stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

stabilize tests

Browse Source
This commit is contained in:
master
2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Policy/StellaOps.Policy.Gateway/AGENTS.md
View File

@@ -1,4 +1,4 @@
# StellaOps.Policy.Gateway AGENTS Charter
# StellaOps.Policy.Gateway ??? AGENTS Charter
## Working Directory & Mission
- Working directory: `src/Policy/StellaOps.Policy.Gateway/**`.
@@ -12,8 +12,8 @@
- `docs/modules/policy/architecture.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/cvss-v4.md`
- `docs/product/advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md`
- Sprint tracker: `docs/implplan/SPRINT_0190_0001_0001_cvss_v4_receipts.md`
- `docs-archived/product/advisories/27-Nov-2025-superseded/`
- Sprint tracker: `docs-archived/implplan/SPRINT_0190_0001_0001_cvss_v4_receipts.md`
## Working Agreements
- Enforce tenant isolation and `policy:*`/`cvss:*`/`effective:write` scopes on all endpoints.
@@ -25,3 +25,4 @@
## Testing
- Prefer integration tests via WebApplicationFactory (in a `StellaOps.Policy.Gateway.Tests` project) covering auth, tenancy, determinism, DSSE presence, and schema validation.
- No network; seed deterministic fixtures; assert consistent hashes across runs.

13
src/Policy/StellaOps.Policy.Gateway/Clients/PolicyEngineClient.cs
View File

@@ -1,9 +1,4 @@
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Net.Http.Json;
using System.Text.Json;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
@@ -14,6 +9,12 @@ using StellaOps.Policy.Gateway.Options;
using StellaOps.Policy.Gateway.Services;
using StellaOps.Policy.Scoring;
using StellaOps.Policy.Scoring.Receipts;
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Net.Http.Json;
using System.Text.Json;
namespace StellaOps.Policy.Gateway.Clients;

3
src/Policy/StellaOps.Policy.Gateway/Clients/PolicyEngineResponse.cs
View File

@@ -1,5 +1,6 @@
using System.Net;
using Microsoft.AspNetCore.Mvc;
using System.Net;
namespace StellaOps.Policy.Gateway.Clients;

5
src/Policy/StellaOps.Policy.Gateway/Clients/PolicyEngineResponseExtensions.cs
View File

@@ -1,7 +1,8 @@
using System;
using System.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Net;
namespace StellaOps.Policy.Gateway.Clients;

7
src/Policy/StellaOps.Policy.Gateway/Contracts/CvssContracts.cs
View File

@@ -1,9 +1,10 @@
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using StellaOps.Attestor.Envelope;
using StellaOps.Policy.Scoring;
using StellaOps.Policy.Scoring.Receipts;
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
namespace StellaOps.Policy.Gateway.Contracts;

3
src/Policy/StellaOps.Policy.Gateway/Contracts/DeltaContracts.cs
View File

@@ -2,9 +2,10 @@
// Sprint: SPRINT_4100_0004_0001 - Security State Delta & Verdict
// Task: T6 - Add Delta API endpoints
using System.ComponentModel.DataAnnotations;
using PolicyDeltaSummary = StellaOps.Policy.Deltas.DeltaSummary;
using StellaOps.Policy.Deltas;
using System.ComponentModel.DataAnnotations;
namespace StellaOps.Policy.Gateway.Contracts;

3
src/Policy/StellaOps.Policy.Gateway/Endpoints/ExceptionApprovalEndpoints.cs
View File

@@ -2,13 +2,14 @@
// Sprint: SPRINT_20251226_003_BE_exception_approval
// Task: EXCEPT-05, EXCEPT-06, EXCEPT-07 - Exception approval API endpoints
using System.Text.Json;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Policy.Engine.Services;
using StellaOps.Policy.Persistence.Postgres.Models;
using StellaOps.Policy.Persistence.Postgres.Repositories;
using System.Text.Json;
namespace StellaOps.Policy.Gateway.Endpoints;

5
src/Policy/StellaOps.Policy.Gateway/Endpoints/ExceptionEndpoints.cs
View File

@@ -3,14 +3,15 @@
// Licensed under the BUSL-1.1 license.
// </copyright>
using System.Collections.Immutable;
using System.Security.Claims;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Policy.Exceptions.Models;
using StellaOps.Policy.Exceptions.Repositories;
using StellaOps.Policy.Gateway.Contracts;
using System.Collections.Immutable;
using System.Security.Claims;
namespace StellaOps.Policy.Gateway.Endpoints;

3
src/Policy/StellaOps.Policy.Gateway/Endpoints/GatesEndpoints.cs
View File

@@ -5,7 +5,7 @@
// Description: REST endpoint for gate check with unknowns state
// -----------------------------------------------------------------------------
using System.Text.Json.Serialization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
@@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Caching.Memory;
using StellaOps.Policy.Gates;
using StellaOps.Policy.Persistence.Postgres.Repositories;
using System.Text.Json.Serialization;
namespace StellaOps.Policy.Gateway.Endpoints;

3
src/Policy/StellaOps.Policy.Gateway/Endpoints/GovernanceEndpoints.cs
View File

@@ -2,10 +2,11 @@
// Sprint: SPRINT_20251229_021a_FE_policy_governance_controls
// Task: GOV-018 - Sealed mode overrides and risk profile events endpoints
using Microsoft.AspNetCore.Mvc;
using System.Collections.Concurrent;
using System.Globalization;
using System.Text.Json;
using Microsoft.AspNetCore.Mvc;
namespace StellaOps.Policy.Gateway.Endpoints;

5
src/Policy/StellaOps.Policy.Gateway/Endpoints/RegistryWebhookEndpoints.cs
View File

@@ -5,11 +5,12 @@
// Description: Receives webhooks from container registries and triggers gate evaluation
// -----------------------------------------------------------------------------
using System.Text.Json;
using System.Text.Json.Serialization;
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Policy.Engine.Gates;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace StellaOps.Policy.Gateway.Endpoints;

1
src/Policy/StellaOps.Policy.Gateway/Endpoints/ScoreGateEndpoints.cs
View File

@@ -3,6 +3,7 @@
// Sprint: SPRINT_20260118_030_LIB_verdict_rekor_gate_api
// Task: TASK-030-006 - Gate Decision API Endpoint
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;

9
src/Policy/StellaOps.Policy.Gateway/Endpoints/ToolLatticeEndpoints.cs
View File

@@ -1,12 +1,13 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Policy.Gateway.Contracts;
using StellaOps.Policy.ToolLattice;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
namespace StellaOps.Policy.Gateway.Endpoints;

3
src/Policy/StellaOps.Policy.Gateway/Infrastructure/GatewayForwardingContext.cs
View File

@@ -1,6 +1,7 @@
using Microsoft.AspNetCore.Http;
using System;
using System.Net.Http;
using Microsoft.AspNetCore.Http;
namespace StellaOps.Policy.Gateway.Infrastructure;

5
src/Policy/StellaOps.Policy.Gateway/Options/PolicyGatewayOptions.cs
View File

@@ -1,8 +1,9 @@
using Microsoft.Extensions.Logging;
using StellaOps.Auth.Abstractions;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using Microsoft.Extensions.Logging;
using StellaOps.Auth.Abstractions;
namespace StellaOps.Policy.Gateway.Options;

25
src/Policy/StellaOps.Policy.Gateway/Program.cs
View File

@@ -1,33 +1,34 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Http;
using System.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using NetEscapades.Configuration.Yaml;
using Polly;
using Polly.Extensions.Http;
using StellaOps.AirGap.Policy;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.Client;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Configuration;
using StellaOps.Determinism;
using StellaOps.Policy.Deltas;
using StellaOps.Policy.Engine.Gates;
using StellaOps.Policy.Gateway.Clients;
using StellaOps.Policy.Gateway.Contracts;
using StellaOps.Policy.Gateway.Endpoints;
using StellaOps.Policy.Gateway.Infrastructure;
using StellaOps.Policy.Gateway.Options;
using StellaOps.Policy.Gateway.Services;
using StellaOps.Policy.Deltas;
using StellaOps.Policy.Engine.Gates;
using StellaOps.Policy.Persistence.Postgres;
using StellaOps.Policy.Snapshots;
using StellaOps.Policy.ToolLattice;
using StellaOps.Policy.Persistence.Postgres;
using Polly;
using Polly.Extensions.Http;
using StellaOps.AirGap.Policy;
using StellaOps.Determinism;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Net.Http;
var builder = WebApplication.CreateBuilder(args);

3
src/Policy/StellaOps.Policy.Gateway/Services/ApprovalWorkflowService.cs
View File

@@ -3,10 +3,11 @@
// Licensed under the BUSL-1.1 license.
// </copyright>
using System.Collections.Immutable;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Policy.Exceptions.Models;
using System.Collections.Immutable;
namespace StellaOps.Policy.Gateway.Services;

3
src/Policy/StellaOps.Policy.Gateway/Services/ExceptionExpiryWorker.cs
View File

@@ -3,12 +3,13 @@
// Licensed under the BUSL-1.1 license.
// </copyright>
using System.Diagnostics;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Policy.Exceptions.Models;
using StellaOps.Policy.Exceptions.Repositories;
using System.Diagnostics;
namespace StellaOps.Policy.Gateway.Services;

3
src/Policy/StellaOps.Policy.Gateway/Services/ExceptionQueryService.cs
View File

@@ -3,11 +3,12 @@
// Licensed under the BUSL-1.1 license.
// </copyright>
using System.Collections.Concurrent;
using Microsoft.Extensions.Caching.Memory;
using Microsoft.Extensions.Logging;
using StellaOps.Policy.Exceptions.Models;
using StellaOps.Policy.Exceptions.Repositories;
using System.Collections.Concurrent;
namespace StellaOps.Policy.Gateway.Services;

3
src/Policy/StellaOps.Policy.Gateway/Services/ExceptionService.cs
View File

@@ -3,11 +3,12 @@
// Licensed under the BUSL-1.1 license.
// </copyright>
using System.Collections.Immutable;
using Microsoft.Extensions.Logging;
using StellaOps.Determinism;
using StellaOps.Policy.Exceptions.Models;
using StellaOps.Policy.Exceptions.Repositories;
using System.Collections.Immutable;
namespace StellaOps.Policy.Gateway.Services;

3
src/Policy/StellaOps.Policy.Gateway/Services/InMemoryGateEvaluationQueue.cs
View File

@@ -5,11 +5,12 @@
// Description: In-memory queue for gate evaluation jobs with background processing
// -----------------------------------------------------------------------------
using System.Threading.Channels;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using StellaOps.Policy.Engine.Gates;
using StellaOps.Policy.Gateway.Endpoints;
using System.Threading.Channels;
namespace StellaOps.Policy.Gateway.Services;

9
src/Policy/StellaOps.Policy.Gateway/Services/PolicyEngineTokenProvider.cs
View File

@@ -1,12 +1,13 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Auth.Client;
using StellaOps.Policy.Gateway.Options;
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Auth.Client;
using StellaOps.Policy.Gateway.Options;
namespace StellaOps.Policy.Gateway.Services;

5
src/Policy/StellaOps.Policy.Gateway/Services/PolicyGatewayDpopHandler.cs
View File

@@ -1,7 +1,8 @@
using System;
using System.Net.Http;
using Microsoft.Extensions.Options;
using StellaOps.Policy.Gateway.Options;
using System;
using System.Net.Http;
namespace StellaOps.Policy.Gateway.Services;

13
src/Policy/StellaOps.Policy.Gateway/Services/PolicyGatewayDpopProofGenerator.cs
View File

@@ -1,15 +1,16 @@
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;
using System.IO;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using StellaOps.Determinism;
using StellaOps.Policy.Gateway.Options;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace StellaOps.Policy.Gateway.Services;