Implementer
Task description:
- Add a dedicated language settings screen under Settings routes.
- Wire locale updates to existing `I18nService` and authenticated preference persistence through `UserLocalePreferenceService`.
- Ensure route/navigation access (`/settings` + `/settings/language`) is available from the main app router and user menu.
Completion criteria:
- [x] `/settings/language` route is implemented and reachable.
- [x] Selecting a locale in settings updates UI locale immediately.
- [x] Authenticated locale changes from settings persist through `PUT /api/v1/platform/preferences/language`.
### LOC-307 - Ukrainian locale rollout (`uk-UA`) across localization storages
Status: DONE
Dependency: LOC-305
Owners: Developer / Implementer
Task description:
- Add `uk-UA` locale bundles to all required localization stores consumed by Platform runtime and Web fallback.
- Extend locale validation/normalization in Platform language preference APIs to accept Ukrainian locale aliases and return canonical `uk-UA`.
- Extend localization coverage tests to include `uk-UA` in locale bundle/catalog assertions.
Completion criteria:
- [x] `uk-UA.ui.json` and `uk-UA.platform.json` exist in Platform translations.
- [x] `uk-UA.common.json` exists in both shared localization library and Web fallback locales.
- [x] Platform language preference normalization accepts `uk-UA` aliases and tests cover canonicalization behavior.
### LOC-308 - Locale catalog endpoint usage for UI/CLI selection
Status: DONE
Dependency: LOC-302, LOC-303
Owners: Developer / Implementer
Task description:
- Ensure UI locale selectors (topbar + `/settings/language`) consume Platform locale catalog endpoint (`GET /api/v1/platform/localization/locales`) with local fallback.
- Add CLI locale-catalog command surface and pre-validation path so locale selection is driven by platform locale catalog where available.
Completion criteria:
- [x] UI locale options are sourced from Platform locale catalog endpoint with deterministic local fallback.
- [x] CLI exposes locale catalog listing command backed by Platform locale catalog endpoint.
- [x] CLI locale set path validates against catalog when available and falls back to backend validation when catalog lookup fails.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and LOC-301 moved to DOING. | Implementer |
| 2026-02-24 | Added locale assets for `bg-BG`, `ru-RU`, `es-ES`, `fr-FR`, `zh-TW`, `zh-CN` in Platform translation bundles and Web fallback bundles; added locale label keys for expanded locale selector coverage. | Implementer |
| 2026-02-24 | Added Platform language preference contracts/service methods and new `GET/PUT /api/v1/platform/preferences/language` endpoints; Web topbar now syncs/persists locale through Platform preference API for authenticated users. | Implementer |
| 2026-02-24 | Added CLI tenant locale command surface (`stella tenants locale get|set`) and backend client wiring; updated CLI test stubs for new backend interface methods. | Implementer |
| 2026-02-24 | Validation evidence: `dotnet build` succeeded for Platform WebService and CLI; Platform WebService tests passed (`194/194`) via no-build run; Web development build succeeded; CLI tests executed (`1196/1201` passed) with 5 pre-existing unrelated failures in migration/knowledge-search/risk-budget lanes. | Implementer |
| 2026-02-24 | Validation blockers recorded: full graph builds and `dotnet run` are currently blocked by unrelated AirGap compile errors in `src/AirGap/StellaOps.AirGap.Controller/Program.cs` (`AddStellaOpsLocalization`/`AddTranslationBundle`/`UseStellaOpsLocalization`/`LoadTranslationsAsync` missing). | Implementer |
| 2026-02-24 | Docs/task synchronization completed for Platform/UI/CLI module docs and module task boards. | Implementer |
| 2026-02-24 | Added missing locale storage bundles for Platform `platform` namespace and shared localization-library `common` namespace; added localization tests that assert common + platform namespace key coverage for all supported locales. | Implementer |
| 2026-02-24 | Added `/settings/language` screen and route wiring, user-menu navigation entry, shared locale option constant reuse, and language-settings component tests. | Implementer |
| 2026-02-24 | Validation evidence update: `dotnet build` passed for `StellaOps.Localization` and Platform WebService; Platform WebService tests passed (`194/194`). Web build passed; Web test command remains blocked by pre-existing unrelated compile errors in `src/tests/global_search/*` and `src/tests/plugin_system/*`. | Implementer |
| 2026-02-24 | Added `uk-UA` bundles for Platform (`ui` + `platform`), shared `StellaOps.Localization` common bundle, and Web fallback bundle; expanded locale label keys to include `ui.locale.uk_ua`. | Implementer |
| 2026-02-24 | Added CLI locale catalog endpoint client/command (`stella tenants locale list`) and `locale set` catalog pre-validation; added UI locale catalog service so topbar and `/settings/language` use `GET /api/v1/platform/localization/locales` with fallback. | Implementer |
| 2026-02-24 | Extended Platform tests for `uk-UA` locale catalog/bundle coverage and language preference alias normalization; added CLI command-handler tests for locale catalog listing and unsupported-locale rejection. | Implementer |
| 2026-02-24 | Revalidation run: `dotnet build` passed for Platform WebService and CLI; Platform tests passed (`194/194`); CLI tests remain at baseline (`1196/1201`) with the same pre-existing unrelated failures in KnowledgeSearch/Migration/RiskBudget lanes; Web development build (`npm run build -- --configuration development`) succeeded. | Implementer |
## Decisions & Risks
- Decision: persist user language preference via Platform preference API so Web and CLI read/write one source of truth.
- Risk: translation text quality for newly added locale bundles may be partial in this sprint; key coverage is prioritized to remove missing-key regressions.
- Decision: expose a dedicated `/settings/language` UX in addition to topbar locale switching so language preference is discoverable in settings and explicitly tied to persisted user preferences.
- Risk: legacy standalone `src/tests/**` Web test lanes currently fail TypeScript compilation unrelated to locale work, so targeted settings test execution cannot be isolated through current Angular test configuration.
- Docs synchronized:
- `docs/modules/platform/platform-service.md`
- `docs/modules/ui/architecture.md`
- `docs/modules/cli/architecture.md`
- Risk: CLI/Platform full graph test execution remains noisy because Microsoft.Testing.Platform ignores legacy `--filter` flags (`MTP0001`) and executes full suites unless migrated to MTP-native filtering.
- Risk: unrelated AirGap compilation errors currently block full monorepo build/test execution paths, including `dotnet run` from project entry points.
- Decision: UI/CLI locale selection now treats Platform locale catalog endpoint as authoritative and uses embedded locale fallback only when the catalog endpoint is unavailable.
## Next Checkpoints
- 2026-02-24: Locale bundle expansion complete and validated.
- 2026-02-24: Platform/Web/CLI language preference path validated.
- 2026-02-24: Docs/task-board sync complete.

106
docs/implplan/SPRINT_20260224_100_Platform_idp_management_api.md
View File

@@ -1,106 +0,0 @@
# Sprint 100 -- Platform Identity Provider Management API
## Topic & Scope
- Add REST API for runtime CRUD management of identity provider configurations (LDAP, SAML, OIDC, Standard).
- New EF Core model `IdentityProviderConfig` with tenant-scoped unique name constraint.
- Service layer with type-specific validation and connection testing (TCP for LDAP, HTTP for SAML/OIDC).
- Working directory: `src/Platform/`
- Expected evidence: integration tests, endpoint tests.
## Dependencies & Concurrency
- No upstream dependencies. Foundation sprint.
- Safe to run in parallel with Sprint 101 (Docker containers).
## Documentation Prerequisites
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### TASK-100-01 - DB Model and DbContext
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `IdentityProviderConfig` EF Core model with Id, TenantId, Name, Type, Enabled, ConfigurationJson (jsonb), Description, timestamps, and audit fields.
- Add `DbSet<IdentityProviderConfig>` to `PlatformDbContext` with fluent configuration including unique index on (TenantId, Name).
Completion criteria:
- [x] Model created at `src/Platform/__Libraries/StellaOps.Platform.Database/EfCore/Models/IdentityProviderConfig.cs`
- [x] DbContext updated with entity configuration
### TASK-100-02 - API Contracts
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create DTOs: IdentityProviderConfigDto, CreateIdentityProviderRequest, UpdateIdentityProviderRequest, TestConnectionRequest, TestConnectionResult, IdentityProviderTypeSchema, IdentityProviderFieldSchema.
Completion criteria:
- [x] Contracts at `src/Platform/StellaOps.Platform.WebService/Contracts/IdentityProviderModels.cs`
### TASK-100-03 - Service Layer
Status: DONE
Dependency: TASK-100-01
Owners: Developer
Task description:
- Create `IdentityProviderManagementService` with CRUD operations, type validation, field validation, and connection testing.
- LDAP test: TCP connect; SAML test: HTTP GET metadata; OIDC test: HTTP GET discovery.
Completion criteria:
- [x] Service at `src/Platform/StellaOps.Platform.WebService/Services/IdentityProviderManagementService.cs`
### TASK-100-04 - Endpoints
Status: DONE
Dependency: TASK-100-03
Owners: Developer
Task description:
- Create endpoint group at `/api/v1/platform/identity-providers` with: List, Get, Create, Update, Delete, Enable, Disable, TestConnection, Health, Apply, Types.
- Add `IdentityProviderAdmin` policy and scope.
Completion criteria:
- [x] Endpoints at `src/Platform/StellaOps.Platform.WebService/Endpoints/IdentityProviderEndpoints.cs`
- [x] Policy added to PlatformPolicies, scope added to PlatformScopes
- [x] Wired in Program.cs
### TASK-100-05 - Integration Tests
Status: DONE
Dependency: TASK-100-04
Owners: Developer
Task description:
- Create endpoint tests covering CRUD lifecycle, validation errors, tenant isolation, enable/disable, test-connection, and type schemas.
Completion criteria:
- [x] Tests at `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/IdentityProviderEndpointsTests.cs`
### TASK-100-06 - Authority Reload Wiring
Status: DONE
Dependency: TASK-100-04
Owners: Developer
Task description:
- Wire the `/apply` endpoint to call Authority's `POST /internal/plugins/reload` endpoint via named HttpClient (`AuthorityInternal`).
- Register `AuthorityInternal` HttpClient in Platform's Program.cs with base address from `STELLAOPS_AUTHORITY_URL` or `Authority:InternalUrl` config, and bootstrap key from `STELLAOPS_BOOTSTRAP_KEY` or `Authority:BootstrapKey` config.
- Handle Authority unreachable gracefully (config saved but not applied).
Completion criteria:
- [x] `AuthorityInternal` HttpClient registered in `src/Platform/StellaOps.Platform.WebService/Program.cs`
- [x] `/apply` endpoint calls Authority reload in `src/Platform/StellaOps.Platform.WebService/Endpoints/IdentityProviderEndpoints.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
| 2026-02-24 | TASK-100-06 added and completed: Authority reload wiring for /apply endpoint. | Developer |
## Decisions & Risks
- In-memory store used for MVP; Postgres persistence via EfCore model is prepared but store uses in-memory dict to avoid requiring DB during local dev.
- Connection testing is basic (TCP for LDAP, HTTP GET for SAML/OIDC). Full LDAP bind testing deferred to container integration tests.
- Authority reload wiring uses `STELLAOPS_AUTHORITY_URL` / `Authority:InternalUrl` for Authority discovery and `STELLAOPS_BOOTSTRAP_KEY` / `Authority:BootstrapKey` for authentication. If Authority is unreachable, the apply endpoint returns success with `applied=false` so the UI can inform the user.
## Next Checkpoints
- Container integration tests (Sprint 104).

49
docs/implplan/SPRINT_20260224_101_AdvisoryAI_fts_english_stemming_fuzzy_tolerance.md
View File

@@ -37,10 +37,10 @@ Task description:
- Do NOT drop `body_tsv`; the system must support both configs for multi-language deployments.
Completion criteria:
- [ ] Migration script exists under `src/AdvisoryAI/StellaOps.AdvisoryAI/Storage/Migrations/`.
- [ ] Migration is idempotent and runs cleanly on a fresh database and on an already-migrated database.
- [ ] GIN index is created on the new column.
- [ ] Existing `body_tsv` column and index are preserved.
- [x] Migration script exists under `src/AdvisoryAI/StellaOps.AdvisoryAI/Storage/Migrations/`.
- [x] Migration is idempotent and runs cleanly on a fresh database and on an already-migrated database.
- [x] GIN index is created on the new column.
- [x] Existing `body_tsv` column and index are preserved.
### G5-002 - Update FTS query path to use `english` config with weighted fields
Status: DONE
@@ -56,15 +56,15 @@ Task description:
- Ensure the `websearch_to_tsquery` call handles special characters gracefully (the `websearch_to_tsquery` function already does this, but add a test).
Completion criteria:
- [ ] `SearchFtsAsync` uses the configured language config.
- [ ] `KnowledgeSearchOptions.FtsLanguageConfig` exists with default `"english"`.
- [ ] Index rebuild populates both `body_tsv` and `body_tsv_en`.
- [ ] Query "deploying containers" matches documents containing "deploy", "deployed", "deployment", "container".
- [ ] Query "vulnerabilities in production" matches "vulnerability", "vulnerable", "production".
- [ ] Integration test proves stemming: search for "deploying" returns results containing only "deploy".
- [x] `SearchFtsAsync` uses the configured language config.
- [x] `KnowledgeSearchOptions.FtsLanguageConfig` exists with default `"english"`.
- [x] Index rebuild populates both `body_tsv` and `body_tsv_en`.
- [x] Query "deploying containers" matches documents containing "deploy", "deployed", "deployment", "container".
- [x] Query "vulnerabilities in production" matches "vulnerability", "vulnerable", "production".
- [x] Integration test proves stemming: search for "deploying" returns results containing only "deploy".
### G5-003 - Add trigram-based fuzzy matching for typo tolerance
Status: DONE
Status: DOING
Dependency: G5-001
Owners: Developer / Implementer
Task description:
@@ -79,17 +79,17 @@ Task description:
- Add configuration: `KnowledgeSearchOptions.FuzzyFallbackEnabled` (default: `true`), `KnowledgeSearchOptions.MinFtsResultsForFuzzyFallback` (default: `3`), `KnowledgeSearchOptions.FuzzySimilarityThreshold` (default: `0.3`).
Completion criteria:
- [ ] `pg_trgm` extension enabled in migration.
- [ ] Trigram GIN indexes exist on `title` and `body`.
- [ ] `SearchFuzzyAsync` method exists and is invoked as fallback.
- [ ] Configuration options exist with sensible defaults.
- [ ] Query "contaner" (typo) returns results for "container".
- [ ] Query "configuraiton" returns results for "configuration".
- [x] `pg_trgm` extension enabled in migration.
- [x] Trigram GIN indexes exist on `title` and `body`.
- [x] `SearchFuzzyAsync` method exists and is invoked as fallback.
- [x] Configuration options exist with sensible defaults.
- [x] Query "contaner" (typo) returns results for "container".
- [x] Query "configuraiton" returns results for "configuration".
- [ ] Exact FTS matches still rank above fuzzy matches.
- [ ] Integration test proves typo tolerance.
- [x] Integration test proves typo tolerance.
### G5-004 - Lower minimum query length to 1 character
Status: DONE
Status: DOING
Dependency: none
Owners: Developer / Implementer
Task description:
@@ -102,11 +102,11 @@ Task description:
- Add a rate-limit consideration: single-character queries may produce very broad FTS results. Cap FTS candidates at `FtsCandidateCount` (already in place) and document this behavior.
Completion criteria:
- [ ] Backend accepts queries of length 1.
- [ ] Frontend fires search for queries of length >= 1.
- [ ] Query "vm" returns relevant results.
- [x] Backend accepts queries of length 1.
- [x] Frontend fires search for queries of length >= 1.
- [x] Query "vm" returns relevant results.
- [ ] Query "ci" returns relevant results.
- [ ] No performance regression (FTS candidate cap still applies).
- [x] No performance regression (FTS candidate cap still applies).
### G5-005 - Recall benchmark: before/after stemming and fuzzy matching
Status: DONE
@@ -135,6 +135,8 @@ Completion criteria:
| --- | --- | --- |
| 2026-02-24 | Sprint created from search gap analysis G5. | Product Manager |
| 2026-02-24 | G5-005 DONE: Created FTS recall benchmark with 34-query fixture (exact, stemming, typos, short, natural categories), FtsRecallBenchmarkStore with Simple/English modes and trigram fuzzy fallback, FtsRecallBenchmarkTests with 12 test cases. Simple mode: ~59% Recall@10, English mode: ~100% Recall@10 — 41pp improvement exceeding 20% threshold. All 770 tests pass. | Developer |
| 2026-02-24 | Sprint audit: reopened G5-001/002/003/004 to DOING because acceptance criteria checklists remain incomplete and require explicit closure evidence. | Project Manager |
| 2026-02-24 | Acceptance evidence refresh: ran `dotnet run --project src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -- -class "StellaOps.AdvisoryAI.Tests.KnowledgeSearch.FtsRecallBenchmarkTests" -parallel none` (`Total: 12, Failed: 0`) plus `UnifiedSearchSprintIntegrationTests` (`Total: 89, Failed: 0`) to reconfirm stemming/typo/short-query behavior and diagnostics contracts. | QA / Test Automation |
## Decisions & Risks
- **Risk**: The `english` text search configuration includes stop-word removal. Short queries like "how to deploy" will have "how" and "to" removed, leaving only "deploy". This is generally beneficial but could surprise users expecting exact-phrase search. Mitigation: document the behavior; consider adding a `"exact:..."` query prefix for power users in a future sprint.
@@ -145,3 +147,4 @@ Completion criteria:
## Next Checkpoints
- After G5-002: demo stemming behavior with live queries against dev database.
- After G5-005: present recall benchmark results to product team.

72
docs/implplan/SPRINT_20260224_101_DevOps_idp_test_containers.md
View File

@@ -1,72 +0,0 @@
# Sprint 101 -- Docker Test Containers (LDAP, SAML, OIDC)
## Topic & Scope
- Provide Docker Compose configuration for OpenLDAP and Keycloak test containers.
- Bootstrap LDAP with test users/groups and Keycloak with SAML/OIDC clients.
- Working directory: `devops/compose/`
- Expected evidence: compose file, fixture data, license verification.
## Dependencies & Concurrency
- No upstream dependencies. Parallel with Sprint 100.
## Documentation Prerequisites
- None.
## Delivery Tracker
### TASK-101-01 - Docker Compose File
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `docker-compose.idp-testing.yml` with OpenLDAP (osixia/openldap:1.5.0) and Keycloak (quay.io/keycloak/keycloak:24.0) under `idp` profile.
- OpenLDAP on ports 3389/3636, Keycloak on port 8280.
Completion criteria:
- [x] Compose file at `devops/compose/docker-compose.idp-testing.yml`
### TASK-101-02 - LDAP Bootstrap Fixture
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `bootstrap.ldif` with ou=users, ou=groups, and three test users (test-admin, test-operator, test-viewer) with group memberships.
Completion criteria:
- [x] Fixture at `devops/compose/fixtures/ldap/bootstrap.ldif`
### TASK-101-03 - Keycloak Realm Fixture
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `stellaops-realm.json` with realm, roles (admin/operator/viewer), users (saml-admin, saml-operator, oidc-admin, oidc-operator), SAML client (stellaops-saml-sp), and OIDC client (stellaops-oidc-client).
Completion criteria:
- [x] Fixture at `devops/compose/fixtures/keycloak/stellaops-realm.json`
### TASK-101-04 - License Gate
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Verify osixia/openldap (OpenLDAP Public License, test-only) and Keycloak (Apache 2.0) are compatible with BUSL-1.1.
Completion criteria:
- [x] Both licenses verified as compatible for test-only use
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Keycloak `start-dev` mode used for testing (no production TLS).
- OpenLDAP TLS disabled for simplicity in test environment.
## Next Checkpoints
- Container integration tests in Sprint 104.

12
docs/implplan/SPRINT_20260224_102_AdvisoryAI_semantic_vector_embedding_model.md
View File

@@ -27,7 +27,7 @@
## Delivery Tracker
### G1-001 - Vendor ONNX Runtime and embedding model
Status: DONE
Status: DOING
Dependency: none
Owners: Developer / Implementer
Task description:
@@ -48,7 +48,7 @@ Completion criteria:
- [x] No new external runtime dependencies (model loads from local file; reflection-based assembly probing).
### G1-002 - Implement OnnxVectorEncoder with tokenizer
Status: DONE
Status: DOING
Dependency: G1-001
Owners: Developer / Implementer
Task description:
@@ -80,7 +80,7 @@ Completion criteria:
- [ ] Unit test: `Encode("deploy") cosine_sim Encode("quantum physics") < 0.2` (requires ONNX model; deferred to G1-004 benchmark).
### G1-003 - Wire encoder selection into DI and index rebuild
Status: DONE
Status: DOING
Dependency: G1-002
Owners: Developer / Implementer
Task description:
@@ -103,7 +103,7 @@ Completion criteria:
- [ ] Integration test: rebuild index with ONNX encoder (deferred to G1-004; requires ONNX model file).
### G1-004 - Semantic recall benchmark: hash vs ONNX
Status: DONE
Status: DOING
Dependency: G1-003
Owners: Developer / Implementer, Test Automation
Task description:
@@ -129,7 +129,7 @@ Completion criteria:
- [x] Results documented in sprint Execution Log.
### G1-005 - Graceful fallback: ONNX unavailable -> hash encoder
Status: DONE
Status: DOING
Dependency: G1-003
Owners: Developer / Implementer
Task description:
@@ -158,6 +158,8 @@ Completion criteria:
| 2026-02-24 | G1-003: Wired conditional encoder selection into DI in `ToolsetServiceCollectionExtensions.AddAdvisoryPipeline`. Factory reads `KnowledgeSearchOptions.VectorEncoderType` at resolution time and selects encoder accordingly. | Developer |
| 2026-02-24 | G1-005: Implemented graceful fallback: missing model file or ONNX runtime -> warning log + `DeterministicHashVectorEncoder`. Added `ActiveEncoder` field to `KnowledgeSearchDiagnostics` and `AdvisoryKnowledgeSearchDiagnostics` for diagnostics reporting. Updated mapping in `KnowledgeSearchEndpoints`. | Developer |
| 2026-02-24 | G1-004 DONE: Created semantic recall benchmark with 48-query fixture (synonym, paraphrase, conceptual, acronym, exact categories), SemanticRecallBenchmarkStore (33 chunks with pre-computed embeddings, cosine similarity search), SemanticSimulationEncoder (40+ semantic groups for synonym expansion). 13 test cases all passing. Semantic encoder strictly outperforms hash encoder on synonym queries with >= 60% Recall@10. No regression on exact terms. Fixed CS8604 nullable warning in OnnxVectorEncoder.cs. | Developer |
| 2026-02-24 | Sprint audit: reopened G1-001/002/003/005 to DOING because acceptance criteria include deferred items (model packaging, license docs, and integration tests) that are not yet closed. | Project Manager |
| 2026-02-24 | Sprint audit follow-up: corrected G1-005 from DONE to DOING because integration-test acceptance remains unchecked. | Project Manager |
## Decisions & Risks
- **Decision**: Default `VectorEncoderType` to `"hash"` for backward compatibility. Deployments must opt-in to ONNX. This prevents breaking existing air-gap installations that cannot download the model.

96
docs/implplan/SPRINT_20260224_102_Cli_idp_commands.md
View File

@@ -1,96 +0,0 @@
# Sprint 102 -- CLI Identity Provider Commands
## Topic & Scope
- Add `stella config identity-providers` command group with list, show, add, update, remove, test, enable, disable, apply subcommands.
- Extend backend client interface and implementation for IDP API calls.
- Extend setup wizard with SAML and OIDC provider configuration steps.
- Working directory: `src/Cli/StellaOps.Cli/`
- Expected evidence: unit tests, command group integration.
## Dependencies & Concurrency
- Depends on Sprint 100 (API contracts).
- Safe to run in parallel with Sprint 103 (UI).
## Documentation Prerequisites
- Sprint 100 API endpoint definitions.
## Delivery Tracker
### TASK-102-01 - CLI DTOs
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `IdentityProviderModels.cs` with CLI-side DTOs matching Platform API contracts.
Completion criteria:
- [x] File at `src/Cli/StellaOps.Cli/Services/Models/IdentityProviderModels.cs`
### TASK-102-02 - Backend Client Extension
Status: DONE
Dependency: TASK-102-01
Owners: Developer
Task description:
- Add 8 IDP methods to `IBackendOperationsClient` and implement in `BackendOperationsClient`.
Completion criteria:
- [x] Interface updated
- [x] Implementation added
### TASK-102-03 - Command Group
Status: DONE
Dependency: TASK-102-02
Owners: Developer
Task description:
- Create `IdentityProviderCommandGroup` with all subcommands and type-specific options.
Completion criteria:
- [x] File at `src/Cli/StellaOps.Cli/Commands/IdentityProviderCommandGroup.cs`
### TASK-102-04 - Command Factory Wiring
Status: DONE
Dependency: TASK-102-03
Owners: Developer
Task description:
- Register identity-providers subgroup under `config` in `CommandFactory.cs`.
Completion criteria:
- [x] CommandFactory.cs updated
### TASK-102-05 - Setup Wizard Extension
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Extend `AuthoritySetupStep` to support SAML and OIDC providers in addition to standard and LDAP.
Completion criteria:
- [x] AuthoritySetupStep.cs extended with SAML/OIDC configuration methods
### TASK-102-06 - Unit Tests
Status: DONE
Dependency: TASK-102-03
Owners: Developer
Task description:
- Create tests for command group verifying backend client calls for list, add, remove, enable, disable.
Completion criteria:
- [x] Tests at `src/Cli/__Tests/StellaOps.Cli.Tests/Commands/IdentityProviderCommandGroupTests.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Interactive prompts for add command follow existing GetOrPrompt pattern from setup wizard.
- Non-interactive mode supported via command-line flags.
## Next Checkpoints
- CLI integration tests with real containers (Sprint 104).

107
docs/implplan/SPRINT_20260224_103_FE_idp_settings_page.md
View File

@@ -1,107 +0,0 @@
# Sprint 103 -- UI Identity Providers Settings Page
## Topic & Scope
- Add Angular settings page for managing identity providers (LDAP, SAML, OIDC, Standard).
- API client service, settings page component, add/edit wizard, route/nav wiring.
- Extend setup wizard with SAML and OIDC provider options.
- Working directory: `src/Web/StellaOps.Web/`
- Expected evidence: component specs, route integration.
## Dependencies & Concurrency
- Depends on Sprint 100 (API contracts).
- Safe to run in parallel with Sprint 102 (CLI).
## Documentation Prerequisites
- Sprint 100 API endpoint definitions.
## Delivery Tracker
### TASK-103-01 - API Client
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `identity-provider.client.ts` with interface, InjectionTokens, HTTP client implementation, and mock client.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/src/app/core/api/identity-provider.client.ts`
### TASK-103-02 - Settings Page Component
Status: DONE
Dependency: TASK-103-01
Owners: Developer
Task description:
- Create standalone component with KPI strip, provider card grid, empty state, and action buttons.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/src/app/features/settings/identity-providers/identity-providers-settings-page.component.ts`
### TASK-103-03 - Add Provider Wizard
Status: DONE
Dependency: TASK-103-01
Owners: Developer
Task description:
- Create multi-step wizard: select type, configure, test, save.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/src/app/features/settings/identity-providers/add-provider-wizard.component.ts`
### TASK-103-04 - Route and Navigation
Status: DONE
Dependency: TASK-103-02
Owners: Developer
Task description:
- Add identity-providers route to settings.routes.ts and nav item to navigation.config.ts.
Completion criteria:
- [x] settings.routes.ts updated
- [x] navigation.config.ts updated
### TASK-103-05 - Setup Wizard Extension
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Add SAML and OIDC entries to AUTHORITY_PROVIDERS in setup-wizard.models.ts.
Completion criteria:
- [x] setup-wizard.models.ts updated
### TASK-103-06 - DI Wiring
Status: DONE
Dependency: TASK-103-01
Owners: Developer
Task description:
- Register identity provider API client in app.config.ts.
Completion criteria:
- [x] app.config.ts updated
### TASK-103-07 - Unit Tests
Status: DONE
Dependency: TASK-103-02
Owners: Developer
Task description:
- Create spec tests for settings page: empty state, provider cards, KPI counts, wizard open.
Completion criteria:
- [x] Tests at `src/Web/StellaOps.Web/src/app/features/settings/identity-providers/identity-providers-settings-page.component.spec.ts`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Mock client provides realistic sample data for offline dev.
- Wizard uses dynamic form generation from type schemas.
## Next Checkpoints
- Playwright E2E tests (Sprint 104).

194
docs/implplan/SPRINT_20260224_104_AdvisoryAI_llm_grounded_synthesis.md
View File

@@ -1,194 +0,0 @@
# Sprint 20260224_104 — Search Gap G3: LLM-Grounded Synthesis (SIGNIFICANT)
## Topic & Scope
- **Gap**: The `SynthesisTemplateEngine` generates summaries by selecting from 5 hardcoded templates that count results and name the top match. These are metadata summaries, not answers. When a user asks "Why did my release fail?", the synthesis says "Found 4 result(s) across 2 domain(s)..." — a restatement of search metadata, not an explanation. The system has a full LLM adapter infrastructure (`LlmAdapterEndpoints`, OpenAI-compatible proxy, provider registry) but the search synthesis doesn't use it. The gap between the infrastructure's capability and the synthesis output is the core missed opportunity.
- **Outcome**: Replace the template-only synthesis with LLM-grounded answer generation that uses retrieved search results as context (true RAG for search). The template engine becomes the offline/no-LLM fallback. When an LLM provider is configured and available, synthesis generates a direct answer to the user's question, grounded in the retrieved entity cards, with citations.
- Working directory: `src/AdvisoryAI`.
- Explicit cross-module edits authorized: `src/Web/StellaOps.Web` (synthesis panel rendering), `docs/modules/advisory-ai`.
- Expected evidence: integration tests with mocked LLM, A/B comparison of template vs LLM synthesis, citation grounding verification, offline fallback test.
## Dependencies & Concurrency
- Upstream: LLM adapter infrastructure must be functional (`LlmAdapterEndpoints`, at least one provider configured). This already exists.
- `SPRINT_20260224_103` (G2 — live data) is complementary: better synthesis requires better retrieval results.
- Safe parallelism: prompt engineering (001) and LLM integration (002) are sequential. Frontend updates (003) are independent. Fallback (004) is independent.
- Required references:
- `src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Synthesis/SynthesisTemplateEngine.cs` — current template engine
- `src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/LlmAdapterEndpoints.cs` — LLM proxy
- `src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/` — existing chat service with streaming
- `src/Web/StellaOps.Web/src/app/shared/components/synthesis-panel/synthesis-panel.component.ts` — UI rendering
## Documentation Prerequisites
- `docs/modules/advisory-ai/knowledge-search.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `src/AdvisoryAI/AGENTS.md`
## Delivery Tracker
### G3-001 - Design grounded synthesis prompt with citation format
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Create a system prompt template for search synthesis stored as an embedded resource or configuration file at `src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Synthesis/synthesis-system-prompt.txt`.
- The prompt must:
1. Instruct the LLM to answer the user's question directly, using ONLY the provided search results as evidence.
2. Include a structured context block with the entity cards (title, snippet, domain, severity, entity_key) serialized as numbered references.
3. Require citations in the format `[1]`, `[2]`, etc., referencing the numbered context items.
4. Instruct the LLM to say "I don't have enough information to answer this" if the search results don't contain relevant information (avoid hallucination).
5. Limit response length to 3-5 sentences for search synthesis (not a full conversation).
6. Include domain-specific instructions:
- For findings: mention severity and remediation status.
- For VEX: mention exploitability status and justification.
- For policy: mention enforcement level and scope.
- For doctor: mention severity and run command.
- Create a user prompt template: `"Question: {query}\n\nSearch results:\n{formatted_results}\n\nAnswer the question using only the search results above."`.
Completion criteria:
- [x] System prompt file exists with grounding instructions.
- [x] User prompt template exists with result formatting.
- [x] Citation format defined and documented.
- [x] Hallucination guardrail instruction included.
- [x] Length constraint (3-5 sentences) specified.
- [x] Domain-specific instructions for findings/vex/policy/doctor.
### G3-002 - Implement LlmSynthesisEngine with provider integration
Status: DONE
Dependency: G3-001
Owners: Developer / Implementer
Task description:
- Create `src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Synthesis/LlmSynthesisEngine.cs` implementing a new `ISynthesisEngine` interface.
- The `ISynthesisEngine` interface:
```csharp
Task<SynthesisResult?> SynthesizeAsync(
string query,
IReadOnlyList<EntityCard> cards,
IReadOnlyList<EntityMention> detectedEntities,
CancellationToken ct);
```
- The `LlmSynthesisEngine` must:
1. Format entity cards into the numbered reference context block.
2. Build the system + user prompt from templates.
3. Call the LLM adapter via internal `HttpClient` (`POST /v1/advisory-ai/adapters/llm/{providerId}/chat/completions`).
4. Use the first configured and available provider (from provider list endpoint).
5. Parse the LLM response, extract citations (`[1]`, `[2]`).
6. Map citation numbers back to entity card `entityKey` values.
7. Build `SynthesisResult` with:
- `summary`: LLM-generated answer text.
- `template`: `"llm_grounded"` (to distinguish from hardcoded templates).
- `confidence`: based on citation count relative to result count.
- `sourceCount`: number of cited sources.
- `domainsCovered`: domains of cited entities.
8. Respect a timeout (default: 5 seconds, configurable via `KnowledgeSearchOptions.SynthesisTimeoutMs`).
9. If LLM call fails or times out, return `null` (caller falls back to template engine).
- Refactor `SynthesisTemplateEngine` to also implement `ISynthesisEngine`.
- Update DI to register a `CompositeSynthesisEngine` that tries `LlmSynthesisEngine` first, falls back to `SynthesisTemplateEngine`.
Completion criteria:
- [x] `ISynthesisEngine` interface defined.
- [x] `LlmSynthesisEngine` implemented with LLM adapter call.
- [x] Prompt templates loaded and formatted correctly.
- [x] Citations extracted and mapped to entity keys.
- [x] Timeout respected (default 5s).
- [x] Failure/timeout → returns null (fallback to template).
- [x] `SynthesisTemplateEngine` refactored to implement `ISynthesisEngine`.
- [x] `CompositeSynthesisEngine` tries LLM first, falls back to template.
- [x] Integration test with mocked LLM response proves citation mapping.
### G3-003 - Update synthesis panel UI for LLM-generated answers
Status: DONE
Dependency: G3-002
Owners: Developer / Implementer (Frontend)
Task description:
- In `src/Web/StellaOps.Web/src/app/shared/components/synthesis-panel/synthesis-panel.component.ts`:
1. When `synthesis.template === "llm_grounded"`:
- Render the summary as formatted text with citation links.
- Citation references `[1]`, `[2]` should be rendered as clickable chips that scroll to/highlight the corresponding entity card in the results list.
- Show a small "AI-generated" badge next to the summary header.
- Show grounding indicator: "Based on N sources" with domain tags.
2. When `synthesis.template` is any hardcoded template:
- Render as before (no change to existing behavior).
3. Add a "Show sources" toggle that expands/collapses the cited entity cards inline within the synthesis panel.
- Update the `SynthesisResult` TypeScript model to include an optional `citations` array:
```typescript
citations?: { index: number; entityKey: string; title: string }[];
```
Completion criteria:
- [x] LLM synthesis renders with citation links.
- [x] Citation chips scroll to corresponding entity card.
- [x] "AI-generated" badge shown for LLM synthesis.
- [x] Hardcoded template rendering unchanged.
- [x] "Show sources" toggle works.
- [x] `SynthesisResult` model updated with `citations` field.
### G3-004 - Offline fallback: no LLM → template synthesis
Status: DONE
Dependency: G3-002
Owners: Developer / Implementer
Task description:
- Ensure the `CompositeSynthesisEngine` correctly falls back:
1. No LLM provider configured → skip `LlmSynthesisEngine`, use `SynthesisTemplateEngine` directly.
2. LLM provider configured but unavailable (network error) → `LlmSynthesisEngine` returns null → `SynthesisTemplateEngine` used.
3. LLM provider returns error (4xx/5xx) → fallback to template.
4. LLM response timeout (>5s) → fallback to template.
- In all fallback cases:
1. `SynthesisResult.template` is set to the hardcoded template name (not `"llm_grounded"`).
2. Diagnostics include `synthesisSource: "template"` or `"llm"` so the caller knows which path was used.
- Add configuration: `KnowledgeSearchOptions.LlmSynthesisEnabled` (default: `true` when a provider is configured, `false` otherwise).
Completion criteria:
- [x] No LLM provider → template used without error.
- [x] LLM unavailable → template fallback with warning log.
- [x] LLM error → template fallback.
- [x] LLM timeout → template fallback.
- [x] Diagnostics report synthesis source.
- [x] Integration test: disable LLM, verify template synthesis works.
- [x] Integration test: mock LLM timeout, verify fallback within 6 seconds total.
### G3-005 - Grounding validation: prevent hallucinated answers
Status: DONE
Dependency: G3-002
Owners: Developer / Implementer, Test Automation
Task description:
- Add post-processing validation to `LlmSynthesisEngine`:
1. Parse citation references from the LLM response.
2. Verify each citation index maps to an actual entity card in the context.
3. If the response contains zero valid citations, downgrade confidence to `"low"` and append a disclaimer: "This answer may not be fully grounded in the search results."
4. If the response references a citation index that doesn't exist (e.g., `[7]` when only 5 results were provided), strip the invalid citation.
5. Compute a `groundingScore` = (valid citations / total entity cards mentioned in response). Add to `SynthesisResult`.
- Create a test fixture with 10 query/result/expected-answer triples. Run the LLM synthesis and verify:
1. All citations in the response map to real entity cards.
2. No fabricated entity keys, CVE IDs, or URLs appear in the response.
3. Grounding score >= 0.6 for all test cases.
Completion criteria:
- [x] Citation validation strips invalid references.
- [x] Zero-citation responses get low confidence + disclaimer.
- [x] `groundingScore` computed and returned in `SynthesisResult`.
- [x] Test fixture with 10 query/result/answer triples.
- [x] All test cases achieve grounding score >= 0.6.
- [x] No fabricated entities in any test case.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created from search gap analysis G3 (SIGNIFICANT). | Product Manager |
| 2026-02-24 | G3-001: Created `synthesis-system-prompt.txt` with grounding instructions, citation format, hallucination guardrails, 3-5 sentence limit, and domain-specific instructions for findings/vex/policy/doctor. Embedded as resource in `.csproj`. | Developer |
| 2026-02-24 | G3-002: Created `ISynthesisEngine` interface, `LlmSynthesisEngine` (HTTP call to LLM adapter, prompt formatting, citation parsing, timeout handling), `CompositeSynthesisEngine` (LLM-first with template fallback). Refactored `SynthesisTemplateEngine` to implement `ISynthesisEngine`. Updated `UnifiedSearchService` to accept `ISynthesisEngine` and call `SynthesizeAsync`. Updated DI registrations with named `llm-synthesis` HttpClient. | Developer |
| 2026-02-24 | G3-003: Updated `SynthesisResult` TS model with `citations` and `groundingScore` fields. Updated synthesis panel with AI-generated badge, citation chips, Show/Hide sources toggle. Preserved existing feedback UI. Added `citationClick` output for scroll-to-card integration. | Developer |
| 2026-02-24 | G3-004: `CompositeSynthesisEngine` checks `LlmSynthesisEnabled`, `LlmAdapterBaseUrl`, and `LlmProviderId` before attempting LLM synthesis. Falls back to template on null/failure/timeout. Added `LlmSynthesisEnabled` (default: false), `SynthesisTimeoutMs` (default: 5000), `LlmAdapterBaseUrl`, and `LlmProviderId` to `KnowledgeSearchOptions`. | Developer |
| 2026-02-24 | G3-005: `LlmSynthesisEngine` validates citations post-LLM response: strips invalid citation indices, downgrades to low confidence with disclaimer on zero citations, computes `groundingScore`. Added `GroundingScore` and `Citations` to C# `SynthesisResult` model. | Developer |
## Decisions & Risks
- **Decision**: The LLM synthesis is opt-in and gracefully degrades. Template synthesis is always available as fallback. This preserves the deterministic/offline guarantee.
- **Decision**: Use the existing LLM adapter proxy (OpenAI-compatible) rather than direct SDK integration. This means synthesis works with any provider that's already configured (OpenAI, Azure OpenAI, local models via Ollama, etc.).
- **Risk**: LLM synthesis adds latency (1-5 seconds). Mitigation: the UI already shows results instantly; synthesis populates asynchronously. Set a 5-second timeout.
- **Risk**: LLM responses may hallucinate despite grounding instructions. Mitigation: citation validation (G3-005), grounding score, and "low confidence" disclaimers.
- **Risk**: LLM costs for synthesis on every search query could be significant. Mitigation: synthesis is optional (`includeSynthesis` parameter), and the UI can cache synthesis results for the same query.
- **Decision**: Keep synthesis short (3-5 sentences). This is a search summary, not a full advisory response. Users who want deeper analysis should use the Advisory AI chat.
- **Decision**: `LlmSynthesisEnabled` defaults to `false` (must opt-in) rather than auto-detecting provider availability. This prevents unexpected LLM calls and costs in deployments that have a provider configured for chat but not for synthesis.
## Next Checkpoints
- After G3-001: review prompt template with product team.
- After G3-002: demo LLM synthesis with live search results.
- After G3-005: present grounding validation results.

62
docs/implplan/SPRINT_20260224_104_E2E_idp_verification.md
View File

@@ -1,62 +0,0 @@
# Sprint 104 -- E2E Identity Provider Verification
## Topic & Scope
- Playwright E2E tests for UI identity provider settings page.
- API integration tests against real OpenLDAP and Keycloak containers.
- CLI integration tests validating DTO construction and command flow.
- Working directory: `src/Web/StellaOps.Web/e2e/` + `src/Platform/__Tests/` + `src/Cli/__Tests/`
- Expected evidence: E2E test files, container integration test stubs.
## Dependencies & Concurrency
- Depends on Sprints 100-103.
## Documentation Prerequisites
- All prior sprint docs.
## Delivery Tracker
### TASK-104-01 - Playwright E2E Tests
Status: DONE
Dependency: Sprint 103
Owners: Developer
Task description:
- Create `identity-providers.e2e.spec.ts` with tests for page load, empty state, provider cards, add wizard, enable/disable, and delete.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/e2e/identity-providers.e2e.spec.ts`
### TASK-104-02 - API Container Integration Tests
Status: DONE
Dependency: Sprint 100, Sprint 101
Owners: Developer
Task description:
- Create `IdentityProviderContainerTests.cs` with container-dependent tests (skipped by default).
- Tests for LDAP TCP connect, SAML metadata fetch, OIDC discovery, unreachable host timeout, full CRUD lifecycle.
Completion criteria:
- [x] File at `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/Integration/IdentityProviderContainerTests.cs`
### TASK-104-03 - CLI Integration Tests
Status: DONE
Dependency: Sprint 102
Owners: Developer
Task description:
- Create `IdentityProviderIntegrationTests.cs` with DTO construction tests and container-dependent stubs.
Completion criteria:
- [x] File at `src/Cli/__Tests/StellaOps.Cli.Tests/Integration/IdentityProviderIntegrationTests.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Container-dependent tests are marked with `Skip = "Requires docker compose idp containers"` to avoid CI failures.
- Playwright tests mock API responses for deterministic behavior in CI.
## Next Checkpoints
- Remove skip attributes once CI pipeline includes IDP container startup.

84
docs/implplan/SPRINT_20260224_105_Authority_plugin_reload_mechanism.md
View File

@@ -1,84 +0,0 @@
# Sprint 105 -- Authority Runtime Plugin Reload Mechanism
## Topic & Scope
- Add runtime reload capability to Authority's plugin and identity provider registries.
- Expose `POST /internal/plugins/reload` endpoint for Platform to trigger registry refresh.
- Wire Platform's `/apply` endpoint to call Authority's reload endpoint.
- Working directory: `src/Authority/StellaOps.Authority/StellaOps.Authority/` + `src/Platform/StellaOps.Platform.WebService/`
- Expected evidence: reloadable registries, internal endpoint, Platform-to-Authority HTTP wiring.
## Dependencies & Concurrency
- Depends on Sprint 100 (Platform IDP API with /apply endpoint).
## Documentation Prerequisites
- Sprint 100 API endpoint definitions.
## Delivery Tracker
### TASK-105-01 - Reloadable Plugin Registry
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Modify `AuthorityPluginRegistry` to use volatile fields and add an internal `Reload()` method that atomically swaps plugin contexts.
Completion criteria:
- [x] `AuthorityPluginRegistry.Reload()` method added at `src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityPluginRegistry.cs`
### TASK-105-02 - Rebuildable Identity Provider Registry
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Modify `AuthorityIdentityProviderRegistry` to extract build logic into a `Rebuild()` method.
- Use volatile fields for thread-safe reads during concurrent rebuilds.
- Constructor calls `Rebuild()` for initial population.
Completion criteria:
- [x] `AuthorityIdentityProviderRegistry.Rebuild()` method added at `src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityIdentityProviderRegistry.cs`
### TASK-105-03 - Internal Reload Endpoint
Status: DONE
Dependency: TASK-105-01, TASK-105-02
Owners: Developer
Task description:
- Add `POST /internal/plugins/reload` endpoint to Authority's Program.cs under the existing bootstrap group.
- Protected by `BootstrapApiKeyFilter` (requires `X-StellaOps-Bootstrap-Key` header).
- Re-reads YAML plugin configs via `AuthorityPluginConfigurationLoader.Load()`.
- Calls `AuthorityPluginRegistry.Reload()` and `AuthorityIdentityProviderRegistry.Rebuild()`.
- Returns JSON with reload status, plugin count, and provider count.
Completion criteria:
- [x] Endpoint added to `src/Authority/StellaOps.Authority/StellaOps.Authority/Program.cs`
### TASK-105-04 - Platform Apply Wiring
Status: DONE
Dependency: TASK-105-03
Owners: Developer
Task description:
- Register `AuthorityInternal` named HttpClient in Platform's Program.cs.
- Update `/apply` endpoint to call `POST internal/plugins/reload` on Authority.
- Handle Authority unreachable gracefully.
Completion criteria:
- [x] HttpClient registered in `src/Platform/StellaOps.Platform.WebService/Program.cs`
- [x] Apply endpoint wired in `src/Platform/StellaOps.Platform.WebService/Endpoints/IdentityProviderEndpoints.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Plugin reload re-reads YAML configuration files and rebuilds registries. New plugin assemblies that weren't loaded at startup still require a full Authority restart.
- Identity provider registry rebuild re-resolves `IIdentityProviderPlugin` instances from DI. Plugin instances whose DI registrations haven't changed will retain their existing behavior. Configuration changes that affect plugin constructor parameters require a restart.
- The reload endpoint is idempotent: calling it multiple times produces the same state.
- `BootstrapApiKeyFilter` protects the reload endpoint with the same authentication as all other internal endpoints.
## Next Checkpoints
- Integration tests for reload behavior with live containers (future work).
- Support for DB-sourced plugin configs as Layer 3 priority merge (future work).

8
docs/implplan/SPRINT_20260224_106_AdvisoryAI_search_personalization_learning.md
View File

@@ -64,7 +64,7 @@ Completion criteria:
- [x] Events are tenant-scoped.
- [x] User ID is optional (privacy-preserving default).
- [ ] Integration test: emit click event, verify stored.
- [ ] Event taxonomy is consistent across analytics writes and quality metrics reads (`query`, `click`, `zero_result`) with no stale `search` event dependency.
- [x] Event taxonomy is consistent across analytics writes and quality metrics reads (`query`, `click`, `zero_result`) with no stale `search` event dependency.
### G6-002 - Implement popularity boost from engagement signals
Status: DOING
@@ -97,8 +97,8 @@ Completion criteria:
- [x] Boost is logarithmic (diminishing returns for very popular items).
- [x] Feature flag: disabled by default.
- [x] Cached for 5 minutes.
- [ ] Test: entity with 100 clicks ranks higher than identical-score entity with 0 clicks (when enabled).
- [ ] Test: with feature disabled, ranking is unchanged.
- [x] Test: entity with 100 clicks ranks higher than identical-score entity with 0 clicks (when enabled).
- [x] Test: with feature disabled, ranking is unchanged.
### G6-003 - Implement role-based domain weight bias
Status: DOING
@@ -174,6 +174,8 @@ Completion criteria:
| 2026-02-24 | G6-003 DONE: Added `RoleBasedBiasEnabled` (default: true) to `KnowledgeSearchOptions`. Extended `DomainWeightCalculator` with `IOptions<KnowledgeSearchOptions>` injection and `ApplyRoleBasedBias` method implementing all specified scope-to-domain-weight mappings. Added `UserScopes` property to `UnifiedSearchFilter`. Added `ResolveUserScopes` helper in `UnifiedSearchEndpoints` extracting scopes from X-StellaOps-Scopes/X-Stella-Scopes headers and JWT claims, passing through to filter. | Developer |
| 2026-02-24 | G6-004 DONE: `search_history` table included in migration. History endpoints (GET, DELETE, DELETE by ID) in `SearchAnalyticsEndpoints`. Frontend: `loadServerHistory` merges server history with localStorage on focus, `clearSearchHistory` clears both local and server. Recent searches display increased to 10 entries. "Clear" button added to recent searches header. | Developer |
| 2026-02-24 | Sprint reopened: statuses corrected to DOING after audit found incomplete acceptance evidence (integration tests, event taxonomy alignment, and server history persistence verification). | Project Manager |
| 2026-02-24 | Added regression coverage for popularity behavior in `WeightedRrfFusionTests`: high-click results outrank lower-click peers when enabled, and ordering remains baseline when boost is disabled. Test run: `dotnet run --project src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -- -class "StellaOps.AdvisoryAI.Tests.UnifiedSearch.WeightedRrfFusionTests" -parallel none` (`Total: 8, Failed: 0`). | QA / Test Automation |
| 2026-02-24 | Cross-sprint verification run (`UnifiedSearchSprintIntegrationTests`) reconfirmed analytics taxonomy usage and role-bias/popularity behavior contracts with targeted assertions (`Total: 89, Failed: 0`). | QA / Test Automation |
## Decisions & Risks
- **Decision**: Analytics are anonymous by default. User ID is only stored when the user explicitly opts in. This respects privacy and complies with data minimization principles.

53
docs/implplan/SPRINT_20260224_107_FE_search_chat_bridge.md
View File

@@ -26,7 +26,7 @@
## Delivery Tracker
### G7-001 - Add "Ask AI" action on search results → opens chat with context
Status: TODO
Status: DONE
Dependency: none
Owners: Developer / Implementer (Frontend)
Task description:
@@ -49,18 +49,18 @@ Task description:
2. Pre-populate: "I searched for '{query}' and got these results. Can you help me understand them in detail?"
Completion criteria:
- [ ] "Ask AI" button appears on every entity card in search results.
- [ ] Clicking "Ask AI" closes search and opens chat.
- [ ] Chat receives entity context (entity_key, title, domain, severity, snippet).
- [ ] User input pre-populated with domain-specific question.
- [ ] Message auto-sent on chat open.
- [ ] Route-level chat activation is deterministic (`openChat` or equivalent is consumed by the target chat host).
- [ ] Synthesis panel has "Ask AI for more details" button.
- [ ] Chat receives all search results as context when triggered from synthesis.
- [ ] Keyboard accessible: "Ask AI" reachable via Tab.
- [x] "Ask AI" button appears on every entity card in search results.
- [x] Clicking "Ask AI" closes search and opens chat.
- [x] Chat receives entity context (entity_key, title, domain, severity, snippet).
- [x] User input pre-populated with domain-specific question.
- [x] Message auto-sent on chat open.
- [x] Route-level chat activation is deterministic (`openChat` or equivalent is consumed by the target chat host).
- [x] Synthesis panel has "Ask AI for more details" button.
- [x] Chat receives all search results as context when triggered from synthesis.
- [x] Keyboard accessible: "Ask AI" reachable via Tab.
### G7-002 - Add "Show all results" link in chat responses → opens search
Status: TODO
Status: DONE
Dependency: none
Owners: Developer / Implementer (Frontend)
Task description:
@@ -75,15 +75,15 @@ Task description:
1. Add a secondary action (right-click or long-press): "Search related" → opens global search filtered to that entity's domain.
Completion criteria:
- [ ] "Search for more" link appears below citations in chat responses.
- [ ] Clicking opens global search with pre-filled query.
- [ ] Query derived from chat context (CVE ID, rule ID, or question text).
- [ ] Object link chips have "Search related" secondary action.
- [ ] "Search related" filters to relevant domain.
- [ ] Keyboard accessible.
- [x] "Search for more" link appears below citations in chat responses.
- [x] Clicking opens global search with pre-filled query.
- [x] Query derived from chat context (CVE ID, rule ID, or question text).
- [x] Object link chips have "Search related" secondary action.
- [x] "Search related" filters to relevant domain.
- [x] Keyboard accessible.
### G7-003 - Create shared SearchChatContext service for bidirectional state
Status: TODO
Status: DOING
Dependency: G7-001, G7-002
Owners: Developer / Implementer (Frontend)
Task description:
@@ -103,13 +103,13 @@ Task description:
2. `SearchChatContextService.consumeChatToSearch()` is called by global search open/focus flow.
Completion criteria:
- [ ] `SearchChatContextService` exists as singleton.
- [ ] Search→chat transition carries entity cards and synthesis.
- [ ] Chat→search transition carries query and domain filter.
- [ ] Context consumed once (no stale state).
- [ ] Chat conversation created with search context when available.
- [ ] Search pre-filled with chat context when available.
- [ ] Both consume methods are wired into real call sites (no orphan service methods).
- [x] `SearchChatContextService` exists as singleton.
- [x] Search→chat transition carries entity cards and synthesis.
- [x] Chat→search transition carries query and domain filter.
- [x] Context consumed once (no stale state).
- [x] Chat conversation created with search context when available.
- [x] Search pre-filled with chat context when available.
- [x] Both consume methods are wired into real call sites (no orphan service methods).
- [ ] Integration test: search for CVE → click "Ask AI" → chat opens with CVE context → chat responds with reference to the CVE.
## Execution Log
@@ -117,6 +117,8 @@ Completion criteria:
| --- | --- | --- |
| 2026-02-24 | Sprint created from search gap analysis G7 (MODERATE). | Product Manager |
| 2026-02-24 | Scope clarified from implementation audit: added explicit criteria for route-level `openChat` consumption and real call-site wiring for `SearchChatContextService` consume methods. | Project Manager |
| 2026-02-24 | G7-001/002 marked DONE after implementation audit: search Ask-AI handoff, triage chat host `openChat` consumption, chat auto-send, search-more and search-related actions, and route normalization wiring are in place across global-search/chat components. | Developer |
| 2026-02-24 | G7-003 remains DOING pending the explicit end-to-end integration test evidence path (search → chat → search round-trip assertions). | Project Manager |
## Decisions & Risks
- **Decision**: The context bridge is frontend-only (no new backend API required for the basic bridge). Chat context is passed as initial message content.
@@ -124,6 +126,7 @@ Completion criteria:
- **Risk**: Auto-sending may surprise users who wanted to edit the pre-filled question. Mitigation: show a brief animation (1 second) with "Asking AI..." before sending, giving the user a chance to cancel.
- **Risk**: Large search result sets (10+ entity cards) passed as chat context may produce long initial messages. Mitigation: limit context to top 5 results + synthesis summary.
- **Decision**: The shared context service is transient (not persisted). Refreshing the page clears the bridge state. This is acceptable for in-session navigation.
- **Docs sync**: UI bridge behavior and route handoff are documented in `docs/modules/ui/architecture.md` (section "Global Search and Assistant Bridge").
## Next Checkpoints
- After G7-001: demo search → "Ask AI" → chat flow.

174
docs/implplan/SPRINT_20260224_108_FE_search_result_inline_previews.md
View File

@@ -1,174 +0,0 @@
# Sprint 20260224_108 — Search Gap G8: Inline Result Previews and Direct Answers (MODERATE)
## Topic & Scope
- **Gap**: Search results show a 2-line snippet with ellipsis truncation. For documentation results, the user must navigate away from the search panel to read the actual content. For API results, there's no preview of the endpoint signature, request/response schema, or curl example. For findings, there's no inline severity/reachability summary. Users must click through 5+ results to find the right one, creating high friction and context switching. Modern search experiences (Notion, Algolia, Confluence, GitHub) show rich inline previews with code blocks, tables, and direct answers without leaving the search panel.
- **Outcome**: Add expandable rich previews to entity cards in the global search results. Documentation results show the full section content with markdown rendering. API results show the endpoint signature, parameters, and example curl. Finding results show a severity/reachability/VEX summary card. Doctor results show symptoms, remediation steps, and run command. Previews expand inline without navigating away from search.
- Working directory: `src/Web/StellaOps.Web`.
- Explicit cross-module edits authorized: `src/AdvisoryAI/StellaOps.AdvisoryAI.WebService` (extended result payload), `docs/modules/ui`.
- Expected evidence: UI screenshots, accessibility tests, performance verification (preview rendering latency).
## Dependencies & Concurrency
- No hard upstream dependency.
- The backend may need to return extended snippet content (currently truncated to 320 chars). This requires a minor backend change.
- Safe parallelism: docs preview (002), API preview (003), and finding/doctor preview (004) can be developed in parallel after the expandable scaffold (001).
- Required references:
- `src/Web/StellaOps.Web/src/app/shared/components/entity-card/entity-card.component.ts`
- `src/Web/StellaOps.Web/src/app/layout/global-search/global-search.component.ts`
- `src/AdvisoryAI/StellaOps.AdvisoryAI/KnowledgeSearch/PostgresKnowledgeSearchStore.cs` — snippet generation
## Documentation Prerequisites
- `docs/modules/ui/architecture.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
## Delivery Tracker
### G8-001 - Add expandable preview scaffold to entity cards
Status: DONE
Dependency: none
Owners: Developer / Implementer (Frontend)
Task description:
- In `EntityCardComponent`:
1. Add an expand/collapse toggle (chevron icon) on the right side of each card.
2. When expanded, show a `preview` section below the snippet:
- The preview area has a maximum height of 400px with scroll.
- Smooth expand/collapse animation (200ms ease-in-out).
- Background slightly different from card body for visual distinction.
3. Keyboard: press `Space` or `Right Arrow` on a focused card to expand preview. `Left Arrow` or `Escape` to collapse.
4. Only one card can be expanded at a time (accordion behavior). Expanding a new card collapses the previous.
5. The preview content is provided by the entity card's `preview` field (new optional field in the model).
- Update `EntityCard` TypeScript model:
```typescript
interface EntityCard {
// ... existing fields ...
preview?: EntityCardPreview;
}
interface EntityCardPreview {
contentType: 'markdown' | 'code' | 'structured';
content: string; // Markdown or code block
language?: string; // For code: 'json', 'yaml', 'bash', etc.
structuredFields?: { label: string; value: string; severity?: string }[];
}
```
Completion criteria:
- [x] Expand/collapse toggle on entity cards.
- [x] Smooth animation for expand/collapse.
- [x] Accordion behavior (one at a time).
- [x] Max height 400px with scroll.
- [x] Keyboard: Space/Right to expand, Left/Escape to collapse.
- [x] `EntityCardPreview` model added.
- [x] ARIA attributes: `aria-expanded`, `aria-controls`.
### G8-002 - Implement documentation preview (markdown rendering)
Status: DONE
Dependency: G8-001
Owners: Developer / Implementer (Frontend + Backend)
Task description:
- **Backend**: In `PostgresKnowledgeSearchStore.BuildResult()` or the unified search response builder:
1. For `docs` / `md_section` results: include the full section body (not truncated) in a new `preview` response field.
2. Cap at 2000 characters to avoid payload bloat.
3. Include the section's `span_start` and `span_end` for accurate navigation.
- **Frontend**: For `docs` entity cards:
1. Set `preview.contentType = 'markdown'`.
2. Render the markdown content using the existing markdown renderer (from `ChatMessageComponent` — bold, italic, code, line breaks, block code).
3. Add heading anchors for sub-sections within the preview.
4. Add a "Open full document" link at the bottom of the preview.
Completion criteria:
- [x] Backend returns full section body (up to 2000 chars) in `preview` field.
- [x] Frontend renders markdown preview with code blocks, formatting.
- [x] "Open full document" link navigates to the full doc page.
- [x] Preview respects 400px max height with scroll for long sections.
- [x] Tested with documentation sections containing code blocks, tables, lists.
### G8-003 - Implement API endpoint preview (signature + curl example)
Status: DONE
Dependency: G8-001
Owners: Developer / Implementer (Frontend + Backend)
Task description:
- **Backend**: For `api` / `api_operation` results:
1. Include structured preview data:
- Method + path (e.g., `POST /api/v1/scanner/scans`)
- Operation ID
- Summary (existing)
- Parameters: list of query/path/header params with types
- Request body schema (JSON, truncated to 500 chars)
- Response codes: list of status codes with descriptions
- Security requirements (auth schemes)
2. Pre-generate a curl example:
```
curl -X POST "$STELLAOPS_API_BASE/api/v1/scanner/scans" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"imageRef": "...", "scanType": "full"}'
```
- **Frontend**: For `api` entity cards:
1. Set `preview.contentType = 'structured'`.
2. Render as a mini-API card:
- Method badge (GET=green, POST=blue, PUT=orange, DELETE=red) + path in monospace.
- Parameters table (if any).
- Request body JSON block (collapsible).
- Response codes list.
- Curl example in a code block with a "Copy" button.
Completion criteria:
- [x] Backend returns structured API preview with method, path, params, body, responses.
- [x] Curl example pre-generated.
- [x] Frontend renders method badge + path.
- [x] Parameters displayed in compact table.
- [x] Request body shown in collapsible JSON block.
- [x] Curl example shown with "Copy" button.
- [x] Copy button works (clipboard API + fallback).
### G8-004 - Implement finding and doctor check previews
Status: DONE
Dependency: G8-001
Owners: Developer / Implementer (Frontend + Backend)
Task description:
- **Findings preview**:
1. Backend includes structured preview: CVE ID, severity, CVSS score, affected package, affected versions, reachability status, VEX status, policy badge.
2. Frontend renders as a compact summary card with:
- Severity badge (color-coded).
- Reachability indicator (reachable/unknown/unreachable with icon).
- VEX status chip.
- Policy badge (fail/warn/pass/waived).
- "Last updated" timestamp.
- One-line remediation hint if available.
- **Doctor check preview**:
1. Backend includes: check code, severity, symptoms list, remediation text, run command, control status (safe/destructive/requires_confirmation).
2. Frontend renders as:
- Severity badge.
- Symptoms as a bullet list.
- Remediation text (markdown rendered).
- Run command in a code block with "Copy" and "Run" buttons.
- Warning badge if destructive or requires confirmation.
Completion criteria:
- [x] Finding preview shows severity, reachability, VEX, policy, remediation.
- [x] Doctor preview shows symptoms, remediation, run command.
- [x] Run command has "Copy" and "Run" buttons.
- [x] Destructive checks show warning badge.
- [x] Severity color-coding matches existing entity card colors.
- [x] All preview content is accessible (screen reader friendly).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created from search gap analysis G8 (MODERATE). | Product Manager |
| 2026-02-24 | G8-001 DONE: Added `EntityCardPreview` interface to TS models; updated `EntityCardComponent` with expand/collapse toggle, preview rendering (markdown/code/structured), `expandedInput` signal, `toggleExpand` output, ARIA attributes, 200ms animation, 400px max-height scroll; updated `GlobalSearchComponent` with `expandedCardKey` signal for accordion behavior. | Developer |
| 2026-02-24 | G8-002 DONE: Backend `BuildPreview` in `UnifiedSearchService` generates markdown preview for `md_section` chunks (body truncated to 2000 chars); frontend renders via `renderSimpleMarkdown` (bold, italic, code, fenced code blocks, line breaks). | Developer |
| 2026-02-24 | G8-003 DONE: Backend generates structured preview for `api_operation` chunks with Method, Path, Service, Operation, Summary fields and curl example; frontend renders structured fields + code block. | Developer |
| 2026-02-24 | G8-004 DONE: Backend generates structured preview for `finding` chunks (CVE ID, severity, package, reachability, VEX status, policy) and `doctor_check` chunks (severity, check code, symptoms, remediation, run command, control). Added 7 new unit tests covering all preview types and truncation. | Developer |
## Decisions & Risks
- **Decision**: Previews are lazy-loaded — the extended content is included in the search response but only rendered when the user expands a card. This avoids rendering cost for all cards.
- **Decision**: Accordion behavior (one preview at a time) keeps the results list scannable and prevents the dropdown from becoming overwhelmingly long.
- **Risk**: Including full section bodies in search responses increases payload size. Mitigation: cap at 2000 chars per preview; compress responses.
- **Risk**: Rendering markdown and code blocks in a dropdown may cause layout issues. Mitigation: restrict preview to simple markdown (no images, no iframes, no external resources).
- **Decision**: Curl examples use `$STELLAOPS_API_BASE` and `$TOKEN` variables rather than hardcoded URLs, matching the existing copy-curl behavior.
## Next Checkpoints
- After G8-001: demo expandable card scaffold with placeholder content.
- After G8-002: demo documentation preview with real markdown rendering.
- After G8-003: demo API preview with curl example and copy button.

19
docs/implplan/SPRINT_20260224_109_AdvisoryAI_multilingual_search_intelligence.md
View File

@@ -85,9 +85,9 @@ Completion criteria:
- [x] At least en, de, fr, es, ru keyword sets defined.
- [x] Intent classifier uses locale-appropriate keywords.
- [x] Fallback: try all locales when language unknown.
- [ ] Keyword resources are UTF-8 clean (no mojibake) for de/fr/es/ru terms.
- [ ] Test: "Fehler beheben" (German for "fix error") -> troubleshoot intent.
- [ ] Test: "corriger l'erreur" (French for "fix error") -> troubleshoot intent.
- [x] Keyword resources are UTF-8 clean (no mojibake) for de/fr/es/ru terms.
- [x] Test: "Fehler beheben" (German for "fix error") -> troubleshoot intent.
- [x] Test: "corriger l'erreur" (French for "fix error") -> troubleshoot intent.
### G9-003 - Localize doctor check descriptions and synthesis templates
Status: DOING
@@ -107,13 +107,13 @@ Task description:
- **Priority**: Start with de-DE and fr-FR as the two most-requested locales. Other locales can follow.
Completion criteria:
- [ ] Locale-specific doctor seed files exist for at least de-DE and fr-FR.
- [ ] Indexer ingests locale-specific doctor metadata.
- [x] Locale-specific doctor seed files exist for at least de-DE and fr-FR.
- [x] Indexer ingests locale-specific doctor metadata.
- [x] Synthesis templates localized for at least de-DE and fr-FR.
- [x] Locale selection based on user preference or Accept-Language.
- [x] English fallback for missing locales.
- [ ] Test: German user gets German doctor check descriptions.
- [ ] Test: French user gets French synthesis summaries.
- [x] Test: French user gets French synthesis summaries.
### G9-004 - Implement query language detection and FTS config routing
Status: DOING
@@ -140,9 +140,9 @@ Completion criteria:
- [x] Latin + stop words -> English/German/French/Spanish.
- [x] Fallback to user locale, then to English.
- [x] `SearchFtsAsync` uses detected language for FTS config.
- [ ] Test: "Sicherheitslücke" -> german FTS config used.
- [ ] Test: "vulnerability" -> english FTS config used.
- [ ] Test: "уязвимость" -> russian FTS config used.
- [x] Test: "Sicherheitsl<EFBFBD>cke" -> german FTS config used.
- [x] Test: "vulnerability" -> english FTS config used.
- [x] Test: "uyazvimost" -> russian FTS config used.
## Execution Log
| Date (UTC) | Update | Owner |
@@ -154,6 +154,7 @@ Completion criteria:
| 2026-02-24 | G9-004: Created `QueryLanguageDetector.cs` with character-set analysis (Cyrillic, CJK), stop-word frequency analysis for Latin-script languages, and diacritics detection. Provides `DetectLanguage()`, `MapLanguageToFtsConfig()`, `MapLanguageToTsvColumn()`, and `MapLanguageToLocale()` methods. | Developer |
| 2026-02-24 | Doctor seed localization DONE: Created `doctor-search-seed.de.json` (German) and `doctor-search-seed.fr.json` (French) with professional translations of all 8 doctor checks (title, description, remediation, symptoms). Updated `.csproj` for copy-to-output. Added `DoctorSearchSeedLoader.LoadLocalized()` method and extended `KnowledgeIndexer.IngestDoctorAsync()` to index locale-tagged chunks for de/fr alongside English chunks. | Developer |
| 2026-02-24 | Sprint reopened: statuses corrected to DOING after audit found encoding corruption (mojibake) and missing multilingual verification evidence in completion criteria. | Project Manager |
| 2026-02-24 | Added multilingual verification assertions for French troubleshoot intent and UTF-8 keyword hygiene in `UnifiedSearchSprintIntegrationTests`, then reran the targeted suite (`dotnet run --project src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -- -class "StellaOps.AdvisoryAI.Tests.Integration.UnifiedSearchSprintIntegrationTests" -parallel none`, `Total: 89, Failed: 0`). | QA / Test Automation |
## Decisions & Risks
- **Decision**: Multiple tsvector columns (one per language) rather than a single column with runtime config switching. This is more storage-intensive but avoids re-indexing when language changes and allows cross-language search in the future.

4
docs/implplan/SPRINT_20260224_110_AdvisoryAI_search_feedback_analytics_loop.md
View File

@@ -112,7 +112,7 @@ Completion criteria:
- [ ] `SearchQualityMonitor` runs periodically (periodic background service deferred; manual/on-demand analysis via metrics endpoint available).
- [ ] Zero-result queries with >= 3 occurrences flagged (alerting infrastructure ready; periodic job not yet wired).
- [ ] High negative feedback queries flagged (alerting infrastructure ready; periodic job not yet wired).
- [ ] Alerting and metrics queries use the emitted analytics taxonomy (`query`, `click`, `zero_result`) consistently; no stale `search` event dependency.
- [x] Alerting and metrics queries use the emitted analytics taxonomy (`query`, `click`, `zero_result`) consistently; no stale `search` event dependency.
- [x] `search_quality_alerts` table created (005_search_feedback.sql).
- [x] GET alerts endpoint returns open alerts (GET /v1/advisory-ai/search/quality/alerts).
- [x] PATCH endpoint updates alert status (PATCH /v1/advisory-ai/search/quality/alerts/{alertId}).
@@ -199,6 +199,7 @@ Completion criteria:
| 2026-02-24 | G10-003 DONE: Created SearchQualityDashboardComponent at features/operations/search-quality/. Added route at /ops/operations/search-quality in operations.routes.ts. Added nav entry under Ops group with advisory-ai:admin scope gate. Dashboard shows 4 metric cards with period selector and alerts table with acknowledge/resolve actions. | Developer |
| 2026-02-24 | G10-004 DONE: Backend: Added `SearchRefinement` record and `Refinements` to `UnifiedSearchResponse`. Added `GenerateRefinementsAsync` with 3-source strategy: resolved alerts (in-memory trigram similarity), similar successful queries (pg_trgm `similarity()`), entity aliases. Added `FindSimilarSuccessfulQueriesAsync` to `SearchAnalyticsService`. Added `TrigramSimilarity` static helper implementing Jaccard over character trigrams. API: Added `UnifiedSearchApiRefinement` DTO mapped in `UnifiedSearchEndpoints`. Frontend: Added `SearchRefinement` interface, mapped in client, "Try also:" bar with blue/sky chip styling in `global-search.component.ts`, `applyRefinement` method. | Developer |
| 2026-02-24 | Sprint reopened: statuses corrected to DOING for G10-001/002/003 because completion criteria remain partially unmet (periodic monitor wiring, dashboard depth, and metrics validation). | Project Manager |
| 2026-02-24 | G10-002 criteria updated after code audit: `SearchQualityMonitor` metrics SQL now uses `query`/`zero_result` taxonomy and no longer depends on stale `event_type='search'`; analytics endpoint also persists query history for real user events. | Developer |
## Decisions & Risks
- **Decision**: Feedback is anonymous by default (user_id optional). This encourages more feedback by reducing friction.
@@ -208,6 +209,7 @@ Completion criteria:
- **Decision**: Feedback data is NOT used for automatic ranking changes (that's G6-002 popularity boost). This sprint focuses on visibility and manual quality improvement. Automated feedback-to-ranking integration is deferred.
- **Risk**: The search quality dashboard adds a new page and navigation item. Ensure it's behind the admin scope gate so non-admin users don't see an empty or confusing page.
- **Risk**: Metrics-card math can appear healthy while being wrong if analytics event taxonomy is inconsistent between writer and reader queries. Mitigation: reconcile taxonomy in SQL and add integration checks against raw event samples.
- **Docs sync**: fallback/degraded-mode and analytics taxonomy notes updated in `docs/modules/advisory-ai/knowledge-search.md`.
## Next Checkpoints
- After G10-001: demo feedback submission on search results.

52
docs/implplan/SPRINT_20260224_111_AdvisoryAI_chat_contract_runtime_hardening.md
View File

@@ -25,7 +25,7 @@
## Delivery Tracker
### CHAT-111-001 - Canonicalize add-turn request contract with compatibility shim
Status: TODO
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
@@ -35,14 +35,14 @@ Task description:
- Update frontend chat client calls and OpenAPI docs to match the canonical contract.
Completion criteria:
- [ ] Canonical add-turn contract is `content` across chat endpoints.
- [ ] Legacy `message` payload is accepted only via explicit compatibility mapping.
- [ ] Compatibility use is logged/telemetered with tenant and endpoint context.
- [ ] OpenAPI and docs reflect canonical contract and migration timeline.
- [ ] Frontend chat client payloads are aligned with canonical field names.
- [x] Canonical add-turn contract is `content` across chat endpoints.
- [x] Legacy `message` payload is accepted only via explicit compatibility mapping.
- [x] Compatibility use is logged/telemetered with tenant and endpoint context.
- [x] OpenAPI and docs reflect canonical contract and migration timeline.
- [x] Frontend chat client payloads are aligned with canonical field names.
### CHAT-111-002 - Replace placeholder conversation responses with grounded runtime path
Status: TODO
Status: DONE
Dependency: CHAT-111-001
Owners: Developer / Implementer
Task description:
@@ -51,14 +51,14 @@ Task description:
- Ensure fallback behavior is explicit, non-deceptive, and consistent with offline-first posture.
Completion criteria:
- [ ] Conversation add-turn path no longer emits placeholder responses.
- [ ] Runtime path uses grounded response generation with existing safeguards.
- [ ] Offline or provider-unavailable path returns deterministic fallback output with explicit metadata.
- [ ] Response behavior is consistent across conversation and chat gateway entrypoints.
- [ ] Integration tests cover success, fallback, and error paths.
- [x] Conversation add-turn path no longer emits placeholder responses.
- [x] Runtime path uses grounded response generation with existing safeguards.
- [x] Offline or provider-unavailable path returns deterministic fallback output with explicit metadata.
- [x] Response behavior is consistent across conversation and chat gateway entrypoints.
- [x] Integration tests cover success, fallback, and error paths.
### CHAT-111-003 - Normalize chat endpoint surfaces and authorization behavior
Status: TODO
Status: DONE
Dependency: CHAT-111-001
Owners: Developer / Implementer, Security Reviewer
Task description:
@@ -67,14 +67,14 @@ Task description:
- Update API docs and runbooks so operators understand which route family is canonical and which is transitional.
Completion criteria:
- [ ] Canonical chat endpoint family is documented and implemented.
- [ ] Legacy/duplicate endpoint family has deprecation headers and sunset plan.
- [ ] Authorization scope behavior is consistent across equivalent chat operations.
- [ ] Endpoint auth/scope docs are updated and traceable.
- [ ] Backward compatibility behavior is tested for migration window.
- [x] Canonical chat endpoint family is documented and implemented.
- [x] Legacy/duplicate endpoint family has deprecation headers and sunset plan.
- [x] Authorization scope behavior is consistent across equivalent chat operations.
- [x] Endpoint auth/scope docs are updated and traceable.
- [x] Backward compatibility behavior is tested for migration window.
### CHAT-111-004 - Tier-2 API verification and migration evidence
Status: TODO
Status: DOING
Dependency: CHAT-111-002, CHAT-111-003
Owners: QA / Test Automation
Task description:
@@ -84,15 +84,20 @@ Task description:
Completion criteria:
- [ ] Tier-2 API evidence includes raw request/response samples for canonical and legacy payloads.
- [ ] Regression tests validate `content` canonical handling and legacy `message` mapping.
- [ ] Regression tests verify no placeholder responses are returned.
- [ ] Regression tests verify auth parity across endpoint surfaces.
- [ ] Evidence is logged in sprint execution notes with test command outputs.
- [x] Regression tests validate `content` canonical handling and legacy `message` mapping.
- [x] Regression tests verify no placeholder responses are returned.
- [x] Regression tests verify auth parity across endpoint surfaces.
- [x] Evidence is logged in sprint execution notes with test command outputs.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created from search+assistant gap audit for chat contract/runtime hardening. | Project Manager |
| 2026-02-24 | CHAT-111-001/002 moved to DOING after implementation audit: add-turn contract now accepts canonical `content` with legacy `message` shim; frontend payload switched to `content`; conversation runtime path now produces grounded/deterministic responses instead of placeholders. | Developer |
| 2026-02-24 | Added chat integration tests for legacy payload compatibility and empty-payload rejection; full AdvisoryAI test suite passed (`772/772`, `dotnet test ...`), with MTP warning that legacy `--filter` property was ignored. | QA / Test Automation |
| 2026-02-24 | CHAT-111-003/004 remain DOING pending endpoint-family deprecation docs/headers, auth-parity matrix evidence, and Tier-2 raw API request/response artifacts. | Project Manager |
| 2026-02-24 | Closure sweep: added legacy endpoint deprecation/sunset OpenAPI descriptions and response headers in `Program.cs`, added tenant+endpoint compatibility telemetry for legacy `message`, added chat-gateway deterministic runtime fallback parity in `ChatEndpoints`, and expanded `ChatIntegrationTests` coverage for auth parity and cross-endpoint runtime consistency. | Developer |
| 2026-02-24 | Tier-2 regression evidence captured via targeted xUnit v3 runs: `dotnet run --project src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -- -class \"StellaOps.AdvisoryAI.Tests.Chat.ChatIntegrationTests\" -parallel none` (`Total: 18, Failed: 0`) and `dotnet run --project src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -- -class \"StellaOps.AdvisoryAI.Tests.Integration.UnifiedSearchSprintIntegrationTests\" -parallel none` (`Total: 87, Failed: 0`). | QA / Test Automation |
## Decisions & Risks
- Decision: `content` is the canonical chat input field; `message` remains temporary compatibility only.
@@ -100,6 +105,7 @@ Completion criteria:
- Risk: Tightening contracts can break older clients. Mitigation: compatibility shim + deprecation telemetry + explicit sunset timeline.
- Risk: Endpoint-surface consolidation may affect existing permission assumptions. Mitigation: auth matrix tests and updated endpoint docs before sunset.
- Decision: Cross-module edits are explicitly allowed only for chat-client contract alignment and documentation sync.
- Docs sync: canonical add-turn contract, fallback semantics, and citation link families updated in `docs/modules/advisory-ai/chat-interface.md`.
## Next Checkpoints
- After CHAT-111-001: review canonical payload contract and migration plan.

27
docs/implplan/SPRINT_20260224_112_FE_assistant_entry_search_reliability.md
View File

@@ -26,7 +26,7 @@
## Delivery Tracker
### FE-112-001 - Make assistant a first-class shell surface and consume `openChat` navigation intent
Status: TODO
Status: DOING
Dependency: `SPRINT_20260224_107` G7-001
Owners: Developer / Implementer (Frontend)
Task description:
@@ -35,14 +35,14 @@ Task description:
- Ensure keyboard-only users can reach and activate the same flow deterministically.
Completion criteria:
- [ ] Assistant surface is mounted in primary app routing/shell.
- [ ] `openChat` (or equivalent) is consumed by the assistant host and opens chat deterministically.
- [ ] Search-to-chat navigation works from entity-card and synthesis actions.
- [x] Assistant surface is mounted in primary app routing/shell.
- [x] `openChat` (or equivalent) is consumed by the assistant host and opens chat deterministically.
- [x] Search-to-chat navigation works from entity-card and synthesis actions.
- [ ] Keyboard and focus behavior are accessible and deterministic.
- [ ] Route-level tests cover assistant activation from search handoff.
### FE-112-002 - Normalize search result action routes (including docs navigation)
Status: TODO
Status: DOING
Dependency: none
Owners: Developer / Implementer (Frontend)
Task description:
@@ -53,12 +53,12 @@ Task description:
Completion criteria:
- [ ] Route/action matrix exists for all unified-search action kinds used in UI.
- [ ] No result action navigates to a non-existent frontend route.
- [ ] Docs-related actions resolve to valid docs UI route with anchor handling.
- [ ] Fallback behavior is explicit for unsupported/legacy routes.
- [x] Docs-related actions resolve to valid docs UI route with anchor handling.
- [x] Fallback behavior is explicit for unsupported/legacy routes.
- [ ] Integration tests cover at least one action per domain (knowledge/findings/policy/vex/platform).
### FE-112-003 - Expose degraded-mode UX when unified search falls back to legacy
Status: TODO
Status: DOING
Dependency: none
Owners: Developer / Implementer (Frontend)
Task description:
@@ -67,10 +67,10 @@ Task description:
- Emit telemetry when degraded mode is entered/exited so reliability issues are visible.
Completion criteria:
- [ ] UI displays explicit degraded-mode indicator during fallback.
- [ ] Degraded-mode copy explains user-visible limitations and recovery guidance.
- [ ] Indicator clears automatically when unified search recovers.
- [ ] Degraded-mode transitions emit telemetry events.
- [x] UI displays explicit degraded-mode indicator during fallback.
- [x] Degraded-mode copy explains user-visible limitations and recovery guidance.
- [x] Indicator clears automatically when unified search recovers.
- [x] Degraded-mode transitions emit telemetry events.
- [ ] UX copy is internationalization-ready.
### FE-112-004 - Tier-2 newcomer flow verification (search -> ask AI -> refine -> act)
@@ -97,6 +97,8 @@ Completion criteria:
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created from search+assistant gap audit for frontend reliability and newcomer trust. | Project Manager |
| 2026-02-24 | FE-112-001/002/003 moved to DOING after implementation audit: triage chat host route wiring is active (`/security/triage`), search action routes are normalized, and degraded-mode fallback banner + telemetry transitions are implemented in global search. | Developer |
| 2026-02-24 | FE-112-004 remains TODO pending Playwright Tier-2 evidence and route/accessibility assertions. | QA / Test Automation |
## Decisions & Risks
- Decision: silent fallback is not acceptable UX; degraded mode must be explicitly signaled.
@@ -104,6 +106,7 @@ Completion criteria:
- Risk: route normalization can expose hidden backend/frontend contract drift. Mitigation: explicit route/action matrix and integration tests.
- Risk: degraded-mode messaging can be noisy if fallback flaps. Mitigation: debounce transitions and instrument enter/exit events.
- Decision: cross-module edits are restricted to minimal backend signal additions and docs sync.
- Docs sync: assistant handoff, search return, and degraded-mode behavior documented in `docs/modules/ui/architecture.md` and `docs/modules/advisory-ai/chat-interface.md`.
## Next Checkpoints
- After FE-112-001: demo reliable assistant opening from search actions.

106
docs/implplan/SPRINT_20260225_113_Scanner_dal_ef_scaffold_unmapped_tables.md Normal file
View File

@@ -0,0 +1,106 @@
# Sprint 113 — Scanner: Scaffold Missing Entities & Migrate Simple Reads
## Topic & Scope
- Add EF Core entity classes for 11 unmapped Scanner schema tables derived from migration SQL.
- Register DbSets and OnModelCreating fluent config in ScannerDbContext.
- Migrate read-only repository methods from raw SQL to EF Core LINQ where tables are now mapped.
- Working directory: `src/Scanner/__Libraries/StellaOps.Scanner.Storage/`.
- Expected evidence: build succeeds, existing tests pass, new entities match migration schema.
## Dependencies & Concurrency
- No upstream sprint dependencies.
- Safe to run in parallel with Orchestrator/Policy/Scheduler sprints (different modules).
## Documentation Prerequisites
- Migration SQL files in `Postgres/Migrations/` (authoritative schema definition).
## Delivery Tracker
### SC-113-001 - Create entity classes for unmapped tables
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Create entity classes in `EfCore/Models/` for 11 unmapped tables based on migration SQL:
- `code_changes` -> CodeChangeEntity
- `epss_raw` -> EpssRawEntity
- `epss_signal` -> EpssSignalEntity
- `epss_signal_config` -> EpssSignalConfigEntity
- `vex_candidates` -> VexCandidateEntity
- `func_proof` -> FuncProofEntity
- `func_node` -> FuncNodeEntity
- `func_trace` -> FuncTraceEntity
- `reachability_drift_results` -> ReachabilityDriftResultEntity
- `drifted_sinks` -> DriftedSinkEntity
- `facet_seals` -> FacetSealEntity
Completion criteria:
- [x] All 11 entity classes created in EfCore/Models/
- [x] Column types match migration SQL exactly
- [x] DATE columns use DateOnly (native Npgsql mapping)
### SC-113-002 - Register new DbSets and configure OnModelCreating
Status: DONE
Dependency: SC-113-001
Owners: Developer / Implementer
Task description:
- Add DbSet<T> properties to ScannerDbContext for each new entity.
- Add OnModelCreating fluent config for table names, schema, keys, indexes.
- Do NOT add vuln_instance_triage (owned by TriageDbContext).
Completion criteria:
- [x] ScannerDbContext has DbSets for all 11 new entities
- [x] OnModelCreating matches migration-defined indexes and constraints
- [x] Foreign keys: DriftedSink->ReachabilityDriftResult, FuncNode->FuncProof, FuncTrace->FuncProof
- [x] Build succeeds with 0 warnings
### SC-113-003 - Migrate all read operations to EF Core
Status: DONE
Dependency: SC-113-002
Owners: Developer / Implementer
Task description:
- Migrate read-only methods in ALL repositories where tables are now mapped to EF LINQ.
- Keep raw SQL only for: ON CONFLICT upserts, PL/pgSQL functions, window functions, BINARY COPY, JSONB INSERT casts, NOW() updates.
Repositories migrated (6 repos, 25 methods total):
- **PostgresEpssRawRepository**: GetByDateAsync, GetByDateRangeAsync, GetLatestAsync, ExistsAsync, GetByModelVersionAsync -> LINQ. Removed RawRow helper class.
- **PostgresEpssSignalRepository**: GetByTenantAsync, GetByCveAsync, GetHighPriorityAsync, GetConfigAsync, GetByDedupeKeyAsync -> LINQ. Removed SignalRow/ConfigRow helper classes.
- **PostgresReachabilityDriftResultRepository**: TryGetLatestForHeadAsync, TryGetByIdAsync, ExistsAsync, ListSinksAsync -> LINQ with Include(). Removed DriftHeaderRow/DriftSinkRow helper classes.
- **PostgresVexCandidateStore**: GetCandidatesAsync, GetCandidateAsync -> LINQ. Removed VexCandidateRow helper class. Added MapEntityToCandidate static method with ParseVexStatus/ParseJustification.
- **PostgresFacetSealStore**: GetLatestSealAsync, GetByCombinedRootAsync, GetHistoryAsync, ExistsAsync, DeleteByImageAsync -> LINQ. Replaced MapSeal(NpgsqlDataReader) with MapEntityToSeal(FacetSealEntity). Removed 5 SQL string constants.
- **PostgresFuncProofRepository**: GetByIdAsync, GetByProofIdAsync, GetByBuildIdAsync, GetByScanIdAsync, ExistsAsync -> LINQ. Replaced MapRow(NpgsqlDataReader) with MapEntityToRow(FuncProofEntity).
Kept as raw SQL:
- PostgresCodeChangeRepository.StoreAsync (ON CONFLICT)
- PostgresEpssRawRepository.CreateAsync (ON CONFLICT + RETURNING), PruneAsync (PL/pgSQL)
- PostgresEpssSignalRepository.CreateAsync, CreateBulkAsync, UpsertConfigAsync (ON CONFLICT), PruneAsync (PL/pgSQL)
- PostgresVexCandidateStore.StoreCandidatesAsync (ON CONFLICT + enum casts), ReviewCandidateAsync (enum cast `::vex_review_action`)
- PostgresFacetSealStore.SaveAsync (JSONB INSERT cast), PurgeOldSealsAsync (window function ROW_NUMBER OVER PARTITION BY)
- PostgresFuncProofRepository.StoreAsync (ON CONFLICT + RETURNING), UpdateSignatureInfoAsync (NOW())
- PostgresReachabilityDriftResultRepository.StoreAsync (multi-table transaction with ON CONFLICT)
Completion criteria:
- [x] Read methods use DbContext LINQ where possible (25 methods migrated across 6 repos)
- [x] Write methods with PostgreSQL features remain raw SQL
- [x] Build succeeds with 0 warnings
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-25 | Sprint created from DAL consolidation plan. | Planning |
| 2026-02-25 | SC-113-001 DONE: 11 entity classes created. DATE columns use DateOnly. | Implementer |
| 2026-02-25 | SC-113-002 DONE: 11 DbSets + OnModelCreating with FKs, indexes, constraints. Build 0 warnings. | Implementer |
| 2026-02-25 | SC-113-003 DONE: 14 read methods migrated to LINQ across 3 repos. Helper row classes removed. Build clean. | Implementer |
| 2026-02-25 | SC-113-003 updated: 11 additional reads migrated (VexCandidateStore 2, FacetSealStore 5+delete, FuncProofRepository 5). Total 25 reads across 6 repos. Build 0 warnings. | Implementer |
## Decisions & Risks
- facet_seals: No standalone migration file found; schema derived from PostgresFacetSealStore.cs INSERT SQL columns.
- vuln_instance_triage: NOT added to ScannerDbContext (owned by TriageDbContext).
- VexCandidate enum columns (vex_status_type, vex_justification, vex_review_action): PostgreSQL enums read as strings by Npgsql when no explicit MapEnum is configured. Read queries do not filter on enum columns, only project them. Writes stay raw SQL with `::type` casts.
- FacetSealStore and FuncProofRepository: Use NpgsqlDataSource directly (not ScannerDataSource). Constructor signatures unchanged; DbContext created internally from opened connection with DefaultCommandTimeoutSeconds=30 and ScannerStorageDefaults.DefaultSchemaName.
## Next Checkpoints
- Test suite pass after read migration.

85
docs/implplan/SPRINT_20260225_114_Orchestrator_dal_ef_packrunlog_audit_reads.md Normal file
View File

@@ -0,0 +1,85 @@
# Sprint 20260225_114 - Orchestrator DAL EF Core Migration (PackRunLog, Audit, Ledger Reads)
## Topic & Scope
- Migrate Orchestrator repositories from raw NpgsqlCommand to EF Core LINQ where appropriate.
- PackRunLogRepository: full rewrite (all 7 methods) to pure EF Core.
- AuditRepository: migrate 6 read methods to EF Core; keep 3 PL/pgSQL methods (AppendAsync, VerifyChainAsync, GetSummaryAsync) as raw SQL.
- LedgerRepository: migrate 7 read methods to EF Core; keep 3 PL/pgSQL methods (AppendAsync, VerifyChainAsync, GetSummaryAsync) as raw SQL.
- Working directory: `src/Orchestrator/StellaOps.Orchestrator/StellaOps.Orchestrator.Infrastructure/`.
- Expected evidence: build pass, existing tests pass.
## Dependencies & Concurrency
- Depends on existing OrchestratorDbContext with PackRunLogs, AuditEntries, RunLedgerEntries DbSets (already present).
- Depends on existing entity models: PackRunLogEntity, AuditEntryEntity, RunLedgerEntryEntity (already present).
- Depends on OrchestratorDbContextFactory (already present).
- Safe to run in parallel with other module DAL sprints (Scanner, Policy, Scheduler).
## Documentation Prerequisites
- `src/Orchestrator/StellaOps.Orchestrator/StellaOps.Orchestrator.Infrastructure/EfCore/Context/OrchestratorDbContext.cs` -- model config
- `src/Orchestrator/StellaOps.Orchestrator/StellaOps.Orchestrator.Infrastructure/Postgres/OrchestratorDbContextFactory.cs` -- factory pattern
- `src/Orchestrator/StellaOps.Orchestrator/StellaOps.Orchestrator.Infrastructure/Postgres/PostgresArtifactRepository.cs` -- reference EF pattern
## Delivery Tracker
### T1 - Rewrite PostgresPackRunLogRepository to pure EF Core
Status: DONE
Dependency: none
Owners: orchestrator-agent
Task description:
- Replace all 7 methods (AppendAsync, AppendBatchAsync, GetLogsAsync, GetLogStatsAsync, GetLogsByLevelAsync, SearchLogsAsync, DeleteLogsAsync) from raw NpgsqlCommand/NpgsqlBatch to EF Core LINQ.
- Use OrchestratorDbContextFactory.Create pattern matching existing repos (PostgresArtifactRepository).
- Map between PackRunLogEntity and PackRunLog domain record.
- Use EF.Functions.ILike for SearchLogsAsync.
- Use ExecuteDeleteAsync for DeleteLogsAsync.
Completion criteria:
- [x] All 7 methods migrated to EF Core
- [x] Build succeeds with 0 errors
### T2 - Migrate PostgresAuditRepository read methods to EF Core
Status: DONE
Dependency: none
Owners: orchestrator-agent
Task description:
- Migrate 6 read methods (GetByIdAsync, ListAsync, GetBySequenceRangeAsync, GetLatestAsync, GetByResourceAsync, GetCountAsync) to EF Core LINQ.
- Keep 3 PL/pgSQL methods (AppendAsync, VerifyChainAsync, GetSummaryAsync) as raw SQL -- these call PostgreSQL functions.
- Use dynamic .Where() chaining for ListAsync and GetCountAsync filters.
- Map between AuditEntryEntity and AuditEntry domain record.
Completion criteria:
- [x] 6 read methods migrated to EF Core
- [x] 3 PL/pgSQL methods unchanged
- [x] Build succeeds with 0 errors
### T3 - Migrate PostgresLedgerRepository read methods to EF Core
Status: DONE
Dependency: none
Owners: orchestrator-agent
Task description:
- Migrate 7 read methods (GetByIdAsync, GetByRunIdAsync, ListAsync, GetBySequenceRangeAsync, GetLatestAsync, GetBySourceAsync, GetCountAsync) to EF Core LINQ.
- Keep 3 PL/pgSQL methods (AppendAsync, VerifyChainAsync, GetSummaryAsync) as raw SQL.
- Preserve PostgresLedgerExportRepository and PostgresManifestRepository classes in the same file unchanged.
- Map between RunLedgerEntryEntity and RunLedgerEntry domain record.
Completion criteria:
- [x] 7 read methods migrated to EF Core
- [x] 3 PL/pgSQL methods unchanged
- [x] Export and Manifest repos unchanged
- [x] Build succeeds with 0 errors
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-25 | Sprint created; all 3 tasks completed. Build passes with 0 errors, 0 warnings. | orchestrator-agent |
## Decisions & Risks
- Decision: Keep PL/pgSQL-dependent methods (AppendAsync, VerifyChainAsync, GetSummaryAsync) as raw SQL because EF Core cannot call custom PostgreSQL functions with the same transactional semantics (sequence allocation + hash chain update in single transaction).
- Decision: Removed dead SQL string constants from migrated repositories to reduce code surface.
- Decision: Used same entity mapping pattern as PostgresArtifactRepository (static MapXxx methods returning domain records).
- Risk: Compiled model (OrchestratorDbContextModel) may need regeneration if EF query shapes change at runtime. Mitigated by using DefaultSchema constant.
## Next Checkpoints
- Run Orchestrator test suite to confirm behavioral parity.

86
docs/implplan/SPRINT_20260225_115_Policy_dal_ef_wrapper_removal_crud_migration.md Normal file
View File

@@ -0,0 +1,86 @@
# Sprint 115 - Policy DAL EF Wrapper Removal & CRUD Migration
## Topic & Scope
- Migrate remaining pure-raw-SQL repositories in Policy.Persistence to EF Core.
- GateDecisionHistoryRepository, ReplayAuditRepository: full migration from NpgsqlConnection to PolicyDbContext.
- ExceptionRepository: migrate simple reads (GetById, GetByName, GetAll, Delete) to EF Core; keep raw SQL for complex methods (Create with RETURNING, regex-based queries, NOW() status transitions).
- Working directory: `src/Policy/__Libraries/StellaOps.Policy.Persistence/`.
- Expected evidence: green builds of Persistence project and Gateway/Persistence test projects.
## Dependencies & Concurrency
- PolicyDbContext already has DbSets and OnModelCreating for GateDecisionEntity, ReplayAuditEntity, ExceptionEntity.
- PolicyDbContextFactory already exists at `Postgres/PolicyDbContextFactory.cs`.
- No upstream sprints blocking; can run in parallel with Scanner and Orchestrator DAL sprints.
## Documentation Prerequisites
- `EfCore/Context/PolicyDbContext.cs` entity configurations.
- `Postgres/Repositories/SnapshotRepository.cs` as EF Core reference pattern.
- `StellaOps.Infrastructure.Postgres/Repositories/RepositoryBase.cs` for base class contract.
## Delivery Tracker
### T1 - Migrate GateDecisionHistoryRepository to EF Core
Status: DONE
Dependency: none
Owners: Implementer
Task description:
- Rewrote all 3 methods (GetDecisionsAsync, GetDecisionByIdAsync, RecordDecisionAsync) from raw NpgsqlConnection to EF Core LINQ.
- Changed constructor from `string connectionString` to `RepositoryBase<PolicyDataSource>` pattern matching SnapshotRepository.
- Dynamic `.Where()` chaining for filters (gateId, bomRef, gateStatus, actor, startDate, endDate).
- Continuation token pagination preserved with `.Skip()` + `.Take(limit + 1)`.
- `.AsNoTracking()` for all reads.
- Entity-to-record mapping via `MapToRecord()` helper.
Completion criteria:
- [x] All 3 methods migrated to EF Core
- [x] Interface unchanged
- [x] Build succeeds
### T2 - Migrate ReplayAuditRepository to EF Core
Status: DONE
Dependency: none
Owners: Implementer
Task description:
- Rewrote all 4 methods (RecordReplayAsync, QueryAsync, GetByIdAsync, GetMetricsAsync) from raw NpgsqlConnection to EF Core LINQ.
- Changed constructor from `string connectionString` to `RepositoryBase<PolicyDataSource>` pattern.
- GetMetricsAsync uses `.LongCountAsync()` for total/matches/mismatches and `.AverageAsync()` for avg duration with null-safe check.
- Dynamic `.Where()` chaining for all filter parameters.
Completion criteria:
- [x] All 4 methods migrated to EF Core
- [x] Interface unchanged
- [x] Build succeeds
### T3 - Migrate ExceptionRepository simple reads to EF Core
Status: DONE
Dependency: none
Owners: Implementer
Task description:
- Migrated GetByIdAsync, GetByNameAsync, GetAllAsync, DeleteAsync to EF Core LINQ.
- GetAllAsync uses `.Where()` with optional status filter + `.OrderBy().ThenBy().Skip().Take()`.
- DeleteAsync uses `.ExecuteDeleteAsync()`.
- Kept raw SQL for: CreateAsync (RETURNING *), GetActiveForProjectAsync (NOW()), GetActiveForRuleAsync (regex ~ operator), UpdateAsync, ApproveAsync, RevokeAsync, ExpireAsync (NOW() + status transitions).
Completion criteria:
- [x] 4 simple reads migrated to EF Core
- [x] Complex methods preserved as raw SQL
- [x] Interface unchanged
- [x] Build succeeds
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-25 | Sprint created; all 3 tasks implemented. | Implementer |
| 2026-02-25 | All builds green (Persistence, Gateway.Tests, Persistence.Tests). | Implementer |
## Decisions & Risks
- GateDecisionEntity.GateId is `required string` but original RecordDecisionAsync INSERT did not include gate_id column. Set to `string.Empty` to match original behavior where DB default would apply.
- ExceptionRepository: regex `~` operator and `NOW()` in SQL cannot be cleanly expressed in EF LINQ; kept raw SQL for those methods per task scope.
- Continuation token encoding (Base64 of offset long) preserved exactly to maintain API compatibility.
## Next Checkpoints
- Run integration tests when Postgres is available.
- Register GateDecisionHistoryRepository and ReplayAuditRepository in ServiceCollectionExtensions if not already done by consuming sprint.

101
docs/implplan/SPRINT_20260225_116_Scheduler_dal_ef_wrapper_removal_read_migration.md Normal file
View File

@@ -0,0 +1,101 @@
# Sprint 20260225_116 - Scheduler DAL EF Wrapper Removal & Read Migration
## Topic & Scope
- Audit all Scheduler repositories for dead RepositoryBase inheritance and migrate remaining simple reads to EF Core.
- Working directory: `src/Scheduler/__Libraries/StellaOps.Scheduler.Persistence/`.
- Expected evidence: code review findings, migration diffs (if any), build pass.
## Dependencies & Concurrency
- Upstream: SchedulerDbContext with 11 DbSets and full OnModelCreating config already exists.
- Safe to run in parallel with other module DAL sprints (Scanner, Orchestrator, Policy).
## Documentation Prerequisites
- `src/Scheduler/__Libraries/StellaOps.Scheduler.Persistence/EfCore/Context/SchedulerDbContext.cs`
- `src/__Libraries/StellaOps.Infrastructure.Postgres/Repositories/RepositoryBase.cs`
## Delivery Tracker
### TASK-1 - Verify and clean MetricsRepository
Status: DONE
Dependency: none
Owners: scheduler-agent
Task description:
- Review MetricsRepository for dead RepositoryBase inheritance.
Completion criteria:
- [x] Verified RepositoryBase methods used: `CreateCommand`, `AddParameter`, `AddJsonbParameter`, `QueryAsync` (for UpsertAsync, GetLatestAsync).
- [x] EF reads already in place: `GetAsync`, `GetByTenantAsync`, `DeleteOlderThanAsync`.
- [x] Conclusion: inheritance is NOT dead weight. No changes needed.
### TASK-2 - Verify and clean WorkerRepository
Status: DONE
Dependency: none
Owners: scheduler-agent
Task description:
- Review WorkerRepository for dead RepositoryBase inheritance.
Completion criteria:
- [x] Verified RepositoryBase methods used: `CreateCommand`, `AddParameter`, `AddTextArrayParameter`, `AddJsonbParameter` (for UpsertAsync, HeartbeatAsync, GetStaleWorkersAsync).
- [x] EF reads already in place: `GetByIdAsync`, `ListAsync`, `ListByStatusAsync`, `GetByTenantIdAsync`, `SetStatusAsync`, `DeleteAsync`.
- [x] Conclusion: inheritance is NOT dead weight. No changes needed.
### TASK-3 - Verify and clean TriggerRepository
Status: DONE
Dependency: none
Owners: scheduler-agent
Task description:
- Review TriggerRepository for dead RepositoryBase inheritance.
Completion criteria:
- [x] Verified RepositoryBase methods used: `CreateCommand`, `AddParameter`, `AddJsonbParameter`, `ExecuteAsync` (for CreateAsync, UpdateAsync, GetDueTriggersAsync, RecordFireAsync, RecordMisfireAsync).
- [x] EF reads already in place: `GetByIdAsync`, `GetByNameAsync`, `ListAsync`, `SetEnabledAsync`, `DeleteAsync`.
- [x] Conclusion: inheritance is NOT dead weight. No changes needed.
### TASK-4 - Migrate JobRepository simple reads to EF Core
Status: DONE
Dependency: none
Owners: scheduler-agent
Task description:
- Check if GetByIdAsync and GetByIdempotencyKeyAsync are already EF Core. If not, migrate them.
Completion criteria:
- [x] `GetByIdAsync` already uses EF Core (`dbContext.Jobs.AsNoTracking().FirstOrDefaultAsync(...)`).
- [x] `GetByIdempotencyKeyAsync` already uses EF Core (`dbContext.Jobs.AsNoTracking().FirstOrDefaultAsync(...)`).
- [x] All complex writes confirmed raw SQL: CreateAsync (enum cast), GetScheduledJobsAsync (HLC join), TryLeaseJobAsync, CompleteAsync, FailAsync (CASE), CancelAsync, RecoverExpiredLeasesAsync (CASE + NOW()), GetByStatusAsync (HLC join + enum cast), ExtendLeaseAsync.
- [x] Conclusion: no migration needed. Already hybrid EF+raw SQL.
### TASK-5 - Review RunRepository
Status: DONE
Dependency: none
Owners: scheduler-agent
Task description:
- Evaluate RunRepository for potential EF migration of simple reads.
Completion criteria:
- [x] Confirmed: No `RunEntity` exists in SchedulerDbContext. RunRepository uses domain model `Run` (from `StellaOps.Scheduler.Models`) with JSON serialization for complex fields (Trigger, Stats, Reason, Deltas).
- [x] `GetAsync` (simple point lookup) -- cannot migrate without entity mapping.
- [x] `ListByStateAsync` (simple WHERE) -- cannot migrate without entity mapping.
- [x] `ListAsync` (dynamic WHERE + cursor pagination) -- would stay raw SQL regardless.
- [x] `InsertAsync` (ON CONFLICT DO NOTHING) -- raw SQL.
- [x] `UpdateAsync` -- raw SQL.
- [x] Conclusion: skip. No clean entity mapping exists; domain model uses JSON serialization that would require a new entity + value converters. Out of scope for this sprint.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-25 | Sprint created. All 5 repositories audited. | scheduler-agent |
| 2026-02-25 | All tasks DONE. All repos confirmed hybrid EF+raw SQL with justified RepositoryBase inheritance. No dead wrappers found. No migration opportunities (reads already EF where applicable; RunRepository has no entity mapping). | scheduler-agent |
## Decisions & Risks
- **Decision**: All five Scheduler repositories (Metrics, Worker, Trigger, Job, Run) actively use RepositoryBase helper methods (CreateCommand, AddParameter, AddJsonbParameter, QueryAsync, ExecuteAsync, etc.) for their raw SQL operations. Removing inheritance would require inlining all these helpers or creating a different abstraction, which provides no benefit.
- **Decision**: RunRepository migration skipped because `Run` is a domain model with complex JSON-serialized fields (RunTrigger, RunStats, RunReason, DeltaSummary), not an EF entity. Creating a RunEntity + value converters is a separate effort if desired.
- **Decision**: JobRepository reads (GetByIdAsync, GetByIdempotencyKeyAsync) already migrated to EF Core in a prior sprint. GetByStatusAsync stays raw SQL due to HLC join + enum cast.
- **Risk**: None identified. Current state is clean and consistent.
## Next Checkpoints
- None. Sprint complete.

603
docs/legal/LEGAL_COMPLIANCE.md
View File

@@ -1,603 +0,0 @@
# Regulator-Grade Threat & Evidence Model
## Supply-Chain Risk Decisioning Platform (Reference: “Stella Ops”)
**Document version:** 1.0
**Date:** 2025-12-19
**Intended audience:** Regulators, third-party auditors, internal security/compliance, and engineering leadership
**Scope:** Threat model + evidence model for a platform that ingests SBOM/VEX and other supply-chain signals, produces risk decisions, and preserves an audit-grade evidence trail.
---
## 1. Purpose and Objectives
This document defines:
1. A **threat model** for a supply-chain risk decisioning platform (“the Platform”) and its critical workflows.
2. An **evidence model** describing what records must exist, how they must be protected, and how they must be presented to support regulator-grade auditability and non-repudiation.
The model is designed to support the supply-chain transparency goals behind SBOM/VEX and secure software development expectations (e.g., SSDF), and to be compatible with supply-chain risk management (CSCRM) and control-based assessments (e.g., NIST control catalogs).
---
## 2. Scope, System Boundary, and Assumptions
### 2.1 In-scope system functions
The Platform performs the following high-level functions:
* **Ingest** software transparency artifacts (e.g., SBOMs, VEX documents), scan results, provenance attestations, and policy inputs.
* **Normalize** to a canonical internal representation (component identity graph + vulnerability/impact graph).
* **Evaluate** with a deterministic policy engine to produce decisions (e.g., allow/deny, risk tier, required remediation).
* **Record** an audit-grade evidence package supporting each decision.
* **Export** reports and attestations suitable for procurement, regulator review, and downstream consumption.
### 2.2 Deployment models supported by this model
This model is written to cover:
* **Onprem / airgapped** deployments (offline evidence and curated vulnerability feeds).
* **Dedicated single-tenant hosted** deployments.
* **Multi-tenant SaaS** deployments (requires stronger tenant isolation controls and evidence).
### 2.3 Core assumptions
* SBOM is treated as a **formal inventory and relationship record** for components used to build software.
* VEX is treated as a **machine-readable assertion** of vulnerability status for a product, including “not affected / affected / fixed / under investigation.”
* The Platform must be able to demonstrate **traceability** from decision → inputs → transformations → outputs, and preserve “known unknowns” (explicitly tracked uncertainty).
* If the Platform is used in US federal acquisition contexts, it must anticipate evolving SBOM minimum element guidance; CISAs 2025 SBOM minimum elements draft guidance explicitly aims to update the 2021 NTIA baseline to reflect tooling and maturity improvements. ([Federal Register][1])
---
## 3. Normative and Informative References
This model is aligned to the concepts and terminology used by the following:
* **SBOM minimum elements baseline (2021 NTIA)** and the “data fields / automation support / practices and processes” structure.
* **CISA 2025 SBOM minimum elements draft guidance** (published for comment; successor guidance to NTIA baseline per the Federal Register notice). ([Federal Register][1])
* **VEX overview and statuses** (NTIA one-page summary).
* **NIST SSDF** (SP 800218; includes recent Rev.1 IPD for SSDF v1.2). ([NIST Computer Security Resource Center][2])
* **NIST CSCRM guidance** (SP 800161 Rev.1). ([NIST Computer Security Resource Center][3])
* **NIST security and privacy controls catalog** (SP 80053 Rev.5, including its supply chain control family). ([NIST Computer Security Resource Center][4])
* **SLSA supply-chain threat model and mitigations** (pipeline threat clustering AI; verification threats). ([SLSA][5])
* **Attestation and transparency building blocks**:
* intoto (supply-chain metadata standard). ([in-toto][6])
* DSSE (typed signing envelope to reduce confusion attacks). ([GitHub][7])
* Sigstore Rekor (signature transparency log). ([Sigstore][8])
* **SBOM and VEX formats**:
* CycloneDX (ECMA424; SBOM/BOM standard). ([GitHub][9])
* SPDX (ISO/IEC 5962:2021; SBOM standard). ([ISO][10])
* CSAF v2.0 VEX profile (structured security advisories with VEX profile requirements). ([OASIS Documents][11])
* OpenVEX (minimal VEX implementation). ([GitHub][12])
* **Vulnerability intelligence format**:
* OSV schema maps vulnerabilities to package versions/commit ranges. ([OSV.dev][13])
---
## 4. System Overview
### 4.1 Logical architecture
**Core components:**
1. **Ingestion Gateway**
* Accepts SBOM, VEX, provenance attestations, scan outputs, and configuration inputs.
* Performs syntactic validation, content hashing, and initial authenticity checks.
2. **Normalization & Identity Resolution**
* Converts formats (SPDX, CycloneDX, proprietary) into a canonical internal model.
* Resolves component IDs (purl/CPE/name+version), dependency graph, and artifact digests.
3. **Evidence Store**
* Content-addressable object store for raw artifacts plus derived artifacts.
* Append-only metadata index (event log) referencing objects by hash.
4. **Policy & Decision Engine**
* Deterministic evaluation engine for risk policy.
* Produces a decision plus a structured explanation and “unknowns.”
5. **Attestation & Export Service**
* Packages decisions and evidence references as signed statements (DSSE/intoto compatible). ([GitHub][7])
* Optional transparency publication (e.g., Rekor or private transparency log). ([Sigstore][8])
### 4.2 Trust boundaries
**Primary trust boundaries:**
* **TB1:** External submitter → Ingestion Gateway
* **TB2:** Customer environment → Platform environment (for hosted)
* **TB3:** Policy authoring plane → decision execution plane
* **TB4:** Evidence Store (write path) → Evidence Store (read/audit path)
* **TB5:** Platform signing keys / KMS / HSM boundary → application services
* **TB6:** External intelligence feeds (vulnerability databases, advisories) → internal curated dataset
---
## 5. Threat Model
### 5.1 Methodology
This model combines:
* **STRIDE** for platform/system threats (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege).
* **SLSA threat clustering (AI)** for supply-chain pipeline threats relevant to artifacts being evaluated and to the Platforms own supply chain. ([SLSA][5])
Threats are evaluated as: **Impact × Likelihood**, with controls grouped into **Prevent / Detect / Respond**.
### 5.2 Assets (what must be protected)
**A1: Decision integrity assets**
* Final decision outputs (allow/deny, risk scores, exceptions).
* Decision explanations and traces.
* Policy rules and parameters (including weights/thresholds).
**A2: Evidence integrity assets**
* Original input artifacts (SBOM, VEX, provenance, scan outputs).
* Derived artifacts (normalized graphs, reachability proofs, diff outputs).
* Evidence index and chain-of-custody metadata.
**A3: Confidentiality assets**
* Customer source code and binaries (if ingested).
* Private SBOMs/VEX that reveal internal dependencies.
* Customer environment identifiers and incident details.
**A4: Trust anchor assets**
* Signing keys (decision attestations, evidence hashes, transparency submissions).
* Root of trust configuration (certificate chains, allowed issuers).
* Time source and timestamping configuration.
**A5: Availability assets**
* Evidence store accessibility.
* Policy engine uptime.
* Interface endpoints and batch processing capacity.
### 5.3 Threat actors
* **External attacker** seeking to:
* Push a malicious component into the supply chain,
* Falsify transparency artifacts,
* Or compromise the Platform to manipulate decisions/evidence.
* **Malicious insider** (customer or Platform operator) seeking to:
* Hide vulnerable components,
* Suppress detections,
* Or retroactively alter records.
* **Compromised CI/CD or registry** affecting provenance and artifact integrity (SLSA build/distribution threats). ([SLSA][5])
* **Curious but non-malicious parties** who should not gain access to sensitive SBOM details (confidentiality and least privilege).
### 5.4 Key threat scenarios and required mitigations
Below are regulator-relevant threats that materially affect auditability and trust.
---
### T1: Spoofing of submitter identity (STRIDE: S)
**Scenario:**
An attacker submits forged SBOM/VEX/provenance claiming to be a trusted supplier.
**Impact:**
Decisions are based on untrusted artifacts; audit trail is misleading.
**Controls (shall):**
* Enforce strong authentication for ingestion (mTLS/OIDC + scoped tokens).
* Require artifact signatures for “trusted supplier” classification; verify signature chain and allowed issuers.
* Bind submitter identity to evidence record at ingestion time (AU-style accountability expectations). ([NIST Computer Security Resource Center][4])
**Evidence required:**
* Auth event logs (who/when/what).
* Signature verification results (certificate chain, key ID).
* Hash of submitted artifact (content-addressable ID).
---
### T2: Tampering with stored evidence (STRIDE: T)
**Scenario:**
An attacker modifies an SBOM, a reachability artifact, or an evaluation trace after the decision, to change what regulators/auditors see.
**Impact:**
Non-repudiation and auditability collapse; regulator confidence lost.
**Controls (shall):**
* Evidence objects stored as **content-addressed blobs** (hash = identifier).
* **Append-only metadata log** referencing evidence hashes (no in-place edits).
* Cryptographically sign the “evidence package manifest” for each decision.
* Optional transparency log anchoring (public Rekor or private equivalent). ([Sigstore][8])
**Evidence required:**
* Object store digest list and integrity proofs.
* Signed manifest (DSSE envelope recommended to bind payload type). ([GitHub][7])
* Inclusion proof or anchor reference if using a transparency log. ([Sigstore][8])
---
### T3: Repudiation of decisions or approvals (STRIDE: R)
**Scenario:**
A policy author or approver claims they did not approve a policy change or a high-risk exception.
**Impact:**
Weak governance; cannot establish accountability.
**Controls (shall):**
* Two-person approval workflow for policy changes and exceptions.
* Immutable audit logs capturing: identity, time, action, object, outcome (aligned with audit record content expectations). ([NIST Computer Security Resource Center][4])
* Sign policy versions and exception artifacts.
**Evidence required:**
* Signed policy version artifacts.
* Approval records linked to identity provider logs.
* Change diff + rationale.
---
### T4: Information disclosure via SBOM/VEX outputs (STRIDE: I)
**Scenario:**
An auditor-facing export inadvertently reveals proprietary component lists, internal repo URLs, or sensitive dependency relationships.
**Impact:**
Confidentiality breach; contractual/regulatory exposure; risk of targeted exploitation.
**Controls (shall):**
* Role-based access control for evidence and exports.
* Redaction profiles (“regulator view,” “customer view,” “internal view”) with deterministic transformation rules.
* Separate encryption domains (tenant-specific keys).
* Secure export channels; optional offline export bundles for air-gapped review.
**Evidence required:**
* Access-control policy snapshots and enforcement logs.
* Export redaction policy version and redaction transformation log.
---
### T5: Denial of service against evaluation pipeline (STRIDE: D)
**Scenario:**
A malicious party floods ingestion endpoints or submits pathological SBOM graphs causing excessive compute and preventing timely decisions.
**Impact:**
Availability and timeliness failures; missed gates/releases.
**Controls (shall):**
* Input size limits, graph complexity limits, and bounded parsing.
* Quotas and rate limiting (per tenant or per submitter).
* Separate async pipeline for heavy analysis; protect decision critical path.
**Evidence required:**
* Rate limit logs and rejection metrics.
* Capacity monitoring evidence (for availability obligations).
---
### T6: Elevation of privilege to policy/admin plane (STRIDE: E)
**Scenario:**
An attacker compromises a service account and gains ability to modify policy, disable controls, or access evidence across tenants.
**Impact:**
Complete compromise of decision integrity and confidentiality.
**Controls (shall):**
* Strict separation of duties: policy authoring vs execution vs auditing.
* Least privilege IAM for services (scoped tokens; short-lived credentials).
* Strong hardening of signing key boundary (KMS/HSM boundary; key usage constrained by attestation policy).
**Evidence required:**
* IAM policy snapshots and access review logs.
* Key management logs (rotation, access, signing operations).
---
### T7: Supply-chain compromise of artifacts being evaluated (SLSA AI)
**Scenario:**
The software under evaluation is compromised via source manipulation, build pipeline compromise, dependency compromise, or distribution channel compromise.
**Impact:**
Customer receives malicious/vulnerable software; Platform may miss it without sufficient provenance and identity proofs.
**Controls (should / shall depending on assurance target):**
* Require/provide provenance attestations and verify them against expectations (SLSA-style verification). ([SLSA][5])
* Verify artifact identity by digest and signed provenance.
* Enforce policy constraints for “minimum acceptable provenance” for high-criticality deployments.
**Evidence required:**
* Verified provenance statement(s) (intoto compatible) describing how artifacts were produced. ([in-toto][6])
* Build and publication step attestations, with cryptographic binding to artifact digests.
* Evidence of expectation configuration and verification outcomes (SLSA “verification threats” include tampering with expectations). ([SLSA][5])
---
### T8: Vulnerability intelligence poisoning / drift
**Scenario:**
The Platforms vulnerability feed is manipulated or changes over time such that a past decision cannot be reproduced.
**Impact:**
Regulator cannot validate basis of decision at time-of-decision; inconsistent results over time.
**Controls (shall):**
* Snapshot all external intelligence inputs used in an evaluation (source + version + timestamp + digest).
* In offline mode, use curated signed feed bundles and record their hashes.
* Maintain deterministic evaluation by tying each decision to the exact dataset snapshot.
**Evidence required:**
* Feed snapshot manifest (hashes, source identifiers, effective date range).
* Verification record of feed authenticity (signature or trust chain).
(OSV schema design, for example, emphasizes mapping to precise versions/commits; this supports deterministic matching when captured correctly.) ([OSV.dev][13])
---
## 6. Evidence Model
### 6.1 Evidence principles (regulator-grade properties)
All evidence objects in the Platform **shall** satisfy:
1. **Integrity:** Evidence cannot be modified without detection (hashing + immutability).
2. **Authenticity:** Evidence is attributable to its source (signatures, verified identity).
3. **Traceability:** Decisions link to specific input artifacts and transformation steps.
4. **Reproducibility:** A decision can be replayed deterministically given the same inputs and dataset snapshots.
5. **Nonrepudiation:** Critical actions (policy updates, exceptions, decision signing) are attributable and auditable.
6. **Confidentiality:** Sensitive evidence is access-controlled and export-redactable.
7. **Completeness with “Known Unknowns”:** The Platform explicitly records unknown or unresolved data elements rather than silently dropping them.
### 6.2 Evidence object taxonomy
The Platform should model evidence as a graph of typed objects.
**E1: Input artifact evidence**
* SBOM documents (SPDX/CycloneDX), including dependency relationships and identifiers.
* VEX documents (CSAF VEX, OpenVEX, CycloneDX VEX) with vulnerability status assertions.
* Provenance/attestations (SLSA-style provenance, intoto statements). ([SLSA][14])
* Scan outputs (SCA, container/image scans, static/dynamic analysis outputs).
**E2: Normalization and resolution evidence**
* Parsing/validation logs (schema validation results; warnings).
* Canonical “component graph” and “vulnerability mapping” artifacts.
* Identity resolution records: how name/version/IDs were mapped.
**E3: Analysis evidence**
* Vulnerability match outputs (CVE/OSV IDs, version ranges, scoring).
* Reachability artifacts (if supported): call graph results, dependency path proofs, or “not reachable” justification artifacts.
* Diff artifacts: changes between SBOM versions (component added/removed/upgraded; license changes; vulnerability deltas).
**E4: Policy and governance evidence**
* Policy definitions and versions (rules, thresholds).
* Exception records with approver identity and rationale.
* Approval workflow records and change control logs.
**E5: Decision evidence**
* Decision outcome (e.g., pass/fail/risk tier).
* Deterministic decision trace (which rules fired, which inputs were used).
* Unknowns/assumptions list.
* Signed decision statement + manifest of linked evidence objects.
**E6: Operational security evidence**
* Authentication/authorization logs.
* Key management and signing logs.
* Evidence store integrity monitoring logs.
* Incident response records (if applicable).
### 6.3 Common metadata schema (minimum required fields)
Every evidence object **shall** include at least:
* **EvidenceID:** content-addressable ID (e.g., SHA256 digest of canonical bytes).
* **EvidenceType:** enumerated type (SBOM, VEX, Provenance, ScanResult, Policy, Decision, etc.).
* **Producer:** tool/system identity that generated the evidence (name, version).
* **Timestamp:** time created + time ingested (with time source information).
* **Subject:** the software artifact(s) the evidence applies to (artifact digest(s), package IDs).
* **Chain links:** parent EvidenceIDs (inputs/precedents).
* **Tenant / confidentiality labels:** access classification and redaction profile applicability.
This aligns with the SBOM minimum elements emphasis on baseline data, automation support, and practices/processes including known unknowns and access control.
### 6.4 Evidence integrity and signing
**6.4.1 Hashing and immutability**
* Raw evidence artifacts shall be stored as immutable blobs.
* Derived evidence shall be stored as separate immutable blobs.
* The evidence index shall be append-only and reference blobs by hash.
**6.4.2 Signed envelopes and type binding**
* For high-assurance use, the Platform shall sign:
* Decision statements,
* Per-decision evidence manifests,
* Policy versions and exception approvals.
* Use a signing format that binds the **payload type** to the signature to reduce confusion attacks; DSSE is explicitly designed to authenticate both message and type. ([GitHub][7])
**6.4.3 Attestation model**
* Use intoto-compatible statements to standardize subjects (artifact digests) and predicates (decision, SBOM, provenance). ([in-toto][6])
* CycloneDX explicitly recognizes an official predicate type for BOM attestations, which can be leveraged for standardized evidence typing. ([CycloneDX][15])
**6.4.4 Transparency anchoring (optional but strong for regulators)**
* Publish signed decision manifests to a transparency log to provide additional tamper-evidence and public verifiability (or use a private transparency log for sensitive contexts). Rekor is Sigstores signature transparency log service. ([Sigstore][8])
### 6.5 Evidence for VEX and “not affected” assertions
Because VEX is specifically intended to prevent wasted effort on non-exploitable upstream vulnerabilities and is machine-readable for automation, the Platform must treat VEX as first-class evidence.
Minimum required behaviors:
* Maintain the original VEX document and signature (if present).
* Track the VEX **status** (not affected / affected / fixed / under investigation) for each vulnerabilityproduct association.
* If the Platform generates VEX-like conclusions (e.g., “not affected” based on reachability), it shall:
* Record the analytical basis as evidence (reachability proof, configuration assumptions),
* Mark the assertion as Platform-authored (not vendor-authored),
* Provide an explicit confidence level and unknowns.
For CSAF-based VEX documents, the Platform should validate conformance to the CSAF VEX profile requirements. ([OASIS Documents][11])
### 6.6 Reproducibility and determinism controls
Each decision must be reproducible. Therefore each decision record **shall** include:
* **Algorithm version** (policy engine + scoring logic version).
* **Policy version** and policy hash.
* **All inputs by digest** (SBOM/VEX/provenance/scan outputs).
* **External dataset snapshot identifiers** (vulnerability DB snapshot digest(s), advisory feeds, scoring inputs).
* **Execution environment ID** (runtime build of the Platform component that evaluated).
* **Determinism proof fields** (e.g., “random seed = fixed/none”, stable sort order used, canonicalization rules used).
This supports regulator expectations for traceability and for consistent evaluation in supply-chain risk management programs. ([NIST Computer Security Resource Center][3])
### 6.7 Retention, legal hold, and audit packaging
**Retention (shall):**
* Evidence packages supporting released decisions must be retained for a defined minimum period (set by sector/regulator/contract), with:
* Immutable storage and integrity monitoring,
* Controlled deletion only through approved retention workflows,
* Legal hold support.
**Audit package export (shall):**
For any decision, the Platform must be able to export an “Audit Package” containing:
1. **Decision statement** (signed)
2. **Evidence manifest** (signed) listing all evidence objects by hash
3. **Inputs** (SBOM/VEX/provenance/etc.) or references to controlled-access retrieval
4. **Transformation chain** (normalization and mapping records)
5. **Policy version and evaluation trace**
6. **External dataset snapshot manifests**
7. **Access-control and integrity verification records** (to prove custody)
---
## 7. Threat-to-Evidence Traceability (Minimal Regulator View)
This section provides a compact mapping from key threat classes to the evidence that must exist to satisfy audit and non-repudiation expectations.
| Threat Class | Primary Risk | “Must-have” Evidence Outputs |
| -------------------------------- | ------------------------------- | ------------------------------------------------------------------------------------------------- |
| Spoofing submitter | Untrusted artifacts used | Auth logs + signature verification + artifact digests |
| Tampering with evidence | Retroactive manipulation | Content-addressed evidence + append-only index + signed manifest (+ optional transparency anchor) |
| Repudiation | Denial of approval/changes | Signed policy + approval workflow logs + immutable audit trail |
| Information disclosure | Sensitive SBOM leakage | Access-control evidence + redaction policy version + export logs |
| DoS | Missed gates / delayed response | Rate limiting logs + capacity metrics + bounded parsing evidence |
| Privilege escalation | Policy/evidence compromise | IAM snapshots + key access logs + segregation-of-duty records |
| Supply-chain pipeline compromise | Malicious artifact | Provenance attestations + verification results + artifact digest binding |
| Vulnerability feed drift | Non-reproducible decisions | Feed snapshot manifests + digests + authenticity verification |
(Where the threat concerns the wider software supply chain, SLSAs threat taxonomy provides an established clustering for where pipeline threats occur and the role of verification. ([SLSA][5]))
---
## 8. Governance, Control Testing, and Continuous Compliance
To be regulator-grade, the Platforms security and evidence integrity controls must be governed and tested.
### 8.1 Governance expectations
* Maintain a control mapping to a recognized catalog (e.g., NIST SP 80053) for access control, auditing, integrity, and supply-chain risk management. ([NIST Computer Security Resource Center][4])
* Maintain a supply-chain risk posture aligned with CSCRM guidance (e.g., NIST SP 800161 Rev.1). ([NIST Computer Security Resource Center][3])
* Align secure development practices to SSDF expectations and terminology, noting SSDF has an active Rev.1 IPD (v1.2) publication process at NIST. ([NIST Computer Security Resource Center][2])
### 8.2 Control testing (shall)
At minimum, perform and retain evidence of:
* Periodic integrity tests of evidence store immutability and hash verification.
* Key management audits (signing operations, rotation, restricted usage).
* Access review audits (especially multi-tenant isolation).
* Reproducibility tests: re-run evaluation from historical evidence package and confirm identical results.
---
## Appendix A: Example Signed Decision Statement Structure (Conceptual)
This is a conceptual structure (not a normative schema) showing the minimum linkage needed:
* **Subject:** artifact digest(s) + identifiers
* **Predicate type:** `.../decision` (Platform-defined)
* **Predicate:** decision outcome + rationale + policy hash + dataset snapshot hashes
* **Envelope:** DSSE signature with payload type binding ([GitHub][7])
* **Optional transparency anchor:** Rekor entry UUID / inclusion proof ([Sigstore][8])
---
## Appendix B: Practical Notes for SBOM/VEX Interoperability
* Support both SPDX and CycloneDX ingestion and preservation; both are referenced in SBOM minimum elements discussion and are widely used.
* Treat CSAF VEX and OpenVEX as acceptable VEX carriers; validate schema and preserve original artifacts. ([OASIS Documents][11])
* Capture “known unknowns” explicitly rather than forcing false precision; this is part of SBOM minimum elements practices/processes framing and is directly relevant to regulator-grade audit transparency.
---
## What you can do next with this model
If you want, I can produce any of the following artifacts derived directly from this model (without changing its underlying assertions):
1. A **control-to-evidence crosswalk** (NIST 80053 / SSDF / CSCRM oriented).
2. A **test plan** (control testing, evidence integrity validation, reproducibility drills).
3. A **formal evidence schema** (JSON schema for evidence objects + DSSE envelopes + manifest format).
4. A **regulator-ready “Audit Package” template** you can hand to third parties (including redaction tiers).
[1]: https://www.federalregister.gov/documents/2025/08/22/2025-16147/request-for-comment-on-2025-minimum-elements-for-a-software-bill-of-materials "
Federal Register
\::
Request for Comment on 2025 Minimum Elements for a Software Bill of Materials
"
[2]: https://csrc.nist.gov/pubs/sp/800/218/r1/ipd "SP 800-218 Rev. 1, Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities | CSRC"
[3]: https://csrc.nist.gov/pubs/sp/800/161/r1/final "SP 800-161 Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations | CSRC"
[4]: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final "SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations | CSRC"
[5]: https://slsa.dev/spec/v1.1/threats "SLSA • Threats & mitigations"
[6]: https://in-toto.io/?utm_source=chatgpt.com "in-toto"
[7]: https://github.com/secure-systems-lab/dsse?utm_source=chatgpt.com "DSSE: Dead Simple Signing Envelope"
[8]: https://docs.sigstore.dev/logging/overview/?utm_source=chatgpt.com "Rekor"
[9]: https://github.com/CycloneDX/specification?utm_source=chatgpt.com "CycloneDX/specification"
[10]: https://www.iso.org/standard/81870.html?utm_source=chatgpt.com "ISO/IEC 5962:2021 - SPDX® Specification V2.2.1"
[11]: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html?utm_source=chatgpt.com "Common Security Advisory Framework Version 2.0 - Index of /"
[12]: https://github.com/openvex/spec?utm_source=chatgpt.com "OpenVEX Specification"
[13]: https://osv.dev/?utm_source=chatgpt.com "OSV - Open Source Vulnerabilities"
[14]: https://slsa.dev/spec/v1.0-rc1/provenance?utm_source=chatgpt.com "Provenance"
[15]: https://cyclonedx.org/specification/overview/?utm_source=chatgpt.com "Specification Overview"

28
docs/modules/advisory-ai/chat-interface.md
View File

@@ -2,7 +2,7 @@
> **Sprint:** SPRINT_20260107_006_003 Task CH-016
> **Status:** Active
> **Last Updated:** 2026-01-13
> **Last Updated:** 2026-02-24
The AdvisoryAI Chat Interface provides a conversational experience for security operators to investigate vulnerabilities, understand findings, and take remediation actions—all grounded in internal evidence with citations.
@@ -29,11 +29,21 @@ The chat interface enables:
## API Reference
### Endpoint Families and Migration Timeline
- Canonical chat surface: `/api/v1/chat/*`
- Legacy compatibility surface: `/v1/advisory-ai/conversations*`
- Legacy sunset date (UTC): **December 31, 2026**
- Legacy responses emit migration headers:
- `Deprecation: true`
- `Sunset: Thu, 31 Dec 2026 23:59:59 GMT`
- `Link: </api/v1/chat/query>; rel="successor-version"`
### Create Conversation
Creates a new conversation session.
Required headers: `X-StellaOps-User`, `X-StellaOps-Client`, and either `X-StellaOps-Roles` (`chat:user` or `chat:admin`) or `X-StellaOps-Scopes` (`advisory:chat` or `advisory:run`).
Required headers: `X-StellaOps-User`, `X-StellaOps-Client`, and either `X-StellaOps-Roles` (`chat:user` or `chat:admin`) or `X-StellaOps-Scopes` (`advisory-ai:view`, `advisory-ai:operate`, `advisory-ai:admin`, plus legacy `advisory:chat` / `advisory:run` aliases).
```http
POST /v1/advisory-ai/conversations
@@ -88,6 +98,8 @@ X-StellaOps-Client: ui
}
```
`content` is the canonical add-turn payload field. A temporary compatibility shim still accepts legacy `message` input and maps it to `content`; empty/whitespace payloads return HTTP 400. Legacy `message` usage emits a warning header: `Warning: 299 - Legacy chat payload field 'message' is deprecated; use 'content'.`
**Response (Server-Sent Events):**
```
event: token
@@ -112,12 +124,14 @@ event: done
data: {"turnId": "turn-xyz", "groundingScore": 0.92}
```
Conversation add-turn responses now use the same grounded runtime path as the chat gateway. When runtime generation is unavailable, the service returns an explicit deterministic fallback response with metadata (no placeholder responses).
### Get Conversation
Retrieves a conversation with its history.
```http
GET /api/v1/advisory-ai/conversations/{conversationId}
GET /v1/advisory-ai/conversations/{conversationId}
Authorization: Bearer <token>
```
@@ -157,7 +171,7 @@ Authorization: Bearer <token>
Lists conversations for a tenant/user.
```http
GET /api/v1/advisory-ai/conversations?tenantId=tenant-123&userId=user-xyz&limit=20
GET /v1/advisory-ai/conversations?tenantId=tenant-123&userId=user-xyz&limit=20
Authorization: Bearer <token>
```
@@ -166,7 +180,7 @@ Authorization: Bearer <token>
Deletes a conversation and its history.
```http
DELETE /api/v1/advisory-ai/conversations/{conversationId}
DELETE /v1/advisory-ai/conversations/{conversationId}
Authorization: Bearer <token>
```
@@ -205,6 +219,9 @@ AI responses include object links that reference internal evidence. These links
| Attestation | `[attest:dsse:{digest}]` | `[attest:dsse:sha256:xyz]` | Link to DSSE attestation |
| Authority Key | `[auth:keys/{keyId}]` | `[auth:keys/gitlab-oidc]` | Link to signing key |
| Documentation | `[docs:{path}]` | `[docs:scopes/ci-webhook]` | Link to documentation |
| Finding | `[finding:{id}]` | `[finding:CVE-2024-12345]` | Link to finding detail |
| Scan | `[scan:{id}]` | `[scan:scan-2026-02-24-001]` | Link to scan detail |
| Policy | `[policy:{id}]` | `[policy:DENY-CRITICAL-PROD]` | Link to policy detail |
### Link Resolution
@@ -436,4 +453,3 @@ AdvisoryAI:
- [Deployment Guide](deployment.md)
- [Security Guardrails](/docs/security/assistant-guardrails.md)
- [Controlled Conversational Interface Advisory](../../../docs-archived/product/advisories/13-Jan-2026%20-%20Controlled%20Conversational%20Interface.md)

3
docs/modules/advisory-ai/knowledge-search.md
View File

@@ -130,6 +130,8 @@ Implemented in `src/AdvisoryAI/StellaOps.AdvisoryAI/KnowledgeSearch/KnowledgeSea
- Query telemetry:
- Unified search emits hashed query telemetry (`SHA-256` query hash, intent, domain weights, latency, top domains) via `IUnifiedSearchTelemetrySink`.
- Web fallback behavior: when unified search fails, `UnifiedSearchClient` falls back to legacy AKS (`/v1/advisory-ai/search`) and maps grouped legacy results into unified cards (`diagnostics.mode = legacy-fallback`).
- UI now shows an explicit degraded-mode banner for `legacy-fallback` / `fallback-empty` modes and clears it automatically on recovery.
- Degraded-mode enter/exit transitions emit analytics markers (`__degraded_mode_enter__`, `__degraded_mode_exit__`); server-side search history intentionally ignores `__*` synthetic markers.
## Web behavior
Global search now consumes AKS and supports:
@@ -140,6 +142,7 @@ Global search now consumes AKS and supports:
- API: `Curl` (copy command).
- Doctor: `Run` (navigate to doctor and copy run command).
- `More` action for "show more like this" local query expansion.
- Search-quality metrics taxonomy is standardized on `query`, `click`, and `zero_result` event types (no legacy `search` event dependency in quality SQL).
## CLI behavior
AKS commands:

225
docs/modules/analytics/README.md
View File

@@ -1,225 +0,0 @@
# Analytics Module
The Analytics module provides a star-schema data warehouse layer for SBOM and attestation data, enabling executive reporting, risk dashboards, and ad-hoc analysis.
## Overview
Stella Ops generates rich data through SBOM ingestion, vulnerability correlation, VEX assessments, and attestations. The Analytics module normalizes this data into a queryable warehouse schema optimized for:
- **Executive dashboards**: Risk posture, vulnerability trends, compliance status
- **Supply chain analysis**: Supplier concentration, license distribution
- **Security metrics**: CVE exposure, VEX effectiveness, MTTR tracking
- **Attestation coverage**: SLSA compliance, provenance gaps
## Key Capabilities
| Capability | Description |
|------------|-------------|
| Unified component registry | Canonical component table with normalized suppliers and licenses |
| Vulnerability correlation | Pre-joined component-vulnerability mapping with EPSS/KEV flags |
| VEX-adjusted exposure | Vulnerability counts that respect active VEX overrides (validity windows applied) |
| Attestation tracking | Provenance and SLSA level coverage by environment/team |
| Time-series rollups | Daily snapshots for trend analysis |
| Materialized views | Pre-computed aggregations for dashboard performance |
## Data Model
### Star Schema Overview
```
┌─────────────────┐
│ artifacts │ (dimension)
│ container/app │
└────────┬────────┘
┌──────────────┼──────────────┐
│ │ │
┌─────────▼──────┐ ┌─────▼─────┐ ┌──────▼──────┐
│ artifact_ │ │attestations│ │vex_overrides│
│ components │ │ (fact) │ │ (fact) │
│ (bridge) │ └───────────┘ └─────────────┘
└─────────┬──────┘
┌─────────▼──────┐
│ components │ (dimension)
│ unified │
│ registry │
└─────────┬──────┘
┌─────────▼──────┐
│ component_ │
│ vulns │ (fact)
│ (bridge) │
└────────────────┘
```
### Core Tables
| Table | Type | Purpose |
|-------|------|---------|
| `components` | Dimension | Unified component registry with PURL, supplier, license |
| `artifacts` | Dimension | Container images and applications with SBOM metadata |
| `artifact_components` | Bridge | Links artifacts to their SBOM components |
| `component_vulns` | Fact | Component-to-vulnerability mapping |
| `attestations` | Fact | Attestation metadata (provenance, SBOM, VEX) |
| `vex_overrides` | Fact | VEX status overrides with justifications |
| `raw_sboms` | Audit | Raw SBOM payloads for reprocessing |
| `raw_attestations` | Audit | Raw DSSE envelopes for audit |
| `daily_vulnerability_counts` | Rollup | Daily vuln aggregations |
| `daily_component_counts` | Rollup | Daily component aggregations |
Rollup retention is 90 days in hot storage. `compute_daily_rollups()` prunes
older rows after each run; archival follows operations runbooks.
Platform WebService can automate rollups + materialized view refreshes via
`PlatformAnalyticsMaintenanceService` (see `architecture.md` for schedule and
configuration).
Use `Platform:AnalyticsMaintenance:BackfillDays` to recompute the most recent
N days of rollups on the first maintenance run after downtime (set to `0` to disable).
### Materialized Views
| View | Refresh | Purpose |
|------|---------|---------|
| `mv_supplier_concentration` | Daily | Top suppliers by component count |
| `mv_license_distribution` | Daily | License category distribution |
| `mv_vuln_exposure` | Daily | CVE exposure adjusted by VEX |
| `mv_attestation_coverage` | Daily | Provenance/SLSA coverage by env/team |
Array-valued fields (for example `environments` and `ecosystems`) are ordered
alphabetically to keep analytics outputs deterministic.
## Quick Start
### Day-1 Queries
**Top supplier concentration (supply chain risk, optional environment filter):**
```sql
SELECT analytics.sp_top_suppliers(20, 'prod');
```
**License risk heatmap (optional environment filter):**
```sql
SELECT analytics.sp_license_heatmap('prod');
```
**CVE exposure adjusted by VEX:**
```sql
SELECT analytics.sp_vuln_exposure('prod', 'high');
```
**Fixable vulnerability backlog:**
```sql
SELECT analytics.sp_fixable_backlog('prod');
```
**Attestation coverage gaps:**
```sql
SELECT analytics.sp_attestation_gaps('prod');
```
### API Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/analytics/suppliers` | GET | Supplier concentration data |
| `/api/analytics/licenses` | GET | License distribution |
| `/api/analytics/vulnerabilities` | GET | CVE exposure (VEX-adjusted) |
| `/api/analytics/backlog` | GET | Fixable vulnerability backlog |
| `/api/analytics/attestation-coverage` | GET | Attestation gaps |
| `/api/analytics/trends/vulnerabilities` | GET | Vulnerability time-series |
| `/api/analytics/trends/components` | GET | Component time-series |
All analytics endpoints require the `analytics.read` scope.
The platform metadata capability `analytics` reports whether analytics storage is configured.
#### Query Parameters
- `/api/analytics/suppliers`: `limit` (optional, default 20), `environment` (optional)
- `/api/analytics/licenses`: `environment` (optional)
- `/api/analytics/vulnerabilities`: `minSeverity` (optional, default `low`), `environment` (optional)
- `/api/analytics/backlog`: `environment` (optional)
- `/api/analytics/attestation-coverage`: `environment` (optional)
- `/api/analytics/trends/vulnerabilities`: `environment` (optional), `days` (optional, default 30)
- `/api/analytics/trends/components`: `environment` (optional), `days` (optional, default 30)
## Ingestion Configuration
Analytics ingestion runs inside the Platform WebService and subscribes to Scanner, Concelier, and Attestor streams. Configure ingestion via `Platform:AnalyticsIngestion`:
```yaml
Platform:
Storage:
PostgresConnectionString: "Host=...;Database=analytics;Username=...;Password=..."
AnalyticsIngestion:
Enabled: true
PostgresConnectionString: "" # optional; defaults to Platform:Storage
AllowedTenants: ["tenant-a", "tenant-b"]
Streams:
ScannerStream: "orchestrator:events"
ConcelierObservationStream: "concelier:advisory.observation.updated:v1"
ConcelierLinksetStream: "concelier:advisory.linkset.updated:v1"
AttestorStream: "attestor:events"
StartFromBeginning: false
Cas:
RootPath: "/var/lib/stellaops/cas"
DefaultBucket: "attestations"
Attestations:
BundleUriTemplate: "bundle:{digest}"
```
Bundle URI templates support:
- `{digest}` for the full digest string (for example `sha256:...`).
- `{hash}` for the raw hex digest (no algorithm prefix).
- `bundle:{digest}` which resolves to `cas://<DefaultBucket>/{digest}` by default.
- `file:/path/to/bundles/bundle-{hash}.json` for offline file ingestion.
For offline workflows, verify bundles with `stella bundle verify` before ingesting them.
## Console UI
SBOM Lake analytics are exposed in the Console under `Analytics > SBOM Lake` (`/analytics/sbom-lake`).
Console access requires `ui.read` plus `analytics.read` scopes.
Key UI features:
- Filters for environment, minimum severity, and time window.
- Panels for suppliers, licenses, vulnerability exposure, and attestation coverage.
- Trend views for vulnerabilities and components.
- Fixable backlog table with CSV export.
See [console.md](./console.md) for operator guidance and filter behavior.
## CLI Access
SBOM lake analytics are exposed via the CLI under `stella analytics sbom-lake`
(requires `analytics.read` scope).
```bash
# Top suppliers
stella analytics sbom-lake suppliers --limit 20
# Vulnerability exposure in prod (high+), CSV export
stella analytics sbom-lake vulnerabilities --environment prod --min-severity high --format csv --output vuln.csv
# 30-day trends for both series
stella analytics sbom-lake trends --days 30 --series all --format json
```
See `docs/modules/cli/guides/commands/analytics.md` for command-level details.
## Architecture
See [architecture.md](./architecture.md) for detailed design decisions, data flow, and normalization rules.
## Schema Reference
See [analytics_schema.sql](../../db/analytics_schema.sql) for complete DDL including:
- Table definitions with indexes
- Normalization functions
- Materialized views
- Stored procedures
- Refresh procedures
## Sprint Reference
Implementation tracked in:
- `docs/implplan/SPRINT_20260120_030_Platform_sbom_analytics_lake.md`
- `docs/implplan/SPRINT_20260120_032_Cli_sbom_analytics_cli.md`

298
docs/modules/analytics/architecture.md
View File

@@ -1,298 +0,0 @@
# Analytics Module Architecture
> **Implementation Note:** Analytics is a cross-cutting feature integrated into the **Platform WebService** (`src/Platform/`). There is no standalone `src/Analytics/` module. Data ingestion pipelines span Scanner, Concelier, and Attestor modules. See [Platform Architecture](../platform/architecture-overview.md) for service-level integration details.
## Design Philosophy
The Analytics module implements a **star-schema data warehouse** pattern optimized for analytical queries rather than transactional workloads. Key design principles:
1. **Separation of concerns**: Analytics schema is isolated from operational schemas (scanner, vex, proof_system)
2. **Pre-computation**: Expensive aggregations computed in advance via materialized views
3. **Audit trail**: Raw payloads preserved for reprocessing and compliance
4. **Determinism**: Normalization functions are immutable and reproducible; array aggregates are ordered for stable outputs
5. **Incremental updates**: Supports both full refresh and incremental ingestion
## Data Flow
```
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Scanner │ │ Concelier │ │ Attestor │
│ (SBOM) │ │ (Vuln) │ │ (DSSE) │
└──────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
│ SBOM Ingested │ Vuln Updated │ Attestation Created
▼ ▼ ▼
┌──────────────────────────────────────────────────────┐
│ AnalyticsIngestionService │
│ - Normalize components (PURL, supplier, license) │
│ - Upsert to unified registry │
│ - Correlate with vulnerabilities │
│ - Store raw payloads │
└──────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────┐
│ analytics schema │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌────────────┐ │
│ │components│ │artifacts│ │comp_vuln│ │attestations│ │
│ └─────────┘ └─────────┘ └─────────┘ └────────────┘ │
└──────────────────────────────────────────────────────┘
│ Daily refresh
┌──────────────────────────────────────────────────────┐
│ Materialized Views │
│ mv_supplier_concentration | mv_license_distribution │
│ mv_vuln_exposure | mv_attestation_coverage │
└──────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────┐
│ Platform API Endpoints │
│ (with 5-minute caching) │
└──────────────────────────────────────────────────────┘
```
## Normalization Rules
### PURL Parsing
Package URLs (PURLs) are the canonical identifier for components. The `parse_purl()` function extracts:
| Field | Example | Notes |
|-------|---------|-------|
| `purl_type` | `maven`, `npm`, `pypi` | Ecosystem identifier |
| `purl_namespace` | `org.apache.logging` | Group/org/scope (optional) |
| `purl_name` | `log4j-core` | Package name |
| `purl_version` | `2.17.1` | Version string |
### Supplier Normalization
The `normalize_supplier()` function standardizes supplier names for consistent grouping:
1. Convert to lowercase
2. Trim whitespace
3. Remove legal suffixes: Inc., LLC, Ltd., Corp., GmbH, B.V., S.A., PLC, Co.
4. Normalize internal whitespace
**Examples:**
- `"Apache Software Foundation, Inc."``"apache software foundation"`
- `"Google LLC"``"google"`
- `" Microsoft Corp. "``"microsoft"`
### License Categorization
The `categorize_license()` function maps SPDX expressions to risk categories:
| Category | Examples | Risk Level |
|----------|----------|------------|
| `permissive` | MIT, Apache-2.0, BSD-3-Clause, ISC | Low |
| `copyleft-weak` | LGPL-2.1, MPL-2.0, EPL-2.0 | Medium |
| `copyleft-strong` | GPL-3.0, AGPL-3.0, SSPL | High |
| `proprietary` | Proprietary, Commercial | Review Required |
| `unknown` | Unrecognized expressions | Review Required |
**Special handling:**
- GPL with exceptions (e.g., `GPL-2.0 WITH Classpath-exception-2.0`) → `copyleft-weak`
- Dual-licensed (e.g., `MIT OR Apache-2.0`) → uses first match
## Component Deduplication
Components are deduplicated by `(purl, hash_sha256)`:
1. If same PURL and hash: existing record updated (last_seen_at, counts)
2. If same PURL but different hash: new record created (version change)
3. If same hash but different PURL: new record (aliased package)
**Upsert pattern:**
```sql
INSERT INTO analytics.components (...)
VALUES (...)
ON CONFLICT (purl, hash_sha256) DO UPDATE SET
last_seen_at = now(),
sbom_count = components.sbom_count + 1,
updated_at = now();
```
## Vulnerability Correlation
When a component is upserted, the `VulnerabilityCorrelationService` queries Concelier for matching advisories:
1. Query by PURL type + namespace + name
2. Filter by version range matching
3. Upsert to `component_vulns` with severity, EPSS, KEV flags
**Version range matching** currently supports semver ranges and exact matches via
`VersionRuleEvaluator`. Non-semver schemes fall back to exact string matches; wildcard
and ecosystem-specific ranges require upstream normalization.
## VEX Override Logic
The `mv_vuln_exposure` view implements VEX-adjusted counts:
```sql
-- Effective count excludes artifacts with active VEX overrides
COUNT(DISTINCT ac.artifact_id) FILTER (
WHERE NOT EXISTS (
SELECT 1 FROM analytics.vex_overrides vo
WHERE vo.artifact_id = ac.artifact_id
AND vo.vuln_id = cv.vuln_id
AND vo.status = 'not_affected'
AND (vo.valid_until IS NULL OR vo.valid_until > now())
)
) AS effective_artifact_count
```
**Override validity:**
- `valid_from`: When the override became effective
- `valid_until`: Expiration (NULL = no expiration)
- Only `status = 'not_affected'` reduces exposure counts, and only when the override is active in its validity window.
## Attestation Ingestion
Attestation ingestion consumes Attestor Rekor entry events and expects Sigstore bundles
or raw DSSE envelopes. The ingestion service:
- Resolves bundle URIs using `BundleUriTemplate`; `bundle:{digest}` maps to
`cas://<DefaultBucket>/{digest}` by default.
- Decodes DSSE payloads, computes `dsse_payload_hash`, and records `predicate_uri` plus
Rekor log metadata (`rekor_log_id`, `rekor_log_index`).
- Uses in-toto `subject` digests to link artifacts when reanalysis hints are absent.
- Maps predicate URIs into `analytics_attestation_type` values
(`provenance`, `sbom`, `vex`, `build`, `scan`, `policy`).
- Expands VEX statements into `vex_overrides` rows, one per product reference, and
captures optional validity timestamps when provided.
## Time-Series Rollups
Daily rollups computed by `compute_daily_rollups()`:
**Vulnerability counts** (per environment/team/severity):
- `total_vulns`: All affecting vulnerabilities
- `fixable_vulns`: Vulns with `fix_available = TRUE`
- `vex_mitigated`: Vulns with active `not_affected` override
- `kev_vulns`: Vulns in CISA KEV
- `unique_cves`: Distinct CVE IDs
- `affected_artifacts`: Artifacts containing affected components
- `affected_components`: Components with affecting vulns
**Component counts** (per environment/team/license/type):
- `total_components`: Distinct components
- `unique_suppliers`: Distinct normalized suppliers
**Retention policy:** 90 days in hot storage; `compute_daily_rollups()` prunes older rows and downstream jobs archive to cold storage.
## Materialized View Refresh
All materialized views support `REFRESH ... CONCURRENTLY` for zero-downtime updates:
```sql
-- Refresh all views (non-concurrent; run off-peak)
SELECT analytics.refresh_all_views();
```
**Refresh schedule (recommended):**
- `mv_supplier_concentration`: 02:00 UTC daily
- `mv_license_distribution`: 02:15 UTC daily
- `mv_vuln_exposure`: 02:30 UTC daily
- `mv_attestation_coverage`: 02:45 UTC daily
- `compute_daily_rollups()`: 03:00 UTC daily
Platform WebService can run the daily rollup + refresh loop via
`PlatformAnalyticsMaintenanceService`. Configure the schedule with:
- `Platform:AnalyticsMaintenance:Enabled` (default `true`)
- `Platform:AnalyticsMaintenance:IntervalMinutes` (default `1440`)
- `Platform:AnalyticsMaintenance:RunOnStartup` (default `true`)
- `Platform:AnalyticsMaintenance:ComputeDailyRollups` (default `true`)
- `Platform:AnalyticsMaintenance:RefreshMaterializedViews` (default `true`)
- `Platform:AnalyticsMaintenance:BackfillDays` (default `0`, set to `0` to disable; recompute the most recent N days on the first maintenance run)
The hosted service issues concurrent refresh statements directly for each view.
Use a DB scheduler (pg_cron) or external orchestrator if you need the staggered
per-view timing above.
## Performance Considerations
### Indexing Strategy
| Table | Key Indexes | Query Pattern |
|-------|-------------|---------------|
| `components` | `purl`, `supplier_normalized`, `license_category` | Lookup, aggregation |
| `artifacts` | `digest`, `environment`, `team` | Lookup, filtering |
| `component_vulns` | `vuln_id`, `severity`, `fix_available` | Join, filtering |
| `attestations` | `artifact_id`, `predicate_type` | Join, aggregation |
| `vex_overrides` | `(artifact_id, vuln_id)`, `status` | Subquery exists |
### Query Performance Targets
| Query | Target | Notes |
|-------|--------|-------|
| `sp_top_suppliers(20, 'prod')` | < 100ms | Uses materialized view when env is null; env filter reads base tables |
| `sp_license_heatmap('prod')` | < 100ms | Uses materialized view when env is null; env filter reads base tables |
| `sp_vuln_exposure()` | < 200ms | Uses materialized view for global queries; environment filters read base tables |
| `sp_fixable_backlog()` | < 500ms | Live query with indexes |
| `sp_attestation_gaps()` | < 100ms | Uses materialized view |
### Caching Strategy
Platform API endpoints use a 5-minute TTL cache:
- Cache key: endpoint + query parameters
- Invalidation: Time-based only (no event-driven invalidation)
- Storage: Valkey (in-memory)
## Security Considerations
### Schema Permissions
```sql
-- Read-only role for dashboards
GRANT USAGE ON SCHEMA analytics TO dashboard_reader;
GRANT SELECT ON ALL TABLES IN SCHEMA analytics TO dashboard_reader;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA analytics TO dashboard_reader;
-- Write role for ingestion service
GRANT USAGE ON SCHEMA analytics TO analytics_writer;
GRANT SELECT, INSERT, UPDATE ON ALL TABLES IN SCHEMA analytics TO analytics_writer;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA analytics TO analytics_writer;
```
### Data Classification
| Table | Classification | Notes |
|-------|----------------|-------|
| `components` | Internal | Contains package names, versions |
| `artifacts` | Internal | Contains image names, team names |
| `component_vulns` | Internal | Vulnerability data (public CVEs) |
| `vex_overrides` | Confidential | Contains justifications, operator IDs |
| `raw_sboms` | Confidential | Full SBOM payloads |
| `raw_attestations` | Confidential | Signed attestation envelopes |
### Audit Trail
All tables include `created_at` and `updated_at` timestamps. Raw payload tables (`raw_sboms`, `raw_attestations`) are append-only with content hashes for integrity verification.
## Integration Points
### Upstream Dependencies
| Service | Event | Contract | Action |
|---------|-------|----------|--------|
| Scanner | SBOM report ready | `scanner.event.report.ready@1` (`docs/modules/signals/events/orchestrator-scanner-events.md`) | Normalize and upsert components |
| Concelier | Advisory observation/linkset updated | `advisory.observation.updated@1` (`docs/modules/concelier/events/advisory.observation.updated@1.schema.json`), `advisory.linkset.updated@1` (`docs/modules/concelier/events/advisory.linkset.updated@1.md`) | Re-correlate affected components |
| Excititor | VEX statement changes | `vex.statement.*` (`docs/modules/excititor/architecture.md`) | Create/update vex_overrides |
| Attestor | Rekor entry logged | `rekor.entry.logged` (`docs/modules/attestor/architecture.md`) | Upsert attestation record |
### Downstream Consumers
| Consumer | Data | Endpoint |
|----------|------|----------|
| Console UI | Dashboard data | `/api/analytics/*` |
| Export Center | Compliance reports | Direct DB query |
| AdvisoryAI | Risk context | `/api/analytics/vulnerabilities` |
## Future Enhancements
1. **Partitioning**: Partition `daily_*` tables by date for faster queries and archival
2. **Incremental refresh**: Implement incremental materialized view refresh for large datasets
3. **Custom dimensions**: Support user-defined component groupings (business units, cost centers)
4. **Predictive analytics**: Add ML-based risk prediction using historical trends
5. **BI tool integration**: Direct connectors for Tableau, Looker, Metabase

64
docs/modules/analytics/console.md
View File

@@ -1,64 +0,0 @@
# Analytics Console (SBOM Lake)
The Console exposes SBOM analytics lake data under `Analytics > SBOM Lake`.
This view is read-only and uses the analytics API endpoints documented in `docs/modules/analytics/README.md`.
## Access
- Route: `/analytics/sbom-lake`
- Required scopes: `ui.read` and `analytics.read`
- Console admin bundles: `role/analytics-viewer`, `role/analytics-operator`, `role/analytics-admin`
- Data freshness: the page surfaces the latest `dataAsOf` timestamp returned by the API.
## Filters
The SBOM Lake page supports three filters that round-trip via URL query parameters:
- Environment: `env` (optional, example: `Prod`)
- Minimum severity: `severity` (optional, example: `high`)
- Time window (days): `days` (optional, example: `90`)
When a filter changes, the Console reloads all panels using the updated parameters.
Supplier and license panels honor the environment filter alongside the other views.
## Panels
The dashboard presents four summary panels:
1. Supplier concentration (top suppliers by component count)
2. License distribution (license categories and counts)
3. Vulnerability exposure (top CVEs after VEX adjustments)
4. Attestation coverage (provenance and SLSA 2+ coverage)
Each panel shows a loading state, empty state, and summary counts.
## Trends
Two trend panels are included:
- Vulnerability trend: net exposure over the selected time window
- Component trend: total components and unique suppliers
The Console aggregates trend points by date and renders a simple bar chart plus a compact list.
## Fixable Backlog
The fixable backlog table lists vulnerabilities with fixes available, grouped by component and service.
The "Top backlog components" table derives a component summary from the same backlog data.
### CSV Export
The "Export backlog CSV" action downloads a deterministic, ordered CSV with:
- Service
- Component
- Version
- Vulnerability
- Severity
- Environment
- Fixed version
## Troubleshooting
- If panels show "No data", verify that the analytics schema and materialized views are populated.
- If an error banner appears, check the analytics API availability and ensure the tenant has `analytics.read`.

422
docs/modules/analytics/queries.md
View File

@@ -1,422 +0,0 @@
# Analytics Query Library
This document provides ready-to-use SQL queries for common analytics use cases. All queries are optimized for the analytics star schema.
## Executive Dashboard Queries
### 1. Top Supplier Concentration (Supply Chain Risk)
Identifies suppliers with the highest component footprint, indicating supply chain concentration risk.
```sql
-- Via stored procedure (recommended, optional environment filter)
SELECT analytics.sp_top_suppliers(20, 'prod');
-- Direct query
SELECT
supplier,
component_count,
artifact_count,
team_count,
critical_vuln_count,
high_vuln_count,
environments
FROM analytics.mv_supplier_concentration
ORDER BY component_count DESC
LIMIT 20;
```
**Use case**: Identify vendors that, if compromised, would affect the most artifacts.
### 2. License Risk Heatmap
Shows distribution of components by license category for compliance review.
```sql
-- Via stored procedure (optional environment filter)
SELECT analytics.sp_license_heatmap('prod');
-- Direct query with grouping
SELECT
license_category,
SUM(component_count) AS total_components,
SUM(artifact_count) AS total_artifacts,
COUNT(DISTINCT license_concluded) AS unique_licenses
FROM analytics.mv_license_distribution
GROUP BY license_category
ORDER BY
CASE license_category
WHEN 'copyleft-strong' THEN 1
WHEN 'proprietary' THEN 2
WHEN 'unknown' THEN 3
WHEN 'copyleft-weak' THEN 4
ELSE 5
END;
```
**Use case**: Compliance review, identify components requiring legal review.
### 3. CVE Exposure Adjusted by VEX
Shows true vulnerability exposure after applying VEX mitigations.
```sql
-- Via stored procedure
SELECT analytics.sp_vuln_exposure('prod', 'high');
-- Direct query showing VEX effectiveness (global view; use sp_vuln_exposure for environment filtering)
SELECT
vuln_id,
severity::TEXT,
cvss_score,
epss_score,
kev_listed,
fix_available,
raw_artifact_count AS total_affected,
effective_artifact_count AS actually_affected,
raw_artifact_count - effective_artifact_count AS vex_mitigated,
ROUND(100.0 * (raw_artifact_count - effective_artifact_count) / NULLIF(raw_artifact_count, 0), 1) AS mitigation_rate
FROM analytics.mv_vuln_exposure
WHERE effective_artifact_count > 0
ORDER BY
CASE severity
WHEN 'critical' THEN 1
WHEN 'high' THEN 2
WHEN 'medium' THEN 3
ELSE 4
END,
effective_artifact_count DESC
LIMIT 50;
```
**Use case**: Show executives the "real" risk after VEX assessment.
### 4. Fixable Vulnerability Backlog
Lists vulnerabilities that can be fixed today (fix available, not VEX-mitigated).
```sql
-- Via stored procedure
SELECT analytics.sp_fixable_backlog('prod');
-- Direct query with priority scoring
SELECT
a.name AS service,
a.environment,
a.team,
c.name AS component,
c.version AS current_version,
cv.vuln_id,
cv.severity::TEXT,
cv.cvss_score,
cv.epss_score,
cv.fixed_version,
cv.kev_listed,
-- Priority score: higher = fix first
(
CASE cv.severity
WHEN 'critical' THEN 100
WHEN 'high' THEN 75
WHEN 'medium' THEN 50
ELSE 25
END
+ COALESCE(cv.epss_score * 100, 0)
+ (CASE WHEN cv.kev_listed THEN 50 ELSE 0 END)
)::INT AS priority_score
FROM analytics.component_vulns cv
JOIN analytics.components c ON c.component_id = cv.component_id
JOIN analytics.artifact_components ac ON ac.component_id = c.component_id
JOIN analytics.artifacts a ON a.artifact_id = ac.artifact_id
LEFT JOIN analytics.vex_overrides vo ON vo.artifact_id = a.artifact_id
AND vo.vuln_id = cv.vuln_id
AND vo.status = 'not_affected'
AND vo.valid_from <= now()
AND (vo.valid_until IS NULL OR vo.valid_until > now())
WHERE cv.affects = TRUE
AND cv.fix_available = TRUE
AND vo.override_id IS NULL
AND a.environment = 'prod'
ORDER BY priority_score DESC, a.name
LIMIT 100;
```
**Use case**: Prioritize remediation work based on risk and fixability.
### 5. Build Integrity / Attestation Coverage
Shows attestation gaps by environment and team.
```sql
-- Via stored procedure
SELECT analytics.sp_attestation_gaps('prod');
-- Direct query with gap analysis
SELECT
environment,
team,
total_artifacts,
with_provenance,
total_artifacts - with_provenance AS missing_provenance,
provenance_pct,
slsa_level_2_plus,
slsa2_pct,
with_sbom_attestation,
with_vex_attestation
FROM analytics.mv_attestation_coverage
WHERE environment = 'prod'
ORDER BY provenance_pct ASC;
```
**Use case**: Identify teams/environments not meeting attestation requirements.
## Trend Analysis Queries
### 6. Vulnerability Trend (30 Days)
```sql
SELECT
snapshot_date,
environment,
SUM(total_vulns) AS total_vulns,
SUM(fixable_vulns) AS fixable_vulns,
SUM(vex_mitigated) AS vex_mitigated,
SUM(total_vulns) - SUM(vex_mitigated) AS net_exposure,
SUM(kev_vulns) AS kev_vulns
FROM analytics.daily_vulnerability_counts
WHERE snapshot_date >= CURRENT_DATE - INTERVAL '30 days'
GROUP BY snapshot_date, environment
ORDER BY environment, snapshot_date;
```
### 7. Vulnerability Trend by Severity
```sql
SELECT
snapshot_date,
severity::TEXT,
SUM(total_vulns) AS total_vulns
FROM analytics.daily_vulnerability_counts
WHERE snapshot_date >= CURRENT_DATE - INTERVAL '30 days'
AND environment = 'prod'
GROUP BY snapshot_date, severity
ORDER BY snapshot_date,
CASE severity
WHEN 'critical' THEN 1
WHEN 'high' THEN 2
WHEN 'medium' THEN 3
ELSE 4
END;
```
### 8. Component Growth Trend
```sql
SELECT
snapshot_date,
environment,
SUM(total_components) AS total_components,
SUM(unique_suppliers) AS unique_suppliers
FROM analytics.daily_component_counts
WHERE snapshot_date >= CURRENT_DATE - INTERVAL '30 days'
GROUP BY snapshot_date, environment
ORDER BY environment, snapshot_date;
```
## Deep-Dive Queries
### 9. Component Impact Analysis
Find all artifacts affected by a specific component.
```sql
SELECT
a.name AS artifact,
a.version,
a.environment,
a.team,
ac.depth AS dependency_depth,
ac.introduced_via
FROM analytics.components c
JOIN analytics.artifact_components ac ON ac.component_id = c.component_id
JOIN analytics.artifacts a ON a.artifact_id = ac.artifact_id
WHERE c.purl LIKE 'pkg:maven/org.apache.logging.log4j/log4j-core%'
ORDER BY a.environment, a.name;
```
### 10. CVE Impact Analysis
Find all artifacts affected by a specific CVE.
```sql
SELECT DISTINCT
a.name AS artifact,
a.version,
a.environment,
a.team,
c.name AS component,
c.version AS component_version,
cv.cvss_score,
cv.fixed_version,
CASE
WHEN vo.status = 'not_affected' THEN 'VEX Mitigated'
WHEN cv.fix_available THEN 'Fix Available'
ELSE 'Vulnerable'
END AS status
FROM analytics.component_vulns cv
JOIN analytics.components c ON c.component_id = cv.component_id
JOIN analytics.artifact_components ac ON ac.component_id = c.component_id
JOIN analytics.artifacts a ON a.artifact_id = ac.artifact_id
LEFT JOIN analytics.vex_overrides vo ON vo.artifact_id = a.artifact_id
AND vo.vuln_id = cv.vuln_id
AND vo.valid_from <= now()
AND (vo.valid_until IS NULL OR vo.valid_until > now())
WHERE cv.vuln_id = 'CVE-2021-44228'
ORDER BY a.environment, a.name;
```
### 11. Supplier Vulnerability Profile
Detailed vulnerability breakdown for a specific supplier.
```sql
SELECT
c.supplier_normalized AS supplier,
c.name AS component,
c.version,
cv.vuln_id,
cv.severity::TEXT,
cv.cvss_score,
cv.kev_listed,
cv.fix_available,
cv.fixed_version
FROM analytics.components c
JOIN analytics.component_vulns cv ON cv.component_id = c.component_id
WHERE c.supplier_normalized = 'apache software foundation'
AND cv.affects = TRUE
ORDER BY
CASE cv.severity
WHEN 'critical' THEN 1
WHEN 'high' THEN 2
ELSE 3
END,
cv.cvss_score DESC;
```
### 12. License Compliance Report
Components with concerning licenses in production.
```sql
SELECT
c.name AS component,
c.version,
c.license_concluded,
c.license_category::TEXT,
c.supplier_normalized AS supplier,
COUNT(DISTINCT a.artifact_id) AS artifact_count,
ARRAY_AGG(DISTINCT a.name ORDER BY a.name) AS affected_artifacts
FROM analytics.components c
JOIN analytics.artifact_components ac ON ac.component_id = c.component_id
JOIN analytics.artifacts a ON a.artifact_id = ac.artifact_id
WHERE c.license_category IN ('copyleft-strong', 'proprietary', 'unknown')
AND a.environment = 'prod'
GROUP BY c.component_id, c.name, c.version, c.license_concluded, c.license_category, c.supplier_normalized
ORDER BY c.license_category, artifact_count DESC;
```
### 13. MTTR Analysis
Mean time to remediate by severity.
```sql
SELECT
cv.severity::TEXT,
COUNT(*) AS remediated_vulns,
AVG(EXTRACT(EPOCH FROM (vo.valid_from - cv.published_at)) / 86400)::NUMERIC(10,2) AS avg_days_to_mitigate,
PERCENTILE_CONT(0.5) WITHIN GROUP (
ORDER BY EXTRACT(EPOCH FROM (vo.valid_from - cv.published_at)) / 86400
)::NUMERIC(10,2) AS median_days,
PERCENTILE_CONT(0.9) WITHIN GROUP (
ORDER BY EXTRACT(EPOCH FROM (vo.valid_from - cv.published_at)) / 86400
)::NUMERIC(10,2) AS p90_days
FROM analytics.component_vulns cv
JOIN analytics.vex_overrides vo ON vo.vuln_id = cv.vuln_id
AND vo.status = 'not_affected'
AND vo.valid_from <= now()
AND (vo.valid_until IS NULL OR vo.valid_until > now())
WHERE cv.published_at >= now() - INTERVAL '90 days'
AND cv.published_at IS NOT NULL
GROUP BY cv.severity
ORDER BY
CASE cv.severity
WHEN 'critical' THEN 1
WHEN 'high' THEN 2
WHEN 'medium' THEN 3
ELSE 4
END;
```
### 14. Transitive Dependency Risk
Components introduced through transitive dependencies.
```sql
SELECT
c.name AS transitive_component,
c.version,
ac.introduced_via AS direct_dependency,
ac.depth,
COUNT(DISTINCT cv.vuln_id) AS vuln_count,
SUM(CASE WHEN cv.severity = 'critical' THEN 1 ELSE 0 END) AS critical_count,
COUNT(DISTINCT a.artifact_id) AS affected_artifacts
FROM analytics.components c
JOIN analytics.artifact_components ac ON ac.component_id = c.component_id
JOIN analytics.artifacts a ON a.artifact_id = ac.artifact_id
LEFT JOIN analytics.component_vulns cv ON cv.component_id = c.component_id AND cv.affects = TRUE
WHERE ac.depth > 0 -- Transitive only
AND a.environment = 'prod'
GROUP BY c.component_id, c.name, c.version, ac.introduced_via, ac.depth
HAVING COUNT(cv.vuln_id) > 0
ORDER BY critical_count DESC, vuln_count DESC
LIMIT 50;
```
### 15. VEX Effectiveness Report
How effective is the VEX program at reducing noise?
```sql
SELECT
DATE_TRUNC('week', vo.created_at)::DATE AS week,
COUNT(*) AS total_overrides,
COUNT(*) FILTER (WHERE vo.status = 'not_affected') AS not_affected,
COUNT(*) FILTER (WHERE vo.status = 'affected') AS confirmed_affected,
COUNT(*) FILTER (WHERE vo.status = 'under_investigation') AS under_investigation,
COUNT(*) FILTER (WHERE vo.status = 'fixed') AS marked_fixed,
-- Noise reduction rate
ROUND(100.0 * COUNT(*) FILTER (WHERE vo.status = 'not_affected') / NULLIF(COUNT(*), 0), 1) AS noise_reduction_pct
FROM analytics.vex_overrides vo
WHERE vo.created_at >= now() - INTERVAL '90 days'
GROUP BY DATE_TRUNC('week', vo.created_at)
ORDER BY week;
```
## Performance Tips
1. **Use materialized views**: Queries prefixed with `mv_` are pre-computed and fast
2. **Add environment filter**: Most queries benefit from `WHERE environment = 'prod'`
3. **Use stored procedures**: `sp_*` functions return JSON and handle caching
4. **Limit results**: Always use `LIMIT` for large result sets
5. **Check refresh times**: Views are refreshed daily; data may be up to 24h stale
## Query Parameters
Common filter parameters:
| Parameter | Type | Example | Notes |
|-----------|------|---------|-------|
| `environment` | TEXT | `'prod'`, `'stage'` | Filter by deployment environment |
| `team` | TEXT | `'platform'` | Filter by owning team |
| `severity` | TEXT | `'critical'`, `'high'` | Minimum severity level |
| `days` | INT | `30`, `90` | Lookback period |
| `limit` | INT | `20`, `100` | Max results |

54
docs/modules/benchmark/README.md
View File

@@ -1,54 +0,0 @@
# Benchmark
> **Dual Purpose:** This documentation covers two aspects:
> - **Performance Benchmarking** (Production) — BenchmarkDotNet harnesses in `src/Bench/` for scanner, policy, and notification performance testing
> - **Competitive Benchmarking** (Planned) — Accuracy comparison framework in `src/Scanner/__Libraries/StellaOps.Scanner.Benchmark/`
**Status:** Implemented
**Source:** `src/Bench/`
**Owner:** Platform Team
## Purpose
Benchmark provides performance testing and regression analysis for StellaOps components. Ensures deterministic scan times, throughput validation, and performance profiling for critical paths (scanning, policy evaluation, SBOM generation).
## Components
**Services:**
- `StellaOps.Bench` - Benchmarking harness with BenchmarkDotNet integration
**Key Features:**
- Scanner performance benchmarks (per-analyzer, full-scan)
- Policy engine evaluation latency tests
- SBOM generation throughput tests
- Database query performance profiling
- Determinism validation (output stability)
## Configuration
Benchmark configuration via BenchmarkDotNet attributes and runtime parameters.
Key settings:
- Benchmark filters and categories
- Iterations and warmup counts
- Memory profiling and allocation tracking
- Export formats (JSON, HTML, Markdown)
## Dependencies
- BenchmarkDotNet framework
- Scanner (benchmark targets)
- Policy Engine (benchmark targets)
- SbomService (benchmark targets)
- Test fixtures and datasets
## Related Documentation
- Architecture: `./architecture.md`
- Scanner: `../scanner/`
- Policy: `../policy/`
- Operations: `./operations/` (if exists)
## Current Status
Implemented with BenchmarkDotNet harness. Provides performance baselines for scanner analyzers, policy evaluation, and SBOM generation. Used for regression detection in CI/CD pipeline.

447
docs/modules/benchmark/architecture.md
View File

@@ -1,447 +0,0 @@
# Benchmark Module Architecture
## Overview
The Benchmark module provides infrastructure for validating and demonstrating Stella Ops' competitive advantages through automated comparison against other container security scanners (Trivy, Grype, Syft, etc.).
**Module Path**: `src/Scanner/__Libraries/StellaOps.Scanner.Benchmark/`
**Status**: PLANNED (Sprint 7000.0001.0001)
> **Note:** This module focuses on **competitive benchmarking** (accuracy comparison with other scanners). For **performance benchmarks** of StellaOps modules (LinkNotMerge, Notify, PolicyEngine, Scanner.Analyzers), see `src/Bench/`.
---
## Mission
Establish verifiable, reproducible benchmarks that:
1. Validate competitive claims with evidence
2. Detect regressions in accuracy or performance
3. Generate marketing-ready comparison materials
4. Provide ground-truth corpus for testing
---
## Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ Benchmark Module │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Corpus │ │ Harness │ │ Metrics │ │
│ │ Manager │───▶│ Runner │───▶│ Calculator │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ â”Ground Truth │ │ Competitor │ │ Claims │ │
│ │ Manifest │ │ Adapters │ │ Index │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
```
---
## Components
### 1. Corpus Manager
**Namespace**: `StellaOps.Scanner.Benchmark.Corpus`
Manages the ground-truth corpus of container images with known vulnerabilities.
```csharp
public interface ICorpusManager
{
Task<Corpus> LoadCorpusAsync(string corpusPath, CancellationToken ct);
Task<CorpusImage> GetImageAsync(string digest, CancellationToken ct);
Task<GroundTruth> GetGroundTruthAsync(string digest, CancellationToken ct);
}
public record Corpus(
string Version,
DateTimeOffset CreatedAt,
ImmutableArray<CorpusImage> Images
);
public record CorpusImage(
string Digest,
string Name,
string Tag,
CorpusCategory Category,
GroundTruth GroundTruth
);
public record GroundTruth(
ImmutableArray<string> TruePositives,
ImmutableArray<string> KnownFalsePositives,
ImmutableArray<string> Notes
);
public enum CorpusCategory
{
BaseOS, // Alpine, Debian, Ubuntu, RHEL
ApplicationNode, // Node.js applications
ApplicationPython,// Python applications
ApplicationJava, // Java applications
ApplicationDotNet,// .NET applications
BackportScenario, // Known backported fixes
Unreachable // Known unreachable vulns
}
```
### 2. Harness Runner
**Namespace**: `StellaOps.Scanner.Benchmark.Harness`
Executes scans using Stella Ops and competitor tools.
```csharp
public interface IHarnessRunner
{
Task<BenchmarkRun> RunAsync(
Corpus corpus,
ImmutableArray<ITool> tools,
BenchmarkOptions options,
CancellationToken ct
);
}
public interface ITool
{
string Name { get; }
string Version { get; }
Task<ToolResult> ScanAsync(string imageRef, CancellationToken ct);
}
public record BenchmarkRun(
string RunId,
DateTimeOffset StartedAt,
DateTimeOffset CompletedAt,
ImmutableArray<ToolResult> Results
);
public record ToolResult(
string ToolName,
string ToolVersion,
string ImageDigest,
ImmutableArray<NormalizedFinding> Findings,
TimeSpan Duration
);
```
### 3. Competitor Adapters
**Namespace**: `StellaOps.Scanner.Benchmark.Adapters`
Normalize output from competitor tools.
```csharp
public interface ICompetitorAdapter : ITool
{
Task<ImmutableArray<NormalizedFinding>> ParseOutputAsync(
string output,
CancellationToken ct
);
}
// Implementations
public class TrivyAdapter : ICompetitorAdapter { }
public class GrypeAdapter : ICompetitorAdapter { }
public class SyftAdapter : ICompetitorAdapter { }
public class StellaOpsAdapter : ICompetitorAdapter { }
```
### 4. Metrics Calculator
**Namespace**: `StellaOps.Scanner.Benchmark.Metrics`
Calculate precision, recall, F1, and other metrics.
```csharp
public interface IMetricsCalculator
{
BenchmarkMetrics Calculate(
ToolResult result,
GroundTruth groundTruth
);
ComparativeMetrics Compare(
BenchmarkMetrics baseline,
BenchmarkMetrics comparison
);
}
public record BenchmarkMetrics(
int TruePositives,
int FalsePositives,
int TrueNegatives,
int FalseNegatives,
double Precision,
double Recall,
double F1Score,
ImmutableDictionary<string, BenchmarkMetrics> ByCategory
);
public record ComparativeMetrics(
string BaselineTool,
string ComparisonTool,
double PrecisionDelta,
double RecallDelta,
double F1Delta,
ImmutableArray<string> UniqueFindings,
ImmutableArray<string> MissedFindings
);
```
### 5. Claims Index
**Namespace**: `StellaOps.Scanner.Benchmark.Claims`
Manage verifiable claims with evidence links.
```csharp
public interface IClaimsIndex
{
Task<ImmutableArray<Claim>> GetAllClaimsAsync(CancellationToken ct);
Task<ClaimVerification> VerifyClaimAsync(string claimId, CancellationToken ct);
Task UpdateClaimsAsync(BenchmarkRun run, CancellationToken ct);
}
public record Claim(
string Id,
ClaimCategory Category,
string Statement,
string EvidencePath,
ClaimStatus Status,
DateTimeOffset LastVerified
);
public enum ClaimStatus { Pending, Verified, Published, Disputed, Resolved }
public record ClaimVerification(
string ClaimId,
bool IsValid,
string? Evidence,
string? FailureReason
);
```
---
## Data Flow
```
┌────────────────┐
│ Corpus Images │
│ (50+ images) │
└───────┬────────┘
│
â–¼
┌────────────────┐ ┌────────────────┐
│ Stella Ops Scan┠│ Trivy/Grype │
│ │ │ Scan │
└───────┬────────┘ └───────┬────────┘
│ │
â–¼ â–¼
┌────────────────┐ ┌────────────────┐
│ Normalized │ │ Normalized │
│ Findings │ │ Findings │
└───────┬────────┘ └───────┬────────┘
│ │
└──────────┬───────────┘
│
â–¼
┌──────────────┐
│ Ground Truth │
│ Comparison │
└──────┬───────┘
│
â–¼
┌──────────────┐
│ Metrics │
│ (P/R/F1) │
└──────┬───────┘
│
â–¼
┌──────────────┐
│ Claims Index │
│ Update │
└──────────────┘
```
---
## Corpus Structure
```
bench/competitors/
├── corpus/
│ ├── manifest.json # Corpus metadata
│ ├── ground-truth/
│ │ ├── alpine-3.18.json # Per-image ground truth
│ │ ├── debian-bookworm.json
│ │ └── ...
│ └── images/
│ ├── base-os/
│ ├── applications/
│ └── edge-cases/
├── results/
│ ├── 2025-12-22/
│ │ ├── stellaops.json
│ │ ├── trivy.json
│ │ ├── grype.json
│ │ └── comparison.json
│ └── latest -> 2025-12-22/
└── fixtures/
└── adapters/ # Test fixtures for adapters
```
---
## Ground Truth Format
```json
{
"imageDigest": "sha256:abc123...",
"imageName": "alpine:3.18",
"category": "BaseOS",
"groundTruth": {
"truePositives": [
{
"cveId": "CVE-2024-1234",
"package": "openssl",
"version": "3.0.8",
"notes": "Fixed in 3.0.9"
}
],
"knownFalsePositives": [
{
"cveId": "CVE-2024-9999",
"package": "zlib",
"version": "1.2.13",
"reason": "Backported in alpine:3.18"
}
],
"expectedUnreachable": [
{
"cveId": "CVE-2024-5678",
"package": "curl",
"reason": "Vulnerable function not linked"
}
]
},
"lastVerified": "2025-12-01T00:00:00Z",
"verifiedBy": "security-team"
}
```
---
## CI Integration
### Workflow: `benchmark-vs-competitors.yml`
```yaml
name: Competitive Benchmark
on:
schedule:
- cron: '0 2 * * 0' # Weekly Sunday 2 AM
workflow_dispatch:
push:
paths:
- 'src/Scanner/__Libraries/StellaOps.Scanner.Benchmark/**'
- 'bench/competitors/**'
jobs:
benchmark:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install competitor tools
run: |
# Install Trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
# Install Grype
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh
- name: Run benchmark
run: stella benchmark run --corpus bench/competitors/corpus --output bench/competitors/results/$(date +%Y-%m-%d)
- name: Update claims index
run: stella benchmark claims --output docs/claims-index.md
- name: Upload results
uses: actions/upload-artifact@v4
with:
name: benchmark-results
path: bench/competitors/results/
```
---
## CLI Commands
```bash
# Run full benchmark
stella benchmark run --corpus <path> --competitors trivy,grype,syft
# Verify a specific claim
stella benchmark verify <CLAIM_ID>
# Generate claims index
stella benchmark claims --output docs/claims-index.md
# Generate marketing battlecard
stella benchmark battlecard --output docs/product/battlecard.md
# Show comparison summary
stella benchmark summary --format table|json|markdown
```
---
## Testing
| Test Type | Location | Purpose |
|-----------|----------|---------|
| Unit | `StellaOps.Scanner.Benchmark.Tests/` | Adapter parsing, metrics calculation |
| Integration | `StellaOps.Scanner.Benchmark.Integration.Tests/` | Full benchmark flow |
| Golden | `bench/competitors/fixtures/` | Deterministic output verification |
---
## Security Considerations
1. **Competitor binaries**: Run in isolated containers, no network access during scan
2. **Corpus images**: Verified digests, no external pulls during benchmark
3. **Results**: Signed with DSSE before publishing
4. **Claims**: Require PR review before status change
---
## Dependencies
- `StellaOps.Scanner.Core` - Normalized finding models
- `StellaOps.Attestor.Dsse` - Result signing
- Docker - Competitor tool execution
- Ground-truth corpus (maintained separately)
---
## Related Documentation
- [Claims Index](../../claims-index.md)
- [Sprint 7000.0001.0001](../../implplan/SPRINT_7000_0001_0001_competitive_benchmarking.md)
- [Testing Strategy](../../implplan/SPRINT_5100_0000_0000_epic_summary.md)
---
*Document Version*: 1.0.0
*Created*: 2025-12-22

19
docs/modules/ci/architecture.md
View File

@@ -1,19 +0,0 @@
# CI Architecture
## Purpose
Describe CI workflows, triggers, and offline constraints for Stella Ops.
## Scope
- Gitea workflows and templates under `.gitea/`.
- DevOps scripts under `devops/scripts/` and `.gitea/scripts/`.
- Build and test policy docs under `docs/technical/cicd/`.
## Principles
- Deterministic and offline-first execution.
- Pinned tool versions with explicit provenance.
- Evidence logged to sprint Execution Log and audits.
## References
- `docs/technical/cicd/workflow-triggers.md`
- `docs/technical/cicd/release-pipelines.md`
- `docs/operations/devops/README.md`

8
docs/modules/eventing/README.md
View File

@@ -1,8 +0,0 @@
# Eventing Module
> **Status: Draft/Planned.** The event envelope SDK is currently in design phase. Implementation is planned for the Timeline and TimelineIndexer modules and will be integrated across all services via `src/__Libraries/StellaOps.Eventing/`. No standalone `src/Eventing/` module exists.
## Related Documentation
- [Event Envelope Schema](event-envelope-schema.md)
- [Timeline UI](timeline-ui.md)

496
docs/modules/eventing/event-envelope-schema.md
View File

@@ -1,496 +0,0 @@
# Event Envelope Schema
> **Version:** 1.0.0
> **Status:** Draft
> **Sprint:** [SPRINT_20260107_003_001_LB](../../implplan/SPRINT_20260107_003_001_LB_event_envelope_sdk.md)
This document specifies the canonical event envelope schema for the StellaOps Unified Event Timeline.
---
## Overview
The event envelope provides a standardized format for all events emitted across StellaOps services. It enables:
- **Unified Timeline:** Cross-service correlation with HLC ordering
- **Deterministic Replay:** Reproducible event streams for forensics
- **Audit Compliance:** DSSE-signed event bundles for export
- **Causal Analysis:** Stage latency measurement and bottleneck identification
---
## Envelope Schema (v1)
### JSON Schema
```json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.org/schemas/timeline-event.v1.json",
"title": "TimelineEvent",
"description": "Canonical event envelope for StellaOps Unified Event Timeline",
"type": "object",
"required": [
"eventId",
"tHlc",
"tsWall",
"service",
"correlationId",
"kind",
"payload",
"payloadDigest",
"engineVersion",
"schemaVersion"
],
"properties": {
"eventId": {
"type": "string",
"description": "Deterministic event ID: SHA-256(correlationId || tHlc || service || kind)[0:32] hex",
"pattern": "^[a-f0-9]{32}$"
},
"tHlc": {
"type": "string",
"description": "HLC timestamp in sortable string format: <physicalTimeMs>:<logicalCounter>:<nodeId>",
"pattern": "^\\d+:\\d+:[a-zA-Z0-9_-]+$"
},
"tsWall": {
"type": "string",
"format": "date-time",
"description": "Wall-clock time in ISO 8601 format (informational only)"
},
"service": {
"type": "string",
"description": "Service name that emitted the event",
"enum": ["Scheduler", "AirGap", "Attestor", "Policy", "VexLens", "Scanner", "Concelier", "Platform"]
},
"traceParent": {
"type": ["string", "null"],
"description": "W3C Trace Context traceparent header",
"pattern": "^[0-9a-f]{2}-[0-9a-f]{32}-[0-9a-f]{16}-[0-9a-f]{2}$"
},
"correlationId": {
"type": "string",
"description": "Correlation ID linking related events (e.g., scanId, jobId, artifactDigest)"
},
"kind": {
"type": "string",
"description": "Event kind/type",
"enum": [
"ENQUEUE", "DEQUEUE", "EXECUTE", "COMPLETE", "FAIL",
"IMPORT", "EXPORT", "MERGE", "CONFLICT",
"ATTEST", "VERIFY",
"EVALUATE", "GATE_PASS", "GATE_FAIL",
"CONSENSUS", "OVERRIDE",
"SCAN_START", "SCAN_COMPLETE",
"EMIT", "ACK", "ERR"
]
},
"payload": {
"type": "string",
"description": "RFC 8785 canonicalized JSON payload"
},
"payloadDigest": {
"type": "string",
"description": "SHA-256 digest of payload as hex string",
"pattern": "^[a-f0-9]{64}$"
},
"engineVersion": {
"type": "object",
"description": "Engine/resolver version for reproducibility",
"required": ["engineName", "version", "sourceDigest"],
"properties": {
"engineName": {
"type": "string",
"description": "Name of the engine/service"
},
"version": {
"type": "string",
"description": "Semantic version string"
},
"sourceDigest": {
"type": "string",
"description": "SHA-256 digest of engine source/binary"
}
}
},
"dsseSig": {
"type": ["string", "null"],
"description": "Optional DSSE signature in format keyId:base64Signature"
},
"schemaVersion": {
"type": "integer",
"description": "Schema version for envelope evolution",
"const": 1
}
}
}
```
### C# Record Definition
```csharp
/// <summary>
/// Canonical event envelope for unified timeline.
/// </summary>
public sealed record TimelineEvent
{
/// <summary>
/// Deterministic event ID: SHA-256(correlationId || tHlc || service || kind)[0:32] hex.
/// NOT a random ULID - ensures replay determinism.
/// </summary>
[Required]
[RegularExpression("^[a-f0-9]{32}$")]
public required string EventId { get; init; }
/// <summary>
/// HLC timestamp from StellaOps.HybridLogicalClock library.
/// </summary>
[Required]
public required HlcTimestamp THlc { get; init; }
/// <summary>
/// Wall-clock time (informational only, not used for ordering).
/// </summary>
[Required]
public required DateTimeOffset TsWall { get; init; }
/// <summary>
/// Service name that emitted the event.
/// </summary>
[Required]
public required string Service { get; init; }
/// <summary>
/// W3C Trace Context traceparent for OpenTelemetry correlation.
/// </summary>
public string? TraceParent { get; init; }
/// <summary>
/// Correlation ID linking related events.
/// </summary>
[Required]
public required string CorrelationId { get; init; }
/// <summary>
/// Event kind (ENQUEUE, EXECUTE, ATTEST, etc.).
/// </summary>
[Required]
public required string Kind { get; init; }
/// <summary>
/// RFC 8785 canonicalized JSON payload.
/// </summary>
[Required]
public required string Payload { get; init; }
/// <summary>
/// SHA-256 digest of Payload.
/// </summary>
[Required]
public required byte[] PayloadDigest { get; init; }
/// <summary>
/// Engine version for reproducibility (per CLAUDE.md Rule 8.2.1).
/// </summary>
[Required]
public required EngineVersionRef EngineVersion { get; init; }
/// <summary>
/// Optional DSSE signature (keyId:base64Signature).
/// </summary>
public string? DsseSig { get; init; }
/// <summary>
/// Schema version (current: 1).
/// </summary>
public int SchemaVersion { get; init; } = 1;
}
public sealed record EngineVersionRef(
string EngineName,
string Version,
string SourceDigest);
```
---
## Field Specifications
### eventId
**Purpose:** Unique, deterministic identifier for each event.
**Computation:**
```csharp
public static string GenerateEventId(
string correlationId,
HlcTimestamp tHlc,
string service,
string kind)
{
using var hasher = IncrementalHash.CreateHash(HashAlgorithmName.SHA256);
hasher.AppendData(Encoding.UTF8.GetBytes(correlationId));
hasher.AppendData(Encoding.UTF8.GetBytes(tHlc.ToSortableString()));
hasher.AppendData(Encoding.UTF8.GetBytes(service));
hasher.AppendData(Encoding.UTF8.GetBytes(kind));
var hash = hasher.GetHashAndReset();
return Convert.ToHexString(hash.AsSpan(0, 16)).ToLowerInvariant();
}
```
**Rationale:** Unlike ULID or UUID, this deterministic approach ensures that:
- The same event produces the same ID across replays
- Duplicate events can be detected and deduplicated
- Event ordering is verifiable
### tHlc
**Purpose:** Primary ordering timestamp using Hybrid Logical Clock.
**Format:** `<physicalTimeMs>:<logicalCounter>:<nodeId>`
**Example:** `1704585600000:42:scheduler-node-1`
**Ordering:** Lexicographic comparison produces correct temporal order:
1. Compare physical time (milliseconds since Unix epoch)
2. If equal, compare logical counter
3. If equal, compare node ID (for uniqueness)
**Implementation:** Uses existing `StellaOps.HybridLogicalClock.HlcTimestamp` type.
### tsWall
**Purpose:** Human-readable wall-clock timestamp for debugging.
**Format:** ISO 8601 with UTC timezone (e.g., `2026-01-07T12:00:00.000Z`)
**Important:** This field is **informational only**. Never use for ordering or comparison. The `tHlc` field is the authoritative timestamp.
### service
**Purpose:** Identifies the StellaOps service that emitted the event.
**Allowed Values:**
| Value | Description |
|-------|-------------|
| `Scheduler` | Job scheduling and queue management |
| `AirGap` | Offline/air-gap sync operations |
| `Attestor` | DSSE attestation and verification |
| `Policy` | Policy engine evaluation |
| `VexLens` | VEX consensus computation |
| `Scanner` | Container scanning |
| `Concelier` | Advisory ingestion |
| `Platform` | Console backend aggregation |
### traceParent
**Purpose:** W3C Trace Context correlation for OpenTelemetry integration.
**Format:** `00-{trace-id}-{span-id}-{trace-flags}`
**Example:** `00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01`
**Population:** Automatically captured from `Activity.Current?.Id` during event emission.
### correlationId
**Purpose:** Links related events across services.
**Common Patterns:**
| Pattern | Example | Usage |
|---------|---------|-------|
| Scan ID | `scan-abc123` | Container scan lifecycle |
| Job ID | `job-xyz789` | Scheduled job lifecycle |
| Artifact Digest | `sha256:abc...` | Artifact processing |
| Bundle ID | `bundle-def456` | Air-gap bundle operations |
### kind
**Purpose:** Categorizes the event type.
**Event Kinds by Service:**
| Service | Kinds |
|---------|-------|
| Scheduler | `ENQUEUE`, `DEQUEUE`, `EXECUTE`, `COMPLETE`, `FAIL` |
| AirGap | `IMPORT`, `EXPORT`, `MERGE`, `CONFLICT` |
| Attestor | `ATTEST`, `VERIFY` |
| Policy | `EVALUATE`, `GATE_PASS`, `GATE_FAIL` |
| VexLens | `CONSENSUS`, `OVERRIDE` |
| Scanner | `SCAN_START`, `SCAN_COMPLETE` |
| Generic | `EMIT`, `ACK`, `ERR` |
### payload
**Purpose:** Domain-specific event data.
**Requirements:**
1. **RFC 8785 Canonicalization:** Must use `CanonJson.Serialize()` from `StellaOps.Canonical.Json`
2. **No Non-Deterministic Fields:** No random IDs, current timestamps, or environment-specific data
3. **Bounded Size:** Payload should be < 1MB; use references for large data
**Example:**
```json
{
"artifactDigest": "sha256:abc123...",
"jobId": "job-xyz789",
"status": "completed",
"findingsCount": 42
}
```
### payloadDigest
**Purpose:** Integrity verification of payload.
**Computation:**
```csharp
var digest = SHA256.HashData(Encoding.UTF8.GetBytes(payload));
```
**Format:** 64-character lowercase hex string.
### engineVersion
**Purpose:** Records the engine/resolver version for reproducibility verification (per CLAUDE.md Rule 8.2.1).
**Fields:**
| Field | Description | Example |
|-------|-------------|---------|
| `engineName` | Service/engine name | `"Scheduler"` |
| `version` | Semantic version | `"2.5.0"` |
| `sourceDigest` | Build artifact hash | `"sha256:abc..."` |
**Population:** Use `EngineVersionRef.FromAssembly(Assembly.GetExecutingAssembly())`.
### dsseSig
**Purpose:** Optional cryptographic signature for audit compliance.
**Format:** `{keyId}:{base64Signature}`
**Example:** `signing-key-001:MEUCIQD...`
**Integration:** Uses existing `StellaOps.Attestation.DsseHelper` for signature generation.
### schemaVersion
**Purpose:** Enables schema evolution without breaking compatibility.
**Current Value:** `1`
**Migration Strategy:** When schema changes:
1. Increment version number
2. Add migration logic for older versions
3. Document breaking changes
---
## Database Schema
```sql
CREATE SCHEMA IF NOT EXISTS timeline;
CREATE TABLE timeline.events (
event_id TEXT PRIMARY KEY,
t_hlc TEXT NOT NULL,
ts_wall TIMESTAMPTZ NOT NULL,
service TEXT NOT NULL,
trace_parent TEXT,
correlation_id TEXT NOT NULL,
kind TEXT NOT NULL,
payload JSONB NOT NULL,
payload_digest BYTEA NOT NULL,
engine_name TEXT NOT NULL,
engine_version TEXT NOT NULL,
engine_digest TEXT NOT NULL,
dsse_sig TEXT,
schema_version INTEGER NOT NULL DEFAULT 1,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
-- Primary query: events by correlation, HLC ordered
CREATE INDEX idx_events_corr_hlc ON timeline.events (correlation_id, t_hlc);
-- Service-specific queries
CREATE INDEX idx_events_svc_hlc ON timeline.events (service, t_hlc);
-- Payload search (JSONB GIN index)
CREATE INDEX idx_events_payload ON timeline.events USING GIN (payload);
-- Kind filtering
CREATE INDEX idx_events_kind ON timeline.events (kind);
```
---
## Usage Examples
### Emitting an Event
```csharp
public class SchedulerService
{
private readonly ITimelineEventEmitter _emitter;
public async Task EnqueueJobAsync(Job job, CancellationToken ct)
{
// Business logic...
await _queue.EnqueueAsync(job, ct);
// Emit timeline event
await _emitter.EmitAsync(
correlationId: job.Id.ToString(),
kind: "ENQUEUE",
payload: new { jobId = job.Id, priority = job.Priority },
ct);
}
}
```
### Querying Timeline
```csharp
public async Task<IReadOnlyList<TimelineEvent>> GetJobTimelineAsync(
string jobId,
CancellationToken ct)
{
return await _timelineService.GetEventsAsync(
correlationId: jobId,
options: new TimelineQueryOptions
{
Services = ["Scheduler", "Attestor"],
Kinds = ["ENQUEUE", "EXECUTE", "COMPLETE", "ATTEST"]
},
ct);
}
```
---
## Compatibility Notes
### Relation to Existing HLC Infrastructure
This schema builds on the existing `StellaOps.HybridLogicalClock` library:
- Uses `HlcTimestamp` type directly
- Integrates with `IHybridLogicalClock.Tick()` for timestamp generation
- Compatible with air-gap merge algorithms
### Relation to Existing Replay Infrastructure
This schema integrates with `StellaOps.Replay.Core`:
- `KnowledgeSnapshot` can include timeline event references
- Replay uses `FakeTimeProvider` with HLC timestamps
- Verification compares payload digests
---
## References
- [SPRINT_20260107_003_000_INDEX](../../implplan/SPRINT_20260107_003_000_INDEX_unified_event_timeline.md) - Parent sprint index
- [SPRINT_20260105_002_000_INDEX](../../implplan/SPRINT_20260105_002_000_INDEX_hlc_audit_safe_ordering.md) - HLC foundation
- [RFC 8785](https://datatracker.ietf.org/doc/html/rfc8785) - JSON Canonicalization Scheme
- [W3C Trace Context](https://www.w3.org/TR/trace-context/) - Distributed tracing
- CLAUDE.md Section 8.2.1 - Engine version tracking
- CLAUDE.md Section 8.7 - RFC 8785 canonicalization

171
docs/modules/eventing/timeline-ui.md
View File

@@ -1,171 +0,0 @@
# Timeline UI Component
> **Module:** Eventing / Timeline
> **Status:** Implemented
> **Last Updated:** 2026-01-07
## Overview
The Timeline UI provides a visual representation of HLC-ordered events across StellaOps services. It enables operators to trace the causal flow of operations, identify bottlenecks, and investigate specific events with full evidence links.
## Features
### Causal Lanes Visualization
Events are displayed in swimlanes organized by service:
```
┌─────────────────────────────────────────────────────────────────────┐
│ HLC Timeline Axis │
│ |-------|-------|-------|-------|-------|-------|-------|-------> │
├─────────────────────────────────────────────────────────────────────┤
│ Scheduler [E]─────────[X]───────────────[C] │
├─────────────────────────────────────────────────────────────────────┤
│ AirGap [I]──────────[M] │
├─────────────────────────────────────────────────────────────────────┤
│ Attestor [A]──────────[V] │
├─────────────────────────────────────────────────────────────────────┤
│ Policy [G] │
└─────────────────────────────────────────────────────────────────────┘
```
Legend:
- **[E]** Enqueue - Job queued for processing
- **[X]** Execute - Job execution started
- **[C]** Complete - Job completed
- **[I]** Import - Data imported (e.g., SBOM, advisory)
- **[M]** Merge - Data merged
- **[A]** Attest - Attestation created
- **[V]** Verify - Attestation verified
- **[G]** Gate - Policy gate evaluated
### Critical Path Analysis
The critical path view shows the longest sequence of dependent operations:
- Color-coded by severity (green/yellow/red)
- Bottleneck stage highlighted
- Percentage of total duration shown
- Clickable stages for drill-down
### Event Detail Panel
Selected events display:
- Event ID and metadata
- HLC timestamp and wall-clock time
- Service and event kind
- JSON payload viewer
- Engine version information
- Evidence links (SBOM, VEX, Policy, Attestation)
### Filtering
Events can be filtered by:
- **Services**: Scheduler, AirGap, Attestor, Policy, Scanner, etc.
- **Event Kinds**: ENQUEUE, EXECUTE, COMPLETE, IMPORT, ATTEST, etc.
- **HLC Range**: From/To timestamps
Filter state is persisted in URL query parameters.
### Export
Timeline data can be exported as:
- **NDJSON**: Newline-delimited JSON (streaming-friendly)
- **JSON**: Standard JSON array
- **DSSE-signed**: Cryptographically signed bundles for auditing
## Usage
### Accessing the Timeline
Navigate to `/timeline/{correlationId}` where `correlationId` is the unique identifier for a scan, job, or workflow.
Example:
```
/timeline/scan-abc123-def456
```
### Keyboard Navigation
| Key | Action |
|-----|--------|
| Tab | Navigate between events |
| Enter/Space | Select focused event |
| Escape | Clear selection |
| Arrow keys | Scroll within panel |
### URL Parameters
| Parameter | Description | Example |
|-----------|-------------|---------|
| `services` | Comma-separated service filter | `?services=Scheduler,AirGap` |
| `kinds` | Comma-separated kind filter | `?kinds=EXECUTE,COMPLETE` |
| `fromHlc` | Start of HLC range | `?fromHlc=1704067200000:0:node1` |
| `toHlc` | End of HLC range | `?toHlc=1704153600000:0:node1` |
## Component Architecture
```
timeline/
├── components/
│ ├── causal-lanes/ # Swimlane visualization
│ ├── critical-path/ # Bottleneck bar chart
│ ├── event-detail-panel/ # Selected event details
│ ├── evidence-links/ # Links to SBOM/VEX/Policy
│ ├── export-button/ # Export dropdown
│ └── timeline-filter/ # Service/kind filters
├── models/
│ └── timeline.models.ts # TypeScript interfaces
├── pages/
│ └── timeline-page/ # Main page component
├── services/
│ └── timeline.service.ts # API client
└── timeline.routes.ts # Lazy-loaded routes
```
## API Integration
The Timeline UI integrates with the Timeline API:
| Endpoint | Description |
|----------|-------------|
| `GET /api/v1/timeline/{correlationId}` | Fetch events |
| `GET /api/v1/timeline/{correlationId}/critical-path` | Fetch critical path |
| `POST /api/v1/timeline/{correlationId}/export` | Initiate export |
| `GET /api/v1/timeline/export/{exportId}` | Check export status |
| `GET /api/v1/timeline/export/{exportId}/download` | Download bundle |
## Accessibility
The Timeline UI follows WCAG 2.1 AA guidelines:
- **Keyboard Navigation**: All interactive elements are focusable
- **Screen Readers**: ARIA labels on all regions and controls
- **Color Contrast**: 4.5:1 minimum contrast ratio
- **Focus Indicators**: Visible focus rings on all controls
- **Motion**: Respects `prefers-reduced-motion`
## Performance
- **Virtual Scrolling**: Handles 10K+ events efficiently
- **Lazy Loading**: Events loaded on-demand as user scrolls
- **Caching**: Recent queries cached to reduce API calls
- **Debouncing**: Filter changes debounced to avoid excessive requests
## Screenshots
### Timeline View
![Timeline View](./assets/timeline-view.png)
### Critical Path Analysis
![Critical Path](./assets/critical-path.png)
### Event Detail Panel
![Event Details](./assets/event-details.png)
## Related Documentation
- [Timeline API Reference](../../api/timeline-api.md)
- [HLC Clock Specification](../hlc/architecture.md)
- [Eventing SDK](../eventing/architecture.md)
- [Evidence Model](../../schemas/evidence.md)

49
docs/modules/evidence/README.md
View File

@@ -1,49 +0,0 @@
# Evidence
**Status:** Design/Planning
**Source:** N/A (cross-cutting concept)
**Owner:** Platform Team
## Purpose
Evidence defines the unified evidence model for vulnerability findings across StellaOps. Provides canonical data structures for evidence capture, aggregation, and scoring used by Signals, Policy Engine, and EvidenceLocker modules.
## Components
**Concept Documentation:**
- `unified-model.md` - Unified evidence data model specification
**Evidence Types:**
- Reachability evidence (call graph, data flow)
- Runtime evidence (eBPF traces, dynamic observations)
- Binary evidence (backport detection, fix validation)
- Exploit evidence (EPSS scores, KEV flags, exploit-db entries)
- VEX evidence (source trust, statement provenance)
- Mitigation evidence (active mitigations, compensating controls)
## Implementation Locations
Evidence structures are implemented across multiple modules:
- **Signals** - Evidence aggregation and normalization
- **Policy Engine** - Reachability analysis and evidence generation
- **EvidenceLocker** - Evidence storage and sealing
- **Scanner** - Binary and vulnerability evidence capture
- **Concelier** - Backport and exploit evidence enrichment
## Dependencies
- All evidence-producing modules (Scanner, Policy, Concelier, etc.)
- Signals (evidence aggregation)
- EvidenceLocker (evidence storage)
## Related Documentation
- Unified Model: `./unified-model.md`
- Signals: `../signals/`
- Policy: `../policy/`
- EvidenceLocker: `../evidence-locker/`
- Data Schemas: `../../11_DATA_SCHEMAS.md`
## Current Status
Evidence model documented in `unified-model.md`. Implementation distributed across Signals (aggregation), Policy (reachability), EvidenceLocker (storage), and Scanner (capture) modules.

360
docs/modules/evidence/unified-model.md
View File

@@ -1,360 +0,0 @@
# Unified Evidence Model
> **Module:** `StellaOps.Evidence.Core`
> **Status:** Production
> **Owner:** Platform Guild
## Overview
The Unified Evidence Model provides a standardized interface (`IEvidence`) and implementation (`EvidenceRecord`) for representing evidence across all StellaOps modules. This enables:
- **Cross-module evidence linking**: Evidence from Scanner, Attestor, Excititor, and Policy modules share a common contract.
- **Content-addressed verification**: Evidence records are immutable and verifiable via deterministic hashing.
- **Unified storage**: A single `IEvidenceStore` interface abstracts persistence across modules.
- **Cryptographic attestation**: Multiple signatures from different signers (internal, vendor, CI, operator) can vouch for evidence.
## Core Types
### IEvidence Interface
```csharp
public interface IEvidence
{
string SubjectNodeId { get; } // Content-addressed subject
EvidenceType EvidenceType { get; } // Type discriminator
string EvidenceId { get; } // Computed hash identifier
ReadOnlyMemory<byte> Payload { get; } // Canonical JSON payload
IReadOnlyList<EvidenceSignature> Signatures { get; }
EvidenceProvenance Provenance { get; }
string? ExternalPayloadCid { get; } // For large payloads
string PayloadSchemaVersion { get; }
}
```
### EvidenceType Enum
The platform supports these evidence types:
| Type | Value | Description | Example Payload |
|------|-------|-------------|-----------------|
| `Reachability` | 1 | Call graph analysis | Paths, confidence, graph digest |
| `Scan` | 2 | Vulnerability finding | CVE, severity, affected package |
| `Policy` | 3 | Policy evaluation | Rule ID, verdict, inputs |
| `Artifact` | 4 | SBOM entry metadata | PURL, digest, build info |
| `Vex` | 5 | VEX statement | Status, justification, impact |
| `Epss` | 6 | EPSS score | Score, percentile, model date |
| `Runtime` | 7 | Runtime observation | eBPF/ETW traces, call frames |
| `Provenance` | 8 | Build provenance | SLSA attestation, builder info |
| `Exception` | 9 | Applied exception | Exception ID, reason, expiry |
| `Guard` | 10 | Guard/gate analysis | Gate type, condition, bypass |
| `Kev` | 11 | KEV status | In-KEV flag, added date |
| `License` | 12 | License analysis | SPDX ID, compliance status |
| `Dependency` | 13 | Dependency metadata | Graph edge, version range |
| `Custom` | 100 | User-defined | Schema-versioned custom payload |
### EvidenceRecord
The concrete implementation with deterministic identity:
```csharp
public sealed record EvidenceRecord : IEvidence
{
public static EvidenceRecord Create(
string subjectNodeId,
EvidenceType evidenceType,
ReadOnlyMemory<byte> payload,
EvidenceProvenance provenance,
string payloadSchemaVersion,
IReadOnlyList<EvidenceSignature>? signatures = null,
string? externalPayloadCid = null);
public bool VerifyIntegrity();
}
```
**EvidenceId Computation:**
The `EvidenceId` is a SHA-256 hash of the canonicalized fields using versioned prefixing:
```
EvidenceId = "evidence:" + CanonJson.HashVersionedPrefixed("IEvidence", "v1", {
SubjectNodeId,
EvidenceType,
PayloadHash,
Provenance.GeneratorId,
Provenance.GeneratorVersion,
Provenance.GeneratedAt (ISO 8601)
})
```
### EvidenceSignature
Cryptographic attestation by a signer:
```csharp
public sealed record EvidenceSignature
{
public required string SignerId { get; init; }
public required string Algorithm { get; init; } // ES256, RS256, EdDSA
public required string SignatureBase64 { get; init; }
public required DateTimeOffset SignedAt { get; init; }
public SignerType SignerType { get; init; }
public IReadOnlyList<string>? CertificateChain { get; init; }
}
```
**SignerType Values:**
- `Internal` (0): StellaOps service
- `Vendor` (1): External vendor/supplier
- `CI` (2): CI/CD pipeline
- `Operator` (3): Human operator
- `TransparencyLog` (4): Rekor/transparency log
- `Scanner` (5): Security scanner
- `PolicyEngine` (6): Policy engine
- `Unknown` (255): Unclassified
### EvidenceProvenance
Generation context:
```csharp
public sealed record EvidenceProvenance
{
public required string GeneratorId { get; init; }
public required string GeneratorVersion { get; init; }
public required DateTimeOffset GeneratedAt { get; init; }
public string? CorrelationId { get; init; }
public Guid? TenantId { get; init; }
// ... additional fields
}
```
## Adapters
Adapters convert module-specific evidence types to the unified `IEvidence` interface:
### Available Adapters
| Adapter | Source Module | Source Type | Target Evidence Types |
|---------|---------------|-------------|----------------------|
| `EvidenceBundleAdapter` | Scanner | `EvidenceBundle` | Reachability, Vex, Provenance, Scan |
| `EvidenceStatementAdapter` | Attestor | `EvidenceStatement` (in-toto) | Scan |
| `ProofSegmentAdapter` | Scanner | `ProofSegment` | Varies by segment type |
| `VexObservationAdapter` | Excititor | `VexObservation` | Vex, Provenance |
| `ExceptionApplicationAdapter` | Policy | `ExceptionApplication` | Exception |
### Adapter Interface
```csharp
public interface IEvidenceAdapter<TSource>
{
IReadOnlyList<IEvidence> Convert(
TSource source,
string subjectNodeId,
EvidenceProvenance provenance);
bool CanConvert(TSource source);
}
```
### Using Adapters
Adapters use **input DTOs** to avoid circular dependencies:
```csharp
// Using VexObservationAdapter
var adapter = new VexObservationAdapter();
var input = new VexObservationInput
{
ObservationId = "obs-001",
ProviderId = "nvd",
StreamId = "cve-feed",
// ... other fields from VexObservation
};
var provenance = new EvidenceProvenance
{
GeneratorId = "excititor-ingestor",
GeneratorVersion = "1.0.0",
GeneratedAt = DateTimeOffset.UtcNow
};
if (adapter.CanConvert(input))
{
IReadOnlyList<IEvidence> records = adapter.Convert(
input,
subjectNodeId: "sha256:abc123",
provenance);
}
```
## Evidence Store
### IEvidenceStore Interface
```csharp
public interface IEvidenceStore
{
Task<EvidenceRecord> StoreAsync(
EvidenceRecord record,
CancellationToken ct = default);
Task<IReadOnlyList<EvidenceRecord>> StoreBatchAsync(
IEnumerable<EvidenceRecord> records,
CancellationToken ct = default);
Task<EvidenceRecord?> GetByIdAsync(
string evidenceId,
CancellationToken ct = default);
Task<IReadOnlyList<EvidenceRecord>> GetBySubjectAsync(
string subjectNodeId,
EvidenceType? evidenceType = null,
CancellationToken ct = default);
Task<IReadOnlyList<EvidenceRecord>> GetByTypeAsync(
EvidenceType evidenceType,
int limit = 100,
CancellationToken ct = default);
Task<bool> ExistsAsync(
string evidenceId,
CancellationToken ct = default);
Task<bool> DeleteAsync(
string evidenceId,
CancellationToken ct = default);
}
```
### Implementations
- **`InMemoryEvidenceStore`**: Thread-safe in-memory store for testing and development.
- **`PostgresEvidenceStore`** (planned): Production store with tenant isolation and indexing.
## Usage Examples
### Creating Evidence
```csharp
var provenance = new EvidenceProvenance
{
GeneratorId = "scanner-service",
GeneratorVersion = "2.1.0",
GeneratedAt = DateTimeOffset.UtcNow,
TenantId = tenantId
};
// Serialize payload to canonical JSON
var payloadBytes = CanonJson.Canonicalize(new
{
cveId = "CVE-2024-1234",
severity = "HIGH",
affectedPackage = "pkg:npm/lodash@4.17.20"
});
var evidence = EvidenceRecord.Create(
subjectNodeId: "sha256:abc123def456...",
evidenceType: EvidenceType.Scan,
payload: payloadBytes,
provenance: provenance,
payloadSchemaVersion: "scan/v1");
```
### Storing and Retrieving
```csharp
var store = new InMemoryEvidenceStore();
// Store
await store.StoreAsync(evidence);
// Retrieve by ID
var retrieved = await store.GetByIdAsync(evidence.EvidenceId);
// Retrieve all evidence for a subject
var allForSubject = await store.GetBySubjectAsync(
"sha256:abc123def456...",
evidenceType: EvidenceType.Scan);
// Verify integrity
bool isValid = retrieved!.VerifyIntegrity();
```
### Cross-Module Evidence Linking
```csharp
// Scanner produces evidence bundle
var bundle = scanner.ProduceEvidenceBundle(target);
// Convert to unified evidence
var adapter = new EvidenceBundleAdapter();
var evidenceRecords = adapter.Convert(bundle, subjectNodeId, provenance);
// Store all records
await store.StoreBatchAsync(evidenceRecords);
// Later, any module can query by subject
var allEvidence = await store.GetBySubjectAsync(subjectNodeId);
// Filter by type
var reachabilityEvidence = allEvidence
.Where(e => e.EvidenceType == EvidenceType.Reachability);
var vexEvidence = allEvidence
.Where(e => e.EvidenceType == EvidenceType.Vex);
```
## Schema Versioning
Each evidence type payload has a schema version (`PayloadSchemaVersion`) for forward compatibility:
- `scan/v1`: Initial scan evidence schema
- `reachability/v1`: Reachability evidence schema
- `vex-statement/v1`: VEX statement evidence schema
- `proof-segment/v1`: Proof segment evidence schema
- `exception-application/v1`: Exception application schema
Consumers should check `PayloadSchemaVersion` before deserializing payloads to handle schema evolution.
## Integration Patterns
### Module Integration
Each module that produces evidence should:
1. Create an adapter if converting from module-specific types
2. Use `EvidenceRecord.Create()` for new evidence
3. Store evidence via `IEvidenceStore`
4. Include provenance with generator identification
### Verification Flow
```
1. Retrieve evidence by SubjectNodeId
2. Call VerifyIntegrity() to check EvidenceId
3. Verify signatures against known trust roots
4. Deserialize and validate payload against schema
```
## Testing
The `StellaOps.Evidence.Core.Tests` project includes:
- **111 unit tests** covering:
- EvidenceRecord creation and hash computation
- InMemoryEvidenceStore CRUD operations
- All adapter conversions (VexObservation, ExceptionApplication, ProofSegment)
- Edge cases and error handling
Run tests:
```bash
dotnet test src/__Libraries/StellaOps.Evidence.Core.Tests/
```
## Related Documentation
- [Proof Chain Architecture](../attestor/proof-chain.md)
- [Evidence Bundle Design](../scanner/evidence-bundle.md)
- [VEX Observation Model](../excititor/vex-observation.md)
- [Policy Exceptions](../policy/exceptions.md)

41
docs/modules/facet/README.md
View File

@@ -1,41 +0,0 @@
# Facet
> Cryptographically sealed manifests for logical slices of container images.
## Purpose
The Facet Sealing subsystem provides cryptographically sealed manifests for logical slices of container images, enabling fine-grained drift detection, per-facet quota enforcement, and deterministic change tracking.
## Quick Links
- [Architecture](./architecture.md) - Technical design and implementation details
## Status
| Attribute | Value |
|-----------|-------|
| **Maturity** | Production |
| **Last Reviewed** | 2025-12-29 |
| **Maintainer** | Scanner Guild, Policy Guild |
## Key Features
- **Facet Types**: OS packages, language dependencies, binaries, configs, custom patterns
- **Cryptographic Sealing**: Each facet can be individually sealed with a cryptographic snapshot
- **Drift Detection**: Monitor changes between seals for compliance enforcement
- **Merkle Tree Structure**: Content-addressed storage with integrity verification
## Dependencies
### Upstream (this module depends on)
- **Scanner** - Facet extraction during image analysis
- **Attestor** - DSSE signing for sealed facets
### Downstream (modules that depend on this)
- **Policy** - Drift detection and quota enforcement
- **Replay** - Facet verification in replay workflows
## Related Documentation
- [Scanner Architecture](../scanner/architecture.md)
- [Replay Architecture](../replay/architecture.md)

702
docs/modules/facet/architecture.md
View File

@@ -1,702 +0,0 @@
# Facet Sealing Architecture
> **Status: Production (Cross-Module Library).** Facet Sealing is a fully implemented subsystem with its core library at `src/__Libraries/StellaOps.Facet/` (30 source files) and integration points spanning **Scanner** (extraction via `FacetSealExtractor`, storage via `PostgresFacetSealStore` in `scanner.facet_seals` table), **Policy** (drift and quota enforcement via `FacetQuotaGate`), **Zastava** (admission validation via `FacetAdmissionValidator`), and **CLI** (`seal`, `drift`, `vex-gen` commands). Comprehensive test coverage exists across 17 test files. This documentation covers the cross-cutting architecture.
> **Ownership:** Scanner Guild, Policy Guild
> **Audience:** Service owners, platform engineers, security architects
> **Related:** [Platform Architecture](../platform/architecture-overview.md), [Scanner Architecture](../scanner/architecture.md), [Replay Architecture](../replay/architecture.md), [Policy Engine](../policy/architecture.md)
This dossier describes the Facet Sealing subsystem, which provides cryptographically sealed manifests for logical slices of container images, enabling fine-grained drift detection, per-facet quota enforcement, and deterministic change tracking.
---
## 1. Overview
A **Facet** is a declared logical slice of a container image representing a cohesive set of files with shared characteristics:
| Facet Type | Description | Examples |
|------------|-------------|----------|
| `os` | Operating system packages | `/var/lib/dpkg/**`, `/var/lib/rpm/**` |
| `lang/<ecosystem>` | Language-specific dependencies | `node_modules/**`, `site-packages/**`, `vendor/**` |
| `binary` | Native binaries and shared libraries | `/usr/bin/*`, `/lib/**/*.so*` |
| `config` | Configuration files | `/etc/**`, `*.conf`, `*.yaml` |
| `custom` | User-defined patterns | Project-specific paths |
Each facet can be individually **sealed** (cryptographic snapshot) and monitored for **drift** (changes between seals).
---
## 2. System Landscape
```mermaid
graph TD
subgraph Scanner["Scanner Services"]
FE[FacetExtractor]
FH[FacetHasher]
MB[MerkleBuilder]
end
subgraph Storage["Facet Storage"]
FS[(PostgreSQL<br/>facet_seals)]
FC[(CAS<br/>facet_manifests)]
end
subgraph Policy["Policy & Enforcement"]
DC[DriftCalculator]
QE[QuotaEnforcer]
AV[AdmissionValidator]
end
subgraph Signing["Attestation"]
DS[DSSE Signer]
AT[Attestor]
end
subgraph CLI["CLI & Integration"]
SealCmd[stella seal]
DriftCmd[stella drift]
VexCmd[stella vex gen]
Zastava[Zastava Webhook]
end
FE --> FH
FH --> MB
MB --> DS
DS --> FS
DS --> FC
FS --> DC
DC --> QE
QE --> AV
AV --> Zastava
SealCmd --> FE
DriftCmd --> DC
VexCmd --> DC
```
---
## 3. Core Data Models
### 3.1 FacetDefinition
Declares a facet with its extraction patterns and quota constraints:
```csharp
public sealed record FacetDefinition
{
public required string FacetId { get; init; } // e.g., "os", "lang/node", "binary"
public required FacetType Type { get; init; } // OS, LangNode, LangPython, Binary, Config, Custom
public required ImmutableArray<string> IncludeGlobs { get; init; }
public ImmutableArray<string> ExcludeGlobs { get; init; } = [];
public FacetQuota? Quota { get; init; }
}
public enum FacetType
{
OS,
LangNode,
LangPython,
LangGo,
LangRust,
LangJava,
LangDotNet,
Binary,
Config,
Custom
}
```
### 3.2 FacetManifest
Per-facet file manifest with Merkle root:
```csharp
public sealed record FacetManifest
{
public required string FacetId { get; init; }
public required FacetType Type { get; init; }
public required ImmutableArray<FacetFileEntry> Files { get; init; }
public required string MerkleRoot { get; init; } // SHA-256 hex
public required int FileCount { get; init; }
public required long TotalBytes { get; init; }
public required DateTimeOffset ExtractedAt { get; init; }
public required string ExtractorVersion { get; init; }
}
public sealed record FacetFileEntry
{
public required string Path { get; init; } // Normalized POSIX path
public required string ContentHash { get; init; } // SHA-256 hex
public required long Size { get; init; }
public required string Mode { get; init; } // POSIX mode string "0644"
public required DateTimeOffset ModTime { get; init; } // Normalized to UTC
}
```
### 3.3 FacetSeal
DSSE-signed seal combining manifest with metadata:
```csharp
public sealed record FacetSeal
{
public required Guid SealId { get; init; }
public required string ImageRef { get; init; } // registry/repo:tag@sha256:...
public required string ImageDigest { get; init; } // sha256:...
public required FacetManifest Manifest { get; init; }
public required DateTimeOffset SealedAt { get; init; }
public required string SealedBy { get; init; } // Identity/service
public required FacetQuota? AppliedQuota { get; init; }
public required DsseEnvelope Envelope { get; init; }
}
```
### 3.4 FacetQuota
Per-facet change budget:
```csharp
public sealed record FacetQuota
{
public required string FacetId { get; init; }
public double MaxChurnPercent { get; init; } = 5.0; // 0-100
public int MaxChangedFiles { get; init; } = 50;
public int MaxAddedFiles { get; init; } = 25;
public int MaxRemovedFiles { get; init; } = 10;
public QuotaAction OnExceed { get; init; } = QuotaAction.Warn;
}
public enum QuotaAction
{
Warn, // Log warning, allow admission
Block, // Reject admission
RequireVex // Require VEX justification before admission
}
```
### 3.5 FacetDrift
Drift calculation result between two seals:
```csharp
public sealed record FacetDrift
{
public required string FacetId { get; init; }
public required Guid BaselineSealId { get; init; }
public required Guid CurrentSealId { get; init; }
public required ImmutableArray<DriftEntry> Added { get; init; }
public required ImmutableArray<DriftEntry> Removed { get; init; }
public required ImmutableArray<DriftEntry> Modified { get; init; }
public required DriftScore Score { get; init; }
public required QuotaVerdict QuotaVerdict { get; init; }
}
public sealed record DriftEntry
{
public required string Path { get; init; }
public string? OldHash { get; init; }
public string? NewHash { get; init; }
public long? OldSize { get; init; }
public long? NewSize { get; init; }
public DriftCause Cause { get; init; } = DriftCause.Unknown;
}
public enum DriftCause
{
Unknown,
PackageUpdate,
ConfigChange,
BinaryRebuild,
NewDependency,
RemovedDependency,
SecurityPatch
}
public sealed record DriftScore
{
public required int TotalChanges { get; init; }
public required double ChurnPercent { get; init; }
public required int AddedCount { get; init; }
public required int RemovedCount { get; init; }
public required int ModifiedCount { get; init; }
}
public sealed record QuotaVerdict
{
public required bool Passed { get; init; }
public required ImmutableArray<QuotaViolation> Violations { get; init; }
public required QuotaAction RecommendedAction { get; init; }
}
public sealed record QuotaViolation
{
public required string QuotaField { get; init; } // e.g., "MaxChurnPercent"
public required double Limit { get; init; }
public required double Actual { get; init; }
public required string Message { get; init; }
}
```
---
## 4. Component Architecture
### 4.1 FacetExtractor
Extracts file entries from container images based on facet definitions:
```csharp
public interface IFacetExtractor
{
Task<FacetManifest> ExtractAsync(
string imageRef,
FacetDefinition definition,
CancellationToken ct = default);
Task<ImmutableArray<FacetManifest>> ExtractAllAsync(
string imageRef,
ImmutableArray<FacetDefinition> definitions,
CancellationToken ct = default);
}
```
Implementation notes:
- Uses existing `ISurfaceReader` for container layer traversal
- Normalizes paths to POSIX format (forward slashes, no trailing slashes)
- Computes SHA-256 content hashes for each file
- Normalizes timestamps to UTC, mode to POSIX string
- Sorts files lexicographically for deterministic ordering
### 4.2 FacetHasher
Computes Merkle tree for facet file entries:
```csharp
public interface IFacetHasher
{
FacetMerkleResult ComputeMerkle(ImmutableArray<FacetFileEntry> files);
}
public sealed record FacetMerkleResult
{
public required string Root { get; init; }
public required ImmutableArray<string> LeafHashes { get; init; }
public required ImmutableArray<MerkleProofNode> Proof { get; init; }
}
```
Implementation notes:
- Leaf hash = SHA-256(path || contentHash || size || mode)
- Binary Merkle tree with lexicographic leaf ordering
- Empty facet produces well-known empty root hash
- Proof enables verification of individual file membership
### 4.3 FacetSealStore
PostgreSQL storage for sealed facet manifests:
```sql
-- Core seal storage
CREATE TABLE facet_seals (
seal_id UUID PRIMARY KEY,
tenant TEXT NOT NULL,
image_ref TEXT NOT NULL,
image_digest TEXT NOT NULL,
facet_id TEXT NOT NULL,
facet_type TEXT NOT NULL,
merkle_root TEXT NOT NULL,
file_count INTEGER NOT NULL,
total_bytes BIGINT NOT NULL,
sealed_at TIMESTAMPTZ NOT NULL,
sealed_by TEXT NOT NULL,
quota_json JSONB,
manifest_cas TEXT NOT NULL, -- CAS URI to full manifest
dsse_envelope JSONB NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
CONSTRAINT uq_facet_seal UNIQUE (tenant, image_digest, facet_id)
);
CREATE INDEX ix_facet_seals_image ON facet_seals (tenant, image_digest);
CREATE INDEX ix_facet_seals_merkle ON facet_seals (merkle_root);
-- Drift history
CREATE TABLE facet_drift_history (
drift_id UUID PRIMARY KEY,
tenant TEXT NOT NULL,
baseline_seal_id UUID NOT NULL REFERENCES facet_seals(seal_id),
current_seal_id UUID NOT NULL REFERENCES facet_seals(seal_id),
facet_id TEXT NOT NULL,
drift_score_json JSONB NOT NULL,
quota_verdict_json JSONB NOT NULL,
computed_at TIMESTAMPTZ NOT NULL,
CONSTRAINT uq_drift_pair UNIQUE (baseline_seal_id, current_seal_id)
);
```
### 4.4 DriftCalculator
Computes drift between baseline and current seals:
```csharp
public interface IDriftCalculator
{
Task<FacetDrift> CalculateAsync(
Guid baselineSealId,
Guid currentSealId,
CancellationToken ct = default);
Task<ImmutableArray<FacetDrift>> CalculateAllAsync(
string imageDigestBaseline,
string imageDigestCurrent,
CancellationToken ct = default);
}
```
Implementation notes:
- Retrieves manifests from CAS via seal metadata
- Performs set difference operations on file paths
- Detects modifications via content hash comparison
- Attributes drift causes where determinable (e.g., package manager metadata)
### 4.5 QuotaEnforcer
Evaluates drift against quota constraints:
```csharp
public interface IQuotaEnforcer
{
QuotaVerdict Evaluate(FacetDrift drift, FacetQuota quota);
Task<ImmutableArray<QuotaVerdict>> EvaluateAllAsync(
ImmutableArray<FacetDrift> drifts,
ImmutableDictionary<string, FacetQuota> quotas,
CancellationToken ct = default);
}
```
### 4.6 AdmissionValidator
Zastava webhook integration for admission control:
```csharp
public interface IFacetAdmissionValidator
{
Task<AdmissionResult> ValidateAsync(
AdmissionRequest request,
CancellationToken ct = default);
}
public sealed record AdmissionResult
{
public required bool Allowed { get; init; }
public string? Message { get; init; }
public ImmutableArray<QuotaViolation> Violations { get; init; } = [];
public string? RequiredVexStatement { get; init; }
}
```
---
## 5. DSSE Envelope Structure
Facet seals use DSSE (Dead Simple Signing Envelope) for cryptographic binding:
```json
{
"payloadType": "application/vnd.stellaops.facet-seal.v1+json",
"payload": "<base64url-encoded canonical JSON of FacetSeal>",
"signatures": [
{
"keyid": "sha256:abc123...",
"sig": "<base64url-encoded signature>"
}
]
}
```
Payload structure (canonical JSON, RFC 8785):
```json
{
"_type": "https://stellaops.io/FacetSeal/v1",
"facetId": "os",
"facetType": "OS",
"imageDigest": "sha256:abc123...",
"imageRef": "registry.example.com/app:v1.2.3",
"manifest": {
"extractedAt": "2026-01-05T10:00:00.000Z",
"extractorVersion": "1.0.0",
"fileCount": 1234,
"files": [
{
"contentHash": "sha256:...",
"mode": "0644",
"modTime": "2026-01-01T00:00:00.000Z",
"path": "/etc/os-release",
"size": 256
}
],
"merkleRoot": "sha256:def456...",
"totalBytes": 1048576
},
"quota": {
"maxAddedFiles": 25,
"maxChangedFiles": 50,
"maxChurnPercent": 5.0,
"maxRemovedFiles": 10,
"onExceed": "Warn"
},
"sealId": "550e8400-e29b-41d4-a716-446655440000",
"sealedAt": "2026-01-05T10:05:00.000Z",
"sealedBy": "scanner-worker-01"
}
```
---
## 6. Default Facet Definitions
Standard facet definitions applied when no custom configuration is provided:
```yaml
# Default facet configuration
facets:
- facetId: os
type: OS
includeGlobs:
- /var/lib/dpkg/**
- /var/lib/rpm/**
- /var/lib/pacman/**
- /var/lib/apk/**
- /var/cache/apt/**
- /etc/apt/**
- /etc/yum.repos.d/**
excludeGlobs:
- "**/*.log"
quota:
maxChurnPercent: 5.0
maxChangedFiles: 100
onExceed: Warn
- facetId: lang/node
type: LangNode
includeGlobs:
- "**/node_modules/**"
- "**/package.json"
- "**/package-lock.json"
- "**/yarn.lock"
- "**/pnpm-lock.yaml"
quota:
maxChurnPercent: 10.0
maxChangedFiles: 500
onExceed: RequireVex
- facetId: lang/python
type: LangPython
includeGlobs:
- "**/site-packages/**"
- "**/dist-packages/**"
- "**/requirements.txt"
- "**/Pipfile.lock"
- "**/poetry.lock"
quota:
maxChurnPercent: 10.0
maxChangedFiles: 200
onExceed: Warn
- facetId: lang/go
type: LangGo
includeGlobs:
- "**/go.mod"
- "**/go.sum"
- "**/vendor/**"
quota:
maxChurnPercent: 15.0
maxChangedFiles: 100
onExceed: Warn
- facetId: binary
type: Binary
includeGlobs:
- /usr/bin/*
- /usr/sbin/*
- /bin/*
- /sbin/*
- /usr/lib/**/*.so*
- /lib/**/*.so*
- /usr/local/bin/*
excludeGlobs:
- "**/*.py"
- "**/*.sh"
quota:
maxChurnPercent: 2.0
maxChangedFiles: 20
onExceed: Block
- facetId: config
type: Config
includeGlobs:
- /etc/**
- "**/*.conf"
- "**/*.cfg"
- "**/*.ini"
- "**/*.yaml"
- "**/*.yml"
- "**/*.json"
excludeGlobs:
- /etc/passwd
- /etc/shadow
- /etc/group
- "**/*.log"
quota:
maxChurnPercent: 20.0
maxChangedFiles: 50
onExceed: Warn
```
---
## 7. Integration Points
### 7.1 Scanner Integration
Scanner invokes facet extraction during scan:
```csharp
// In ScanOrchestrator
var facetDefs = await _facetConfigLoader.LoadAsync(scanRequest.FacetConfig, ct);
var manifests = await _facetExtractor.ExtractAllAsync(imageRef, facetDefs, ct);
foreach (var manifest in manifests)
{
var seal = await _facetSealer.SealAsync(manifest, scanRequest, ct);
await _facetSealStore.SaveAsync(seal, ct);
}
```
### 7.2 CLI Integration
```bash
# Seal all facets for an image
stella seal myregistry.io/app:v1.2.3 --output seals.json
# Seal specific facets
stella seal myregistry.io/app:v1.2.3 --facet os --facet lang/node
# Check drift between two image versions
stella drift myregistry.io/app:v1.2.3 myregistry.io/app:v1.2.4 --format json
# Generate VEX from drift
stella vex gen --from-drift myregistry.io/app:v1.2.3 myregistry.io/app:v1.2.4
```
### 7.3 Zastava Webhook Integration
```csharp
// In FacetAdmissionValidator
public async Task<AdmissionResult> ValidateAsync(AdmissionRequest request, CancellationToken ct)
{
// Find baseline seal (latest approved)
var baseline = await _sealStore.GetLatestApprovedAsync(request.ImageRef, ct);
if (baseline is null)
return AdmissionResult.Allowed("No baseline seal found, skipping facet check");
// Extract current facets
var currentManifests = await _extractor.ExtractAllAsync(request.ImageRef, _defaultFacets, ct);
// Calculate drift for each facet
var drifts = new List<FacetDrift>();
foreach (var manifest in currentManifests)
{
var baselineSeal = baseline.FirstOrDefault(s => s.FacetId == manifest.FacetId);
if (baselineSeal is not null)
{
var drift = await _driftCalculator.CalculateAsync(baselineSeal, manifest, ct);
drifts.Add(drift);
}
}
// Evaluate quotas
var violations = new List<QuotaViolation>();
QuotaAction maxAction = QuotaAction.Warn;
foreach (var drift in drifts)
{
var verdict = _quotaEnforcer.Evaluate(drift, drift.AppliedQuota);
if (!verdict.Passed)
{
violations.AddRange(verdict.Violations);
if (verdict.RecommendedAction > maxAction)
maxAction = verdict.RecommendedAction;
}
}
return maxAction switch
{
QuotaAction.Block => AdmissionResult.Denied(violations),
QuotaAction.RequireVex => AdmissionResult.RequiresVex(violations),
_ => AdmissionResult.Allowed(violations)
};
}
```
---
## 8. Observability
### 8.1 Metrics
| Metric | Type | Labels | Description |
|--------|------|--------|-------------|
| `facet_seal_total` | Counter | `tenant`, `facet_type`, `status` | Total seals created |
| `facet_seal_duration_seconds` | Histogram | `facet_type` | Time to create seal |
| `facet_drift_score` | Gauge | `tenant`, `facet_id`, `image` | Current drift score |
| `facet_quota_violations_total` | Counter | `tenant`, `facet_id`, `quota_field` | Quota violations |
| `facet_admission_decisions_total` | Counter | `tenant`, `decision`, `facet_id` | Admission decisions |
### 8.2 Traces
```
facet.extract - Facet file extraction from image
facet.hash - Merkle tree computation
facet.seal - DSSE signing
facet.drift.compute - Drift calculation
facet.quota.evaluate - Quota enforcement
facet.admission - Admission validation
```
### 8.3 Logs
Structured log fields:
- `facetId`: Facet identifier
- `imageRef`: Container image reference
- `imageDigest`: Image content digest
- `merkleRoot`: Facet Merkle root
- `driftScore`: Computed drift percentage
- `quotaVerdict`: Pass/fail status
---
## 9. Security Considerations
1. **Signature Verification**: All seals must be DSSE-signed with keys managed by Authority service
2. **Tenant Isolation**: Seals are scoped to tenants; cross-tenant access is prohibited
3. **Immutability**: Once created, seals cannot be modified; only superseded by new seals
4. **Audit Trail**: All seal operations are logged with correlation IDs
5. **Key Rotation**: Signing keys support rotation; old signatures remain valid with archived keys
---
## 10. References
- [DSSE Specification](https://github.com/secure-systems-lab/dsse)
- [RFC 8785 - JSON Canonicalization](https://tools.ietf.org/html/rfc8785)
- [Scanner Architecture](../scanner/architecture.md)
- [Attestor Architecture](../attestor/architecture.md)
- [Policy Engine Architecture](../policy/architecture.md)
- [Replay Architecture](../replay/architecture.md)
---
*Last updated: 2026-01-05*

622
docs/modules/prov-cache/README.md
View File

@@ -1,622 +0,0 @@
# Provcache Module
> **Status: Implemented** — Core library shipped in Sprint 8200.0001.0001. API endpoints, caching, invalidation and write-behind queue are operational. Policy Engine integration pending architectural review.
> Provenance Cache — Maximizing Trust Evidence Density
## Overview
Provcache is a caching layer that maximizes "provenance density" — the amount of trustworthy evidence retained per byte — enabling faster security decisions, offline replays, and smaller air-gap bundles.
### Key Benefits
- **Trust Latency**: Warm cache lookups return in single-digit milliseconds
- **Bandwidth Efficiency**: Avoid re-fetching bulky SBOMs/attestations
- **Offline Operation**: Decisions usable without full SBOM/VEX payloads
- **Audit Transparency**: Full evidence chain verifiable via Merkle proofs
## Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ Policy Evaluator │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ VeriKey │───▶│ Provcache │───▶│ TrustLatticeEngine │ │
│ │ Builder │ │ Service │ │ (if cache miss) │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────┐
│ Provcache Store │
│ ┌─────────────┐ ┌────────────────┐ │
│ │ Valkey │◀──▶│ Postgres │ │
│ │ (read-thru) │ │ (write-behind) │ │
│ └─────────────┘ └────────────────┘ │
└─────────────────────────────────────────┘
┌─────────────────────────────────────────┐
│ Evidence Chunk Store │
│ ┌─────────────────────────────────────┐│
│ │ prov_evidence_chunks (Postgres) ││
│ │ - Chunked SBOM/VEX/CallGraph ││
│ │ - Merkle tree verification ││
│ └─────────────────────────────────────┘│
└─────────────────────────────────────────┘
```
## Core Concepts
### VeriKey (Provenance Identity Key)
A composite hash that uniquely identifies a provenance decision context:
```
VeriKey = SHA256(
"v1|" || // Version prefix for compatibility
source_hash || // Image/artifact digest
"|" ||
sbom_hash || // Canonical SBOM hash
"|" ||
vex_hash_set_hash || // Sorted VEX statement hashes
"|" ||
merge_policy_hash || // PolicyBundle hash
"|" ||
signer_set_hash || // Signer certificate hashes
"|" ||
time_window // Epoch bucket
)
```
**Why each component?**
| Component | Purpose |
|-----------|---------|
| `source_hash` | Different artifacts → different keys |
| `sbom_hash` | SBOM changes (new packages) → new key |
| `vex_hash_set` | VEX updates → new key |
| `policy_hash` | Policy changes → new key |
| `signer_set_hash` | Key rotation → new key (security) |
| `time_window` | Temporal bucketing → controlled expiry |
#### VeriKey Composition Rules
1. **Hash Normalization**: All input hashes are normalized to lowercase with `sha256:` prefix stripped if present
2. **Set Hash Computation**: For VEX statements and signer certificates:
- Individual hashes are sorted lexicographically (ordinal)
- Sorted hashes are concatenated with `|` delimiter
- Result is SHA256-hashed
- Empty sets use well-known sentinels (`"empty-vex-set"`, `"empty-signer-set"`)
3. **Time Window Computation**: `floor(timestamp.Ticks / bucket.Ticks) * bucket.Ticks` in UTC ISO-8601 format
4. **Output Format**: `sha256:<64-char-lowercase-hex>`
#### Code Example
```csharp
var veriKey = new VeriKeyBuilder(options)
.WithSourceHash("sha256:abc123...") // Image digest
.WithSbomHash("sha256:def456...") // SBOM digest
.WithVexStatementHashes(["sha256:v1", "sha256:v2"]) // Sorted automatically
.WithMergePolicyHash("sha256:policy...") // Policy bundle
.WithCertificateHashes(["sha256:cert1"]) // Signer certs
.WithTimeWindow(DateTimeOffset.UtcNow) // Auto-bucketed
.Build();
// Returns: "sha256:789abc..."
```
### DecisionDigest
Canonicalized representation of an evaluation result:
```json
{
"digestVersion": "v1",
"veriKey": "sha256:abc123...",
"verdictHash": "sha256:def456...",
"proofRoot": "sha256:789abc...",
"replaySeed": {
"feedIds": ["cve-2024", "ghsa-2024"],
"ruleIds": ["default-policy-v2"]
},
"trustScore": 85,
"createdAt": "2025-12-24T12:00:00Z",
"expiresAt": "2025-12-25T12:00:00Z"
}
```
### Trust Score
A composite score (0-100) indicating decision confidence:
| Component | Weight | Calculation |
|-----------|--------|-------------|
| Reachability | 25% | Call graph coverage, entry points analyzed |
| SBOM Completeness | 20% | Package count, license data presence |
| VEX Coverage | 20% | Vendor statements, justifications |
| Policy Freshness | 15% | Time since last policy update |
| Signer Trust | 20% | Key age, reputation, chain validity |
### Evidence Chunks
Large evidence (SBOM, VEX, call graphs) is stored in fixed-size chunks:
- **Default size**: 64 KB per chunk
- **Merkle verification**: Each chunk is a Merkle leaf
- **Lazy fetch**: Only fetch chunks needed for audit
- **LRU eviction**: Old chunks evicted under storage pressure
## API Reference
### Endpoints
| Method | Path | Description |
|--------|------|-------------|
| GET | `/v1/provcache/{veriKey}` | Lookup cached decision |
| POST | `/v1/provcache` | Store decision (idempotent) |
| POST | `/v1/provcache/invalidate` | Invalidate by pattern |
| GET | `/v1/proofs/{proofRoot}` | List evidence chunks |
| GET | `/v1/proofs/{proofRoot}/chunks/{index}` | Download chunk |
### Cache Lookup Flow
```mermaid
sequenceDiagram
participant Client
participant PolicyEngine
participant Provcache
participant Valkey
participant Postgres
participant TrustLattice
Client->>PolicyEngine: Evaluate(artifact)
PolicyEngine->>Provcache: Get(VeriKey)
Provcache->>Valkey: GET verikey
alt Cache Hit
Valkey-->>Provcache: DecisionDigest
Provcache-->>PolicyEngine: CacheResult(hit)
PolicyEngine-->>Client: Decision (cached)
else Cache Miss
Valkey-->>Provcache: null
Provcache->>Postgres: SELECT * FROM provcache_items
alt DB Hit
Postgres-->>Provcache: ProvcacheEntry
Provcache->>Valkey: SET (backfill)
Provcache-->>PolicyEngine: CacheResult(hit, source=postgres)
else DB Miss
Postgres-->>Provcache: null
Provcache-->>PolicyEngine: CacheResult(miss)
PolicyEngine->>TrustLattice: Evaluate
TrustLattice-->>PolicyEngine: EvaluationResult
PolicyEngine->>Provcache: Set(VeriKey, DecisionDigest)
Provcache->>Valkey: SET
Provcache->>Postgres: INSERT (async)
PolicyEngine-->>Client: Decision (computed)
end
end
```
## Invalidation
> **See also**: [architecture.md](architecture.md#invalidation-mechanisms) for detailed invalidation flow diagrams.
### Automatic Invalidation Triggers
| Trigger | Event | Scope | Implementation |
|---------|-------|-------|----------------|
| Signer Revocation | `SignerRevokedEvent` | All entries with matching `signer_set_hash` | `SignerSetInvalidator` |
| Feed Epoch Advance | `FeedEpochAdvancedEvent` | Entries with older `feed_epoch` | `FeedEpochInvalidator` |
| Policy Update | `PolicyUpdatedEvent` | Entries with matching `policy_hash` | `PolicyHashInvalidator` |
| TTL Expiry | Background job | Entries past `expires_at` | `TtlExpirationService` |
### Invalidation Interfaces
```csharp
// Main invalidator interface
public interface IProvcacheInvalidator
{
Task<int> InvalidateAsync(
InvalidationCriteria criteria,
string reason,
string? correlationId = null,
CancellationToken cancellationToken = default);
}
// Revocation ledger for audit trail
public interface IRevocationLedger
{
Task RecordAsync(RevocationEntry entry, CancellationToken ct = default);
Task<IReadOnlyList<RevocationEntry>> GetEntriesSinceAsync(long sinceSeqNo, int limit = 1000, CancellationToken ct = default);
Task<RevocationLedgerStats> GetStatsAsync(CancellationToken ct = default);
}
```
### Manual Invalidation
```bash
# Invalidate by signer
POST /v1/provcache/invalidate
{
"by": "signer_set_hash",
"value": "sha256:revoked-signer...",
"reason": "key-compromise"
}
# Invalidate by policy
POST /v1/provcache/invalidate
{
"by": "policy_hash",
"value": "sha256:old-policy...",
"reason": "policy-update"
}
```
### Revocation Replay
Nodes can replay missed revocation events after restart or network partition:
```csharp
var replayService = services.GetRequiredService<IRevocationReplayService>();
var checkpoint = await replayService.GetCheckpointAsync();
var result = await replayService.ReplayFromAsync(
sinceSeqNo: checkpoint,
new RevocationReplayOptions { BatchSize = 1000 });
// result.EntriesReplayed, result.TotalInvalidations
```
## Air-Gap Integration
> **See also**: [architecture.md](architecture.md#air-gap-exportimport) for bundle format specification and architecture diagrams.
### Export Workflow
```bash
# Export minimal proof (digest only)
stella prov export --verikey sha256:abc123 --density lite
# Export with evidence chunks
stella prov export --verikey sha256:abc123 --density standard
# Export full evidence
stella prov export --verikey sha256:abc123 --density strict --sign
```
### Import Workflow
```bash
# Import and verify Merkle root
stella prov import --input proof.bundle
# Import with lazy chunk fetch (connected mode)
stella prov import --input proof-lite.json --lazy-fetch --backend https://api.stellaops.com
# Import with lazy fetch from file directory (sneakernet mode)
stella prov import --input proof-lite.json --lazy-fetch --chunks-dir /mnt/usb/evidence
```
### Density Levels
| Level | Contents | Size | Use Case | Lazy Fetch Support |
|-------|----------|------|----------|--------------------|
| `lite` | DecisionDigest + ProofRoot + Manifest | ~2 KB | Quick verification | Required |
| `standard` | + First N chunks (~10%) | ~200 KB | Normal audit | Partial (remaining chunks) |
| `strict` | + All chunks | Variable | Full compliance | Not needed |
### Lazy Evidence Fetching
For `lite` and `standard` density exports, missing chunks can be fetched on-demand:
```csharp
// HTTP fetcher (connected mode)
var httpFetcher = new HttpChunkFetcher(
new Uri("https://api.stellaops.com"), logger);
// File fetcher (air-gapped/sneakernet mode)
var fileFetcher = new FileChunkFetcher(
basePath: "/mnt/usb/evidence", logger);
// Orchestrate fetch + verify + store
var orchestrator = new LazyFetchOrchestrator(repository, logger);
var result = await orchestrator.FetchAndStoreAsync(
proofRoot: "sha256:...",
fetcher,
new LazyFetchOptions
{
VerifyOnFetch = true,
BatchSize = 100,
MaxChunks = 1000
});
```
### Sneakernet Export for Chunked Evidence
```csharp
// Export evidence chunks to file system for transport
await fileFetcher.ExportEvidenceChunksToFilesAsync(
manifest,
chunks,
outputDirectory: "/mnt/usb/evidence");
```
## Configuration
### C# Configuration Class
The `ProvcacheOptions` class (section name: `"Provcache"`) exposes the following settings:
| Property | Type | Default | Validation | Description |
|----------|------|---------|------------|-------------|
| `DefaultTtl` | `TimeSpan` | 24h | 1min7d | Default time-to-live for cache entries |
| `MaxTtl` | `TimeSpan` | 7d | 1min30d | Maximum allowed TTL regardless of request |
| `TimeWindowBucket` | `TimeSpan` | 1h | 1min24h | Time window bucket for VeriKey computation |
| `ValkeyKeyPrefix` | `string` | `"stellaops:prov:"` | — | Key prefix for Valkey storage |
| `EnableWriteBehind` | `bool` | `true` | — | Enable async Postgres persistence |
| `WriteBehindFlushInterval` | `TimeSpan` | 5s | 1s5min | Interval for flushing write-behind queue |
| `WriteBehindMaxBatchSize` | `int` | 100 | 110000 | Maximum batch size per flush |
| `WriteBehindQueueCapacity` | `int` | 10000 | 1001M | Max queue capacity (blocks when full) |
| `WriteBehindMaxRetries` | `int` | 3 | 010 | Retry attempts for failed writes |
| `ChunkSize` | `int` | 65536 | 1KB1MB | Evidence chunk size in bytes |
| `MaxChunksPerEntry` | `int` | 1000 | 1100000 | Max chunks per cache entry |
| `AllowCacheBypass` | `bool` | `true` | — | Allow clients to force re-evaluation |
| `DigestVersion` | `string` | `"v1"` | — | Serialization version for digests |
| `HashAlgorithm` | `string` | `"SHA256"` | — | Hash algorithm for VeriKey/digest |
| `EnableValkeyCache` | `bool` | `true` | — | Enable Valkey layer (false = Postgres only) |
| `SlidingExpiration` | `bool` | `false` | — | Refresh TTL on cache hits |
### appsettings.json Example
```json
{
"Provcache": {
"DefaultTtl": "24:00:00",
"MaxTtl": "7.00:00:00",
"TimeWindowBucket": "01:00:00",
"ValkeyKeyPrefix": "stellaops:prov:",
"EnableWriteBehind": true,
"WriteBehindFlushInterval": "00:00:05",
"WriteBehindMaxBatchSize": 100,
"WriteBehindQueueCapacity": 10000,
"WriteBehindMaxRetries": 3,
"ChunkSize": 65536,
"MaxChunksPerEntry": 1000,
"AllowCacheBypass": true,
"DigestVersion": "v1",
"HashAlgorithm": "SHA256",
"EnableValkeyCache": true,
"SlidingExpiration": false
}
}
```
### YAML Example (Helm/Kubernetes)
```yaml
provcache:
# TTL configuration
defaultTtl: 24h
maxTtl: 168h # 7 days
timeWindowBucket: 1h
# Storage
valkeyKeyPrefix: "stellaops:prov:"
enableWriteBehind: true
writeBehindFlushInterval: 5s
writeBehindMaxBatchSize: 100
# Evidence chunking
chunkSize: 65536 # 64 KB
maxChunksPerEntry: 1000
# Behavior
allowCacheBypass: true
digestVersion: "v1"
```
### Dependency Injection Registration
```csharp
// In Program.cs or Startup.cs
services.AddProvcache(configuration);
// Or with explicit configuration
services.AddProvcache(options =>
{
options.DefaultTtl = TimeSpan.FromHours(12);
options.EnableWriteBehind = true;
options.WriteBehindMaxBatchSize = 200;
});
```
## Observability
### Metrics
| Metric | Type | Description |
|--------|------|-------------|
| `provcache_requests_total` | Counter | Total cache requests |
| `provcache_hits_total` | Counter | Cache hits |
| `provcache_misses_total` | Counter | Cache misses |
| `provcache_latency_seconds` | Histogram | Operation latency |
| `provcache_items_count` | Gauge | Current item count |
| `provcache_invalidations_total` | Counter | Invalidation count |
### Alerts
```yaml
# Low cache hit rate
- alert: ProvcacheLowHitRate
expr: rate(provcache_hits_total[5m]) / rate(provcache_requests_total[5m]) < 0.5
for: 10m
labels:
severity: warning
annotations:
summary: "Provcache hit rate below 50%"
# High invalidation rate
- alert: ProvcacheHighInvalidationRate
expr: rate(provcache_invalidations_total[5m]) > 100
for: 5m
labels:
severity: warning
annotations:
summary: "High cache invalidation rate"
```
## Security Considerations
### Signer-Aware Caching
The `signer_set_hash` is part of the VeriKey, ensuring:
- Key rotation → new cache entries
- Key revocation → immediate invalidation
- No stale decisions from compromised signers
### Merkle Verification
All evidence chunks are Merkle-verified:
- `ProofRoot` = Merkle root of all chunks
- Individual chunks verifiable without full tree
- Tamper detection on import
### Audit Trail
All invalidations are logged to `prov_revocations` table:
```sql
SELECT * FROM provcache.prov_revocations
WHERE created_at > NOW() - INTERVAL '24 hours'
ORDER BY created_at DESC;
```
## Database Schema
### provcache_items
```sql
CREATE TABLE provcache.provcache_items (
verikey TEXT PRIMARY KEY,
digest_version TEXT NOT NULL,
verdict_hash TEXT NOT NULL,
proof_root TEXT NOT NULL,
replay_seed JSONB NOT NULL,
policy_hash TEXT NOT NULL,
signer_set_hash TEXT NOT NULL,
feed_epoch TEXT NOT NULL,
trust_score INTEGER NOT NULL,
hit_count BIGINT DEFAULT 0,
created_at TIMESTAMPTZ NOT NULL,
expires_at TIMESTAMPTZ NOT NULL,
updated_at TIMESTAMPTZ NOT NULL
);
```
### prov_evidence_chunks
```sql
CREATE TABLE provcache.prov_evidence_chunks (
chunk_id UUID PRIMARY KEY,
proof_root TEXT NOT NULL REFERENCES provcache_items(proof_root),
chunk_index INTEGER NOT NULL,
chunk_hash TEXT NOT NULL,
blob BYTEA NOT NULL,
blob_size INTEGER NOT NULL,
content_type TEXT NOT NULL,
created_at TIMESTAMPTZ NOT NULL
);
```
### prov_revocations
```sql
CREATE TABLE provcache.prov_revocations (
seq_no BIGSERIAL PRIMARY KEY,
revocation_id UUID NOT NULL UNIQUE,
revocation_type VARCHAR(32) NOT NULL, -- signer, feed_epoch, policy, explicit, expiration
revoked_key VARCHAR(512) NOT NULL,
reason VARCHAR(1024),
entries_invalidated INTEGER NOT NULL,
source VARCHAR(128) NOT NULL,
correlation_id VARCHAR(128),
revoked_at TIMESTAMPTZ NOT NULL,
metadata JSONB,
CONSTRAINT chk_revocation_type CHECK (
revocation_type IN ('signer', 'feed_epoch', 'policy', 'explicit', 'expiration')
)
);
CREATE INDEX idx_revocations_type ON provcache.prov_revocations(revocation_type);
CREATE INDEX idx_revocations_key ON provcache.prov_revocations(revoked_key);
CREATE INDEX idx_revocations_time ON provcache.prov_revocations(revoked_at);
```
## Implementation Status
### Completed (Sprint 8200.0001.0001 - Core Backend)
| Component | Path | Status |
|-----------|------|--------|
| Core Models | `src/__Libraries/StellaOps.Provcache/Models/` | ✅ Done |
| VeriKeyBuilder | `src/__Libraries/StellaOps.Provcache/VeriKeyBuilder.cs` | ✅ Done |
| DecisionDigest | `src/__Libraries/StellaOps.Provcache/DecisionDigest.cs` | ✅ Done |
| Caching Layer | `src/__Libraries/StellaOps.Provcache/Caching/` | ✅ Done |
| WriteBehindQueue | `src/__Libraries/StellaOps.Provcache/Persistence/` | ✅ Done |
| API Endpoints | `src/__Libraries/StellaOps.Provcache.Api/` | ✅ Done |
| Unit Tests (53) | `src/__Libraries/__Tests/StellaOps.Provcache.Tests/` | ✅ Done |
### Completed (Sprint 8200.0001.0002 - Invalidation & Air-Gap)
| Component | Path | Status |
|-----------|------|--------|
| Invalidation Interfaces | `src/__Libraries/StellaOps.Provcache/Invalidation/` | ✅ Done |
| Repository Invalidation Methods | `IEvidenceChunkRepository.Delete*Async()` | ✅ Done |
| Export Interfaces | `src/__Libraries/StellaOps.Provcache/Export/` | ✅ Done |
| IMinimalProofExporter | `Export/IMinimalProofExporter.cs` | ✅ Done |
| MinimalProofExporter | `Export/MinimalProofExporter.cs` | ✅ Done |
| Lazy Fetch - ILazyEvidenceFetcher | `LazyFetch/ILazyEvidenceFetcher.cs` | ✅ Done |
| Lazy Fetch - HttpChunkFetcher | `LazyFetch/HttpChunkFetcher.cs` | ✅ Done |
| Lazy Fetch - FileChunkFetcher | `LazyFetch/FileChunkFetcher.cs` | ✅ Done |
| Lazy Fetch - LazyFetchOrchestrator | `LazyFetch/LazyFetchOrchestrator.cs` | ✅ Done |
| Revocation - IRevocationLedger | `Revocation/IRevocationLedger.cs` | ✅ Done |
| Revocation - InMemoryRevocationLedger | `Revocation/InMemoryRevocationLedger.cs` | ✅ Done |
| Revocation - RevocationReplayService | `Revocation/RevocationReplayService.cs` | ✅ Done |
| ProvRevocationEntity | `Entities/ProvRevocationEntity.cs` | ✅ Done |
| Unit Tests (124 total) | `src/__Libraries/__Tests/StellaOps.Provcache.Tests/` | ✅ Done |
### Blocked
| Component | Reason |
|-----------|--------|
| Policy Engine Integration | `PolicyEvaluator` is `internal sealed`; requires architectural review to expose injection points for `IProvcacheService` |
| CLI e2e Tests | `AddSimRemoteCryptoProvider` method missing in CLI codebase |
### Pending
| Component | Sprint |
|-----------|--------|
| Authority Event Integration | 8200.0001.0002 (BLOCKED - Authority needs event publishing) |
| Concelier Event Integration | 8200.0001.0002 (BLOCKED - Concelier needs event publishing) |
| PostgresRevocationLedger | Future (requires EF Core integration) |
| UI Badges & Proof Tree | 8200.0001.0003 |
| Grafana Dashboards | 8200.0001.0003 |
## Implementation Sprints
| Sprint | Focus | Key Deliverables |
|--------|-------|------------------|
| [8200.0001.0001](../../implplan/SPRINT_8200_0001_0001_provcache_core_backend.md) | Core Backend | VeriKey, DecisionDigest, Valkey+Postgres, API |
| [8200.0001.0002](../../implplan/SPRINT_8200_0001_0002_provcache_invalidation_airgap.md) | Invalidation & Air-Gap | Signer revocation, feed epochs, CLI export/import |
| [8200.0001.0003](../../implplan/SPRINT_8200_0001_0003_provcache_ux_observability.md) | UX & Observability | UI badges, proof tree, Grafana, OCI attestation |
## Related Documentation
- **[Provcache Architecture Guide](architecture.md)** - Detailed architecture, invalidation flows, and API reference
- [Policy Engine Architecture](../policy/README.md)
- [TrustLattice Engine](../policy/design/policy-deterministic-evaluator.md)
- [Offline Kit Documentation](../../OFFLINE_KIT.md)
- [Air-Gap Controller](../airgap/README.md)
- [Authority Key Rotation](../authority/README.md)

451
docs/modules/prov-cache/architecture.md
View File

@@ -1,451 +0,0 @@
# Provcache Architecture Guide
> **Status: Production (Shared Library Family).** Provcache is a mature, heavily-used shared library family — not a planned component. The implementation spans four libraries: `src/__Libraries/StellaOps.Provcache/` (77 core files: VeriKey, DecisionDigest, chunking, write-behind queue, invalidation, telemetry), `StellaOps.Provcache.Postgres/` (16 files: EF Core persistence with `provcache` schema), `StellaOps.Provcache.Valkey/` (hot-cache layer), and `StellaOps.Provcache.Api/` (HTTP endpoints). Consumed by 89+ files across Policy Engine, Concelier, ExportCenter, CLI, and other modules. Comprehensive test coverage (89 test files). Actively maintained with recent determinism refactoring (DET-005).
> Detailed architecture documentation for the Provenance Cache module
## Overview
Provcache provides a caching layer that maximizes "provenance density" — the amount of trustworthy evidence retained per byte. This document covers the internal architecture, invalidation mechanisms, air-gap support, and replay capabilities.
## Table of Contents
1. [Cache Architecture](#cache-architecture)
2. [Invalidation Mechanisms](#invalidation-mechanisms)
3. [Evidence Chunk Storage](#evidence-chunk-storage)
4. [Air-Gap Export/Import](#air-gap-exportimport)
5. [Lazy Evidence Fetching](#lazy-evidence-fetching)
6. [Revocation Ledger](#revocation-ledger)
7. [API Reference](#api-reference)
---
## Cache Architecture
### Storage Layers
```
┌───────────────────────────────────────────────────────────────┐
│ Application Layer │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │
│ │ VeriKey │───▶│ Provcache │───▶│ Policy Engine │ │
│ │ Builder │ │ Service │ │ (cache miss) │ │
│ └─────────────┘ └─────────────┘ └─────────────────┘ │
└───────────────────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────┐
│ Caching Layer │
│ ┌─────────────────┐ ┌──────────────────────────┐ │
│ │ Valkey │◀───────▶│ PostgreSQL │ │
│ │ (read-through) │ │ (write-behind queue) │ │
│ │ │ │ │ │
│ │ • Hot cache │ │ • provcache_items │ │
│ │ • Sub-ms reads │ │ • prov_evidence_chunks │ │
│ │ • TTL-based │ │ • prov_revocations │ │
│ └─────────────────┘ └──────────────────────────┘ │
└───────────────────────────────────────────────────────────────┘
```
### Key Components
| Component | Purpose |
|-----------|---------|
| `IProvcacheService` | Main service interface for cache operations |
| `IProvcacheStore` | Storage abstraction (Valkey + Postgres) |
| `WriteBehindQueue` | Async persistence to Postgres |
| `IEvidenceChunker` | Splits large evidence into Merkle-verified chunks |
| `IRevocationLedger` | Audit trail for all invalidation events |
---
## Invalidation Mechanisms
Provcache supports multiple invalidation triggers to ensure cache consistency when upstream data changes.
### Automatic Invalidation
#### 1. Signer Revocation
When a signing key is compromised or rotated:
```
┌─────────────┐ SignerRevokedEvent ┌──────────────────┐
│ Authority │ ──────────────────────────▶│ SignerSet │
│ Module │ │ Invalidator │
└─────────────┘ └────────┬─────────┘
DELETE FROM provcache_items
WHERE signer_set_hash = ?
```
**Implementation**: `SignerSetInvalidator` subscribes to `SignerRevokedEvent` and invalidates all entries signed by the revoked key.
#### 2. Feed Epoch Advancement
When vulnerability feeds are updated:
```
┌─────────────┐ FeedEpochAdvancedEvent ┌──────────────────┐
│ Concelier │ ───────────────────────────▶│ FeedEpoch │
│ Module │ │ Invalidator │
└─────────────┘ └────────┬─────────┘
DELETE FROM provcache_items
WHERE feed_epoch < ?
```
**Implementation**: `FeedEpochInvalidator` compares epochs using semantic versioning or ISO timestamps.
#### 3. Policy Updates
When policy bundles change:
```
┌─────────────┐ PolicyUpdatedEvent ┌──────────────────┐
│ Policy │ ───────────────────────────▶│ PolicyHash │
│ Engine │ │ Invalidator │
└─────────────┘ └────────┬─────────┘
DELETE FROM provcache_items
WHERE policy_hash = ?
```
### Invalidation DI Wiring and Lifecycle
`AddProvcacheInvalidators()` registers the event-driven invalidation pipeline in dependency injection:
- Creates `IEventStream<SignerRevokedEvent>` using `IEventStreamFactory.Create<T>(new EventStreamOptions { StreamName = SignerRevokedEvent.StreamName })`
- Creates `IEventStream<FeedEpochAdvancedEvent>` using `IEventStreamFactory.Create<T>(new EventStreamOptions { StreamName = FeedEpochAdvancedEvent.StreamName })`
- Registers `SignerSetInvalidator` and `FeedEpochInvalidator` as singleton `IProvcacheInvalidator` implementations
- Registers `InvalidatorHostedService` as `IHostedService` to own invalidator startup/shutdown
`InvalidatorHostedService` starts all registered invalidators during host startup and stops them in reverse order during host shutdown. Each invalidator subscribes from `StreamPosition.End`, so only new events are consumed after process start.
### Invalidation Recording
All invalidation events are recorded in the revocation ledger for audit and replay:
```csharp
public interface IProvcacheInvalidator
{
Task<int> InvalidateAsync(
InvalidationCriteria criteria,
string reason,
string? correlationId = null,
CancellationToken cancellationToken = default);
}
```
The ledger entry includes:
- Revocation type (signer, feed_epoch, policy, explicit)
- The revoked key
- Number of entries invalidated
- Timestamp and correlation ID for tracing
---
## Evidence Chunk Storage
Large evidence (SBOMs, VEX documents, call graphs) is stored in fixed-size chunks with Merkle tree verification.
### Chunking Process
```
┌─────────────────────────────────────────────────────────────────┐
│ Original Evidence │
│ [ 2.3 MB SPDX SBOM JSON ] │
└─────────────────────────────────────────────────────────────────┘
▼ IEvidenceChunker.ChunkAsync()
┌─────────────────────────────────────────────────────────────────┐
│ Chunk 0 (64KB) │ Chunk 1 (64KB) │ ... │ Chunk N (partial) │
│ hash: abc123 │ hash: def456 │ │ hash: xyz789 │
└─────────────────────────────────────────────────────────────────┘
▼ Merkle tree construction
┌─────────────────────────────────────────────────────────────────┐
│ Proof Root │
│ sha256:merkle_root_of_all_chunks │
└─────────────────────────────────────────────────────────────────┘
```
### Database Schema
```sql
CREATE TABLE provcache.prov_evidence_chunks (
chunk_id UUID PRIMARY KEY,
proof_root VARCHAR(128) NOT NULL,
chunk_index INTEGER NOT NULL,
chunk_hash VARCHAR(128) NOT NULL,
blob BYTEA NOT NULL,
blob_size INTEGER NOT NULL,
content_type VARCHAR(64) NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
CONSTRAINT uk_proof_chunk UNIQUE (proof_root, chunk_index)
);
CREATE INDEX idx_evidence_proof_root ON provcache.prov_evidence_chunks(proof_root);
```
### Paging API
Evidence can be retrieved in pages to manage memory:
```http
GET /api/v1/proofs/{proofRoot}?page=0&pageSize=10
```
Response includes chunk metadata without blob data, allowing clients to fetch specific chunks on demand.
---
## Air-Gap Export/Import
Provcache supports air-gapped environments through minimal proof bundles.
### Bundle Format (v1)
```json
{
"version": "v1",
"exportedAt": "2025-01-15T10:30:00Z",
"density": "standard",
"digest": {
"veriKey": "sha256:...",
"verdictHash": "sha256:...",
"proofRoot": "sha256:...",
"trustScore": 85
},
"manifest": {
"proofRoot": "sha256:...",
"totalChunks": 42,
"totalSize": 2752512,
"chunks": [...]
},
"chunks": [
{
"index": 0,
"data": "base64...",
"hash": "sha256:..."
}
],
"signature": {
"algorithm": "ECDSA-P256",
"signature": "base64...",
"signedAt": "2025-01-15T10:30:01Z"
}
}
```
### Density Levels
| Level | Contents | Typical Size | Use Case |
|-------|----------|--------------|----------|
| **Lite** | Digest + ProofRoot + Manifest | ~2 KB | Quick verification, requires lazy fetch for full evidence |
| **Standard** | + First 10% of chunks | ~200 KB | Normal audits, balance of size vs completeness |
| **Strict** | + All chunks | Variable | Full compliance, no network needed |
### Export Example
```csharp
var exporter = serviceProvider.GetRequiredService<IMinimalProofExporter>();
// Lite export (manifest only)
var liteBundle = await exporter.ExportAsync(
veriKey: "sha256:abc123",
new MinimalProofExportOptions { Density = ProofDensity.Lite });
// Signed strict export
var strictBundle = await exporter.ExportAsync(
veriKey: "sha256:abc123",
new MinimalProofExportOptions
{
Density = ProofDensity.Strict,
SignBundle = true,
Signer = signerInstance
});
```
### Import and Verification
```csharp
var result = await exporter.ImportAsync(bundle);
if (result.DigestVerified && result.ChunksVerified)
{
// Bundle is authentic
await provcache.UpsertAsync(result.Entry);
}
```
---
## Lazy Evidence Fetching
For lite bundles, missing chunks can be fetched on-demand from connected or file sources.
### Fetcher Architecture
```
┌────────────────────┐
│ ILazyEvidenceFetcher│
└─────────┬──────────┘
┌─────┴─────┐
│ │
▼ ▼
┌─────────┐ ┌──────────┐
│ HTTP │ │ File │
│ Fetcher │ │ Fetcher │
└─────────┘ └──────────┘
```
### HTTP Fetcher (Connected Mode)
```csharp
var fetcher = new HttpChunkFetcher(
new Uri("https://api.stellaops.com"),
logger);
var orchestrator = new LazyFetchOrchestrator(repository, logger);
var result = await orchestrator.FetchAndStoreAsync(
proofRoot: "sha256:...",
fetcher,
new LazyFetchOptions
{
VerifyOnFetch = true,
BatchSize = 100
});
```
### File Fetcher (Sneakernet Mode)
For fully air-gapped environments:
1. Export full evidence to USB drive
2. Transport to isolated network
3. Import using file fetcher
```csharp
var fetcher = new FileChunkFetcher(
basePath: "/mnt/usb/evidence",
logger);
var result = await orchestrator.FetchAndStoreAsync(proofRoot, fetcher);
```
---
## Revocation Ledger
The revocation ledger provides a complete audit trail of all invalidation events.
### Schema
```sql
CREATE TABLE provcache.prov_revocations (
seq_no BIGSERIAL PRIMARY KEY,
revocation_id UUID NOT NULL,
revocation_type VARCHAR(32) NOT NULL,
revoked_key VARCHAR(512) NOT NULL,
reason VARCHAR(1024),
entries_invalidated INTEGER NOT NULL,
source VARCHAR(128) NOT NULL,
correlation_id VARCHAR(128),
revoked_at TIMESTAMPTZ NOT NULL,
metadata JSONB
);
```
### Replay for Catch-Up
After node restart or network partition, nodes can replay missed revocations:
```csharp
var replayService = serviceProvider.GetRequiredService<IRevocationReplayService>();
// Get last checkpoint
var checkpoint = await replayService.GetCheckpointAsync();
// Replay from checkpoint
var result = await replayService.ReplayFromAsync(
sinceSeqNo: checkpoint,
new RevocationReplayOptions
{
BatchSize = 1000,
SaveCheckpointPerBatch = true
});
Console.WriteLine($"Replayed {result.EntriesReplayed} revocations, {result.TotalInvalidations} entries invalidated");
```
### Statistics
```csharp
var ledger = serviceProvider.GetRequiredService<IRevocationLedger>();
var stats = await ledger.GetStatsAsync();
// stats.TotalEntries - total revocation events
// stats.EntriesByType - breakdown by type (signer, feed_epoch, etc.)
// stats.TotalEntriesInvalidated - sum of all invalidated cache entries
```
---
## API Reference
### Evidence Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/v1/proofs/{proofRoot}` | GET | Get paged evidence chunks |
| `/api/v1/proofs/{proofRoot}/manifest` | GET | Get chunk manifest |
| `/api/v1/proofs/{proofRoot}/chunks/{index}` | GET | Get specific chunk |
| `/api/v1/proofs/{proofRoot}/verify` | POST | Verify Merkle proof |
### Invalidation Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/v1/provcache/invalidate` | POST | Manual invalidation |
| `/api/v1/provcache/revocations` | GET | List revocation history |
| `/api/v1/provcache/stats` | GET | Cache statistics |
### CLI Commands
```bash
# Export commands
stella prov export --verikey <key> --density <lite|standard|strict> [--output <file>] [--sign]
# Import commands
stella prov import <file> [--lazy-fetch] [--backend <url>] [--chunks-dir <path>]
# Verify commands
stella prov verify <file> [--signer-cert <cert>]
```
---
## Configuration
Key settings in `appsettings.json`:
```json
{
"Provcache": {
"ChunkSize": 65536,
"MaxChunksPerEntry": 1000,
"DefaultTtl": "24:00:00",
"EnableWriteBehind": true,
"WriteBehindFlushInterval": "00:00:05"
}
}
```
See [README.md](README.md) for full configuration reference.

419
docs/modules/prov-cache/metrics-alerting.md
View File

@@ -1,419 +0,0 @@
# Provcache Metrics and Alerting Guide
This document describes the Prometheus metrics exposed by the Provcache layer and recommended alerting configurations.
## Overview
Provcache emits metrics for monitoring cache performance, hit rates, latency, and invalidation patterns. These metrics enable operators to:
- Track cache effectiveness
- Identify performance degradation
- Detect anomalous invalidation patterns
- Capacity plan for cache infrastructure
## Prometheus Metrics
### Request Counters
#### `provcache_requests_total`
Total number of cache requests.
| Label | Values | Description |
|-------|--------|-------------|
| `source` | `valkey`, `postgres` | Cache tier that handled the request |
| `result` | `hit`, `miss`, `expired` | Request outcome |
```promql
# Total requests per minute
rate(provcache_requests_total[1m])
# Hit rate percentage
sum(rate(provcache_requests_total{result="hit"}[5m])) /
sum(rate(provcache_requests_total[5m])) * 100
```
#### `provcache_hits_total`
Total cache hits (subset of requests with `result="hit"`).
| Label | Values | Description |
|-------|--------|-------------|
| `source` | `valkey`, `postgres` | Cache tier |
```promql
# Valkey vs Postgres hit ratio
sum(rate(provcache_hits_total{source="valkey"}[5m])) /
sum(rate(provcache_hits_total[5m])) * 100
```
#### `provcache_misses_total`
Total cache misses.
| Label | Values | Description |
|-------|--------|-------------|
| `reason` | `not_found`, `expired`, `invalidated` | Miss reason |
```promql
# Miss rate by reason
sum by (reason) (rate(provcache_misses_total[5m]))
```
### Latency Histogram
#### `provcache_latency_seconds`
Latency distribution for cache operations.
| Label | Values | Description |
|-------|--------|-------------|
| `operation` | `get`, `set`, `invalidate` | Operation type |
| `source` | `valkey`, `postgres` | Cache tier |
Buckets: `0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0`
```promql
# P50 latency for cache gets
histogram_quantile(0.50, rate(provcache_latency_seconds_bucket{operation="get"}[5m]))
# P95 latency
histogram_quantile(0.95, rate(provcache_latency_seconds_bucket{operation="get"}[5m]))
# P99 latency
histogram_quantile(0.99, rate(provcache_latency_seconds_bucket{operation="get"}[5m]))
```
### Gauge Metrics
#### `provcache_items_count`
Current number of items in cache.
| Label | Values | Description |
|-------|--------|-------------|
| `source` | `valkey`, `postgres` | Cache tier |
```promql
# Total cached items
sum(provcache_items_count)
# Items by tier
sum by (source) (provcache_items_count)
```
### Invalidation Metrics
#### `provcache_invalidations_total`
Total invalidation events.
| Label | Values | Description |
|-------|--------|-------------|
| `reason` | `signer_revoked`, `epoch_advanced`, `ttl_expired`, `manual` | Invalidation trigger |
```promql
# Invalidation rate by reason
sum by (reason) (rate(provcache_invalidations_total[5m]))
# Security-related invalidations
sum(rate(provcache_invalidations_total{reason="signer_revoked"}[5m]))
```
### Trust Score Metrics
#### `provcache_trust_score_average`
Gauge showing average trust score across cached decisions.
```promql
# Current average trust score
provcache_trust_score_average
```
#### `provcache_trust_score_bucket`
Histogram of trust score distribution.
Buckets: `20, 40, 60, 80, 100`
```promql
# Percentage of decisions with trust score >= 80
sum(rate(provcache_trust_score_bucket{le="100"}[5m])) -
sum(rate(provcache_trust_score_bucket{le="80"}[5m]))
```
---
## Grafana Dashboard
A pre-built dashboard is available at `deploy/grafana/dashboards/provcache-overview.json`.
### Panels
| Panel | Type | Description |
|-------|------|-------------|
| Cache Hit Rate | Gauge | Current hit rate percentage |
| Hit Rate Over Time | Time series | Hit rate trend |
| Latency Percentiles | Time series | P50, P95, P99 latency |
| Invalidation Rate | Time series | Invalidations per minute |
| Cache Size | Time series | Item count over time |
| Hits by Source | Pie chart | Valkey vs Postgres distribution |
| Entry Size Distribution | Histogram | Size of cached entries |
| Trust Score Distribution | Histogram | Decision trust scores |
### Importing the Dashboard
```bash
# Via Grafana HTTP API
curl -X POST http://grafana:3000/api/dashboards/db \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $GRAFANA_API_KEY" \
-d @deploy/grafana/dashboards/provcache-overview.json
# Via Helm (auto-provisioned)
# Dashboard is auto-imported when using StellaOps Helm chart
helm upgrade stellaops ./devops/helm/stellaops \
--set grafana.dashboards.provcache.enabled=true
```
---
## Alerting Rules
### Recommended Alerts
#### Low Cache Hit Rate
```yaml
alert: ProvcacheLowHitRate
expr: |
sum(rate(provcache_requests_total{result="hit"}[5m])) /
sum(rate(provcache_requests_total[5m])) < 0.7
for: 10m
labels:
severity: warning
annotations:
summary: "Provcache hit rate below 70%"
description: "Cache hit rate is {{ $value | humanizePercentage }}. Check for invalidation storms or cold cache."
```
#### Critical Hit Rate Drop
```yaml
alert: ProvcacheCriticalHitRate
expr: |
sum(rate(provcache_requests_total{result="hit"}[5m])) /
sum(rate(provcache_requests_total[5m])) < 0.5
for: 5m
labels:
severity: critical
annotations:
summary: "Provcache hit rate critically low"
description: "Cache hit rate is {{ $value | humanizePercentage }}. Immediate investigation required."
```
#### High Latency
```yaml
alert: ProvcacheHighLatency
expr: |
histogram_quantile(0.95, rate(provcache_latency_seconds_bucket{operation="get"}[5m])) > 0.1
for: 5m
labels:
severity: warning
annotations:
summary: "Provcache P95 latency above 100ms"
description: "P95 get latency is {{ $value | humanizeDuration }}. Check Valkey/Postgres performance."
```
#### Excessive Invalidations
```yaml
alert: ProvcacheInvalidationStorm
expr: |
sum(rate(provcache_invalidations_total[5m])) > 100
for: 5m
labels:
severity: warning
annotations:
summary: "Provcache invalidation rate spike"
description: "Invalidations at {{ $value }} per second. Check for feed epoch changes or revocations."
```
#### Signer Revocation Spike
```yaml
alert: ProvcacheSignerRevocations
expr: |
sum(rate(provcache_invalidations_total{reason="signer_revoked"}[5m])) > 10
for: 2m
labels:
severity: critical
annotations:
summary: "Signer revocation causing mass invalidation"
description: "{{ $value }} invalidations/sec due to signer revocation. Security event investigation required."
```
#### Cache Size Approaching Limit
```yaml
alert: ProvcacheSizeHigh
expr: |
sum(provcache_items_count) > 900000
for: 15m
labels:
severity: warning
annotations:
summary: "Provcache size approaching limit"
description: "Cache has {{ $value }} items. Consider scaling or tuning TTL."
```
#### Low Trust Scores
```yaml
alert: ProvcacheLowTrustScores
expr: |
provcache_trust_score_average < 60
for: 30m
labels:
severity: info
annotations:
summary: "Average trust score below 60"
description: "Average trust score is {{ $value }}. Review SBOM completeness and VEX coverage."
```
### AlertManager Configuration
```yaml
# alertmanager.yml
route:
group_by: ['alertname', 'severity']
group_wait: 30s
group_interval: 5m
repeat_interval: 4h
receiver: 'default-receiver'
routes:
- match:
severity: critical
receiver: 'pagerduty-critical'
- match:
alertname: ProvcacheSignerRevocations
receiver: 'security-team'
receivers:
- name: 'default-receiver'
slack_configs:
- channel: '#stellaops-alerts'
send_resolved: true
- name: 'pagerduty-critical'
pagerduty_configs:
- service_key: '<pagerduty-key>'
- name: 'security-team'
email_configs:
- to: 'security@example.com'
send_resolved: true
```
---
## Recording Rules
Pre-compute expensive queries for dashboard performance:
```yaml
# prometheus-rules.yml
groups:
- name: provcache-recording
interval: 30s
rules:
# Hit rate pre-computed
- record: provcache:hit_rate:5m
expr: |
sum(rate(provcache_requests_total{result="hit"}[5m])) /
sum(rate(provcache_requests_total[5m]))
# P95 latency pre-computed
- record: provcache:latency_p95:5m
expr: |
histogram_quantile(0.95, rate(provcache_latency_seconds_bucket{operation="get"}[5m]))
# Invalidation rate
- record: provcache:invalidation_rate:5m
expr: |
sum(rate(provcache_invalidations_total[5m]))
# Cache efficiency (hits per second vs misses)
- record: provcache:efficiency:5m
expr: |
sum(rate(provcache_hits_total[5m])) /
(sum(rate(provcache_hits_total[5m])) + sum(rate(provcache_misses_total[5m])))
```
---
## Operational Runbook
### Low Hit Rate Investigation
1. **Check invalidation metrics** — Is there an invalidation storm?
```promql
sum by (reason) (rate(provcache_invalidations_total[5m]))
```
2. **Check cache age** — Is the cache newly deployed (cold)?
```promql
sum(provcache_items_count)
```
3. **Check request patterns** — Are there many unique VeriKeys?
```promql
# High cardinality of unique requests suggests insufficient cache sharing
```
4. **Check TTL configuration** — Is TTL too aggressive?
- Review `Provcache:DefaultTtl` setting
- Consider increasing for stable workloads
### High Latency Investigation
1. **Check Valkey health**
```bash
valkey-cli -h valkey info stats
```
2. **Check Postgres connections**
```sql
SELECT count(*) FROM pg_stat_activity WHERE datname = 'stellaops';
```
3. **Check entry sizes**
```promql
histogram_quantile(0.95, rate(provcache_entry_size_bytes_bucket[5m]))
```
4. **Check network latency** between services
### Invalidation Storm Response
1. **Identify cause**
```promql
sum by (reason) (increase(provcache_invalidations_total[10m]))
```
2. **If epoch-related**: Expected during feed updates. Monitor duration.
3. **If signer-related**: Security event — escalate to security team.
4. **If manual**: Check audit logs for unauthorized invalidation.
---
## Related Documentation
- [Provcache Module README](../provcache/README.md) — Core concepts
- [Provcache Architecture](../provcache/architecture.md) — Technical details
- [Telemetry Architecture](../telemetry/architecture.md) — Observability patterns
- [Grafana Dashboard Guide](../../deploy/grafana/README.md) — Dashboard management

439
docs/modules/prov-cache/oci-attestation-verification.md
View File

@@ -1,439 +0,0 @@
# Provcache OCI Attestation Verification Guide
This document describes how to verify Provcache decision attestations attached to OCI container images.
## Overview
StellaOps can attach provenance cache decisions as OCI-attached attestations to container images. These attestations enable:
- **Supply chain verification** — Verify security decisions were made by trusted evaluators
- **Audit trails** — Retrieve the exact decision state at image push time
- **Policy gates** — Admission controllers can verify attestations before deployment
- **Offline verification** — Decisions verifiable without calling StellaOps services
## Attestation Format
### Predicate Type
```
stella.ops/provcache@v1
```
### Predicate Schema
```json
{
"_type": "stella.ops/provcache@v1",
"veriKey": "sha256:abc123...",
"decision": {
"digestVersion": "v1",
"verdictHash": "sha256:def456...",
"proofRoot": "sha256:789abc...",
"trustScore": 85,
"createdAt": "2025-12-24T12:00:00Z",
"expiresAt": "2025-12-25T12:00:00Z"
},
"inputs": {
"sourceDigest": "sha256:image...",
"sbomDigest": "sha256:sbom...",
"policyDigest": "sha256:policy...",
"feedEpoch": "2024-W52"
},
"verdicts": {
"CVE-2024-1234": "mitigated",
"CVE-2024-5678": "affected"
}
}
```
### Field Descriptions
| Field | Type | Description |
|-------|------|-------------|
| `_type` | string | Predicate type URI |
| `veriKey` | string | VeriKey hash identifying this decision context |
| `decision.digestVersion` | string | Decision digest schema version |
| `decision.verdictHash` | string | Hash of all verdicts |
| `decision.proofRoot` | string | Merkle proof root hash |
| `decision.trustScore` | number | Overall trust score (0-100) |
| `decision.createdAt` | string | ISO-8601 creation timestamp |
| `decision.expiresAt` | string | ISO-8601 expiry timestamp |
| `inputs.sourceDigest` | string | Container image digest |
| `inputs.sbomDigest` | string | SBOM document digest |
| `inputs.policyDigest` | string | Policy bundle digest |
| `inputs.feedEpoch` | string | Feed epoch identifier |
| `verdicts` | object | Map of CVE IDs to verdict status |
---
## Verification with Cosign
### Prerequisites
```bash
# Install cosign
brew install cosign # macOS
# or
go install github.com/sigstore/cosign/v2/cmd/cosign@latest
```
### Basic Verification
```bash
# Verify attestation exists and is signed
cosign verify-attestation \
--type stella.ops/provcache@v1 \
registry.example.com/app:v1.2.3
```
### Verify with Identity Constraints
```bash
# Verify with signer identity (Fulcio)
cosign verify-attestation \
--type stella.ops/provcache@v1 \
--certificate-identity-regexp '.*@stellaops\.example\.com' \
--certificate-oidc-issuer https://auth.stellaops.example.com \
registry.example.com/app:v1.2.3
```
### Verify with Custom Trust Root
```bash
# Using enterprise CA
cosign verify-attestation \
--type stella.ops/provcache@v1 \
--certificate /path/to/enterprise-ca.crt \
--certificate-chain /path/to/ca-chain.crt \
registry.example.com/app:v1.2.3
```
### Extract Attestation Payload
```bash
# Get raw attestation JSON
cosign verify-attestation \
--type stella.ops/provcache@v1 \
--certificate-identity-regexp '.*@stellaops\.example\.com' \
--certificate-oidc-issuer https://auth.stellaops.example.com \
registry.example.com/app:v1.2.3 | jq '.payload' | base64 -d | jq .
```
---
## Verification with StellaOps CLI
### Verify Attestation
```bash
# Verify using StellaOps CLI
stella verify attestation \
--image registry.example.com/app:v1.2.3 \
--type provcache
# Output:
# ✓ Attestation found: stella.ops/provcache@v1
# ✓ Signature valid (Fulcio)
# ✓ Trust score: 85
# ✓ Decision created: 2025-12-24T12:00:00Z
# ✓ Decision expires: 2025-12-25T12:00:00Z
```
### Verify with Policy Requirements
```bash
# Verify with minimum trust score
stella verify attestation \
--image registry.example.com/app:v1.2.3 \
--type provcache \
--min-trust-score 80
# Verify with freshness requirement
stella verify attestation \
--image registry.example.com/app:v1.2.3 \
--type provcache \
--max-age 24h
```
### Extract Decision Details
```bash
# Get full decision details
stella verify attestation \
--image registry.example.com/app:v1.2.3 \
--type provcache \
--output json | jq .
# Get specific fields
stella verify attestation \
--image registry.example.com/app:v1.2.3 \
--type provcache \
--output json | jq '.predicate.verdicts'
```
---
## Kubernetes Admission Control
### Gatekeeper Policy
```yaml
# constraint-template.yaml
apiVersion: templates.gatekeeper.sh/v1
kind: ConstraintTemplate
metadata:
name: provcacheattestation
spec:
crd:
spec:
names:
kind: ProvcacheAttestation
validation:
openAPIV3Schema:
type: object
properties:
minTrustScore:
type: integer
minimum: 0
maximum: 100
maxAgeHours:
type: integer
minimum: 1
targets:
- target: admission.k8s.gatekeeper.sh
rego: |
package provcacheattestation
violation[{"msg": msg}] {
container := input.review.object.spec.containers[_]
image := container.image
not has_valid_attestation(image)
msg := sprintf("Image %v missing valid provcache attestation", [image])
}
has_valid_attestation(image) {
attestation := get_attestation(image, "stella.ops/provcache@v1")
attestation.predicate.decision.trustScore >= input.parameters.minTrustScore
not is_expired(attestation.predicate.decision.expiresAt)
}
is_expired(expiry) {
time.parse_rfc3339_ns(expiry) < time.now_ns()
}
```
```yaml
# constraint.yaml
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: ProvcacheAttestation
metadata:
name: require-provcache-attestation
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
namespaces:
- production
parameters:
minTrustScore: 80
maxAgeHours: 48
```
### Kyverno Policy
```yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: verify-provcache-attestation
spec:
validationFailureAction: enforce
background: true
rules:
- name: check-provcache-attestation
match:
any:
- resources:
kinds:
- Pod
verifyImages:
- imageReferences:
- "*"
attestations:
- predicateType: stella.ops/provcache@v1
conditions:
- all:
- key: "{{ decision.trustScore }}"
operator: GreaterThanOrEquals
value: 80
- key: "{{ decision.expiresAt }}"
operator: GreaterThan
value: "{{ time.Now() }}"
attestors:
- entries:
- keyless:
issuer: https://auth.stellaops.example.com
subject: ".*@stellaops\\.example\\.com"
```
---
## CI/CD Integration
### GitHub Actions
```yaml
# .github/workflows/verify-attestation.yml
name: Verify Provcache Attestation
on:
workflow_dispatch:
inputs:
image:
description: 'Image to verify'
required: true
jobs:
verify:
runs-on: ubuntu-latest
steps:
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Verify attestation
run: |
cosign verify-attestation \
--type stella.ops/provcache@v1 \
--certificate-identity-regexp '.*@stellaops\.example\.com' \
--certificate-oidc-issuer https://auth.stellaops.example.com \
${{ inputs.image }}
- name: Check trust score
run: |
TRUST_SCORE=$(cosign verify-attestation \
--type stella.ops/provcache@v1 \
--certificate-identity-regexp '.*@stellaops\.example\.com' \
--certificate-oidc-issuer https://auth.stellaops.example.com \
${{ inputs.image }} | jq -r '.payload' | base64 -d | jq '.predicate.decision.trustScore')
if [ "$TRUST_SCORE" -lt 80 ]; then
echo "Trust score $TRUST_SCORE is below threshold (80)"
exit 1
fi
```
### GitLab CI
```yaml
# .gitlab-ci.yml
verify-attestation:
stage: verify
image: gcr.io/projectsigstore/cosign:latest
script:
- cosign verify-attestation
--type stella.ops/provcache@v1
--certificate-identity-regexp '.*@stellaops\.example\.com'
--certificate-oidc-issuer https://auth.stellaops.example.com
${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
rules:
- if: $CI_COMMIT_TAG
```
---
## Troubleshooting
### No Attestation Found
```bash
# List all attestations on image
cosign tree registry.example.com/app:v1.2.3
# Check if attestation was pushed
crane manifest registry.example.com/app:sha256-<digest>.att
```
### Signature Verification Failed
```bash
# Check certificate details
cosign verify-attestation \
--type stella.ops/provcache@v1 \
--output text \
registry.example.com/app:v1.2.3 2>&1 | grep -A5 "Certificate"
# Verify with verbose output
COSIGN_EXPERIMENTAL=1 cosign verify-attestation \
--type stella.ops/provcache@v1 \
registry.example.com/app:v1.2.3 -v
```
### Attestation Expired
```bash
# Check expiry timestamp
cosign verify-attestation \
--type stella.ops/provcache@v1 \
--certificate-identity-regexp '.*@stellaops\.example\.com' \
--certificate-oidc-issuer https://auth.stellaops.example.com \
registry.example.com/app:v1.2.3 | \
jq -r '.payload' | base64 -d | jq '.predicate.decision.expiresAt'
```
### Trust Score Below Threshold
```bash
# Check trust score breakdown
stella verify attestation \
--image registry.example.com/app:v1.2.3 \
--type provcache \
--output json | jq '.predicate.decision.trustScore'
# If score is low, check individual components:
# - SBOM completeness
# - VEX coverage
# - Reachability analysis
# - Policy freshness
# - Signer trust
```
---
## Security Considerations
### Key Management
- **Fulcio** — Ephemeral certificates tied to OIDC identity; recommended for public workflows
- **Enterprise CA** — Long-lived certificates for air-gapped environments
- **Self-signed** — Only for development/testing; not recommended for production
### Attestation Integrity
- Attestations are signed at push time
- Signature covers the entire predicate payload
- Modifying any field invalidates the signature
### Expiry Handling
- Attestations have `expiresAt` timestamps
- Expired attestations should be rejected by admission controllers
- Consider re-scanning images before deployment to get fresh attestations
### Verdict Reconciliation
- Verdicts in attestation reflect state at push time
- New vulnerabilities discovered after push won't appear
- Use `stella verify attestation --check-freshness` to compare against current feeds
---
## Related Documentation
- [Provcache Module README](./README.md) — Core concepts
- [Provcache Metrics and Alerting](./metrics-alerting.md) — Observability
- [Signer Module](../signer/architecture.md) — Signing infrastructure
- [Attestor Module](../attestor/architecture.md) — Attestation generation
- [OCI Artifact Spec](https://github.com/opencontainers/image-spec) — OCI standards
- [In-toto Attestation Spec](https://github.com/in-toto/attestation) — Attestation format
- [Sigstore Documentation](https://docs.sigstore.dev/) — Cosign and Fulcio

552
docs/modules/reachability/architecture.md
View File

@@ -1,552 +0,0 @@
# Reachability Module Architecture
## Overview
The **Reachability** module provides a unified hybrid reachability analysis system that combines static call-graph analysis with runtime execution evidence to determine whether vulnerable code paths are actually exploitable in a given artifact. It serves as the **evidence backbone** for VEX (Vulnerability Exploitability eXchange) verdicts.
## Problem Statement
Vulnerability scanners generate excessive false positives:
- **Static analysis** over-approximates: flags code that is dead, feature-gated, or unreachable
- **Runtime analysis** under-approximates: misses rarely-executed but exploitable paths
- **No unified view** across static and runtime evidence sources
- **Symbol mismatch** between static extraction (Roslyn, ASM) and runtime observation (ETW, eBPF)
### Before Reachability Module
| Question | Answer Method | Limitation |
|----------|---------------|------------|
| Is CVE reachable statically? | Query ReachGraph | No runtime context |
| Was CVE executed at runtime? | Query Signals runtime facts | No static context |
| Should we mark CVE as NA? | Manual analysis | No evidence, no audit trail |
| What's the confidence? | Guesswork | No formal model |
### After Reachability Module
Single `IReachabilityIndex.QueryHybridAsync()` call returns:
- Lattice state (8-level certainty model)
- Confidence score (0.0-1.0)
- Evidence URIs (auditable, reproducible)
- Recommended VEX status + justification
---
## Module Location
```
src/__Libraries/StellaOps.Reachability.Core/
├── IReachabilityIndex.cs # Main facade interface
├── ReachabilityIndex.cs # Implementation
├── HybridQueryOptions.cs # Query configuration
├── SymbolRef.cs # Symbol reference
├── StaticReachabilityResult.cs # Static query result
├── RuntimeReachabilityResult.cs # Runtime query result
├── HybridReachabilityResult.cs # Combined result
├── LatticeState.cs # 8-state lattice enum
├── ReachabilityLattice.cs # Lattice state machine
├── ConfidenceCalculator.cs # Evidence-weighted confidence
├── EvidenceUriBuilder.cs # stella:// URI construction
├── IReachGraphAdapter.cs # ReachGraph integration interface
├── ISignalsAdapter.cs # Signals integration interface
├── ServiceCollectionExtensions.cs # DI registration
├── Symbols/
│ ├── ISymbolCanonicalizer.cs # Symbol normalization interface
│ ├── SymbolCanonicalizer.cs # Implementation
│ ├── ISymbolNormalizer.cs # Normalizer interface
│ ├── CanonicalSymbol.cs # Canonicalized symbol
│ ├── RawSymbol.cs # Raw input symbol
│ ├── SymbolMatchResult.cs # Match result
│ ├── SymbolMatchOptions.cs # Matching configuration
│ ├── SymbolMatcher.cs # Symbol matching logic
│ ├── SymbolSource.cs # Source enum
│ ├── ProgrammingLanguage.cs # Language enum
│ ├── DotNetSymbolNormalizer.cs # .NET symbols
│ ├── JavaSymbolNormalizer.cs # Java symbols
│ ├── NativeSymbolNormalizer.cs # C/C++/Rust
│ └── ScriptSymbolNormalizer.cs # JS/Python/PHP
└── CveMapping/
├── ICveSymbolMappingService.cs # CVE-symbol mapping interface
├── CveSymbolMappingService.cs # Implementation
├── CveSymbolMapping.cs # Mapping record
├── VulnerableSymbol.cs # Vulnerable symbol record
├── MappingSource.cs # Source enum
├── VulnerabilityType.cs # Vulnerability type enum
├── PatchAnalysisResult.cs # Patch analysis result
├── IPatchSymbolExtractor.cs # Patch analysis interface
├── IOsvEnricher.cs # OSV enricher interface
├── GitDiffExtractor.cs # Git diff parsing
├── UnifiedDiffParser.cs # Unified diff format parser
├── FunctionBoundaryDetector.cs # Function boundary detection
└── OsvEnricher.cs # OSV API enrichment
```
---
## Core Concepts
### 1. Reachability Lattice (8-State Model)
The lattice provides mathematically sound evidence aggregation:
```
X (Contested)
/ \
/ \
CR (Confirmed CU (Confirmed
Reachable) Unreachable)
| \ / |
| \ / |
RO (Runtime RU (Runtime
Observed) Unobserved)
| |
| |
SR (Static SU (Static
Reachable) Unreachable)
\ /
\ /
U (Unknown)
```
| State | Code | Description | Confidence Base |
|-------|------|-------------|-----------------|
| Unknown | U | No analysis performed | 0.00 |
| Static Reachable | SR | Call graph shows path exists | 0.30 |
| Static Unreachable | SU | Call graph proves no path | 0.40 |
| Runtime Observed | RO | Symbol executed at runtime | 0.70 |
| Runtime Unobserved | RU | Observation window passed, no execution | 0.60 |
| Confirmed Reachable | CR | Multiple sources confirm reachability | 0.90 |
| Confirmed Unreachable | CU | Multiple sources confirm no reachability | 0.95 |
| Contested | X | Evidence conflict | 0.20 (requires review) |
### 2. Symbol Canonicalization
Symbols from different sources must be normalized to enable matching:
| Source | Raw Format | Canonical Format |
|--------|-----------|------------------|
| Roslyn (.NET) | `StellaOps.Scanner.Core.SbomGenerator::GenerateAsync` | `stellaops.scanner.core/sbomgenerator/generateasync/(cancellationtoken)` |
| ASM (Java) | `org/apache/log4j/core/lookup/JndiLookup.lookup(Ljava/lang/String;)Ljava/lang/String;` | `org.apache.log4j.core.lookup/jndilookup/lookup/(string)` |
| eBPF (Native) | `_ZN4llvm12DenseMapBaseINS_...` | `llvm/densemapbase/operator[]/(keytype)` |
| ETW (.NET) | `MethodID=12345 ModuleID=67890` | (resolved via metadata) |
### 3. CVE-Symbol Mapping
Maps CVE identifiers to specific vulnerable symbols:
```json
{
"cveId": "CVE-2021-44228",
"symbols": [
{
"canonicalId": "sha256:abc123...",
"displayName": "org.apache.log4j.core.lookup/jndilookup/lookup/(string)",
"type": "Sink",
"condition": "When lookup string contains ${jndi:...}"
}
],
"source": "PatchAnalysis",
"confidence": 0.98,
"patchCommitUrl": "https://github.com/apache/logging-log4j2/commit/abc123"
}
```
### 4. Evidence URIs
Standardized `stella://` URI scheme for evidence references:
| Pattern | Example |
|---------|---------|
| `stella://reachgraph/{digest}` | `stella://reachgraph/blake3:abc123` |
| `stella://reachgraph/{digest}/slice?symbol={id}` | `stella://reachgraph/blake3:abc123/slice?symbol=sha256:def` |
| `stella://signals/runtime/{tenant}/{artifact}` | `stella://signals/runtime/acme/sha256:abc` |
| `stella://cvemap/{cveId}` | `stella://cvemap/CVE-2021-44228` |
| `stella://attestation/{digest}` | `stella://attestation/sha256:sig789` |
---
## Architecture Diagram
```
┌─────────────────────────────────────────────────────────────────────────────────┐
│ Reachability Core Library │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌────────────────────────────────────────────────────────────────────────────┐ │
│ │ IReachabilityIndex │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────────────────┐ │ │
│ │ │ QueryStaticAsync │ │ QueryRuntimeAsync│ │ QueryHybridAsync │ │ │
│ │ └────────┬────────┘ └────────┬────────┘ └────────────┬───────────────┘ │ │
│ └───────────┼────────────────────┼─────────────────────────┼────────────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────────────┐│
│ │ Internal Components ││
│ │ ││
│ │ ┌────────────────┐ ┌────────────────┐ ┌────────────────────────────┐ ││
│ │ │ Symbol │ │ CVE-Symbol │ │ Reachability │ ││
│ │ │ Canonicalizer │ │ Mapping │ │ Lattice │ ││
│ │ │ │ │ │ │ │ ││
│ │ │ ┌────────────┐ │ │ ┌────────────┐ │ │ ┌───────────────────────┐ │ ││
│ │ │ │.NET Norm. │ │ │ │PatchExtract│ │ │ │ State Machine │ │ ││
│ │ │ │Java Norm. │ │ │ │OSV Enrich │ │ │ │ Confidence Calc │ │ ││
│ │ │ │Native Norm.│ │ │ │DeltaSig │ │ │ │ Transition Rules │ │ ││
│ │ │ │Script Norm.│ │ │ │Manual Input│ │ │ └───────────────────────┘ │ ││
│ │ │ └────────────┘ │ │ └────────────┘ │ │ │ ││
│ │ └────────────────┘ └────────────────┘ └────────────────────────────┘ ││
│ │ ││
│ └──────────────────────────────────────────────────────────────────────────────┘│
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────────────────────────────┐│
│ │ Evidence Layer ││
│ │ ││
│ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────────────────┐ ││
│ │ │ Evidence URI │ │ Evidence Bundle │ │ Evidence Attestation │ ││
│ │ │ Builder │ │ (Collection) │ │ Service (DSSE) │ ││
│ │ └─────────────────┘ └─────────────────┘ └─────────────────────────────┘ ││
│ │ ││
│ └──────────────────────────────────────────────────────────────────────────────┘│
│ │
└──────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────┼────────────────────────┐
│ │ │
▼ ▼ ▼
┌────────────────┐ ┌────────────────┐ ┌────────────────┐
│ ReachGraph │ │ Signals │ │ Policy Engine │
│ Adapter │ │ Adapter │ │ Adapter │
└───────┬────────┘ └───────┬────────┘ └───────┬────────┘
│ │ │
▼ ▼ ▼
┌────────────────┐ ┌────────────────┐ ┌────────────────┐
│ ReachGraph │ │ Signals │ │ Policy Engine │
│ WebService │ │ WebService │ │ (VEX Emit) │
└────────────────┘ └────────────────┘ └────────────────┘
```
---
## Data Flow
### Query Flow
```
1. Consumer calls IReachabilityIndex.QueryHybridAsync(symbol, artifact, options)
2. SymbolCanonicalizer normalizes input symbol to CanonicalSymbol
3. Parallel queries:
├── ReachGraphAdapter.QueryAsync() → StaticReachabilityResult
└── SignalsAdapter.QueryRuntimeFactsAsync() → RuntimeReachabilityResult
4. ReachabilityLattice computes combined state from evidence
5. ConfidenceCalculator applies evidence weights and guardrails
6. EvidenceBundle collects URIs for audit trail
7. Return HybridReachabilityResult with verdict recommendation
```
### Ingestion Flow (CVE Mapping)
```
1. Patch commit detected (Concelier, Feedser, or manual)
2. GitDiffExtractor parses diff to find changed functions
3. SymbolCanonicalizer normalizes extracted symbols
4. OsvEnricher adds context from OSV database
5. CveSymbolMappingService persists mapping with provenance
6. Mapping available for reachability queries
```
---
## API Contracts
### IReachabilityIndex
```csharp
public interface IReachabilityIndex
{
/// <summary>
/// Query static reachability from call graph.
/// </summary>
Task<StaticReachabilityResult> QueryStaticAsync(
SymbolRef symbol,
string artifactDigest,
CancellationToken ct);
/// <summary>
/// Query runtime reachability from observed facts.
/// </summary>
Task<RuntimeReachabilityResult> QueryRuntimeAsync(
SymbolRef symbol,
string artifactDigest,
TimeSpan observationWindow,
CancellationToken ct);
/// <summary>
/// Query hybrid reachability combining static + runtime.
/// </summary>
Task<HybridReachabilityResult> QueryHybridAsync(
SymbolRef symbol,
string artifactDigest,
HybridQueryOptions options,
CancellationToken ct);
/// <summary>
/// Batch query for CVE vulnerability analysis.
/// </summary>
Task<IReadOnlyList<HybridReachabilityResult>> QueryBatchAsync(
IEnumerable<SymbolRef> symbols,
string artifactDigest,
HybridQueryOptions options,
CancellationToken ct);
/// <summary>
/// Get vulnerable symbols for a CVE.
/// </summary>
Task<CveSymbolMapping?> GetCveMappingAsync(
string cveId,
CancellationToken ct);
}
```
### Result Types
```csharp
public sealed record HybridReachabilityResult
{
public required SymbolRef Symbol { get; init; }
public required string ArtifactDigest { get; init; }
public required LatticeState LatticeState { get; init; }
public required double Confidence { get; init; }
public required StaticEvidence? StaticEvidence { get; init; }
public required RuntimeEvidence? RuntimeEvidence { get; init; }
public required VerdictRecommendation Verdict { get; init; }
public required ImmutableArray<string> EvidenceUris { get; init; }
public required DateTimeOffset ComputedAt { get; init; }
public required string ComputedBy { get; init; }
}
public sealed record VerdictRecommendation
{
public required VexStatus Status { get; init; }
public VexJustification? Justification { get; init; }
public required ConfidenceBucket ConfidenceBucket { get; init; }
public string? ImpactStatement { get; init; }
public string? ActionStatement { get; init; }
}
public enum LatticeState
{
Unknown = 0,
StaticReachable = 1,
StaticUnreachable = 2,
RuntimeObserved = 3,
RuntimeUnobserved = 4,
ConfirmedReachable = 5,
ConfirmedUnreachable = 6,
Contested = 7
}
```
---
## Integration Points
### Upstream (Data Sources)
| Module | Interface | Data |
|--------|-----------|------|
| ReachGraph | `IReachGraphSliceService` | Static call-graph nodes/edges |
| Signals | `IRuntimeFactsService` | Runtime method observations |
| Scanner.CallGraph | `ICallGraphExtractor` | Per-artifact call graphs |
| Feedser | `IBackportProofService` | Patch analysis results |
### Downstream (Consumers)
| Module | Interface | Usage |
|--------|-----------|-------|
| Policy Engine | `IReachabilityAwareVexEmitter` | VEX verdict with evidence |
| VexLens | `IReachabilityIndex` | Consensus enrichment |
| Web Console | REST API | Evidence panel display |
| CLI | `stella reachability` | Command-line queries |
| ExportCenter | `IReachabilityExporter` | Offline bundles |
---
## Storage
### PostgreSQL Schema
```sql
-- CVE-Symbol Mappings
CREATE TABLE reachability.cve_symbol_mappings (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
tenant_id UUID NOT NULL,
cve_id TEXT NOT NULL,
symbol_canonical_id TEXT NOT NULL,
symbol_display_name TEXT NOT NULL,
vulnerability_type TEXT NOT NULL,
condition TEXT,
source TEXT NOT NULL,
confidence DECIMAL(3,2) NOT NULL,
patch_commit_url TEXT,
delta_sig_digest TEXT,
extracted_at TIMESTAMPTZ NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
UNIQUE (tenant_id, cve_id, symbol_canonical_id)
);
-- Query Cache
CREATE TABLE reachability.query_cache (
cache_key TEXT PRIMARY KEY,
artifact_digest TEXT NOT NULL,
symbol_canonical_id TEXT NOT NULL,
lattice_state INTEGER NOT NULL,
confidence DECIMAL(3,2) NOT NULL,
result_json JSONB NOT NULL,
computed_at TIMESTAMPTZ NOT NULL,
expires_at TIMESTAMPTZ NOT NULL
);
-- Audit Log
CREATE TABLE reachability.query_audit_log (
id BIGSERIAL PRIMARY KEY,
tenant_id UUID NOT NULL,
query_type TEXT NOT NULL,
artifact_digest TEXT NOT NULL,
symbol_count INTEGER NOT NULL,
lattice_state INTEGER NOT NULL,
confidence DECIMAL(3,2) NOT NULL,
duration_ms INTEGER NOT NULL,
queried_at TIMESTAMPTZ NOT NULL DEFAULT now()
);
```
### Valkey (Redis) Caching
| Key Pattern | TTL | Purpose |
|-------------|-----|---------|
| `reach:static:{artifact}:{symbol}` | 1h | Static query cache |
| `reach:runtime:{artifact}:{symbol}` | 5m | Runtime query cache |
| `reach:hybrid:{artifact}:{symbol}:{options_hash}` | 15m | Hybrid query cache |
| `cvemap:{cve_id}` | 24h | CVE mapping cache |
---
## Determinism Guarantees
### Reproducibility Rules
1. **Canonical Symbol IDs:** SHA-256 of `purl|namespace|type|method|signature` (lowercase, sorted)
2. **Stable Lattice Transitions:** Deterministic state machine, no randomness
3. **Ordered Evidence:** Evidence URIs sorted lexicographically
4. **Time Injection:** All `ComputedAt` via `TimeProvider`
5. **Culture Invariance:** `InvariantCulture` for all string operations
### Replay Verification
```csharp
public interface IReachabilityReplayService
{
Task<ReplayResult> ReplayAsync(
HybridReachabilityInputs inputs,
HybridReachabilityResult expected,
CancellationToken ct);
}
```
---
## Performance Characteristics
| Operation | Target P95 | Notes |
|-----------|-----------|-------|
| Static query (cached) | <10ms | Valkey hit |
| Static query (uncached) | <100ms | ReachGraph slice |
| Runtime query (cached) | <5ms | Valkey hit |
| Runtime query (uncached) | <50ms | Signals lookup |
| Hybrid query | <50ms | Parallel static + runtime |
| Batch query (100 symbols) | <500ms | Parallelized |
| CVE mapping lookup | <10ms | Cached |
| Symbol canonicalization | <1ms | In-memory |
---
## Security Considerations
### Access Control
| Operation | Required Scope |
|-----------|---------------|
| Query reachability | `reachability:read` |
| Ingest CVE mapping | `reachability:write` |
| Admin CVE mapping | `reachability:admin` |
| Export bundles | `reachability:export` |
### Tenant Isolation
- All queries filtered by `tenant_id`
- RLS policies on all tables
- Cache keys include tenant prefix
### Data Sensitivity
- Symbol names may reveal internal architecture
- Runtime traces expose execution patterns
- CVE mappings are security-sensitive
---
## Observability
### Metrics
| Metric | Type | Labels |
|--------|------|--------|
| `reachability_query_duration_seconds` | histogram | query_type, cache_hit |
| `reachability_lattice_state_total` | counter | state |
| `reachability_cache_hit_ratio` | gauge | cache_type |
| `reachability_cvemap_count` | gauge | source |
### Traces
| Span | Description |
|------|-------------|
| `reachability.query.static` | Static graph query |
| `reachability.query.runtime` | Runtime facts query |
| `reachability.query.hybrid` | Combined computation |
| `reachability.canonicalize` | Symbol normalization |
| `reachability.lattice.compute` | State calculation |
---
## Related Documentation
- [Product Advisory: Hybrid Reachability](../../product/advisories/09-Jan-2026%20-%20Hybrid%20Reachability%20and%20VEX%20Integration%20(Revised).md)
- [ReachGraph Architecture](../reach-graph/architecture.md)
- [Signals Architecture](../signals/architecture.md)
- [VexLens Architecture](../vex-lens/architecture.md)
- [Sprint Index](../../implplan/SPRINT_20260109_009_000_INDEX_hybrid_reachability.md)
---
_Last updated: 10-Jan-2026_

588
docs/modules/sarif-export/architecture.md
View File

@@ -1,588 +0,0 @@
# SARIF Export Module Architecture
> **Implementation Status:**
> - SARIF 2.1.0 Models: **Implemented** (`src/Scanner/__Libraries/StellaOps.Scanner.Sarif/`)
> - Export Service: **Implemented**
> - SmartDiff Integration: **Implemented**
> - Fingerprint Generator: **Implemented**
> - GitHub Upload Client: **Planned**
>
> There is no standalone `src/SarifExport/` module; SARIF export is a capability within the Scanner module.
## Overview
The **SARIF Export** module provides SARIF 2.1.0 compliant output for StellaOps Scanner findings, enabling integration with GitHub Code Scanning, GitLab SAST, Azure DevOps, and other platforms that consume SARIF.
## Current State
| Component | Status | Location |
|-----------|--------|----------|
| SARIF 2.1.0 Models | **Implemented** | `Scanner.Sarif/Models/SarifModels.cs` |
| SmartDiff SARIF Generator | **Implemented** | `Scanner.SmartDiff/Output/SarifOutputGenerator.cs` |
| SmartDiff SARIF Endpoint | **Implemented** | `GET /smart-diff/scans/{scanId}/sarif` |
| Findings SARIF Mapper | **Implemented** | `Scanner.Sarif/SarifExportService.cs` |
| SARIF Rule Registry | **Implemented** | `Scanner.Sarif/Rules/SarifRuleRegistry.cs` |
| Fingerprint Generator | **Implemented** | `Scanner.Sarif/Fingerprints/FingerprintGenerator.cs` |
| GitHub Upload Client | **Not Implemented** | Proposed |
---
## Module Location
```
src/Scanner/__Libraries/StellaOps.Scanner.Sarif/
├── ISarifExportService.cs # Main export interface
├── SarifExportService.cs # Implementation (DONE)
├── SarifExportOptions.cs # Configuration (DONE)
├── FindingInput.cs # Input model (DONE)
├── Models/
│ └── SarifModels.cs # Complete SARIF 2.1.0 types (DONE)
├── Rules/
│ ├── ISarifRuleRegistry.cs # Rule registry interface (DONE)
│ └── SarifRuleRegistry.cs # 21 rules implemented (DONE)
└── Fingerprints/
├── IFingerprintGenerator.cs # Fingerprint interface (DONE)
└── FingerprintGenerator.cs # SHA-256 fingerprints (DONE)
```
---
## Existing SmartDiff SARIF Implementation
The SmartDiff module provides a reference implementation:
### SarifModels.cs (Existing)
```csharp
// Already implemented record types
public sealed record SarifLog(
string Version,
string Schema,
ImmutableArray<SarifRun> Runs);
public sealed record SarifRun(
SarifTool Tool,
ImmutableArray<SarifResult> Results,
ImmutableArray<SarifArtifact> Artifacts,
ImmutableArray<SarifVersionControlDetails> VersionControlProvenance,
ImmutableDictionary<string, object> Properties);
public sealed record SarifResult(
string RuleId,
int? RuleIndex,
SarifLevel Level,
SarifMessage Message,
ImmutableArray<SarifLocation> Locations,
ImmutableDictionary<string, string> Fingerprints,
ImmutableDictionary<string, string> PartialFingerprints,
ImmutableDictionary<string, object> Properties);
```
### SarifOutputGenerator.cs (Existing)
```csharp
// Existing generator for SmartDiff findings
public class SarifOutputGenerator
{
public SarifLog Generate(
IEnumerable<MaterialRiskChangeResult> changes,
SarifOutputOptions options);
}
```
---
## New Findings SARIF Architecture
### ISarifExportService
```csharp
namespace StellaOps.Scanner.Sarif;
/// <summary>
/// Service for exporting scanner findings to SARIF format.
/// </summary>
public interface ISarifExportService
{
/// <summary>
/// Export findings to SARIF 2.1.0 format.
/// </summary>
/// <param name="findings">Scanner findings to export.</param>
/// <param name="options">Export options.</param>
/// <param name="ct">Cancellation token.</param>
/// <returns>SARIF log document.</returns>
Task<SarifLog> ExportAsync(
IEnumerable<Finding> findings,
SarifExportOptions options,
CancellationToken ct);
/// <summary>
/// Export findings to SARIF JSON string.
/// </summary>
Task<string> ExportToJsonAsync(
IEnumerable<Finding> findings,
SarifExportOptions options,
CancellationToken ct);
/// <summary>
/// Export findings to SARIF JSON stream.
/// </summary>
Task ExportToStreamAsync(
IEnumerable<Finding> findings,
SarifExportOptions options,
Stream outputStream,
CancellationToken ct);
/// <summary>
/// Validate SARIF output against schema.
/// </summary>
Task<SarifValidationResult> ValidateAsync(
SarifLog log,
CancellationToken ct);
}
```
### SarifExportOptions
```csharp
namespace StellaOps.Scanner.Sarif;
/// <summary>
/// Options for SARIF export.
/// </summary>
public sealed record SarifExportOptions
{
/// <summary>Tool name in SARIF output.</summary>
public string ToolName { get; init; } = "StellaOps Scanner";
/// <summary>Tool version.</summary>
public required string ToolVersion { get; init; }
/// <summary>Tool information URI.</summary>
public string ToolUri { get; init; } = "https://stellaops.io/scanner";
/// <summary>Minimum severity to include.</summary>
public Severity? MinimumSeverity { get; init; }
/// <summary>Include reachability evidence in properties.</summary>
public bool IncludeReachability { get; init; } = true;
/// <summary>Include VEX status in properties.</summary>
public bool IncludeVexStatus { get; init; } = true;
/// <summary>Include EPSS scores in properties.</summary>
public bool IncludeEpss { get; init; } = true;
/// <summary>Include KEV status in properties.</summary>
public bool IncludeKev { get; init; } = true;
/// <summary>Include evidence URIs in properties.</summary>
public bool IncludeEvidenceUris { get; init; } = false;
/// <summary>Include attestation reference in run properties.</summary>
public bool IncludeAttestation { get; init; } = true;
/// <summary>Version control provenance.</summary>
public VersionControlInfo? VersionControl { get; init; }
/// <summary>Pretty-print JSON output.</summary>
public bool IndentedJson { get; init; } = false;
/// <summary>Category for GitHub upload (distinguishes multiple tools).</summary>
public string? Category { get; init; }
/// <summary>Base URI for source files.</summary>
public string? SourceRoot { get; init; }
}
public sealed record VersionControlInfo
{
public required string RepositoryUri { get; init; }
public required string RevisionId { get; init; }
public string? Branch { get; init; }
}
```
---
## Rule Registry
### ISarifRuleRegistry
```csharp
namespace StellaOps.Scanner.Sarif.Rules;
/// <summary>
/// Registry of SARIF rules for StellaOps findings.
/// </summary>
public interface ISarifRuleRegistry
{
/// <summary>Get rule by ID.</summary>
SarifRule? GetRule(string ruleId);
/// <summary>Get rule for finding type and severity.</summary>
SarifRule GetRuleForFinding(FindingType type, Severity severity);
/// <summary>Get all registered rules.</summary>
IReadOnlyList<SarifRule> GetAllRules();
/// <summary>Get rules by category.</summary>
IReadOnlyList<SarifRule> GetRulesByCategory(string category);
}
```
### Rule Definitions
```csharp
namespace StellaOps.Scanner.Sarif.Rules;
public static class VulnerabilityRules
{
public static readonly SarifRule Critical = new()
{
Id = "STELLA-VULN-001",
Name = "CriticalVulnerability",
ShortDescription = "Critical vulnerability detected (CVSS >= 9.0)",
FullDescription = "A critical severity vulnerability was detected. " +
"This may be a known exploited vulnerability (KEV) or " +
"have a CVSS score of 9.0 or higher.",
HelpUri = "https://stellaops.io/rules/STELLA-VULN-001",
DefaultLevel = SarifLevel.Error,
Properties = new Dictionary<string, object>
{
["precision"] = "high",
["problem.severity"] = "error",
["security-severity"] = "10.0",
["tags"] = new[] { "security", "vulnerability", "critical" }
}.ToImmutableDictionary()
};
public static readonly SarifRule High = new()
{
Id = "STELLA-VULN-002",
Name = "HighVulnerability",
ShortDescription = "High severity vulnerability detected (CVSS 7.0-8.9)",
FullDescription = "A high severity vulnerability was detected with " +
"CVSS score between 7.0 and 8.9.",
HelpUri = "https://stellaops.io/rules/STELLA-VULN-002",
DefaultLevel = SarifLevel.Error,
Properties = new Dictionary<string, object>
{
["precision"] = "high",
["problem.severity"] = "error",
["security-severity"] = "8.0",
["tags"] = new[] { "security", "vulnerability", "high" }
}.ToImmutableDictionary()
};
public static readonly SarifRule Medium = new()
{
Id = "STELLA-VULN-003",
Name = "MediumVulnerability",
ShortDescription = "Medium severity vulnerability detected (CVSS 4.0-6.9)",
HelpUri = "https://stellaops.io/rules/STELLA-VULN-003",
DefaultLevel = SarifLevel.Warning,
Properties = new Dictionary<string, object>
{
["precision"] = "high",
["problem.severity"] = "warning",
["security-severity"] = "5.5",
["tags"] = new[] { "security", "vulnerability", "medium" }
}.ToImmutableDictionary()
};
public static readonly SarifRule Low = new()
{
Id = "STELLA-VULN-004",
Name = "LowVulnerability",
ShortDescription = "Low severity vulnerability detected (CVSS < 4.0)",
HelpUri = "https://stellaops.io/rules/STELLA-VULN-004",
DefaultLevel = SarifLevel.Note,
Properties = new Dictionary<string, object>
{
["precision"] = "high",
["problem.severity"] = "note",
["security-severity"] = "2.0",
["tags"] = new[] { "security", "vulnerability", "low" }
}.ToImmutableDictionary()
};
// Reachability-enhanced rules
public static readonly SarifRule RuntimeReachable = new()
{
Id = "STELLA-VULN-005",
Name = "ReachableVulnerability",
ShortDescription = "Runtime-confirmed reachable vulnerability",
FullDescription = "A vulnerability with runtime-confirmed reachability. " +
"The vulnerable code path was observed during execution.",
HelpUri = "https://stellaops.io/rules/STELLA-VULN-005",
DefaultLevel = SarifLevel.Error,
Properties = new Dictionary<string, object>
{
["precision"] = "very-high",
["problem.severity"] = "error",
["security-severity"] = "9.5",
["tags"] = new[] { "security", "vulnerability", "reachable", "runtime" }
}.ToImmutableDictionary()
};
}
```
---
## Fingerprint Generation
### IFingerprintGenerator
```csharp
namespace StellaOps.Scanner.Sarif.Fingerprints;
/// <summary>
/// Generates deterministic fingerprints for SARIF deduplication.
/// </summary>
public interface IFingerprintGenerator
{
/// <summary>
/// Generate primary fingerprint for a finding.
/// </summary>
string GeneratePrimary(Finding finding, FingerprintStrategy strategy);
/// <summary>
/// Generate partial fingerprints for GitHub fallback.
/// </summary>
ImmutableDictionary<string, string> GeneratePartial(
Finding finding,
string? sourceContent);
}
public enum FingerprintStrategy
{
/// <summary>Hash of ruleId + purl + vulnId + artifactDigest.</summary>
Standard,
/// <summary>Hash including file location for source-level findings.</summary>
WithLocation,
/// <summary>Hash including content hash for maximum stability.</summary>
ContentBased
}
```
### Implementation
```csharp
public class FingerprintGenerator : IFingerprintGenerator
{
public string GeneratePrimary(Finding finding, FingerprintStrategy strategy)
{
var input = strategy switch
{
FingerprintStrategy.Standard => string.Join("|",
finding.RuleId,
finding.ComponentPurl,
finding.VulnerabilityId ?? "",
finding.ArtifactDigest),
FingerprintStrategy.WithLocation => string.Join("|",
finding.RuleId,
finding.ComponentPurl,
finding.VulnerabilityId ?? "",
finding.ArtifactDigest,
finding.FilePath ?? "",
finding.LineNumber?.ToString(CultureInfo.InvariantCulture) ?? ""),
FingerprintStrategy.ContentBased => string.Join("|",
finding.RuleId,
finding.ComponentPurl,
finding.VulnerabilityId ?? "",
finding.ContentHash ?? finding.ArtifactDigest),
_ => throw new ArgumentOutOfRangeException(nameof(strategy))
};
return ComputeSha256(input);
}
public ImmutableDictionary<string, string> GeneratePartial(
Finding finding,
string? sourceContent)
{
var partial = new Dictionary<string, string>();
// Line hash for GitHub deduplication
if (!string.IsNullOrEmpty(sourceContent) && finding.LineNumber.HasValue)
{
var lines = sourceContent.Split('\n');
if (finding.LineNumber.Value <= lines.Length)
{
var line = lines[finding.LineNumber.Value - 1];
partial["primaryLocationLineHash"] = ComputeSha256(line.Trim());
}
}
return partial.ToImmutableDictionary();
}
private static string ComputeSha256(string input)
{
var bytes = SHA256.HashData(Encoding.UTF8.GetBytes(input));
return Convert.ToHexString(bytes).ToLowerInvariant();
}
}
```
---
## Severity Mapping
```csharp
public static class SeverityMapper
{
public static SarifLevel MapToSarifLevel(Severity severity, bool isReachable = false)
{
// Reachable vulnerabilities are always error level
if (isReachable && severity >= Severity.Medium)
return SarifLevel.Error;
return severity switch
{
Severity.Critical => SarifLevel.Error,
Severity.High => SarifLevel.Error,
Severity.Medium => SarifLevel.Warning,
Severity.Low => SarifLevel.Note,
Severity.Info => SarifLevel.Note,
_ => SarifLevel.None
};
}
public static double MapToSecuritySeverity(double cvssScore)
{
// GitHub uses security-severity for ordering
// Map CVSS 0-10 scale directly
return Math.Clamp(cvssScore, 0.0, 10.0);
}
}
```
---
## Determinism Requirements
Following CLAUDE.md rules:
1. **Canonical JSON:** RFC 8785 sorted keys, no nulls
2. **Stable Rule Ordering:** Rules sorted by ID
3. **Stable Result Ordering:** Results sorted by (ruleId, location, fingerprint)
4. **Time Injection:** Use `TimeProvider` for timestamps
5. **Culture Invariance:** `InvariantCulture` for all string operations
6. **Immutable Collections:** All outputs use `ImmutableArray`, `ImmutableDictionary`
---
## API Endpoints
### Scanner Export Endpoints
```csharp
public static class SarifExportEndpoints
{
public static void MapSarifEndpoints(this IEndpointRouteBuilder app)
{
var group = app.MapGroup("/v1/scans/{scanId}/exports")
.RequireAuthorization("scanner:read");
// SARIF export
group.MapGet("/sarif", ExportSarif)
.WithName("ExportScanSarif")
.Produces<string>(StatusCodes.Status200OK, "application/sarif+json");
// SARIF with options
group.MapPost("/sarif", ExportSarifWithOptions)
.WithName("ExportScanSarifWithOptions")
.Produces<string>(StatusCodes.Status200OK, "application/sarif+json");
}
private static async Task<IResult> ExportSarif(
Guid scanId,
[FromQuery] string? minSeverity,
[FromQuery] bool pretty = false,
[FromQuery] bool includeReachability = true,
ISarifExportService sarifService,
IFindingsService findingsService,
CancellationToken ct)
{
var findings = await findingsService.GetByScanIdAsync(scanId, ct);
var options = new SarifExportOptions
{
ToolVersion = GetToolVersion(),
MinimumSeverity = ParseSeverity(minSeverity),
IncludeReachability = includeReachability,
IndentedJson = pretty
};
var json = await sarifService.ExportToJsonAsync(findings, options, ct);
return Results.Content(json, "application/sarif+json");
}
}
```
---
## Integration with GitHub
See `src/Integrations/__Plugins/StellaOps.Integrations.Plugin.GitHubApp/` for GitHub connector.
New GitHub Code Scanning client extends existing infrastructure:
```csharp
public interface IGitHubCodeScanningClient
{
/// <summary>Upload SARIF to GitHub Code Scanning.</summary>
Task<SarifUploadResult> UploadSarifAsync(
string owner,
string repo,
SarifUploadRequest request,
CancellationToken ct);
/// <summary>Get upload status.</summary>
Task<SarifUploadStatus> GetUploadStatusAsync(
string owner,
string repo,
string sarifId,
CancellationToken ct);
/// <summary>List code scanning alerts.</summary>
Task<IReadOnlyList<CodeScanningAlert>> ListAlertsAsync(
string owner,
string repo,
AlertFilter? filter,
CancellationToken ct);
}
```
---
## Performance Targets
| Operation | Target P95 | Notes |
|-----------|-----------|-------|
| Export 100 findings | < 100ms | In-memory |
| Export 10,000 findings | < 5s | Streaming |
| SARIF serialization | < 50ms/MB | RFC 8785 |
| Schema validation | < 200ms | JSON Schema |
| Fingerprint generation | < 1ms/finding | SHA-256 |
---
## Related Documentation
- [Product Advisory](../../product/advisories/09-Jan-2026%20-%20GitHub%20Code%20Scanning%20Integration%20(Revised).md)
- [SARIF 2.1.0 Specification](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html)
- [GitHub SARIF Support](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)
- [Existing SmartDiff SARIF](../../../src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/)
---
_Last updated: 09-Jan-2026_

287
docs/modules/triage/evidence-panel.md
View File

@@ -1,287 +0,0 @@
# Evidence Panel Component
> **Sprint:** SPRINT_20260107_006_001_FE
> **Module:** Triage UI
> **Version:** 1.0.0
## Overview
The Evidence Panel provides a unified tabbed interface for viewing all evidence related to a security finding. It consolidates five categories of evidence:
1. **Provenance** - DSSE attestation chain, signer identity, Rekor transparency
2. **Reachability** - Code path analysis showing if vulnerability is reachable
3. **Diff** - Source code changes introducing the vulnerability
4. **Runtime** - Runtime telemetry and execution evidence
5. **Policy** - OPA/Rego policy decisions and lattice trace
## Architecture
```
┌──────────────────────────────────────────────────────────────────────┐
│ TabbedEvidencePanelComponent │
├──────────────────────────────────────────────────────────────────────┤
│ [Provenance] [Reachability] [Diff] [Runtime] [Policy] │
├──────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Tab Content (lazy-loaded) │ │
│ │ │ │
│ │ ProvenanceTabComponent / ReachabilityTabComponent / etc. │ │
│ └──────────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────┘
```
## Components
### TabbedEvidencePanelComponent
**Selector:** `app-tabbed-evidence-panel`
**Inputs:**
- `findingId: string` - The finding ID to load evidence for
**Outputs:**
- `tabChange: EventEmitter<EvidenceTabType>` - Emitted when tab changes
**Usage:**
```html
<app-tabbed-evidence-panel
[findingId]="selectedFindingId"
(tabChange)="onTabChange($event)"
/>
```
### ProvenanceTabComponent
Displays DSSE attestation information including:
- DSSE verification badge (verified/partial/missing)
- Attestation chain visualization (build → scan → triage → policy)
- Signer identity and key information
- Rekor log index with verification link
- Collapsible in-toto statement JSON
### DsseBadgeComponent
**Selector:** `app-dsse-badge`
Displays the DSSE verification status as a badge.
**Inputs:**
- `status: DsseBadgeStatus` - 'verified' | 'partial' | 'missing'
- `details?: DsseVerificationDetails` - Additional verification details
- `showTooltip?: boolean` - Show tooltip on hover (default: true)
- `animate?: boolean` - Enable hover animations (default: true)
**States:**
| State | Color | Icon | Meaning |
|-------|-------|------|---------|
| verified | Green | ✓ | Full DSSE chain verified |
| partial | Amber | ⚠ | Some attestations missing |
| missing | Red | ✗ | No valid attestation |
### AttestationChainComponent
**Selector:** `app-attestation-chain`
Visualizes the attestation chain as connected nodes.
**Inputs:**
- `nodes: AttestationChainNode[]` - Chain nodes to display
**Outputs:**
- `nodeClick: EventEmitter<AttestationChainNode>` - Emitted on node click
### PolicyTabComponent
Displays policy evaluation details including:
- Verdict badge (ALLOW/DENY/QUARANTINE/REVIEW)
- OPA/Rego rule path that matched
- K4 lattice merge trace visualization
- Counterfactual analysis ("What would change verdict?")
- Policy version and editor link
### ReachabilityTabComponent
Integrates the existing `ReachabilityContextComponent` with:
- Summary header with status badge
- Confidence percentage display
- Entry points list
- Link to full graph view
## Services
### EvidenceTabService
**Path:** `services/evidence-tab.service.ts`
Fetches evidence data for each tab with caching.
```typescript
interface EvidenceTabService {
getProvenanceEvidence(findingId: string, forceRefresh?: boolean): Observable<LoadState<ProvenanceEvidence>>;
getReachabilityEvidence(findingId: string, forceRefresh?: boolean): Observable<LoadState<ReachabilityData>>;
getDiffEvidence(findingId: string, forceRefresh?: boolean): Observable<LoadState<DiffEvidence>>;
getRuntimeEvidence(findingId: string, forceRefresh?: boolean): Observable<LoadState<RuntimeEvidence>>;
getPolicyEvidence(findingId: string, forceRefresh?: boolean): Observable<LoadState<PolicyEvidence>>;
clearCache(findingId?: string): void;
}
```
### TabUrlPersistenceService
**Path:** `services/tab-url-persistence.service.ts`
Manages URL query param persistence for selected tab.
```typescript
interface TabUrlPersistenceService {
readonly selectedTab$: Observable<EvidenceTabType>;
getCurrentTab(): EvidenceTabType;
setTab(tab: EvidenceTabType): void;
navigateToTab(tab: EvidenceTabType): void;
}
```
## Keyboard Shortcuts
| Key | Action |
|-----|--------|
| `1` | Go to Provenance tab |
| `2` | Go to Reachability tab |
| `3` | Go to Diff tab |
| `4` | Go to Runtime tab |
| `5` | Go to Policy tab |
| `→` | Next tab |
| `←` | Previous tab |
| `Home` | First tab |
| `End` | Last tab |
## URL Persistence
The selected tab is persisted in the URL query string:
```
/triage/findings/CVE-2024-1234?tab=provenance
/triage/findings/CVE-2024-1234?tab=reachability
/triage/findings/CVE-2024-1234?tab=diff
/triage/findings/CVE-2024-1234?tab=runtime
/triage/findings/CVE-2024-1234?tab=policy
```
This enables:
- Deep linking to specific evidence
- Browser history navigation
- Sharing links with colleagues
## Data Models
### ProvenanceEvidence
```typescript
interface ProvenanceEvidence {
dsseStatus: DsseBadgeStatus;
dsseDetails?: DsseVerificationDetails;
attestationChain: AttestationChainNode[];
signer?: SignerInfo;
rekorLogIndex?: number;
rekorVerifyUrl?: string;
inTotoStatement?: object;
}
```
### AttestationChainNode
```typescript
interface AttestationChainNode {
id: string;
type: 'build' | 'scan' | 'triage' | 'policy' | 'custom';
label: string;
status: 'verified' | 'pending' | 'missing' | 'failed';
predicateType?: string;
digest?: string;
timestamp?: string;
signer?: string;
details?: AttestationDetails;
}
```
### PolicyEvidence
```typescript
interface PolicyEvidence {
verdict: PolicyVerdict;
rulePath?: string;
latticeTrace?: LatticeTraceStep[];
counterfactuals?: PolicyCounterfactual[];
policyVersion?: string;
policyDigest?: string;
policyEditorUrl?: string;
evaluatedAt?: string;
}
```
## Accessibility
The Evidence Panel follows WAI-ARIA tabs pattern:
- `role="tablist"` on tab navigation
- `role="tab"` on each tab button
- `role="tabpanel"` on each panel
- `aria-selected` indicates active tab
- `aria-controls` links tabs to panels
- `aria-labelledby` links panels to tabs
- `tabindex` management for keyboard navigation
- Screen reader announcements on tab change
## Testing
### Unit Tests
Located in `evidence-panel/*.spec.ts`:
- Tab navigation behavior
- DSSE badge states and styling
- Attestation chain rendering
- Keyboard navigation
- URL persistence
- Loading/error states
### E2E Tests
Located in `e2e/evidence-panel.e2e.spec.ts`:
- Full tab switching workflow
- Evidence loading and display
- Copy JSON functionality
- URL persistence across reloads
- Accessibility compliance
## API Dependencies
The Evidence Panel depends on these API endpoints:
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/evidence/provenance/{findingId}` | GET | Fetch provenance data |
| `/api/evidence/reachability/{findingId}` | GET | Fetch reachability data |
| `/api/evidence/diff/{findingId}` | GET | Fetch diff data |
| `/api/evidence/runtime/{findingId}` | GET | Fetch runtime data |
| `/api/evidence/policy/{findingId}` | GET | Fetch policy data |
See [Evidence API Reference](../../../api/evidence-api.md) for details.
## Screenshots
### Provenance Tab
![Provenance Tab](../../assets/screenshots/evidence-provenance.png)
### Policy Tab with Lattice Trace
![Policy Tab](../../assets/screenshots/evidence-policy.png)
### Attestation Chain Expanded
![Attestation Chain](../../assets/screenshots/attestation-chain.png)
## Changelog
| Version | Date | Changes |
|---------|------|---------|
| 1.0.0 | 2026-01-09 | Initial implementation |

13
docs/modules/ui/architecture.md
View File

@@ -180,12 +180,19 @@ Each feature folder builds as a **standalone route** (lazy loaded). All HTTP sha
- Agent download and registration flow.
* **Models**: `integration.models.ts` defines `IntegrationDraft`, `IntegrationProvider`, `WizardStep`, `PreflightCheck`, `AuthMethod`, and provider constants.
### 3.12 Advisor (Ask Stella)
### 3.12 Advisor (Ask Stella)
* **Chat panel** scoped to the current artifact, CVE, or release, with citations and evidence chips.
* **Citations and Evidence** drawer lists object refs (SBOM, VEX, scan IDs) and hashes.
* **Action confirmation** modal required for any tool action; disabled when policy denies.
* **Budget indicators** show quota or token budget exhaustion with retry hints.
* **Action confirmation** modal required for any tool action; disabled when policy denies.
* **Budget indicators** show quota or token budget exhaustion with retry hints.
### 3.13 Global Search and Assistant Bridge
* **Search -> assistant handoff**: result cards and synthesis panel expose `Ask AI` actions that route to `/security/triage?openChat=true` and seed chat context through `SearchChatContextService`.
* **Assistant host**: `/security/triage` mounts `SecurityTriageChatHostComponent`, which consumes `openChat` intent deterministically and opens the chat drawer in the primary shell.
* **Assistant -> search return**: assistant responses expose `Search for more` and `Search related` actions; these populate global search query/domain context and focus the search surface.
* **Fallback transparency**: when unified search drops to legacy fallback, global search displays an explicit degraded banner and emits enter/exit telemetry markers for operator visibility.
---

22
docs/notifications/security/webhook-ack-hardening.md
View File

@@ -1,22 +0,0 @@
# Webhook Acknowledgment Hardening
This document describes the security measures for webhook acknowledgment validation.
## Overview
Webhook acknowledgment hardening ensures that webhook deliveries are properly verified and acknowledged.
## Security Measures
- HMAC signature verification for all webhook payloads
- Timeout handling for slow webhook endpoints
- Retry logic with exponential backoff
- Dead letter queue for failed deliveries
## Configuration
Webhook endpoints must be configured with:
- Secret key for HMAC signing
- Signature header name
- Timeout duration
- Maximum retry attempts

157
docs/operations/runbooks/_template.md
View File

@@ -1,157 +0,0 @@
# Runbook: [Component] - [Failure Scenario]
> **Sprint:** SPRINT_20260117_029_DOCS_runbook_coverage
> **Task:** RUN-001 - Runbook Template
## Metadata
| Field | Value |
|-------|-------|
| **Component** | [Module name: Scanner, Policy, Orchestrator, Attestor, etc.] |
| **Severity** | Critical / High / Medium / Low |
| **On-call scope** | [Who should be paged: Platform team, Security team, etc.] |
| **Last updated** | [YYYY-MM-DD] |
| **Doctor check** | [Check ID if applicable, e.g., `check.scanner.worker-health`] |
---
## Symptoms
Observable indicators that this failure is occurring:
- [ ] [Symptom 1: e.g., "Scan jobs stuck in pending state for >5 minutes"]
- [ ] [Symptom 2: e.g., "Error logs contain 'worker timeout exceeded'"]
- [ ] [Metric/alert that fires: e.g., "Alert `ScannerWorkerStuck` firing"]
---
## Impact
| Impact Type | Description |
|-------------|-------------|
| **User-facing** | [e.g., "New scans cannot complete, blocking CI/CD pipelines"] |
| **Data integrity** | [e.g., "No data loss, but stale scan results may be served"] |
| **SLA impact** | [e.g., "Scan latency SLO violated if not resolved within 15 minutes"] |
---
## Diagnosis
### Quick checks (< 2 minutes)
Run these first to confirm the failure:
1. **Check Doctor diagnostics:**
```bash
stella doctor --check [relevant-check-id]
```
2. **Check service status:**
```bash
stella [component] status
```
3. **Check recent logs:**
```bash
stella [component] logs --tail 50 --level error
```
### Deep diagnosis (if quick checks inconclusive)
1. **[Investigation step 1]:**
```bash
[command]
```
Expected output: [description]
If unexpected: [what it means]
2. **[Investigation step 2]:**
```bash
[command]
```
3. **Check related services:**
- Postgres connectivity: `stella doctor --check check.storage.postgres`
- Valkey connectivity: `stella doctor --check check.storage.valkey`
- Network connectivity: `stella doctor --check check.network.[target]`
---
## Resolution
### Immediate mitigation (restore service quickly)
Use these steps to restore service, even if root cause isn't fixed yet:
1. **[Mitigation step 1]:**
```bash
[command]
```
This will: [explanation]
2. **[Mitigation step 2]:**
```bash
[command]
```
### Root cause fix
Once service is restored, address the underlying issue:
1. **[Fix step 1]:**
```bash
[command]
```
2. **[Fix step 2]:**
```bash
[command]
```
3. **Verify fix is complete:**
```bash
stella doctor --check [relevant-check-id]
```
### Verification
Confirm the issue is fully resolved:
```bash
# Re-run the failing operation
stella [component] [test-command]
# Verify metrics are healthy
stella obs metrics --filter [component] --last 5m
# Verify no new errors in logs
stella [component] logs --tail 20 --level error
```
---
## Prevention
How to prevent this failure from recurring:
- [ ] **Monitoring:** [e.g., "Add alert for queue depth > 100"]
- [ ] **Configuration:** [e.g., "Increase worker count in high-volume environments"]
- [ ] **Code change:** [e.g., "Implement circuit breaker for external service calls"]
- [ ] **Documentation:** [e.g., "Update capacity planning guide"]
---
## Related Resources
- **Architecture doc:** [Link to relevant architecture documentation]
- **Related runbooks:** [Links to related failure scenarios]
- **Doctor check source:** [Link to Doctor check implementation]
- **Grafana dashboard:** [Link to relevant dashboard]
---
## Revision History
| Date | Author | Changes |
|------|--------|---------|
| YYYY-MM-DD | [Name] | Initial version |

2
docs/product/claims-index.md
View File

@@ -163,7 +163,7 @@ PENDING → VERIFIED → PUBLISHED
## Related Documentation
- [Benchmark Architecture](modules/benchmark/architecture.md)
- [Benchmark Architecture](../../docs-archived/modules/benchmark/architecture.md)
- [Sprint 7000.0001.0001 - Competitive Benchmarking](implplan/SPRINT_7000_0001_0001_competitive_benchmarking.md)
- [Testing Strategy](implplan/SPRINT_5100_0000_0000_epic_summary.md)

142
docs/qa/feature-checks/runs/2026-02-14_e2e_deep_verification.md
View File

@@ -1,142 +0,0 @@
# Deep E2E Verification Report — 2026-02-14
## Infrastructure
| Item | Status |
|------|--------|
| Docker containers running | 52 |
| Healthy web services | 37 |
| Unhealthy workers | 11 (timeline-indexer, taskrunner, notifier, packsregistry, doctor-scheduler, orchestrator, scheduler, excititor, export, riskengine, evidence-locker, smremote) |
| Crash-looping | 2 (findings-ledger-web SIGSEGV exit 139, dev-rekor exit 1) |
| Console nginx (test) | Healthy on 127.0.0.1:9999 |
| Gateway | Healthy (`{"status":"ok","started":true,"ready":true}`) |
| PostgreSQL | Healthy |
| Valkey | Healthy |
## Console nginx fixes applied
Two critical fixes were identified and applied to `devops/docker/Dockerfile.console`:
### Fix 1: Angular 19+ browser/ subdirectory
Angular 19+ outputs build artifacts to a `browser/` subdirectory inside the dist folder.
The Dockerfile was copying the entire dist directory, leaving the default nginx `index.html`
at the root, which took precedence over Angular's `browser/index.html`.
**Before:** `COPY --from=build /app/${DIST_DIR}/ /usr/share/nginx/html/`
**After:** `COPY --from=build /app/${DIST_DIR}/browser/ /usr/share/nginx/html/`
### Fix 2: envsettings.json URL rewriting
The Angular SPA fetches `/platform/envsettings.json` (not `/envsettings.json`).
The original Dockerfile only had a `location = /envsettings.json` block with sub_filter rules.
The `/platform/` proxy location passed the response through without URL rewriting, leaving
Docker-internal hostnames in the JSON, which caused CORS failures in the browser.
**Fix:** Added `location = /platform/envsettings.json` with comprehensive sub_filter rules
that rewrite all Docker-internal hostnames to relative paths, including authority issuer URLs.
### Fix 3: Full service proxy coverage
Added proxy locations for all services in the apiBaseUrls response (35+ services),
not just the original 13. This ensures all microservice API calls are routed through
the nginx reverse proxy.
## UI Route Verification
### Summary
| Category | Routes tested | Rendered OK | Redirect/Auth-required | Error |
|----------|--------------|-------------|----------------------|-------|
| Core Navigation | 11 | 8 | 3 | 0 |
| Release Orchestrator | 10 | 3 | 7 | 0 |
| Operations Continued | 8 | 5 | 3 | 0 |
| Security | 12 | 11 | 1 | 0 |
| Policy | 10 | 5 | 5 | 0 |
| Triage & Findings | 10 | 8 | 2 | 0 |
| Evidence & Proofs | 10 | 8 | 0 | 2 |
| AI, Workspaces & Admin | 12 | 9 | 3 | 0 |
| Utilities & Console | 10 | 7 | 0 | 3 |
| Scanner, Ops & QA | 8 | 6 | 0 | 2 |
| **TOTAL** | **~101** | **~70** | **~24** | **~7** |
Routes that redirect to `/welcome` require authentication (expected behavior).
Routes that error are due to nginx proxy locations colliding with SPA routes when
the backend service is unreachable (e.g., `/timeline`, `/graph`).
### Key pages verified with screenshots
1. `01-landing-page.png` — Initial SPA load (before CORS fix)
2. `02-control-plane-dashboard.png` — Control Plane with Releases/Approvals buttons
3. `03-qa-web-recheck.png` — QA Web Recheck Workbench with Quiet Lane
4. `04-security-overview.png` — Security Overview with severity counts
5. `05-login-page.png` — Login page with Sign In button
6. `06-security-overview.png` — Full security dashboard (2 Critical, 5 High, 12 Medium, 8 Low, 3 Reachable)
7. `07-security-findings.png` — Findings table with CVE details, reachability %, VEX status
8. `08-triage-canvas.png` — Triage Canvas with severity legend and filters
9. `09-setup-wizard.png` — Setup Wizard with mascot and connectivity form
10. `10-qa-web-recheck.png` — Feature Recheck Workbench with Quiet Lane + VEX Gate
## CLI Verification
All CLI command groups verified:
| Command | Status | Subcommands |
|---------|--------|-------------|
| `stella --version` | OK | `1.0.0+9ca2de05d` |
| `stella --help` | OK | 30+ command groups |
| `stella doctor run` | OK | 23 checks: 5 passed, 4 warnings, 1 failed (missing config), 11 skipped |
| `stella config show` | OK | Shows all config fields (backend URL, auth, scanner cache, etc.) |
| `stella scan --help` | OK | 10 subcommands (entrytrace, sarif, replay, gate-policy, layers, diff, delta, etc.) |
| `stella sbom --help` | OK | 6 subcommands (list, upload, show, compare, export, parity-matrix) |
| `stella policy --help` | OK | 27 subcommands (simulate, activate, lint, edit, test, new, compile, promote, etc.) |
| `stella verify --help` | OK | 8 subcommands (offline, image, bundle, release, attestation, vex, patch, sbom) |
| `stella evidence --help` | OK | 16 subcommands (export, verify, store, card, reindex, migrate, holds, audit, replay, proof, etc.) |
| `stella admin --help` | OK | 7 subcommands (policy, users, feeds, system, tenants, audit, diagnostics) |
| `stella proof --help` | OK | 2 subcommands (verify, spine) |
| `stella system --help` | OK | 3 subcommands (migrations-run, migrations-status, migrations-verify) |
| `stella reachability --help` | OK | 9 subcommands (show, export, trace, explain, witness, guards, graph, slice, witness-ops) |
| `stella vex --help` | OK | 9 subcommands (consensus, simulate, export, obs, explain, gen, gate-scan, verdict, unknowns) |
Additional commands verified:
| Command | Status | Subcommands |
|---------|--------|-------------|
| `stella release --help` | OK | 17+ subcommands (scanner, scan, image, ruby, php, python, bun, db, sources, aoc, auth, tenants, policy, tools, task-runner, findings, advise) |
| `stella notify --help` | OK | 6 subcommands (channels, rules, deliveries, simulate, send, ack) |
| `stella attest --help` | OK | 11 subcommands (sign, verify, list, show, fetch, key, bundle, attach, oci-list, oci-verify, link) |
| `stella image --help` | OK | 1 subcommand (inspect) |
| `stella auth --help` | OK | 6 subcommands (login, logout, status, whoami, revoke, token) |
| `stella sbom parity-matrix` | Expected error | Correctly requires STELLAOPS_BACKEND_URL |
Crypto providers loaded: default, cn.sm.soft, cn.sm.remote.http, pq.soft, fips.ecdsa.soft, eu.eidas.soft, kr.kcmvp.hash, sim.crypto.remote, ru.pkcs11
## API Verification
| Endpoint | HTTP Status | Notes |
|----------|-------------|-------|
| `GET /gateway/health` | 200 | `{"status":"ok","started":true,"ready":true}` |
| `GET /platform/envsettings.json` | 200 | Full JSON with rewritten URLs (all relative) |
| `GET /.well-known/openid-configuration` | 200 | Full OIDC discovery with 100+ scopes |
| `GET /jwks` | (proxied to authority HTTPS) | OIDC JWKS endpoint |
| `GET /platform/health` | 404 | Platform has no `/health` on this path |
| `GET /scanner/health` | 502 | Scanner service likely unhealthy or path mismatch |
| `GET /policy/api/health` | 500 | Policy gateway internal error |
| `GET /authority/health` | 404 | Authority health check not on this path |
| `GET /console/branding?tenantId=default` | 500 | Authority branding endpoint consistently fails |
| `GET /concelier/health` | 502 | Concelier service upstream issue |
Setup status: `"setup": "complete"` confirmed in envsettings.json.
## Files Modified
1. `devops/docker/Dockerfile.console` — Fixed Angular 19+ browser/ subdirectory COPY, added /platform/envsettings.json with full URL rewriting, added legacy /envsettings.json with URL rewriting
2. `devops/docker/console-nginx-override.conf` — Created comprehensive nginx config with all service proxies and URL rewriting (used for runtime testing via volume mount)
## Known Issues
1. **Console branding 500**: `/console/branding?tenantId=default` returns 500 from the authority service
2. **Findings Ledger crash-loop**: `stellaops-findings-ledger-web` crashes with SIGSEGV (exit 139)
3. **Rekor crash-loop**: `stellaops-dev-rekor` exits with code 1
4. **Worker health**: 11 worker containers report unhealthy (expected — workers lack HTTP health endpoints)
5. **Route/proxy collision**: SPA routes `/timeline`, `/graph`, `/integrations` collide with nginx proxy locations when the backend service is unreachable, causing nginx 502 instead of serving the SPA

38
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/evidence/command-results.json
View File

@@ -1,38 +0,0 @@
[
{
"name": "tier1-build-core",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-core.txt"
},
{
"name": "tier1-build-web",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-web.txt"
},
{
"name": "tier1-build-worker",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-worker.txt"
},
{
"name": "tier1-build-tests",
"command": "dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-tests.txt"
},
{
"name": "tier1-test-orchestrator",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter \"FullyQualifiedName~AdvisoryPipelineOrchestratorTests|FullyQualifiedName~AdvisoryPipelineExecutorTests|FullyQualifiedName~RunServiceTests|FullyQualifiedName~InMemoryRunStoreTests|FullyQualifiedName~ConversationServiceTests|FullyQualifiedName~AdvisoryChatIntentRouterTests|FullyQualifiedName~AdvisoryTaskWorkerTests\" -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-test-orchestrator.txt"
},
{
"name": "tier2-test-api-chat-endpoints",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter \"FullyQualifiedName~AdvisoryChatEndpointsIntegrationTests|FullyQualifiedName~RunServiceIntegrationTests\" -v normal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier2-test-api-chat-endpoints.txt"
}
]

88
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/evidence/tier1-build-core.txt
View File

@@ -1,88 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -v minimal
Determining projects to restore...
Restored C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj (in 224 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\StellaOps.Evidence.Pack.csproj (in 224 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj (in 163 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\StellaOps.OpsMemory.csproj (in 173 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj (in 161 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj (in 224 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj (in 245 ms).
41 of 48 projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\StellaOps.Evidence.Pack.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\StellaOps.OpsMemory.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\StellaOps.Configuration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\StellaOps.Cryptography.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:12.25

116
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/evidence/tier1-build-tests.txt
View File

@@ -1,116 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -v minimal
Determining projects to restore...
Restored C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj (in 567 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj (in 92 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\StellaOps.AdvisoryAI.Plugin.Unified.csproj (in 57 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Abstractions\StellaOps.Plugin.Abstractions.csproj (in 6 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\StellaOps.Plugin.Testing.csproj (in 11 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Sdk\StellaOps.Plugin.Sdk.csproj (in 9 ms).
71 of 77 projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\StellaOps.AdvisoryAI.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\StellaOps.Plugin.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\StellaOps.TestKit.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.VersionComparison -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.VersionComparison\bin\Debug\net10.0\StellaOps.VersionComparison.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.TestKit -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\bin\Debug\net10.0\StellaOps.TestKit.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Plugin.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Abstractions\bin\Debug\net10.0\StellaOps.Plugin.Abstractions.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Worker.Health -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\bin\Debug\net10.0\StellaOps.Worker.Health.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Provenance.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Provenance\StellaOps.Provenance.Attestation\bin\Debug\net10.0\StellaOps.Provenance.Attestation.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Plugin.Sdk -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Sdk\bin\Debug\net10.0\StellaOps.Plugin.Sdk.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.ProofService -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.ProofService\bin\Debug\net10.0\StellaOps.Concelier.ProofService.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Plugin.Testing -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\bin\Debug\net10.0\StellaOps.Plugin.Testing.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Infrastructure.Postgres -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.Postgres\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.dll
StellaOps.Infrastructure.EfCore -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.EfCore\bin\Debug\net10.0\StellaOps.Infrastructure.EfCore.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Infrastructure.Postgres.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Infrastructure.Postgres.Testing\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.Testing.dll
StellaOps.Provcache -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provcache\bin\Debug\net10.0\StellaOps.Provcache.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Concelier.Merge -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Merge\bin\Debug\net10.0\StellaOps.Concelier.Merge.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.Concelier.Persistence -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Persistence\bin\Debug\net10.0\StellaOps.Concelier.Persistence.dll
StellaOps.Concelier.Connector.Common -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Connector.Common\bin\Debug\net10.0\StellaOps.Concelier.Connector.Common.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.Concelier.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\bin\Debug\net10.0\StellaOps.Concelier.Testing.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Plugin.Unified.dll
StellaOps.AdvisoryAI.Scm.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Scm.Plugin.Unified.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
StellaOps.AdvisoryAI.Worker -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\bin\Debug\net10.0\StellaOps.AdvisoryAI.Worker.dll
StellaOps.AdvisoryAI.Tests -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:16.44

92
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/evidence/tier1-build-web.txt
View File

@@ -1,92 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -v minimal
Determining projects to restore...
Restored C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj (in 339 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj (in 272 ms).
55 of 57 projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\StellaOps.Determinism.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\StellaOps.Evidence.Pack.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\StellaOps.Router.AspNet.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\StellaOps.Auth.ServerIntegration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:09.30

86
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/evidence/tier1-build-worker.txt
View File

@@ -1,86 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj -v minimal
Determining projects to restore...
Restored C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\StellaOps.Worker.Health.csproj (in 95 ms).
Restored C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj (in 291 ms).
49 of 51 projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\StellaOps.Concelier.SbomIntegration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\StellaOps.Concelier.Normalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\StellaOps.Worker.Health.csproj]
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Worker.Health -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\bin\Debug\net10.0\StellaOps.Worker.Health.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.Worker -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\bin\Debug\net10.0\StellaOps.AdvisoryAI.Worker.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:06.75

108
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/evidence/tier1-test-orchestrator.txt
View File

@@ -1,108 +0,0 @@

### COMMAND
dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter "FullyQualifiedName~AdvisoryPipelineOrchestratorTests|FullyQualifiedName~AdvisoryPipelineExecutorTests|FullyQualifiedName~RunServiceTests|FullyQualifiedName~InMemoryRunStoreTests|FullyQualifiedName~ConversationServiceTests|FullyQualifiedName~AdvisoryChatIntentRouterTests|FullyQualifiedName~AdvisoryTaskWorkerTests" -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\StellaOps.AdvisoryAI.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\StellaOps.Plugin.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\StellaOps.TestKit.csproj]
StellaOps.Worker.Health -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\bin\Debug\net10.0\StellaOps.Worker.Health.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Infrastructure.EfCore -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.EfCore\bin\Debug\net10.0\StellaOps.Infrastructure.EfCore.dll
StellaOps.Infrastructure.Postgres -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.Postgres\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Plugin.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Abstractions\bin\Debug\net10.0\StellaOps.Plugin.Abstractions.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.VersionComparison -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.VersionComparison\bin\Debug\net10.0\StellaOps.VersionComparison.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Infrastructure.Postgres.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Infrastructure.Postgres.Testing\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.Testing.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Provenance.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Provenance\StellaOps.Provenance.Attestation\bin\Debug\net10.0\StellaOps.Provenance.Attestation.dll
StellaOps.TestKit -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\bin\Debug\net10.0\StellaOps.TestKit.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.ProofService -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.ProofService\bin\Debug\net10.0\StellaOps.Concelier.ProofService.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Plugin.Sdk -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Sdk\bin\Debug\net10.0\StellaOps.Plugin.Sdk.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Plugin.Testing -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\bin\Debug\net10.0\StellaOps.Plugin.Testing.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Provcache -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provcache\bin\Debug\net10.0\StellaOps.Provcache.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Concelier.Merge -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Merge\bin\Debug\net10.0\StellaOps.Concelier.Merge.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Concelier.Persistence -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Persistence\bin\Debug\net10.0\StellaOps.Concelier.Persistence.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.Concelier.Connector.Common -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Connector.Common\bin\Debug\net10.0\StellaOps.Concelier.Connector.Common.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.Concelier.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\bin\Debug\net10.0\StellaOps.Concelier.Testing.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.Scm.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Scm.Plugin.Unified.dll
StellaOps.AdvisoryAI.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Plugin.Unified.dll
StellaOps.AdvisoryAI.Worker -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\bin\Debug\net10.0\StellaOps.AdvisoryAI.Worker.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
StellaOps.AdvisoryAI.Tests -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll
C:\dev\New folder\git.stella-ops.org\.nuget\packages\microsoft.testing.platform.msbuild\1.9.1\buildMultiTargeting\Microsoft.Testing.Platform.MSBuild.targets(376,5): warning MTP0001: VSTest-specific properties are set but will be ignored when using Microsoft.Testing.Platform. The following properties are set: VSTestTestCaseFilter; . [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
Run tests: 'C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll' [net10.0|x64]
Passed! - Failed: 0, Passed: 572, Skipped: 0, Total: 572, Duration: 6s 842ms - StellaOps.AdvisoryAI.Tests.dll (net10.0|x64)
Tests succeeded: 'C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll' [net10.0|x64]

1793
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/evidence/tier2-test-api-chat-endpoints.txt
View File

File diff suppressed because it is too large Load Diff

77
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/tier0-source-check.json
View File

@@ -1,77 +0,0 @@
{
"type": "source",
"module": "advisoryai",
"feature": "advisoryai-orchestrator",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T11:04:55.5311979Z",
"filesChecked": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Orchestration/AdvisoryPipelineOrchestrator.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Execution/AdvisoryPipelineExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/Services/AdvisoryChatService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/ConversationService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Runs/RunService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Runs/InMemoryRunStore.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/Routing/AdvisoryChatIntentRouter.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/ChatEndpoints.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/RunEndpoints.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/Services/AdvisoryTaskWorker.cs"
],
"found": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Orchestration/AdvisoryPipelineOrchestrator.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Execution/AdvisoryPipelineExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/Services/AdvisoryChatService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/ConversationService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Runs/RunService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Runs/InMemoryRunStore.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/Routing/AdvisoryChatIntentRouter.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/ChatEndpoints.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/RunEndpoints.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/Services/AdvisoryTaskWorker.cs"
],
"missing": [
],
"declarationChecks": [
{
"pattern": "class AdvisoryPipelineOrchestrator",
"found": true,
"sample": "17:internal sealed class AdvisoryPipelineOrchestrator : IAdvisoryPipelineOrchestrator"
},
{
"pattern": "class AdvisoryPipelineExecutor",
"found": true,
"sample": "25:internal sealed class AdvisoryPipelineExecutor : IAdvisoryPipelineExecutor"
},
{
"pattern": "class AdvisoryChatService",
"found": true,
"sample": "185:internal sealed class AdvisoryChatService : IAdvisoryChatService"
},
{
"pattern": "class ConversationService",
"found": true,
"sample": "19:public sealed class ConversationService : IConversationService"
},
{
"pattern": "class RunService",
"found": true,
"sample": "18:internal sealed class RunService : IRunService"
},
{
"pattern": "class InMemoryRunStore",
"found": true,
"sample": "14:public sealed class InMemoryRunStore : IRunStore"
},
{
"pattern": "class AdvisoryChatIntentRouter",
"found": true,
"sample": "123:internal sealed partial class AdvisoryChatIntentRouter : IAdvisoryChatIntentRouter"
},
{
"pattern": "class AdvisoryTaskWorker",
"found": true,
"sample": "14:public class AdvisoryTaskWorker : BackgroundService"
}
],
"verdict": "pass"
}

67
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/tier1-build-check.json
View File

@@ -1,67 +0,0 @@
{
"type": "build",
"module": "advisoryai",
"feature": "advisoryai-orchestrator",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T11:07:47.1327948Z",
"projects": [
{
"exitCode": 0,
"evidence": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-core.txt",
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj",
"buildResult": "pass"
},
{
"exitCode": 0,
"evidence": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-web.txt",
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj",
"buildResult": "pass"
},
{
"exitCode": 0,
"evidence": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-worker.txt",
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj",
"buildResult": "pass"
},
{
"exitCode": 0,
"evidence": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-build-tests.txt",
"project": "src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj",
"buildResult": "pass"
}
],
"tests": {
"passed": 572,
"exitCode": 0,
"failed": 0,
"total": 572,
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter \"FullyQualifiedName~AdvisoryPipelineOrchestratorTests|FullyQualifiedName~AdvisoryPipelineExecutorTests|FullyQualifiedName~RunServiceTests|FullyQualifiedName~InMemoryRunStoreTests|FullyQualifiedName~ConversationServiceTests|FullyQualifiedName~AdvisoryChatIntentRouterTests|FullyQualifiedName~AdvisoryTaskWorkerTests\" -v minimal",
"skipped": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier1-test-orchestrator.txt"
},
"codeReview": {
"verdict": "pass",
"reviewedFiles": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Orchestration/AdvisoryPipelineOrchestrator.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Execution/AdvisoryPipelineExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/Services/AdvisoryChatService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/ConversationService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Runs/RunService.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/ChatEndpoints.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/RunEndpoints.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/Services/AdvisoryTaskWorker.cs"
],
"reviewedTests": [
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryPipelineOrchestratorTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryPipelineExecutorTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/RunServiceTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Chat/ConversationServiceTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Chat/AdvisoryChatIntentRouterTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Worker/AdvisoryTaskWorkerTests.cs"
]
},
"warnings": [
"MTP0001: VSTestTestCaseFilter ignored by Microsoft.Testing.Platform; tier1 test command executed full test assembly."
],
"verdict": "pass"
}

77
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/tier2-api-check.json
View File

@@ -1,77 +0,0 @@
{
"type": "api",
"module": "advisoryai",
"feature": "advisoryai-orchestrator",
"runId": "run-001",
"baseUrl": "in-memory TestServer",
"capturedAtUtc": "2026-02-11T11:07:47.2531804Z",
"command": {
"value": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter \"FullyQualifiedName~AdvisoryChatEndpointsIntegrationTests|FullyQualifiedName~RunServiceIntegrationTests\" -v normal",
"passed": 572,
"exitCode": 0,
"failed": 0,
"total": 572,
"skipped": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-orchestrator\\run-001\\evidence\\tier2-test-api-chat-endpoints.txt"
},
"requests": [
{
"result": "pass",
"method": "POST",
"expectedStatus": 200,
"description": "POST /api/v1/chat/query valid request returns OK",
"actualStatus": 200,
"requestCapturedAtUtc": "2026-02-11T11:07:47.2531804Z",
"path": "/api/v1/chat/query",
"evidence": "AdvisoryChatEndpointsIntegrationTests.PostQuery_ValidRequest_ReturnsOk"
},
{
"result": "pass",
"method": "POST",
"expectedStatus": 400,
"description": "POST /api/v1/chat/query empty query returns BadRequest",
"actualStatus": 400,
"requestCapturedAtUtc": "2026-02-11T11:07:47.2531804Z",
"path": "/api/v1/chat/query",
"evidence": "AdvisoryChatEndpointsIntegrationTests.PostQuery_EmptyQuery_ReturnsBadRequest"
},
{
"result": "pass",
"method": "POST",
"expectedStatus": 200,
"description": "POST /api/v1/chat/intent resolves intent",
"actualStatus": 200,
"requestCapturedAtUtc": "2026-02-11T11:07:47.2531804Z",
"path": "/api/v1/chat/intent",
"evidence": "AdvisoryChatEndpointsIntegrationTests.PostIntent_ValidRequest_ReturnsIntent"
},
{
"result": "pass",
"method": "POST",
"expectedStatus": 200,
"description": "POST /api/v1/chat/evidence-preview returns preview",
"actualStatus": 200,
"requestCapturedAtUtc": "2026-02-11T11:07:47.2531804Z",
"path": "/api/v1/chat/evidence-preview",
"evidence": "AdvisoryChatEndpointsIntegrationTests.PostEvidencePreview_ValidRequest_ReturnsPreview"
},
{
"result": "pass",
"method": "GET",
"expectedStatus": 200,
"description": "GET /api/v1/chat/status returns enabled status",
"actualStatus": 200,
"requestCapturedAtUtc": "2026-02-11T11:07:47.2531804Z",
"path": "/api/v1/chat/status",
"evidence": "AdvisoryChatEndpointsIntegrationTests.GetStatus_ReturnsStatus"
}
],
"behaviorVerified": [
"Conversation and run orchestration lifecycle validated by RunServiceIntegrationTests (create, turns, approval, execution, completion, attestation).",
"Tenant isolation and deterministic content digest behavior validated in RunServiceIntegrationTests."
],
"warnings": [
"MTP0001: VSTestTestCaseFilter ignored by Microsoft.Testing.Platform; tier2 command executed full test assembly, but endpoint integration assertions are included and passing."
],
"verdict": "pass"
}

26
docs/qa/feature-checks/runs/advisoryai/advisoryai-orchestrator/run-001/tier2-integration-check.json
View File

@@ -1,26 +0,0 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T14:30:00Z",
"feature": "advisoryai-orchestrator",
"module": "advisoryai",
"testProject": "src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj",
"testFilter": "AdvisoryPipelineOrchestratorTests, AdvisoryPipelineExecutorTests, AdvisoryPipelinePlanResponseTests, ConversationServiceTests, RunServiceTests, InMemoryRunStoreTests, AdvisoryChatIntentRouterTests, AdvisoryTaskWorkerTests, RunServiceIntegrationTests",
"testsRun": 575,
"testsPassed": 575,
"testsFailed": 0,
"behaviorVerified": [
"AdvisoryPipelineOrchestrator creates and executes task plans (6 tests)",
"AdvisoryPipelineExecutor executes pipeline stages with guardrail checks (5 tests)",
"AdvisoryPipelinePlanResponse returns structured plan responses (1 test)",
"ConversationService maintains conversation context across messages (19 tests)",
"RunService tracks runs with artifacts and events (18 tests)",
"InMemoryRunStore persists run data correctly (15 tests)",
"AdvisoryChatIntentRouter routes intents to correct handlers (16 tests)",
"AdvisoryTaskWorker processes queued tasks (2 tests)",
"RunServiceIntegration end-to-end run lifecycle (13 tests)"
],
"warnings": [
"MTP0001: VSTestTestCaseFilter ignored by Microsoft.Testing.Platform; full test assembly executed (575 total)"
],
"verdict": "pass"
}

38
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/evidence/command-results.json
View File

@@ -1,38 +0,0 @@
[
{
"name": "tier1-build-core",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-pipeline-with-guardrails\\run-001\\evidence\\tier1-build-core.txt"
},
{
"name": "tier1-build-hosting",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/StellaOps.AdvisoryAI.Hosting.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-pipeline-with-guardrails\\run-001\\evidence\\tier1-build-hosting.txt"
},
{
"name": "tier1-build-web",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-pipeline-with-guardrails\\run-001\\evidence\\tier1-build-web.txt"
},
{
"name": "tier1-build-tests",
"command": "dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-pipeline-with-guardrails\\run-001\\evidence\\tier1-build-tests.txt"
},
{
"name": "tier1-test-pipeline-classes",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter \"FullyQualifiedName~AdvisoryGuardrailPipelineTests|FullyQualifiedName~AdvisoryPipelineExecutorTests|FullyQualifiedName~AdvisoryPipelineOrchestratorTests|FullyQualifiedName~AdvisoryGuardrailOptionsBindingTests|FullyQualifiedName~AdvisoryStructuredRetrieverTests|FullyQualifiedName~AdvisoryVectorRetrieverTests|FullyQualifiedName~SbomContextRetrieverTests\" -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-pipeline-with-guardrails\\run-001\\evidence\\tier1-test-pipeline-classes.txt"
},
{
"name": "tier2-test-pipeline-behavior",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter \"FullyQualifiedName~AdvisoryGuardrailInjectionTests|FullyQualifiedName~AdvisoryPipelineExecutorTests|FullyQualifiedName~AdvisoryPipelineOrchestratorTests|FullyQualifiedName~AdvisoryStructuredRetrieverTests|FullyQualifiedName~AdvisoryVectorRetrieverTests|FullyQualifiedName~SbomContextRetrieverTests\" -v normal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\advisoryai-pipeline-with-guardrails\\run-001\\evidence\\tier2-test-pipeline-behavior.txt"
}
]

82
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/evidence/tier1-build-core.txt
View File

@@ -1,82 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\StellaOps.Evidence.Pack.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\StellaOps.Cryptography.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\StellaOps.OpsMemory.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:04.04

83
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/evidence/tier1-build-hosting.txt
View File

@@ -1,83 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/StellaOps.AdvisoryAI.Hosting.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\StellaOps.Concelier.SbomIntegration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\StellaOps.Concelier.Normalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\StellaOps.Concelier.SourceIntel.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\StellaOps.Configuration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:05.29

111
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/evidence/tier1-build-tests.txt
View File

@@ -1,111 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\StellaOps.TestKit.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\StellaOps.Plugin.Testing.csproj]
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Plugin.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Abstractions\bin\Debug\net10.0\StellaOps.Plugin.Abstractions.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Worker.Health -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\bin\Debug\net10.0\StellaOps.Worker.Health.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Plugin.Sdk -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Sdk\bin\Debug\net10.0\StellaOps.Plugin.Sdk.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.VersionComparison -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.VersionComparison\bin\Debug\net10.0\StellaOps.VersionComparison.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Infrastructure.Postgres -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.Postgres\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.dll
StellaOps.TestKit -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\bin\Debug\net10.0\StellaOps.TestKit.dll
StellaOps.Infrastructure.EfCore -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.EfCore\bin\Debug\net10.0\StellaOps.Infrastructure.EfCore.dll
StellaOps.Provenance.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Provenance\StellaOps.Provenance.Attestation\bin\Debug\net10.0\StellaOps.Provenance.Attestation.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Plugin.Testing -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\bin\Debug\net10.0\StellaOps.Plugin.Testing.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Infrastructure.Postgres.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Infrastructure.Postgres.Testing\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.Testing.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Provcache -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provcache\bin\Debug\net10.0\StellaOps.Provcache.dll
StellaOps.Concelier.ProofService -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.ProofService\bin\Debug\net10.0\StellaOps.Concelier.ProofService.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Concelier.Merge -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Merge\bin\Debug\net10.0\StellaOps.Concelier.Merge.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Concelier.Persistence -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Persistence\bin\Debug\net10.0\StellaOps.Concelier.Persistence.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.Concelier.Connector.Common -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Connector.Common\bin\Debug\net10.0\StellaOps.Concelier.Connector.Common.dll
StellaOps.Concelier.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\bin\Debug\net10.0\StellaOps.Concelier.Testing.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.Scm.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Scm.Plugin.Unified.dll
StellaOps.AdvisoryAI.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Plugin.Unified.dll
StellaOps.AdvisoryAI.Worker -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\bin\Debug\net10.0\StellaOps.AdvisoryAI.Worker.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
StellaOps.AdvisoryAI.Tests -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:07.80

91
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/evidence/tier1-build-web.txt
View File

@@ -1,91 +0,0 @@

### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\StellaOps.Router.AspNet.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\StellaOps.Auth.ServerIntegration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\StellaOps.Evidence.Pack.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\StellaOps.Determinism.Abstractions.csproj]
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:05.81

109
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/evidence/tier1-test-pipeline-classes.txt
View File

@@ -1,109 +0,0 @@

### COMMAND
dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter "FullyQualifiedName~AdvisoryGuardrailPipelineTests|FullyQualifiedName~AdvisoryPipelineExecutorTests|FullyQualifiedName~AdvisoryPipelineOrchestratorTests|FullyQualifiedName~AdvisoryGuardrailOptionsBindingTests|FullyQualifiedName~AdvisoryStructuredRetrieverTests|FullyQualifiedName~AdvisoryVectorRetrieverTests|FullyQualifiedName~SbomContextRetrieverTests" -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\StellaOps.AdvisoryAI.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\StellaOps.Plugin.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\StellaOps.TestKit.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj]
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Plugin.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Abstractions\bin\Debug\net10.0\StellaOps.Plugin.Abstractions.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Infrastructure.EfCore -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.EfCore\bin\Debug\net10.0\StellaOps.Infrastructure.EfCore.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.VersionComparison -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.VersionComparison\bin\Debug\net10.0\StellaOps.VersionComparison.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Infrastructure.Postgres -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.Postgres\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Plugin.Sdk -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Sdk\bin\Debug\net10.0\StellaOps.Plugin.Sdk.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Infrastructure.Postgres.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Infrastructure.Postgres.Testing\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.Testing.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.TestKit -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\bin\Debug\net10.0\StellaOps.TestKit.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Plugin.Testing -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\bin\Debug\net10.0\StellaOps.Plugin.Testing.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Worker.Health -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\bin\Debug\net10.0\StellaOps.Worker.Health.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Provenance.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Provenance\StellaOps.Provenance.Attestation\bin\Debug\net10.0\StellaOps.Provenance.Attestation.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Provcache -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provcache\bin\Debug\net10.0\StellaOps.Provcache.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.ProofService -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.ProofService\bin\Debug\net10.0\StellaOps.Concelier.ProofService.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Concelier.Merge -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Merge\bin\Debug\net10.0\StellaOps.Concelier.Merge.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.Concelier.Persistence -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Persistence\bin\Debug\net10.0\StellaOps.Concelier.Persistence.dll
StellaOps.Concelier.Connector.Common -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Connector.Common\bin\Debug\net10.0\StellaOps.Concelier.Connector.Common.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.Concelier.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\bin\Debug\net10.0\StellaOps.Concelier.Testing.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.Scm.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Scm.Plugin.Unified.dll
StellaOps.AdvisoryAI.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Plugin.Unified.dll
StellaOps.AdvisoryAI.Worker -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\bin\Debug\net10.0\StellaOps.AdvisoryAI.Worker.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
StellaOps.AdvisoryAI.Tests -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll
C:\dev\New folder\git.stella-ops.org\.nuget\packages\microsoft.testing.platform.msbuild\1.9.1\buildMultiTargeting\Microsoft.Testing.Platform.MSBuild.targets(376,5): warning MTP0001: VSTest-specific properties are set but will be ignored when using Microsoft.Testing.Platform. The following properties are set: VSTestTestCaseFilter; . [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
Run tests: 'C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll' [net10.0|x64]
Passed! - Failed: 0, Passed: 572, Skipped: 0, Total: 572, Duration: 5s 864ms - StellaOps.AdvisoryAI.Tests.dll (net10.0|x64)
Tests succeeded: 'C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll' [net10.0|x64]

1792
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/evidence/tier2-test-pipeline-behavior.txt
View File

File diff suppressed because it is too large Load Diff

95
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/tier0-source-check.json
View File

@@ -1,95 +0,0 @@
{
"type": "source",
"module": "advisoryai",
"feature": "advisoryai-pipeline-with-guardrails",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T11:32:51.9956120Z",
"filesChecked": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Guardrails/AdvisoryGuardrailPipeline.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Orchestration/AdvisoryPipelineOrchestrator.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Execution/AdvisoryPipelineExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/AdvisoryStructuredRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/AdvisoryVectorRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/SbomContextRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/GuardrailAllowlistLoader.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/GuardrailPhraseLoader.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/AdvisoryAiGuardrailOptions.cs"
],
"found": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Guardrails/AdvisoryGuardrailPipeline.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Orchestration/AdvisoryPipelineOrchestrator.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Execution/AdvisoryPipelineExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/AdvisoryStructuredRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/AdvisoryVectorRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/SbomContextRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/GuardrailAllowlistLoader.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/GuardrailPhraseLoader.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/AdvisoryAiGuardrailOptions.cs"
],
"missing": [
],
"declarationChecks": [
{
"pattern": "class AdvisoryGuardrailPipeline",
"found": true,
"sample": "67:internal sealed class AdvisoryGuardrailPipeline : IAdvisoryGuardrailPipeline"
},
{
"pattern": "class AdvisoryPipelineOrchestrator",
"found": true,
"sample": "17:internal sealed class AdvisoryPipelineOrchestrator : IAdvisoryPipelineOrchestrator"
},
{
"pattern": "class AdvisoryPipelineExecutor",
"found": true,
"sample": "25:internal sealed class AdvisoryPipelineExecutor : IAdvisoryPipelineExecutor"
},
{
"pattern": "class AdvisoryStructuredRetriever",
"found": true,
"sample": "11:internal sealed class AdvisoryStructuredRetriever : IAdvisoryStructuredRetriever"
},
{
"pattern": "class AdvisoryVectorRetriever",
"found": true,
"sample": "6:internal sealed class AdvisoryVectorRetriever : IAdvisoryVectorRetriever"
},
{
"pattern": "class SbomContextRetriever",
"found": true,
"sample": "16:internal sealed class SbomContextRetriever : ISbomContextRetriever"
},
{
"pattern": "class ActionExecutor",
"found": true,
"sample": "16:internal sealed class ActionExecutor : IActionExecutor"
},
{
"pattern": "class IdempotencyHandler",
"found": true,
"sample": "20:internal sealed class IdempotencyHandler : IIdempotencyHandler"
},
{
"pattern": "class GuardrailAllowlistLoader",
"found": true,
"sample": "9:internal static class GuardrailAllowlistLoader"
},
{
"pattern": "class GuardrailPhraseLoader",
"found": true,
"sample": "8:internal static class GuardrailPhraseLoader"
},
{
"pattern": "class AdvisoryAiGuardrailOptions",
"found": true,
"sample": "5:public sealed class AdvisoryAiGuardrailOptions"
}
],
"missingRatio": 0,
"verdict": "pass"
}

74
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/tier1-build-check.json
View File

@@ -1,74 +0,0 @@
{
"type": "build",
"module": "advisoryai",
"feature": "advisoryai-pipeline-with-guardrails",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T11:40:39.8227350Z",
"projects": [
{
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\advisoryai-pipeline-with-guardrails\\\\run-001\\\\evidence\\\\tier1-build-core.txt"
},
{
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/StellaOps.AdvisoryAI.Hosting.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\advisoryai-pipeline-with-guardrails\\\\run-001\\\\evidence\\\\tier1-build-hosting.txt"
},
{
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\advisoryai-pipeline-with-guardrails\\\\run-001\\\\evidence\\\\tier1-build-web.txt"
},
{
"project": "src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\advisoryai-pipeline-with-guardrails\\\\run-001\\\\evidence\\\\tier1-build-tests.txt"
}
],
"tests": {
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter \"FullyQualifiedName~AdvisoryGuardrailPipelineTests|FullyQualifiedName~AdvisoryPipelineExecutorTests|FullyQualifiedName~AdvisoryPipelineOrchestratorTests|FullyQualifiedName~AdvisoryGuardrailOptionsBindingTests|FullyQualifiedName~AdvisoryStructuredRetrieverTests|FullyQualifiedName~AdvisoryVectorRetrieverTests|FullyQualifiedName~SbomContextRetrieverTests\" -v minimal",
"exitCode": 0,
"failed": 0,
"passed": 572,
"skipped": 0,
"total": 572,
"log": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\advisoryai-pipeline-with-guardrails\\\\run-001\\\\evidence\\\\tier1-test-pipeline-classes.txt"
},
"codeReview": {
"verdict": "pass",
"reviewedFiles": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Guardrails/AdvisoryGuardrailPipeline.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Execution/AdvisoryPipelineExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Orchestration/AdvisoryPipelineOrchestrator.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/AdvisoryStructuredRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/AdvisoryVectorRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Retrievers/SbomContextRetriever.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/GuardrailAllowlistLoader.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/GuardrailPhraseLoader.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/AdvisoryAiGuardrailOptions.cs"
],
"reviewedTests": [
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryGuardrailPipelineTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryGuardrailInjectionTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryPipelineExecutorTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryPipelineOrchestratorTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryStructuredRetrieverTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryVectorRetrieverTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/SbomContextRetrieverTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionExecutorTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/IdempotencyHandlerTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/AdvisoryGuardrailOptionsBindingTests.cs"
]
},
"warnings": [
"MTP0001: VSTestTestCaseFilter ignored by Microsoft.Testing.Platform; tier commands executed full test assembly."
],
"verdict": "pass"
}

26
docs/qa/feature-checks/runs/advisoryai/advisoryai-pipeline-with-guardrails/run-001/tier2-integration-check.json
View File

@@ -1,26 +0,0 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T14:30:00Z",
"feature": "advisoryai-pipeline-with-guardrails",
"module": "advisoryai",
"testProject": "src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj",
"testFilter": "AdvisoryGuardrailPipelineTests, AdvisoryGuardrailInjectionTests, AdvisoryGuardrailOptionsBindingTests, AdvisoryGuardrailPerformanceTests, AdvisoryStructuredRetrieverTests, AdvisoryVectorRetrieverTests, SbomContextRetrieverTests, ActionExecutorTests, IdempotencyHandlerTests",
"testsRun": 575,
"testsPassed": 575,
"testsFailed": 0,
"behaviorVerified": [
"AdvisoryGuardrailPipeline filters prohibited content (2 tests)",
"AdvisoryGuardrailInjection injects guardrails into pipeline (1 test)",
"AdvisoryGuardrailOptionsBinding loads configuration (3 tests)",
"AdvisoryGuardrailPerformance validates pipeline performance (2 tests)",
"AdvisoryStructuredRetriever returns relevant CVE/advisory data (4 tests)",
"AdvisoryVectorRetriever performs semantic search (1 test)",
"SbomContextRetriever enriches prompts with SBOM context (4 tests)",
"ActionExecutor executes approved actions (8 tests)",
"IdempotencyHandler prevents duplicate action execution (11 tests)"
],
"warnings": [
"MTP0001: VSTestTestCaseFilter ignored by Microsoft.Testing.Platform; full test assembly executed (575 total)"
],
"verdict": "pass"
}

38
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/command-results.json
View File

@@ -1,38 +0,0 @@
[
{
"name": "tier1-build-core",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-core.txt"
},
{
"name": "tier1-build-hosting",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/StellaOps.AdvisoryAI.Hosting.csproj -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-hosting.txt"
},
{
"name": "tier1-build-web",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-web.txt"
},
{
"name": "tier1-build-tests",
"command": "dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-tests.txt"
},
{
"name": "tier1-test-action-policy",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter FullyQualifiedName~ActionPolicyGateTests|FullyQualifiedName~ActionExecutorTests|FullyQualifiedName~ActionRegistryTests|FullyQualifiedName~IdempotencyHandlerTests -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-test-action-policy.txt"
},
{
"name": "tier2-test-action-behavior",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter FullyQualifiedName~ActionPolicyGateTests|FullyQualifiedName~ActionExecutorTests|FullyQualifiedName~ActionRegistryTests|FullyQualifiedName~IdempotencyHandlerTests -v normal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier2-test-action-behavior.txt"
}
]

79
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-core.txt
View File

@@ -1,79 +0,0 @@
### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\StellaOps.OpsMemory.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\StellaOps.Cryptography.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\StellaOps.Configuration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\StellaOps.Evidence.Pack.csproj]
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:03.69

80
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-hosting.txt
View File

@@ -1,80 +0,0 @@
### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/StellaOps.AdvisoryAI.Hosting.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\StellaOps.Configuration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\StellaOps.Concelier.Normalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\StellaOps.Canonicalization.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\StellaOps.Concelier.SbomIntegration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\StellaOps.Concelier.SourceIntel.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:03.54

108
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-tests.txt
View File

@@ -1,108 +0,0 @@
### COMMAND
dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\StellaOps.TestKit.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\StellaOps.Plugin.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\StellaOps.AdvisoryAI.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj]
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Plugin.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Abstractions\bin\Debug\net10.0\StellaOps.Plugin.Abstractions.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Plugin.Sdk -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Sdk\bin\Debug\net10.0\StellaOps.Plugin.Sdk.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.VersionComparison -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.VersionComparison\bin\Debug\net10.0\StellaOps.VersionComparison.dll
StellaOps.Infrastructure.EfCore -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.EfCore\bin\Debug\net10.0\StellaOps.Infrastructure.EfCore.dll
StellaOps.Worker.Health -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\bin\Debug\net10.0\StellaOps.Worker.Health.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Infrastructure.Postgres -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.Postgres\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Provenance.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Provenance\StellaOps.Provenance.Attestation\bin\Debug\net10.0\StellaOps.Provenance.Attestation.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.TestKit -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\bin\Debug\net10.0\StellaOps.TestKit.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Provcache -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provcache\bin\Debug\net10.0\StellaOps.Provcache.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Infrastructure.Postgres.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Infrastructure.Postgres.Testing\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.Testing.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Plugin.Testing -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\bin\Debug\net10.0\StellaOps.Plugin.Testing.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Concelier.ProofService -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.ProofService\bin\Debug\net10.0\StellaOps.Concelier.ProofService.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.Merge -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Merge\bin\Debug\net10.0\StellaOps.Concelier.Merge.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Concelier.Persistence -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Persistence\bin\Debug\net10.0\StellaOps.Concelier.Persistence.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.Concelier.Connector.Common -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Connector.Common\bin\Debug\net10.0\StellaOps.Concelier.Connector.Common.dll
StellaOps.AdvisoryAI.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Plugin.Unified.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.Scm.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Scm.Plugin.Unified.dll
StellaOps.Concelier.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\bin\Debug\net10.0\StellaOps.Concelier.Testing.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
StellaOps.AdvisoryAI.Worker -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\bin\Debug\net10.0\StellaOps.AdvisoryAI.Worker.dll
StellaOps.AdvisoryAI.Tests -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:06.61

88
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-build-web.txt
View File

@@ -1,88 +0,0 @@
### COMMAND
dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\StellaOps.Evidence.Pack.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\StellaOps.Auth.ServerIntegration.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\StellaOps.Determinism.Abstractions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\StellaOps.Concelier.Interest.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\StellaOps.AdvisoryAI.Hosting.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\StellaOps.Concelier.Cache.Valkey.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\StellaOps.Router.AspNet.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\StellaOps.Canonical.Json.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:04.34

106
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier1-test-action-policy.txt
View File

@@ -1,106 +0,0 @@
### COMMAND
dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter FullyQualifiedName~ActionPolicyGateTests|FullyQualifiedName~ActionExecutorTests|FullyQualifiedName~ActionRegistryTests|FullyQualifiedName~IdempotencyHandlerTests -v minimal
Determining projects to restore...
All projects are up-to-date for restore.
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\StellaOps.Attestor.StandardPredicates.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\StellaOps.Concelier.RawModels.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\StellaOps.AdvisoryAI.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\StellaOps.AdvisoryAI.Plugin.Unified.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\StellaOps.Attestation.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\StellaOps.AspNet.Extensions.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\StellaOps.AdvisoryAI.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\StellaOps.Aoc.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\StellaOps.Plugin.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\StellaOps.Attestor.ProofChain.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\StellaOps.AdvisoryAI.Worker.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\StellaOps.AdvisoryAI.WebService.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj]
C:\Program Files\dotnet\sdk\10.0.200-preview.0.26103.119\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(383,5): message NETSDK1057: You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\StellaOps.TestKit.csproj]
StellaOps.Concelier.RawModels -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.RawModels\bin\Debug\net10.0\StellaOps.Concelier.RawModels.dll
StellaOps.AirGap.Policy -> C:\dev\New folder\git.stella-ops.org\src\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\bin\Debug\net10.0\StellaOps.AirGap.Policy.dll
StellaOps.AdvisoryAI.Attestation -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AdvisoryAI.Attestation\bin\Debug\net10.0\StellaOps.AdvisoryAI.Attestation.dll
StellaOps.Aoc -> C:\dev\New folder\git.stella-ops.org\src\Aoc\__Libraries\StellaOps.Aoc\bin\Debug\net10.0\StellaOps.Aoc.dll
StellaOps.Feedser.BinaryAnalysis -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.BinaryAnalysis\bin\Debug\net10.0\StellaOps.Feedser.BinaryAnalysis.dll
StellaOps.Plugin.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Abstractions\bin\Debug\net10.0\StellaOps.Plugin.Abstractions.dll
StellaOps.Settings -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Settings\bin\Debug\net10.0\StellaOps.Settings.dll
StellaOps.Feedser.Core -> C:\dev\New folder\git.stella-ops.org\src\Feedser\StellaOps.Feedser.Core\bin\Debug\net10.0\StellaOps.Feedser.Core.dll
StellaOps.Facet -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Facet\bin\Debug\net10.0\StellaOps.Facet.dll
StellaOps.Auth.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.Abstractions\bin\Debug\net10.0\StellaOps.Auth.Abstractions.dll
StellaOps.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.DependencyInjection\bin\Debug\net10.0\StellaOps.DependencyInjection.dll
StellaOps.VersionComparison -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.VersionComparison\bin\Debug\net10.0\StellaOps.VersionComparison.dll
StellaOps.Determinism.Abstractions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Determinism.Abstractions\bin\Debug\net10.0\StellaOps.Determinism.Abstractions.dll
StellaOps.Concelier.SourceIntel -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SourceIntel\bin\Debug\net10.0\StellaOps.Concelier.SourceIntel.dll
StellaOps.Router.Common -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.Common\bin\Debug\net10.0\StellaOps.Router.Common.dll
StellaOps.Canonical.Json -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonical.Json\bin\Debug\net10.0\StellaOps.Canonical.Json.dll
StellaOps.Canonicalization -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Canonicalization\bin\Debug\net10.0\StellaOps.Canonicalization.dll
StellaOps.Infrastructure.Postgres -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.Postgres\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.dll
StellaOps.Concelier.Models -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Models\bin\Debug\net10.0\StellaOps.Concelier.Models.dll
StellaOps.Plugin.Sdk -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Sdk\bin\Debug\net10.0\StellaOps.Plugin.Sdk.dll
StellaOps.Infrastructure.EfCore -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Infrastructure.EfCore\bin\Debug\net10.0\StellaOps.Infrastructure.EfCore.dll
StellaOps.Ingestion.Telemetry -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Ingestion.Telemetry\bin\Debug\net10.0\StellaOps.Ingestion.Telemetry.dll
StellaOps.Concelier.Normalization -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Normalization\bin\Debug\net10.0\StellaOps.Concelier.Normalization.dll
StellaOps.Provenance -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provenance\bin\Debug\net10.0\StellaOps.Provenance.dll
StellaOps.Microservice -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice\bin\Debug\net10.0\StellaOps.Microservice.dll
StellaOps.Telemetry.Core -> C:\dev\New folder\git.stella-ops.org\src\Telemetry\StellaOps.Telemetry.Core\StellaOps.Telemetry.Core\bin\Debug\net10.0\StellaOps.Telemetry.Core.dll
StellaOps.Plugin.Testing -> C:\dev\New folder\git.stella-ops.org\src\Plugin\StellaOps.Plugin.Testing\bin\Debug\net10.0\StellaOps.Plugin.Testing.dll
StellaOps.AspNet.Extensions -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.AspNet.Extensions\bin\Debug\net10.0\StellaOps.AspNet.Extensions.dll
StellaOps.Plugin -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Plugin\bin\Debug\net10.0\StellaOps.Plugin.dll
StellaOps.Evidence.Pack -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Evidence.Pack\bin\Debug\net10.0\StellaOps.Evidence.Pack.dll
StellaOps.Worker.Health -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Worker.Health\bin\Debug\net10.0\StellaOps.Worker.Health.dll
StellaOps.Infrastructure.Postgres.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Infrastructure.Postgres.Testing\bin\Debug\net10.0\StellaOps.Infrastructure.Postgres.Testing.dll
StellaOps.Scanner.ChangeTrace -> C:\dev\New folder\git.stella-ops.org\src\Scanner\__Libraries\StellaOps.Scanner.ChangeTrace\bin\Debug\net10.0\StellaOps.Scanner.ChangeTrace.dll
StellaOps.Microservice.AspNetCore -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Microservice.AspNetCore\bin\Debug\net10.0\StellaOps.Microservice.AspNetCore.dll
StellaOps.TestKit -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.TestKit\bin\Debug\net10.0\StellaOps.TestKit.dll
StellaOps.Messaging -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Messaging\bin\Debug\net10.0\StellaOps.Messaging.dll
StellaOps.Cryptography -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography\bin\Debug\net10.0\StellaOps.Cryptography.dll
StellaOps.Findings.Ledger -> C:\dev\New folder\git.stella-ops.org\src\Findings\StellaOps.Findings.Ledger\bin\Debug\net10.0\StellaOps.Findings.Ledger.dll
StellaOps.Router.AspNet -> C:\dev\New folder\git.stella-ops.org\src\Router\__Libraries\StellaOps.Router.AspNet\bin\Debug\net10.0\StellaOps.Router.AspNet.dll
StellaOps.Policy.Determinization -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy.Determinization\bin\Debug\net10.0\StellaOps.Policy.Determinization.dll
StellaOps.Cryptography.Plugin.SimRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SimRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SimRemote.dll
StellaOps.Cryptography.Plugin.SmSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmSoft.dll
StellaOps.Cryptography.PluginLoader -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.PluginLoader\bin\Debug\net10.0\StellaOps.Cryptography.PluginLoader.dll
StellaOps.Provenance.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Provenance\StellaOps.Provenance.Attestation\bin\Debug\net10.0\StellaOps.Provenance.Attestation.dll
StellaOps.Policy.RiskProfile -> C:\dev\New folder\git.stella-ops.org\src\Policy\StellaOps.Policy.RiskProfile\bin\Debug\net10.0\StellaOps.Policy.RiskProfile.dll
StellaOps.Cryptography.Plugin.SmRemote -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.SmRemote\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.SmRemote.dll
StellaOps.Cryptography.Plugin.Pkcs11Gost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.Pkcs11Gost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.Pkcs11Gost.dll
StellaOps.Cryptography.Plugin.WineCsp -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.WineCsp\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.WineCsp.dll
StellaOps.Cryptography.Plugin.OpenSslGost -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.OpenSslGost\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.OpenSslGost.dll
StellaOps.Concelier.Core -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Core\bin\Debug\net10.0\StellaOps.Concelier.Core.dll
StellaOps.Attestor.Envelope -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestor.Envelope\bin\Debug\net10.0\StellaOps.Attestor.Envelope.dll
StellaOps.Attestation -> C:\dev\New folder\git.stella-ops.org\src\Attestor\StellaOps.Attestation\bin\Debug\net10.0\StellaOps.Attestation.dll
StellaOps.Provcache -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Provcache\bin\Debug\net10.0\StellaOps.Provcache.dll
StellaOps.Attestor.ProofChain -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.ProofChain\bin\Debug\net10.0\StellaOps.Attestor.ProofChain.dll
StellaOps.Concelier.Cache.Valkey -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Cache.Valkey\bin\Debug\net10.0\StellaOps.Concelier.Cache.Valkey.dll
StellaOps.Cryptography.Plugin.PqSoft -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.Plugin.PqSoft\bin\Debug\net10.0\StellaOps.Cryptography.Plugin.PqSoft.dll
StellaOps.OpsMemory -> C:\dev\New folder\git.stella-ops.org\src\OpsMemory\StellaOps.OpsMemory\bin\Debug\net10.0\StellaOps.OpsMemory.dll
StellaOps.Concelier.Interest -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Interest\bin\Debug\net10.0\StellaOps.Concelier.Interest.dll
StellaOps.Cryptography.DependencyInjection -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Cryptography.DependencyInjection\bin\Debug\net10.0\StellaOps.Cryptography.DependencyInjection.dll
StellaOps.Concelier.SbomIntegration -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.SbomIntegration\bin\Debug\net10.0\StellaOps.Concelier.SbomIntegration.dll
StellaOps.Concelier.ProofService -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.ProofService\bin\Debug\net10.0\StellaOps.Concelier.ProofService.dll
StellaOps.Attestor.StandardPredicates -> C:\dev\New folder\git.stella-ops.org\src\Attestor\__Libraries\StellaOps.Attestor.StandardPredicates\bin\Debug\net10.0\StellaOps.Attestor.StandardPredicates.dll
StellaOps.Policy -> C:\dev\New folder\git.stella-ops.org\src\Policy\__Libraries\StellaOps.Policy\bin\Debug\net10.0\StellaOps.Policy.dll
StellaOps.Concelier.Merge -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Merge\bin\Debug\net10.0\StellaOps.Concelier.Merge.dll
StellaOps.Configuration -> C:\dev\New folder\git.stella-ops.org\src\__Libraries\StellaOps.Configuration\bin\Debug\net10.0\StellaOps.Configuration.dll
StellaOps.Auth.ServerIntegration -> C:\dev\New folder\git.stella-ops.org\src\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\bin\Debug\net10.0\StellaOps.Auth.ServerIntegration.dll
StellaOps.Excititor.Core -> C:\dev\New folder\git.stella-ops.org\src\Excititor\__Libraries\StellaOps.Excititor.Core\bin\Debug\net10.0\StellaOps.Excititor.Core.dll
StellaOps.Concelier.Persistence -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Persistence\bin\Debug\net10.0\StellaOps.Concelier.Persistence.dll
StellaOps.Concelier.Connector.Common -> C:\dev\New folder\git.stella-ops.org\src\Concelier\__Libraries\StellaOps.Concelier.Connector.Common\bin\Debug\net10.0\StellaOps.Concelier.Connector.Common.dll
StellaOps.AdvisoryAI -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI\bin\Debug\net10.0\StellaOps.AdvisoryAI.dll
StellaOps.AdvisoryAI.Hosting -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Hosting\bin\Debug\net10.0\StellaOps.AdvisoryAI.Hosting.dll
StellaOps.AdvisoryAI.Scm.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Scm.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Scm.Plugin.Unified.dll
StellaOps.AdvisoryAI.Plugin.Unified -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Plugin.Unified\bin\Debug\net10.0\StellaOps.AdvisoryAI.Plugin.Unified.dll
StellaOps.Concelier.Testing -> C:\dev\New folder\git.stella-ops.org\src\__Tests\__Libraries\StellaOps.Concelier.Testing\bin\Debug\net10.0\StellaOps.Concelier.Testing.dll
StellaOps.AdvisoryAI.WebService -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.WebService\bin\Debug\net10.0\StellaOps.AdvisoryAI.WebService.dll
StellaOps.AdvisoryAI.Worker -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\StellaOps.AdvisoryAI.Worker\bin\Debug\net10.0\StellaOps.AdvisoryAI.Worker.dll
StellaOps.AdvisoryAI.Tests -> C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll
C:\dev\New folder\git.stella-ops.org\.nuget\packages\microsoft.testing.platform.msbuild\1.9.1\buildMultiTargeting\Microsoft.Testing.Platform.MSBuild.targets(376,5): warning MTP0001: VSTest-specific properties are set but will be ignored when using Microsoft.Testing.Platform. The following properties are set: VSTestTestCaseFilter; . [C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\StellaOps.AdvisoryAI.Tests.csproj]
Run tests: 'C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll' [net10.0|x64]
Passed! - Failed: 0, Passed: 572, Skipped: 0, Total: 572, Duration: 5s 645ms - StellaOps.AdvisoryAI.Tests.dll (net10.0|x64)
Tests succeeded: 'C:\dev\New folder\git.stella-ops.org\src\AdvisoryAI\__Tests\StellaOps.AdvisoryAI.Tests\bin\Debug\net10.0\StellaOps.AdvisoryAI.Tests.dll' [net10.0|x64]

1806
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/evidence/tier2-test-action-behavior.txt
View File

File diff suppressed because it is too large Load Diff

67
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/tier0-source-check.json
View File

@@ -1,67 +0,0 @@
{
"type": "source",
"module": "advisoryai",
"feature": "ai-action-policy-gate",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T11:43:03.4047198Z",
"filesChecked": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionPolicyGate.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionRegistry.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionAuditLedger.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ApprovalWorkflowAdapter.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionDefinition.cs"
],
"found": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionPolicyGate.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionRegistry.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionAuditLedger.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ApprovalWorkflowAdapter.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionDefinition.cs"
],
"missing": [
],
"declarationChecks": [
{
"pattern": "class ActionPolicyGate",
"found": true,
"sample": "src/AdvisoryAI/StellaOps.AdvisoryAI/Actions\\ActionPolicyGate.cs:16:internal sealed class ActionPolicyGate : IActionPolicyGate"
},
{
"pattern": "class ActionRegistry",
"found": true,
"sample": "src/AdvisoryAI/StellaOps.AdvisoryAI/Actions\\ActionRegistry.cs:15:internal sealed partial class ActionRegistry : IActionRegistry"
},
{
"pattern": "class ActionExecutor",
"found": true,
"sample": "src/AdvisoryAI/StellaOps.AdvisoryAI/Actions\\ActionExecutor.cs:16:internal sealed class ActionExecutor : IActionExecutor"
},
{
"pattern": "class ActionAuditLedger",
"found": true,
"sample": "src/AdvisoryAI/StellaOps.AdvisoryAI/Actions\\ActionAuditLedger.cs:18:internal sealed class ActionAuditLedger : IActionAuditLedger"
},
{
"pattern": "class ApprovalWorkflowAdapter",
"found": true,
"sample": "src/AdvisoryAI/StellaOps.AdvisoryAI/Actions\\ApprovalWorkflowAdapter.cs:17:internal sealed class ApprovalWorkflowAdapter : IApprovalWorkflowAdapter"
},
{
"pattern": "class IdempotencyHandler",
"found": true,
"sample": "src/AdvisoryAI/StellaOps.AdvisoryAI/Actions\\IdempotencyHandler.cs:20:internal sealed class IdempotencyHandler : IIdempotencyHandler"
},
{
"pattern": "record ActionDefinition",
"found": true,
"sample": "src/AdvisoryAI/StellaOps.AdvisoryAI/Actions\\ActionDefinition.cs:13:public sealed record ActionDefinition"
}
],
"missingRatio": 0,
"verdict": "pass"
}

64
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/tier1-build-check.json
View File

@@ -1,64 +0,0 @@
{
"type": "build",
"module": "advisoryai",
"feature": "ai-action-policy-gate",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T11:46:08.8305415Z",
"projects": [
{
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\ai-action-policy-gate\\\\run-001\\\\evidence\\\\tier1-build-core.txt"
},
{
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/StellaOps.AdvisoryAI.Hosting.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\ai-action-policy-gate\\\\run-001\\\\evidence\\\\tier1-build-hosting.txt"
},
{
"project": "src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\ai-action-policy-gate\\\\run-001\\\\evidence\\\\tier1-build-web.txt"
},
{
"project": "src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj",
"buildResult": "pass",
"exitCode": 0,
"evidence": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\ai-action-policy-gate\\\\run-001\\\\evidence\\\\tier1-build-tests.txt"
}
],
"tests": {
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter FullyQualifiedName~ActionPolicyGateTests|FullyQualifiedName~ActionExecutorTests|FullyQualifiedName~ActionRegistryTests|FullyQualifiedName~IdempotencyHandlerTests -v minimal",
"exitCode": 0,
"failed": 0,
"passed": 572,
"skipped": 0,
"total": 572,
"log": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\ai-action-policy-gate\\\\run-001\\\\evidence\\\\tier1-test-action-policy.txt"
},
"codeReview": {
"verdict": "pass",
"reviewedFiles": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionPolicyGate.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionRegistry.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionAuditLedger.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ApprovalWorkflowAdapter.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionDefinition.cs"
],
"reviewedTests": [
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionPolicyGateTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionExecutorTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionRegistryTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/IdempotencyHandlerTests.cs"
]
},
"warnings": [
"MTP0001: VSTestTestCaseFilter ignored by Microsoft.Testing.Platform; tier commands executed full test assembly."
],
"verdict": "pass"
}

33
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/tier2-integration-check.json
View File

@@ -1,33 +0,0 @@
{
"type": "integration",
"module": "advisoryai",
"feature": "ai-action-policy-gate",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T11:46:08.8460943Z",
"command": {
"value": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --filter FullyQualifiedName~ActionPolicyGateTests|FullyQualifiedName~ActionExecutorTests|FullyQualifiedName~ActionRegistryTests|FullyQualifiedName~IdempotencyHandlerTests -v normal",
"exitCode": 0,
"failed": 0,
"passed": 572,
"skipped": 0,
"total": 572,
"log": "docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\ai-action-policy-gate\\\\run-001\\\\evidence\\\\tier2-test-action-behavior.txt"
},
"behaviorVerified": [
"Action policy gate enforces risk/role/environment decisions with allow, deny, and approval-required paths in ActionPolicyGateTests.",
"Action executor validates approved execution, pending approval, policy denial, and idempotent duplicate suppression in ActionExecutorTests.",
"Action registry validates action definitions, risk/tag lookups, and parameter constraints (including CVE and digest validation) in ActionRegistryTests.",
"Idempotency handler enforces deterministic keys, tenant/action scoping, TTL expiration behavior, and record lifecycle checks in IdempotencyHandlerTests."
],
"evidence": [
"docs\\\\qa\\\\feature-checks\\\\runs\\\\advisoryai\\\\ai-action-policy-gate\\\\run-001\\\\evidence\\\\tier2-test-action-behavior.txt",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionPolicyGateTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionExecutorTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionRegistryTests.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/IdempotencyHandlerTests.cs"
],
"warnings": [
"MTP0001: VSTestTestCaseFilter ignored by Microsoft.Testing.Platform; tier commands executed full test assembly."
],
"verdict": "pass"
}

6
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/00-docker-ps.txt
View File

@@ -1,6 +0,0 @@
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
43ed130493de postgres:18.1-alpine "docker-entrypoint.s…" 40 minutes ago Up 40 minutes (healthy) 127.1.1.1:5432->5432/tcp stellaops-dev-postgres
aebfe19eb9df ghcr.io/sigstore/rekor-tiles:latest "rekor-server serve" 40 minutes ago Restarting (1) 49 seconds ago stellaops-dev-rekor
f0d9958bcbcc chrislusf/seaweedfs:latest "/entrypoint.sh serv…" 40 minutes ago Up 8 seconds (health: starting) 127.1.1.3:8080->8080/tcp stellaops-dev-rustfs
9936bf08d62f valkey/valkey:9.0.1-alpine "docker-entrypoint.s…" 40 minutes ago Up 40 minutes (healthy) 127.1.1.2:6379->6379/tcp stellaops-dev-valkey
0719ba74ad84 ghcr.io/project-zot/zot-linux-amd64:v2.1.3 "/usr/local/bin/zot-…" 40 minutes ago Up 40 minutes (unhealthy) 127.1.1.5:80->5000/tcp stellaops-dev-registry

1
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/00-docker-version.txt
View File

@@ -1 +0,0 @@
Docker version 29.1.5, build 0e6fee6

1
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/00-dotnet-version.txt
View File

@@ -1 +0,0 @@
10.0.200-preview.0.26103.119

BIN
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/tier1-build-core.txt
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/tier1-build-hosting.txt
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/tier1-build-tests.txt
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/tier1-build-web.txt
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/tier1-test-suite.txt
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/evidence/tier2-action-workflow-integration.txt
View File

Binary file not shown.

79
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/tier0-source-check.json
View File

@@ -1,79 +0,0 @@
{
"type": "source",
"module": "advisoryai",
"feature": "ai-action-policy-gate",
"runId": "run-002",
"capturedAtUtc": "2026-02-11T11:53:22.0969824Z",
"filesChecked": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionPolicyGate.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionRegistry.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionAuditLedger.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ApprovalWorkflowAdapter.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionDefinition.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionWorkflowIntegrationTests.cs"
],
"found": [
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionPolicyGate.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionRegistry.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionAuditLedger.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ApprovalWorkflowAdapter.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs",
"src/AdvisoryAI/StellaOps.AdvisoryAI/Actions/ActionDefinition.cs",
"src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/Actions/ActionWorkflowIntegrationTests.cs"
],
"missing": [
],
"declarationChecks": [
{
"pattern": "class ActionPolicyGate",
"found": true,
"sample": "src/AdvisoryAI\\__Tests\\StellaOps.AdvisoryAI.Tests\\Actions\\ActionPolicyGateTests.cs:19:public sealed class ActionPolicyGateTests\nsrc/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\ActionPolicyGate.cs:16:internal sealed class ActionPolicyGate : IActionPolicyGate"
},
{
"pattern": "class ActionRegistry",
"found": true,
"sample": "src/AdvisoryAI\\__Tests\\StellaOps.AdvisoryAI.Tests\\Actions\\ActionRegistryTests.cs:17:public sealed class ActionRegistryTests\nsrc/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\ActionRegistry.cs:15:internal sealed partial class ActionRegistry : IActionRegistry"
},
{
"pattern": "class ActionExecutor",
"found": true,
"sample": "src/AdvisoryAI\\__Tests\\StellaOps.AdvisoryAI.Tests\\Actions\\ActionExecutorTests.cs:20:public sealed class ActionExecutorTests\nsrc/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\ActionExecutor.cs:16:internal sealed class ActionExecutor : IActionExecutor"
},
{
"pattern": "class ActionAuditLedger",
"found": true,
"sample": "src/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\ActionAuditLedger.cs:18:internal sealed class ActionAuditLedger : IActionAuditLedger"
},
{
"pattern": "class ApprovalWorkflowAdapter",
"found": true,
"sample": "src/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\ApprovalWorkflowAdapter.cs:17:internal sealed class ApprovalWorkflowAdapter : IApprovalWorkflowAdapter"
},
{
"pattern": "class IdempotencyHandler",
"found": true,
"sample": "src/AdvisoryAI\\__Tests\\StellaOps.AdvisoryAI.Tests\\Actions\\IdempotencyHandlerTests.cs:19:public sealed class IdempotencyHandlerTests\nsrc/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\IdempotencyHandler.cs:20:internal sealed class IdempotencyHandler : IIdempotencyHandler"
},
{
"pattern": "record ActionDefinition",
"found": true,
"sample": "src/AdvisoryAI\\StellaOps.AdvisoryAI\\Chat\\ActionProposalParser.cs:211:internal sealed record ActionDefinition\nsrc/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\ActionDefinition.cs:13:public sealed record ActionDefinition"
},
{
"pattern": "class ActionWorkflowIntegrationTests",
"found": true,
"sample": "src/AdvisoryAI\\__Tests\\StellaOps.AdvisoryAI.Tests\\Actions\\ActionWorkflowIntegrationTests.cs:20:public sealed class ActionWorkflowIntegrationTests"
},
{
"pattern": "AwaitApprovalCompletion",
"found": true,
"sample": "src/AdvisoryAI\\__Tests\\StellaOps.AdvisoryAI.Tests\\Actions\\ActionWorkflowIntegrationTests.cs:192: AwaitApprovalCompletion = awaitApprovalCompletion,\nsrc/AdvisoryAI\\StellaOps.AdvisoryAI\\Actions\\ActionExecutor.cs:275: if (!_options.AwaitApprovalCompletion)"
}
],
"missingRatio": 0,
"verdict": "pass"
}

47
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/tier1-build-check.json
View File

@@ -1,47 +0,0 @@
{
"type": "build_test",
"module": "advisoryai",
"feature": "ai-action-policy-gate",
"runId": "run-002",
"capturedAtUtc": "2026-02-11T11:57:17.2947772Z",
"commands": [
{
"name": "build-core",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -c Release --nologo -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\ai-action-policy-gate\\run-002\\evidence\\tier1-build-core.txt",
"result": "pass"
},
{
"name": "build-hosting",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/StellaOps.AdvisoryAI.Hosting.csproj -c Release --nologo -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\ai-action-policy-gate\\run-002\\evidence\\tier1-build-hosting.txt",
"result": "pass"
},
{
"name": "build-web",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -c Release --nologo -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\ai-action-policy-gate\\run-002\\evidence\\tier1-build-web.txt",
"result": "pass"
},
{
"name": "build-tests",
"command": "dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -c Release --nologo -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\ai-action-policy-gate\\run-002\\evidence\\tier1-build-tests.txt",
"result": "pass"
},
{
"name": "test-suite",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj -c Release --nologo -v minimal",
"exitCode": 0,
"log": "docs\\qa\\feature-checks\\runs\\advisoryai\\ai-action-policy-gate\\run-002\\evidence\\tier1-test-suite.txt",
"result": "pass"
}
],
"buildResult": "pass",
"testResult": "pass",
"verdict": "pass"
}

18
docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/tier2-integration-check.json
View File

@@ -1,18 +0,0 @@
{
"type": "integration",
"module": "advisoryai",
"feature": "ai-action-policy-gate",
"runId": "run-002",
"capturedAtUtc": "2026-02-11T11:55:03.0629583Z",
"command": "src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/bin/Release/net10.0/StellaOps.AdvisoryAI.Tests.exe -class StellaOps.AdvisoryAI.Tests.Actions.ActionWorkflowIntegrationTests -reporter verbose",
"exitCode": 0,
"behaviorVerified": [
"Action requiring approval transitions through ApprovalRequested/Approved/Executed audit outcomes when await-approval mode is enabled.",
"Repeated execution of the same approved action returns idempotent prior result and records IdempotentSkipped audit outcome.",
"Policy denial for insufficient role blocks action execution and records DeniedByPolicy audit outcome."
],
"logs": [
"evidence/tier2-action-workflow-integration.txt"
],
"verdict": "pass"
}

32
docs/qa/feature-checks/runs/advisoryai/ai-codex-zastava-companion/run-001/evidence/command-results.json
View File

@@ -1,32 +0,0 @@
[
{
"name": "tier1-build-core",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-codex-zastava-companion/run-001/evidence/tier1-build-core.txt"
},
{
"name": "tier1-build-web",
"command": "dotnet build src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-codex-zastava-companion/run-001/evidence/tier1-build-web.txt"
},
{
"name": "tier1-build-companion-tests",
"command": "dotnet build src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Companion.Tests/StellaOps.AdvisoryAI.Companion.Tests.csproj -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-codex-zastava-companion/run-001/evidence/tier1-build-companion-tests.txt"
},
{
"name": "tier1-test-companion-suite",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Companion.Tests/StellaOps.AdvisoryAI.Companion.Tests.csproj --filter FullyQualifiedName~CompanionExplainEndpointTests|FullyQualifiedName~CodexZastavaCompanionServiceTests -v minimal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-codex-zastava-companion/run-001/evidence/tier1-test-companion-suite.txt"
},
{
"name": "tier2-test-companion-behavior",
"command": "dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Companion.Tests/StellaOps.AdvisoryAI.Companion.Tests.csproj --filter FullyQualifiedName~CompanionExplainEndpointTests|FullyQualifiedName~CodexZastavaCompanionServiceTests -v normal",
"exitCode": 0,
"log": "docs/qa/feature-checks/runs/advisoryai/ai-codex-zastava-companion/run-001/evidence/tier2-test-companion-behavior.txt"
}
]

Some files were not shown because too many files have changed in this diff Show More