up

src/Cartographer/StellaOps.Cartographer/Options/CartographerAuthorityOptions.cs

@@ -1,101 +1,101 @@
-using System;
-using System.Collections.Generic;
-
-namespace StellaOps.Cartographer.Options;
-
-/// <summary>
-/// Configuration controlling Authority-backed authentication for the Cartographer service.
-/// </summary>
-public sealed class CartographerAuthorityOptions
-{
-    /// <summary>
-    /// Enables Authority-backed authentication for Cartographer endpoints.
-    /// </summary>
-    public bool Enabled { get; set; }
-
-    /// <summary>
-    /// Allows anonymous access when Authority integration is enabled (development only).
-    /// </summary>
-    public bool AllowAnonymousFallback { get; set; }
-
-    /// <summary>
-    /// Authority issuer URL exposed via OpenID discovery.
-    /// </summary>
-    public string Issuer { get; set; } = string.Empty;
-
-    /// <summary>
-    /// Whether HTTPS metadata is required when fetching Authority discovery documents.
-    /// </summary>
-    public bool RequireHttpsMetadata { get; set; } = true;
-
-    /// <summary>
-    /// Optional explicit metadata endpoint for Authority discovery.
-    /// </summary>
-    public string? MetadataAddress { get; set; }
-
-    /// <summary>
-    /// Timeout (seconds) applied to Authority back-channel HTTP calls.
-    /// </summary>
-    public int BackchannelTimeoutSeconds { get; set; } = 30;
-
-    /// <summary>
-    /// Allowed token clock skew (seconds) when validating Authority-issued tokens.
-    /// </summary>
-    public int TokenClockSkewSeconds { get; set; } = 60;
-
-    /// <summary>
-    /// Accepted audiences for Cartographer access tokens.
-    /// </summary>
-    public IList<string> Audiences { get; } = new List<string>();
-
-    /// <summary>
-    /// Scopes required for Cartographer operations.
-    /// </summary>
-    public IList<string> RequiredScopes { get; } = new List<string>();
-
-    /// <summary>
-    /// Tenants permitted to access Cartographer resources.
-    /// </summary>
-    public IList<string> RequiredTenants { get; } = new List<string>();
-
-    /// <summary>
-    /// Networks allowed to bypass authentication enforcement.
-    /// </summary>
-    public IList<string> BypassNetworks { get; } = new List<string>();
-
-    /// <summary>
-    /// Validates configured values and throws <see cref="InvalidOperationException"/> on failure.
-    /// </summary>
-    public void Validate()
-    {
-        if (!Enabled)
-        {
-            return;
-        }
-
-        if (string.IsNullOrWhiteSpace(Issuer))
-        {
-            throw new InvalidOperationException("Cartographer Authority issuer must be configured when Authority integration is enabled.");
-        }
-
-        if (!Uri.TryCreate(Issuer.Trim(), UriKind.Absolute, out var issuerUri))
-        {
-            throw new InvalidOperationException("Cartographer Authority issuer must be an absolute URI.");
-        }
-
-        if (RequireHttpsMetadata && !issuerUri.IsLoopback && !string.Equals(issuerUri.Scheme, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
-        {
-            throw new InvalidOperationException("Cartographer Authority issuer must use HTTPS unless running on loopback.");
-        }
-
-        if (BackchannelTimeoutSeconds <= 0)
-        {
-            throw new InvalidOperationException("Cartographer Authority back-channel timeout must be greater than zero seconds.");
-        }
-
-        if (TokenClockSkewSeconds < 0 || TokenClockSkewSeconds > 300)
-        {
-            throw new InvalidOperationException("Cartographer Authority token clock skew must be between 0 and 300 seconds.");
-        }
-    }
-}
+using System;
+using System.Collections.Generic;
+
+namespace StellaOps.Cartographer.Options;
+
+/// <summary>
+/// Configuration controlling Authority-backed authentication for the Cartographer service.
+/// </summary>
+public sealed class CartographerAuthorityOptions
+{
+    /// <summary>
+    /// Enables Authority-backed authentication for Cartographer endpoints.
+    /// </summary>
+    public bool Enabled { get; set; }
+
+    /// <summary>
+    /// Allows anonymous access when Authority integration is enabled (development only).
+    /// </summary>
+    public bool AllowAnonymousFallback { get; set; }
+
+    /// <summary>
+    /// Authority issuer URL exposed via OpenID discovery.
+    /// </summary>
+    public string Issuer { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Whether HTTPS metadata is required when fetching Authority discovery documents.
+    /// </summary>
+    public bool RequireHttpsMetadata { get; set; } = true;
+
+    /// <summary>
+    /// Optional explicit metadata endpoint for Authority discovery.
+    /// </summary>
+    public string? MetadataAddress { get; set; }
+
+    /// <summary>
+    /// Timeout (seconds) applied to Authority back-channel HTTP calls.
+    /// </summary>
+    public int BackchannelTimeoutSeconds { get; set; } = 30;
+
+    /// <summary>
+    /// Allowed token clock skew (seconds) when validating Authority-issued tokens.
+    /// </summary>
+    public int TokenClockSkewSeconds { get; set; } = 60;
+
+    /// <summary>
+    /// Accepted audiences for Cartographer access tokens.
+    /// </summary>
+    public IList<string> Audiences { get; } = new List<string>();
+
+    /// <summary>
+    /// Scopes required for Cartographer operations.
+    /// </summary>
+    public IList<string> RequiredScopes { get; } = new List<string>();
+
+    /// <summary>
+    /// Tenants permitted to access Cartographer resources.
+    /// </summary>
+    public IList<string> RequiredTenants { get; } = new List<string>();
+
+    /// <summary>
+    /// Networks allowed to bypass authentication enforcement.
+    /// </summary>
+    public IList<string> BypassNetworks { get; } = new List<string>();
+
+    /// <summary>
+    /// Validates configured values and throws <see cref="InvalidOperationException"/> on failure.
+    /// </summary>
+    public void Validate()
+    {
+        if (!Enabled)
+        {
+            return;
+        }
+
+        if (string.IsNullOrWhiteSpace(Issuer))
+        {
+            throw new InvalidOperationException("Cartographer Authority issuer must be configured when Authority integration is enabled.");
+        }
+
+        if (!Uri.TryCreate(Issuer.Trim(), UriKind.Absolute, out var issuerUri))
+        {
+            throw new InvalidOperationException("Cartographer Authority issuer must be an absolute URI.");
+        }
+
+        if (RequireHttpsMetadata && !issuerUri.IsLoopback && !string.Equals(issuerUri.Scheme, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
+        {
+            throw new InvalidOperationException("Cartographer Authority issuer must use HTTPS unless running on loopback.");
+        }
+
+        if (BackchannelTimeoutSeconds <= 0)
+        {
+            throw new InvalidOperationException("Cartographer Authority back-channel timeout must be greater than zero seconds.");
+        }
+
+        if (TokenClockSkewSeconds < 0 || TokenClockSkewSeconds > 300)
+        {
+            throw new InvalidOperationException("Cartographer Authority token clock skew must be between 0 and 300 seconds.");
+        }
+    }
+}

src/Cartographer/StellaOps.Cartographer/Options/CartographerAuthorityOptionsConfigurator.cs

@@ -1,37 +1,37 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using StellaOps.Auth.Abstractions;
-
-namespace StellaOps.Cartographer.Options;
-
-/// <summary>
-/// Applies Cartographer-specific defaults to <see cref="CartographerAuthorityOptions"/>.
-/// </summary>
-internal static class CartographerAuthorityOptionsConfigurator
-{
-    /// <summary>
-    /// Ensures required scopes are present and duplicates are removed case-insensitively.
-    /// </summary>
-    /// <param name="options">Target options.</param>
-    public static void ApplyDefaults(CartographerAuthorityOptions options)
-    {
-        ArgumentNullException.ThrowIfNull(options);
-
-        EnsureScope(options.RequiredScopes, StellaOpsScopes.GraphRead);
-        EnsureScope(options.RequiredScopes, StellaOpsScopes.GraphWrite);
-    }
-
-    private static void EnsureScope(ICollection<string> scopes, string scope)
-    {
-        ArgumentNullException.ThrowIfNull(scopes);
-        ArgumentException.ThrowIfNullOrEmpty(scope);
-
-        if (scopes.Any(existing => string.Equals(existing, scope, StringComparison.OrdinalIgnoreCase)))
-        {
-            return;
-        }
-
-        scopes.Add(scope);
-    }
-}
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using StellaOps.Auth.Abstractions;
+
+namespace StellaOps.Cartographer.Options;
+
+/// <summary>
+/// Applies Cartographer-specific defaults to <see cref="CartographerAuthorityOptions"/>.
+/// </summary>
+internal static class CartographerAuthorityOptionsConfigurator
+{
+    /// <summary>
+    /// Ensures required scopes are present and duplicates are removed case-insensitively.
+    /// </summary>
+    /// <param name="options">Target options.</param>
+    public static void ApplyDefaults(CartographerAuthorityOptions options)
+    {
+        ArgumentNullException.ThrowIfNull(options);
+
+        EnsureScope(options.RequiredScopes, StellaOpsScopes.GraphRead);
+        EnsureScope(options.RequiredScopes, StellaOpsScopes.GraphWrite);
+    }
+
+    private static void EnsureScope(ICollection<string> scopes, string scope)
+    {
+        ArgumentNullException.ThrowIfNull(scopes);
+        ArgumentException.ThrowIfNullOrEmpty(scope);
+
+        if (scopes.Any(existing => string.Equals(existing, scope, StringComparison.OrdinalIgnoreCase)))
+        {
+            return;
+        }
+
+        scopes.Add(scope);
+    }
+}

src/Cartographer/StellaOps.Cartographer/Program.cs

@@ -1,39 +1,39 @@
-using StellaOps.Cartographer.Options;
-
-var builder = WebApplication.CreateBuilder(args);
-
-builder.Configuration
-    .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
-    .AddEnvironmentVariables("CARTOGRAPHER_");
-
-builder.Services.AddOptions();
-builder.Services.AddLogging();
-
-var authoritySection = builder.Configuration.GetSection("Cartographer:Authority");
-var authorityOptions = new CartographerAuthorityOptions();
-authoritySection.Bind(authorityOptions);
-CartographerAuthorityOptionsConfigurator.ApplyDefaults(authorityOptions);
-authorityOptions.Validate();
-
-builder.Services.AddSingleton(authorityOptions);
-builder.Services.AddOptions<CartographerAuthorityOptions>()
-    .Bind(authoritySection)
-    .PostConfigure(CartographerAuthorityOptionsConfigurator.ApplyDefaults);
-
-// TODO: register Cartographer graph builders, overlay workers, and Authority client once implementations land.
-
-var app = builder.Build();
-
-if (!authorityOptions.Enabled)
-{
-    app.Logger.LogWarning("Cartographer Authority authentication is disabled; enable it before production deployments.");
-}
-else if (authorityOptions.AllowAnonymousFallback)
-{
-    app.Logger.LogWarning("Cartographer Authority allows anonymous fallback; disable fallback before production rollout.");
-}
-
-app.MapGet("/healthz", () => Results.Ok(new { status = "ok" }));
-app.MapGet("/readyz", () => Results.Ok(new { status = "warming" }));
-
-app.Run();
+using StellaOps.Cartographer.Options;
+
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Configuration
+    .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
+    .AddEnvironmentVariables("CARTOGRAPHER_");
+
+builder.Services.AddOptions();
+builder.Services.AddLogging();
+
+var authoritySection = builder.Configuration.GetSection("Cartographer:Authority");
+var authorityOptions = new CartographerAuthorityOptions();
+authoritySection.Bind(authorityOptions);
+CartographerAuthorityOptionsConfigurator.ApplyDefaults(authorityOptions);
+authorityOptions.Validate();
+
+builder.Services.AddSingleton(authorityOptions);
+builder.Services.AddOptions<CartographerAuthorityOptions>()
+    .Bind(authoritySection)
+    .PostConfigure(CartographerAuthorityOptionsConfigurator.ApplyDefaults);
+
+// TODO: register Cartographer graph builders, overlay workers, and Authority client once implementations land.
+
+var app = builder.Build();
+
+if (!authorityOptions.Enabled)
+{
+    app.Logger.LogWarning("Cartographer Authority authentication is disabled; enable it before production deployments.");
+}
+else if (authorityOptions.AllowAnonymousFallback)
+{
+    app.Logger.LogWarning("Cartographer Authority allows anonymous fallback; disable fallback before production rollout.");
+}
+
+app.MapGet("/healthz", () => Results.Ok(new { status = "ok" }));
+app.MapGet("/readyz", () => Results.Ok(new { status = "warming" }));
+
+app.Run();

src/Cartographer/StellaOps.Cartographer/Properties/AssemblyInfo.cs

@@ -1,3 +1,3 @@
-using System.Runtime.CompilerServices;
-
-[assembly: InternalsVisibleTo("StellaOps.Cartographer.Tests")]
+using System.Runtime.CompilerServices;
+
+[assembly: InternalsVisibleTo("StellaOps.Cartographer.Tests")]

src/Cartographer/__Tests/StellaOps.Cartographer.Tests/Options/CartographerAuthorityOptionsConfiguratorTests.cs

@@ -1,51 +1,51 @@
-using StellaOps.Auth.Abstractions;
-using StellaOps.Cartographer.Options;
-using Xunit;
-
-namespace StellaOps.Cartographer.Tests.Options;
-
-public class CartographerAuthorityOptionsConfiguratorTests
-{
-    [Fact]
-    public void ApplyDefaults_AddsGraphScopes()
-    {
-        var options = new CartographerAuthorityOptions();
-
-        CartographerAuthorityOptionsConfigurator.ApplyDefaults(options);
-
-        Assert.Contains(StellaOpsScopes.GraphRead, options.RequiredScopes);
-        Assert.Contains(StellaOpsScopes.GraphWrite, options.RequiredScopes);
-    }
-
-    [Fact]
-    public void ApplyDefaults_DoesNotDuplicateScopes()
-    {
-        var options = new CartographerAuthorityOptions();
-        options.RequiredScopes.Add("GRAPH:READ");
-        options.RequiredScopes.Add(StellaOpsScopes.GraphWrite);
-
-        CartographerAuthorityOptionsConfigurator.ApplyDefaults(options);
-
-        Assert.Equal(2, options.RequiredScopes.Count);
-    }
-
-    [Fact]
-    public void Validate_AllowsDisabledConfiguration()
-    {
-        var options = new CartographerAuthorityOptions();
-
-        options.Validate(); // should not throw when disabled
-    }
-
-    [Fact]
-    public void Validate_ThrowsForInvalidIssuer()
-    {
-        var options = new CartographerAuthorityOptions
-        {
-            Enabled = true,
-            Issuer = "invalid"
-        };
-
-        Assert.Throws<InvalidOperationException>(() => options.Validate());
-    }
-}
+using StellaOps.Auth.Abstractions;
+using StellaOps.Cartographer.Options;
+using Xunit;
+
+namespace StellaOps.Cartographer.Tests.Options;
+
+public class CartographerAuthorityOptionsConfiguratorTests
+{
+    [Fact]
+    public void ApplyDefaults_AddsGraphScopes()
+    {
+        var options = new CartographerAuthorityOptions();
+
+        CartographerAuthorityOptionsConfigurator.ApplyDefaults(options);
+
+        Assert.Contains(StellaOpsScopes.GraphRead, options.RequiredScopes);
+        Assert.Contains(StellaOpsScopes.GraphWrite, options.RequiredScopes);
+    }
+
+    [Fact]
+    public void ApplyDefaults_DoesNotDuplicateScopes()
+    {
+        var options = new CartographerAuthorityOptions();
+        options.RequiredScopes.Add("GRAPH:READ");
+        options.RequiredScopes.Add(StellaOpsScopes.GraphWrite);
+
+        CartographerAuthorityOptionsConfigurator.ApplyDefaults(options);
+
+        Assert.Equal(2, options.RequiredScopes.Count);
+    }
+
+    [Fact]
+    public void Validate_AllowsDisabledConfiguration()
+    {
+        var options = new CartographerAuthorityOptions();
+
+        options.Validate(); // should not throw when disabled
+    }
+
+    [Fact]
+    public void Validate_ThrowsForInvalidIssuer()
+    {
+        var options = new CartographerAuthorityOptions
+        {
+            Enabled = true,
+            Issuer = "invalid"
+        };
+
+        Assert.Throws<InvalidOperationException>(() => options.Validate());
+    }
+}