stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

stabilize tests

Browse Source
This commit is contained in:
master
2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Platform/StellaOps.Platform.Analytics/Models/ScannerOrchestratorEvents.cs
View File

@@ -1,8 +1,9 @@
using StellaOps.Scanner.Surface.FS;
using System;
using System.Collections.Generic;
using System.Text.Json;
using System.Text.Json.Serialization;
using StellaOps.Scanner.Surface.FS;
namespace StellaOps.Platform.Analytics.Models;

7
src/Platform/StellaOps.Platform.Analytics/Services/AnalyticsIngestionDataSource.cs
View File

@@ -1,10 +1,11 @@
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Npgsql;
using StellaOps.Platform.Analytics.Options;
using System;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.Analytics.Services;

15
src/Platform/StellaOps.Platform.Analytics/Services/AnalyticsIngestionService.cs
View File

@@ -1,10 +1,4 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
@@ -18,6 +12,13 @@ using StellaOps.Platform.Analytics.Models;
using StellaOps.Platform.Analytics.Options;
using StellaOps.Platform.Analytics.Utilities;
using StellaOps.Scanner.Surface.FS;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.Analytics.Services;

11
src/Platform/StellaOps.Platform.Analytics/Services/AttestationIngestionService.cs
View File

@@ -1,11 +1,7 @@
// SPDX-License-Identifier: BUSL-1.1
// Copyright (c) 2026 stella-ops.org
using System;
using System.Collections.Generic;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
@@ -15,6 +11,11 @@ using StellaOps.Messaging.Abstractions;
using StellaOps.Platform.Analytics.Models;
using StellaOps.Platform.Analytics.Options;
using StellaOps.Platform.Analytics.Utilities;
using System;
using System.Collections.Generic;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.Analytics.Services;

7
src/Platform/StellaOps.Platform.Analytics/Services/CasContentReader.cs
View File

@@ -1,11 +1,12 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.Analytics.Options;
using System;
using System.Collections.Generic;
using System.IO;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.Analytics.Options;
namespace StellaOps.Platform.Analytics.Services;

13
src/Platform/StellaOps.Platform.Analytics/Services/VulnerabilityCorrelationService.cs
View File

@@ -1,9 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
@@ -13,6 +8,12 @@ using StellaOps.Messaging.Abstractions;
using StellaOps.Platform.Analytics.Models;
using StellaOps.Platform.Analytics.Options;
using StellaOps.Platform.Analytics.Utilities;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.Analytics.Services;

8
src/Platform/StellaOps.Platform.Analytics/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Platform.Analytics Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Platform/StellaOps.Platform.Analytics/StellaOps.Platform.Analytics.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

3
src/Platform/StellaOps.Platform.Analytics/Utilities/LicenseExpressionRenderer.cs
View File

@@ -1,7 +1,8 @@
using StellaOps.Concelier.SbomIntegration.Models;
using System.Collections.Generic;
using System.Collections.Immutable;
using System.Linq;
using StellaOps.Concelier.SbomIntegration.Models;
namespace StellaOps.Platform.Analytics.Utilities;

3
src/Platform/StellaOps.Platform.Analytics/Utilities/VersionRuleEvaluator.cs
View File

@@ -1,7 +1,8 @@
using NuGet.Versioning;
using System;
using System.Collections.Generic;
using System.Text.Json.Serialization;
using NuGet.Versioning;
namespace StellaOps.Platform.Analytics.Utilities;

7
src/Platform/StellaOps.Platform.WebService/Endpoints/AnalyticsEndpoints.cs
View File

@@ -1,6 +1,4 @@
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
@@ -8,6 +6,9 @@ using Microsoft.AspNetCore.Routing;
using StellaOps.Platform.WebService.Constants;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Services;
using System;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Endpoints;

11
src/Platform/StellaOps.Platform.WebService/Endpoints/EvidenceThreadEndpoints.cs
View File

@@ -2,11 +2,7 @@
// Copyright (c) StellaOps. Licensed under the BUSL-1.1.
// </copyright>
using System;
using System.IO;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
@@ -16,6 +12,11 @@ using StellaOps.ReleaseOrchestrator.EvidenceThread.Export;
using StellaOps.ReleaseOrchestrator.EvidenceThread.Models;
using StellaOps.ReleaseOrchestrator.EvidenceThread.Services;
using StellaOps.ReleaseOrchestrator.EvidenceThread.Transcript;
using System;
using System.IO;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Endpoints;

9
src/Platform/StellaOps.Platform.WebService/Endpoints/PlatformEndpoints.cs
View File

@@ -1,7 +1,4 @@
using System;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
@@ -9,6 +6,10 @@ using Microsoft.AspNetCore.Routing;
using StellaOps.Platform.WebService.Constants;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Services;
using System;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Endpoints;

7
src/Platform/StellaOps.Platform.WebService/Endpoints/SetupEndpoints.cs
View File

@@ -3,9 +3,7 @@
// Sprint: SPRINT_20260112_004_PLATFORM_setup_wizard_backend (PLATFORM-SETUP-003)
// Task: Add /api/v1/setup/* endpoints with auth policies, request validation, and Problem+JSON errors
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
@@ -14,6 +12,9 @@ using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Constants;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Services;
using System;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Endpoints;

3
src/Platform/StellaOps.Platform.WebService/Program.cs
View File

@@ -1,4 +1,4 @@
using System;
using Microsoft.Extensions.Logging;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Configuration;
@@ -11,6 +11,7 @@ using StellaOps.Platform.WebService.Services;
using StellaOps.Router.AspNet;
using StellaOps.Signals.UnifiedScore;
using StellaOps.Telemetry.Core;
using System;
var builder = WebApplication.CreateBuilder(args);

7
src/Platform/StellaOps.Platform.WebService/Services/FunctionMapService.cs
View File

@@ -3,13 +3,14 @@
// Sprint: SPRINT_20260122_039_Scanner_runtime_linkage_verification
// Task: RLV-009 - Platform API: Function Map Endpoints
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Scanner.Reachability.FunctionMap;
using StellaOps.Scanner.Reachability.FunctionMap.Verification;
using System.Collections.Concurrent;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Scanner.Reachability.FunctionMap;
using StellaOps.Scanner.Reachability.FunctionMap.Verification;
namespace StellaOps.Platform.WebService.Services;

3
src/Platform/StellaOps.Platform.WebService/Services/InMemoryScoreHistoryStore.cs
View File

@@ -3,8 +3,9 @@
// Sprint: SPRINT_20260122_037_Signals_unified_trust_score_algebra
// Task: Score persistence store - in-memory fallback
using System.Collections.Concurrent;
using StellaOps.Platform.WebService.Contracts;
using System.Collections.Concurrent;
namespace StellaOps.Platform.WebService.Services;

7
src/Platform/StellaOps.Platform.WebService/Services/PlatformAnalyticsDataSource.cs
View File

@@ -1,10 +1,11 @@
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Npgsql;
using StellaOps.Platform.WebService.Options;
using System;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Services;

5
src/Platform/StellaOps.Platform.WebService/Services/PlatformAnalyticsMaintenanceExecutor.cs
View File

@@ -1,8 +1,9 @@
using Microsoft.Extensions.Logging;
using Npgsql;
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Npgsql;
namespace StellaOps.Platform.WebService.Services;

7
src/Platform/StellaOps.Platform.WebService/Services/PlatformAnalyticsMaintenanceService.cs
View File

@@ -1,10 +1,11 @@
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Options;
using System;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Services;

5
src/Platform/StellaOps.Platform.WebService/Services/PlatformAnalyticsQueryExecutor.cs
View File

@@ -1,10 +1,11 @@
using Npgsql;
using StellaOps.Platform.WebService.Contracts;
using System;
using System.Collections.Generic;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
using Npgsql;
using StellaOps.Platform.WebService.Contracts;
namespace StellaOps.Platform.WebService.Services;

9
src/Platform/StellaOps.Platform.WebService/Services/PlatformAnalyticsService.cs
View File

@@ -1,11 +1,12 @@
using System;
using System.Collections.Generic;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
using System;
using System.Collections.Generic;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Services;

3
src/Platform/StellaOps.Platform.WebService/Services/PlatformCache.cs
View File

@@ -1,7 +1,8 @@
using Microsoft.Extensions.Caching.Memory;
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Caching.Memory;
namespace StellaOps.Platform.WebService.Services;

9
src/Platform/StellaOps.Platform.WebService/Services/PlatformHealthService.cs
View File

@@ -1,12 +1,13 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
namespace StellaOps.Platform.WebService.Services;

9
src/Platform/StellaOps.Platform.WebService/Services/PlatformMetadataService.cs
View File

@@ -1,11 +1,12 @@
using System;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
using System;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Services;

5
src/Platform/StellaOps.Platform.WebService/Services/PlatformOnboardingService.cs
View File

@@ -1,11 +1,12 @@
using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Contracts;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Contracts;
namespace StellaOps.Platform.WebService.Services;

5
src/Platform/StellaOps.Platform.WebService/Services/PlatformPreferencesService.cs
View File

@@ -1,3 +1,6 @@
using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Contracts;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
@@ -5,8 +8,6 @@ using System.Linq;
using System.Text.Json.Nodes;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Contracts;
namespace StellaOps.Platform.WebService.Services;

9
src/Platform/StellaOps.Platform.WebService/Services/PlatformQuotaService.cs
View File

@@ -1,13 +1,14 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
namespace StellaOps.Platform.WebService.Services;

3
src/Platform/StellaOps.Platform.WebService/Services/PlatformRequestContextResolver.cs
View File

@@ -1,6 +1,7 @@
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
using StellaOps.Auth.Abstractions;
using System.Security.Claims;
namespace StellaOps.Platform.WebService.Services;

9
src/Platform/StellaOps.Platform.WebService/Services/PlatformSearchService.cs
View File

@@ -1,12 +1,13 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Platform.WebService.Options;
namespace StellaOps.Platform.WebService.Services;

5
src/Platform/StellaOps.Platform.WebService/Services/PlatformSetupService.cs
View File

@@ -3,6 +3,9 @@
// Sprint: SPRINT_20260112_004_PLATFORM_setup_wizard_backend (PLATFORM-SETUP-002)
// Task: Implement PlatformSetupService with tenant scoping, TimeProvider injection, and data-as-of metadata
using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Contracts;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
@@ -11,8 +14,6 @@ using System.Globalization;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Contracts;
namespace StellaOps.Platform.WebService.Services;

3
src/Platform/StellaOps.Platform.WebService/Services/PolicyInteropService.cs
View File

@@ -3,13 +3,14 @@
// Sprint: SPRINT_20260122_041_Policy_interop_import_export_rego
// Task: TASK-07 - Platform API Endpoints
using System.Text.Json;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Policy.Interop.Abstractions;
using StellaOps.Policy.Interop.Contracts;
using StellaOps.Policy.Interop.Export;
using StellaOps.Policy.Interop.Import;
using StellaOps.Policy.Interop.Rego;
using System.Text.Json;
namespace StellaOps.Platform.WebService.Services;

5
src/Platform/StellaOps.Platform.WebService/Services/ScoreEvaluationService.cs
View File

@@ -4,13 +4,14 @@
// Task: TSF-005 - Platform API Endpoints (Score Evaluate)
// Task: TSF-011 - Score Replay & Verification Endpoint
using System.Security.Cryptography;
using System.Text;
using Microsoft.Extensions.Logging;
using StellaOps.Platform.WebService.Contracts;
using StellaOps.Signals.EvidenceWeightedScore;
using StellaOps.Signals.UnifiedScore;
using StellaOps.Signals.UnifiedScore.Replay;
using System.Security.Cryptography;
using System.Text;
namespace StellaOps.Platform.WebService.Services;

1
src/Platform/StellaOps.Platform.WebService/TASKS.md
View File

@@ -16,3 +16,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
| TASK-030-012 | BLOCKED | CVE exposure view delivered; validation blocked pending ingestion datasets. |
| TASK-030-013 | BLOCKED | Attestation coverage view delivered; validation blocked pending ingestion datasets. |
| TASK-030-017 | BLOCKED | Stored procedures delivered; validation blocked pending ingestion datasets. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

5
src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/018_AnalyticsVexOverrides.sql
View File

@@ -33,6 +33,9 @@ CREATE INDEX IF NOT EXISTS ix_vex_overrides_vuln
CREATE INDEX IF NOT EXISTS ix_vex_overrides_status
ON analytics.vex_overrides(status);
-- Partial index for active overrides. Time-based filtering (valid_until > now())
-- cannot be used in index predicates because now() is STABLE, not IMMUTABLE.
-- Queries must apply the time filter at runtime.
CREATE INDEX IF NOT EXISTS ix_vex_overrides_active
ON analytics.vex_overrides(artifact_id, vuln_id)
WHERE valid_until IS NULL OR valid_until > now();
WHERE valid_until IS NULL;

16
src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/020_AnalyticsRollups.sql
View File

@@ -6,7 +6,7 @@
CREATE TABLE IF NOT EXISTS analytics.daily_vulnerability_counts (
snapshot_date DATE NOT NULL,
environment TEXT NOT NULL,
team TEXT,
team TEXT NOT NULL DEFAULT '',
severity analytics_severity NOT NULL,
total_vulns INT NOT NULL,
fixable_vulns INT NOT NULL,
@@ -16,7 +16,7 @@ CREATE TABLE IF NOT EXISTS analytics.daily_vulnerability_counts (
affected_artifacts INT NOT NULL,
affected_components INT NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
PRIMARY KEY (snapshot_date, environment, COALESCE(team, ''), severity)
PRIMARY KEY (snapshot_date, environment, team, severity)
);
CREATE INDEX IF NOT EXISTS ix_daily_vuln_counts_date
@@ -28,13 +28,13 @@ CREATE INDEX IF NOT EXISTS ix_daily_vuln_counts_env
CREATE TABLE IF NOT EXISTS analytics.daily_component_counts (
snapshot_date DATE NOT NULL,
environment TEXT NOT NULL,
team TEXT,
team TEXT NOT NULL DEFAULT '',
license_category analytics_license_category NOT NULL,
component_type analytics_component_type NOT NULL,
total_components INT NOT NULL,
unique_suppliers INT NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
PRIMARY KEY (snapshot_date, environment, COALESCE(team, ''), license_category, component_type)
PRIMARY KEY (snapshot_date, environment, team, license_category, component_type)
);
CREATE INDEX IF NOT EXISTS ix_daily_comp_counts_date
@@ -51,7 +51,7 @@ BEGIN
SELECT
p_date,
a.environment,
a.team,
COALESCE(a.team, '') AS team,
cv.severity,
COUNT(*) AS total_vulns,
COUNT(*) FILTER (WHERE cv.fix_available = TRUE) AS fixable_vulns,
@@ -68,7 +68,7 @@ BEGIN
JOIN analytics.artifact_components ac ON ac.artifact_id = a.artifact_id
JOIN analytics.component_vulns cv ON cv.component_id = ac.component_id AND cv.affects = TRUE
GROUP BY a.environment, a.team, cv.severity
ON CONFLICT (snapshot_date, environment, COALESCE(team, ''), severity)
ON CONFLICT (snapshot_date, environment, team, severity)
DO UPDATE SET
total_vulns = EXCLUDED.total_vulns,
fixable_vulns = EXCLUDED.fixable_vulns,
@@ -86,7 +86,7 @@ BEGIN
SELECT
p_date,
a.environment,
a.team,
COALESCE(a.team, '') AS team,
c.license_category,
c.component_type,
COUNT(DISTINCT c.component_id) AS total_components,
@@ -95,7 +95,7 @@ BEGIN
JOIN analytics.artifact_components ac ON ac.artifact_id = a.artifact_id
JOIN analytics.components c ON c.component_id = ac.component_id
GROUP BY a.environment, a.team, c.license_category, c.component_type
ON CONFLICT (snapshot_date, environment, COALESCE(team, ''), license_category, component_type)
ON CONFLICT (snapshot_date, environment, team, license_category, component_type)
DO UPDATE SET
total_components = EXCLUDED.total_components,
unique_suppliers = EXCLUDED.unique_suppliers,

8
src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/025_AnalyticsRollupRetention.sql
View File

@@ -13,7 +13,7 @@ BEGIN
SELECT
p_date,
a.environment,
a.team,
COALESCE(a.team, '') AS team,
cv.severity,
COUNT(*) AS total_vulns,
COUNT(*) FILTER (WHERE cv.fix_available = TRUE) AS fixable_vulns,
@@ -30,7 +30,7 @@ BEGIN
JOIN analytics.artifact_components ac ON ac.artifact_id = a.artifact_id
JOIN analytics.component_vulns cv ON cv.component_id = ac.component_id AND cv.affects = TRUE
GROUP BY a.environment, a.team, cv.severity
ON CONFLICT (snapshot_date, environment, COALESCE(team, ''), severity)
ON CONFLICT (snapshot_date, environment, team, severity)
DO UPDATE SET
total_vulns = EXCLUDED.total_vulns,
fixable_vulns = EXCLUDED.fixable_vulns,
@@ -48,7 +48,7 @@ BEGIN
SELECT
p_date,
a.environment,
a.team,
COALESCE(a.team, '') AS team,
c.license_category,
c.component_type,
COUNT(DISTINCT c.component_id) AS total_components,
@@ -57,7 +57,7 @@ BEGIN
JOIN analytics.artifact_components ac ON ac.artifact_id = a.artifact_id
JOIN analytics.components c ON c.component_id = ac.component_id
GROUP BY a.environment, a.team, c.license_category, c.component_type
ON CONFLICT (snapshot_date, environment, COALESCE(team, ''), license_category, component_type)
ON CONFLICT (snapshot_date, environment, team, license_category, component_type)
DO UPDATE SET
total_components = EXCLUDED.total_components,
unique_suppliers = EXCLUDED.unique_suppliers,

8
src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/026_AnalyticsRollupVexValidity.sql
View File

@@ -13,7 +13,7 @@ BEGIN
SELECT
p_date,
a.environment,
a.team,
COALESCE(a.team, '') AS team,
cv.severity,
COUNT(*) AS total_vulns,
COUNT(*) FILTER (WHERE cv.fix_available = TRUE) AS fixable_vulns,
@@ -33,7 +33,7 @@ BEGIN
JOIN analytics.artifact_components ac ON ac.artifact_id = a.artifact_id
JOIN analytics.component_vulns cv ON cv.component_id = ac.component_id AND cv.affects = TRUE
GROUP BY a.environment, a.team, cv.severity
ON CONFLICT (snapshot_date, environment, COALESCE(team, ''), severity)
ON CONFLICT (snapshot_date, environment, team, severity)
DO UPDATE SET
total_vulns = EXCLUDED.total_vulns,
fixable_vulns = EXCLUDED.fixable_vulns,
@@ -51,7 +51,7 @@ BEGIN
SELECT
p_date,
a.environment,
a.team,
COALESCE(a.team, '') AS team,
c.license_category,
c.component_type,
COUNT(DISTINCT c.component_id) AS total_components,
@@ -60,7 +60,7 @@ BEGIN
JOIN analytics.artifact_components ac ON ac.artifact_id = a.artifact_id
JOIN analytics.components c ON c.component_id = ac.component_id
GROUP BY a.environment, a.team, c.license_category, c.component_type
ON CONFLICT (snapshot_date, environment, COALESCE(team, ''), license_category, component_type)
ON CONFLICT (snapshot_date, environment, team, license_category, component_type)
DO UPDATE SET
total_components = EXCLUDED.total_components,
unique_suppliers = EXCLUDED.unique_suppliers,

5
src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/028_AnalyticsVexOverrideActiveIndex.sql
View File

@@ -4,5 +4,8 @@
DROP INDEX IF EXISTS ix_vex_overrides_active;
-- Partial index for active overrides: valid_until IS NULL means indefinitely active.
-- Time-based filtering (valid_from <= now()) cannot be used in index predicates because
-- now() is STABLE, not IMMUTABLE. Queries should apply the time filter at runtime.
CREATE INDEX IF NOT EXISTS ix_vex_overrides_active ON analytics.vex_overrides (artifact_id, vuln_id)
WHERE valid_from <= now() AND (valid_until IS NULL OR valid_until > now());
WHERE valid_until IS NULL;

6
src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/041_AnalyticsDeterministicArrays.sql
View File

@@ -48,6 +48,9 @@ CREATE UNIQUE INDEX IF NOT EXISTS ix_mv_license_distribution_license
CREATE INDEX IF NOT EXISTS ix_mv_license_distribution_component_count
ON analytics.mv_license_distribution (component_count DESC);
-- Drop the old 1-parameter overload from migration 023 to avoid ambiguous calls.
DROP FUNCTION IF EXISTS analytics.sp_top_suppliers(INT);
CREATE OR REPLACE FUNCTION analytics.sp_top_suppliers(
p_limit INT DEFAULT 20,
p_environment TEXT DEFAULT NULL
@@ -101,6 +104,9 @@ BEGIN
END;
$$ LANGUAGE plpgsql STABLE;
-- Drop the old 0-parameter overload from migration 023 to avoid ambiguous calls.
DROP FUNCTION IF EXISTS analytics.sp_license_heatmap();
CREATE OR REPLACE FUNCTION analytics.sp_license_heatmap(p_environment TEXT DEFAULT NULL)
RETURNS JSON AS $$
DECLARE

7
src/Platform/__Libraries/StellaOps.Platform.Database/ReleaseMigrationRunner.cs
View File

@@ -1,8 +1,9 @@
namespace StellaOps.Platform.Database;
using System.Reflection;
using Microsoft.Extensions.Logging;
using StellaOps.Infrastructure.Postgres.Migrations;
using System.Reflection;
namespace StellaOps.Platform.Database;
/// <summary>
/// Migration runner for the Release Orchestrator schema.

5
src/Platform/__Libraries/StellaOps.Platform.Database/ServiceCollectionExtensions.cs
View File

@@ -1,8 +1,9 @@
namespace StellaOps.Platform.Database;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
namespace StellaOps.Platform.Database;
/// <summary>
/// Extension methods for registering Release Orchestrator database services.
/// </summary>

8
src/Platform/__Libraries/StellaOps.Platform.Database/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Platform.Database Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Platform/__Libraries/StellaOps.Platform.Database/StellaOps.Platform.Database.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

130
src/Platform/__Tests/StellaOps.Platform.Analytics.Tests/AnalyticsSchemaIntegrationTests.cs
View File

@@ -26,8 +26,11 @@ namespace StellaOps.Platform.Analytics.Tests;
[Collection("Postgres")]
public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
{
private static readonly SemaphoreSlim s_migrationLock = new(1, 1);
private static bool s_migrated;
private static bool s_seeded;
private readonly PostgresFixture _fixture;
private PostgresTestSession? _session;
private string _connectionString = string.Empty;
private readonly string _migrationsPath;
@@ -40,31 +43,31 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
public async ValueTask InitializeAsync()
{
// Register all analytics migrations
var migrationFiles = Directory.GetFiles(_migrationsPath, "*.sql")
.Where(f => Path.GetFileName(f).StartsWith("0"))
.OrderBy(f => f)
.ToList();
foreach (var migration in migrationFiles)
// Ensure analytics schema and prerequisites are created exactly once across all tests.
// All tests share the same analytics schema (migrations create objects in analytics.*,
// not in per-test schemas).
await s_migrationLock.WaitAsync();
try
{
_fixture.RegisterMigrations("Platform", migration);
if (!s_migrated)
{
await CreateSharedPrerequisitesAsync();
// Use the fixture's base connection for one-time schema setup
await ApplyAnalyticsMigrationsToFixtureAsync();
s_migrated = true;
}
}
finally
{
s_migrationLock.Release();
}
_session = await _fixture.CreateSessionAsync("analytics_schema");
_connectionString = _session.ConnectionString;
// Apply analytics schema (migrations 012-043)
await ApplyAnalyticsMigrationsAsync();
// Use the fixture's base connection directly since all tests share the
// analytics schema (not per-test schemas).
_connectionString = _fixture.ConnectionString;
}
public async ValueTask DisposeAsync()
{
if (_session is not null)
{
await _session.DisposeAsync();
}
}
public ValueTask DisposeAsync() => ValueTask.CompletedTask;
#region Schema Validation Tests
@@ -98,7 +101,8 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
"component_vulns",
"attestations",
"vex_overrides",
"rollups"
"daily_vulnerability_counts",
"daily_component_counts"
};
await using var conn = new NpgsqlConnection(_connectionString);
@@ -318,7 +322,7 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
await conn.OpenAsync();
var sql = """
SELECT license_category, SUM(component_count) as total
SELECT license_category::TEXT, SUM(component_count) as total
FROM analytics.mv_license_distribution
GROUP BY license_category
""";
@@ -678,12 +682,39 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
#region Helper Methods
private async Task ApplyAnalyticsMigrationsAsync()
private async Task CreateSharedPrerequisitesAsync()
{
await using var conn = new NpgsqlConnection(_connectionString);
var sql = """
CREATE SCHEMA IF NOT EXISTS shared;
CREATE TABLE IF NOT EXISTS shared.tenants (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name TEXT NOT NULL,
is_default BOOLEAN NOT NULL DEFAULT false,
created_at TIMESTAMPTZ NOT NULL DEFAULT now()
);
INSERT INTO shared.tenants (id, name, is_default)
VALUES ('10000000-0000-0000-0000-000000000001'::UUID, 'Test Tenant', true)
ON CONFLICT (id) DO NOTHING;
""";
await _fixture.ExecuteSqlAsync(sql);
}
private async Task ApplyAnalyticsMigrationsToFixtureAsync()
{
await using var conn = new NpgsqlConnection(_fixture.ConnectionString);
await conn.OpenAsync();
// Only apply analytics-specific migrations (012+).
// Migrations 001-011 create the release/workflow/evidence schemas which are
// not needed for analytics tests and contain multi-schema SQL that can fail
// when run in isolation.
var migrationFiles = Directory.GetFiles(_migrationsPath, "*.sql")
.Where(f =>
{
var name = Path.GetFileName(f);
return string.Compare(name, "012", StringComparison.Ordinal) >= 0;
})
.OrderBy(f => f)
.ToList();
@@ -697,19 +728,46 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
{
await cmd.ExecuteNonQueryAsync();
}
catch (PostgresException ex) when (ex.SqlState == "42P07" || ex.SqlState == "42710")
catch (PostgresException ex) when (ex.SqlState is "42P07" or "42710")
{
// Ignore "already exists" errors (42P07 = relation exists, 42710 = object exists)
// 42P07 = relation already exists, 42710 = object already exists
}
catch (PostgresException ex)
{
System.Diagnostics.Debug.WriteLine(
$"Migration warning: {Path.GetFileName(migrationFile)} " +
$"[{ex.SqlState}] at position {ex.Position}: {ex.MessageText}");
// Continue with remaining migrations - some may have PG version-specific
// syntax or cross-schema dependencies that don't apply in test isolation.
}
}
}
private async Task SeedTestDataAsync()
{
// Seed data only once across all tests sharing the same database.
await s_migrationLock.WaitAsync();
try
{
if (s_seeded) return;
await SeedTestDataCoreAsync();
s_seeded = true;
}
finally
{
s_migrationLock.Release();
}
}
private async Task SeedTestDataCoreAsync()
{
await using var conn = new NpgsqlConnection(_connectionString);
await conn.OpenAsync();
// Seed components with various suppliers and licenses
// Seed components with various suppliers and licenses.
// Use ON CONFLICT (component_id) because UNIQUE(purl, hash_sha256) does not
// match when hash_sha256 is NULL (NULLs are never equal in SQL).
var componentsSql = """
INSERT INTO analytics.components
(component_id, purl, purl_type, purl_name, name, version, supplier, supplier_normalized,
@@ -726,7 +784,7 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
'2.31.0', 'Python Software Foundation', 'python software foundation', 'Apache-2.0', 'permissive', 'library'),
('55555555-5555-5555-5555-555555555555', 'pkg:npm/react@18.2.0', 'npm', 'react', 'react', '18.2.0',
'Meta Platforms Inc.', 'meta platforms', 'MIT', 'permissive', 'framework')
ON CONFLICT (purl, hash_sha256) DO NOTHING
ON CONFLICT (component_id) DO NOTHING
""";
await using var compCmd = new NpgsqlCommand(componentsSql, conn);
@@ -746,7 +804,7 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
'sha256:data789', 'staging', 'data-team', FALSE, 0, 28),
('dddddddd-dddd-dddd-dddd-dddddddddddd', 'container', 'auth-service', '3.0.0',
'sha256:auth012', 'production', 'security-team', TRUE, 3, 15)
ON CONFLICT (digest) DO NOTHING
ON CONFLICT (artifact_id) DO NOTHING
""";
await using var artCmd = new NpgsqlCommand(artifactsSql, conn);
@@ -792,13 +850,13 @@ public sealed class AnalyticsSchemaIntegrationTests : IAsyncLifetime
// Seed attestations
var attestationsSql = """
INSERT INTO analytics.attestations
(artifact_id, predicate_type, digest, signed_at)
(artifact_id, predicate_type, predicate_uri, dsse_payload_hash, statement_time)
VALUES
('aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa', 'sbom', 'sha256:sbom1', now()),
('aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa', 'provenance', 'sha256:prov1', now()),
('bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb', 'sbom', 'sha256:sbom2', now()),
('dddddddd-dddd-dddd-dddd-dddddddddddd', 'vex', 'sha256:vex1', now())
ON CONFLICT DO NOTHING
('aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa', 'sbom', 'https://spdx.dev/Document', 'sha256:sbom1', now()),
('aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa', 'provenance', 'https://slsa.dev/provenance/v1', 'sha256:prov1', now()),
('bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb', 'sbom', 'https://spdx.dev/Document', 'sha256:sbom2', now()),
('dddddddd-dddd-dddd-dddd-dddddddddddd', 'vex', 'https://openvex.dev/ns/v0.2.0', 'sha256:vex1', now())
ON CONFLICT (dsse_payload_hash) DO NOTHING
""";
await using var attCmd = new NpgsqlCommand(attestationsSql, conn);

8
src/Platform/__Tests/StellaOps.Platform.Analytics.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Platform.Analytics.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Platform/__Tests/StellaOps.Platform.Analytics.Tests/StellaOps.Platform.Analytics.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

1
src/Platform/__Tests/StellaOps.Platform.WebService.Tests/TASKS.md
View File

@@ -9,3 +9,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
| AUDIT-0762-T | DONE | Revalidated 2026-01-07. |
| AUDIT-0762-A | DONE | Waived (test project; revalidated 2026-01-07). |
| TASK-030-019 | BLOCKED | Added analytics maintenance + cache normalization + query executor tests; analytics schema fixtures blocked by ingestion dependencies. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |