stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/implplan/SPRINT_125_policy_reasoning.md
View File

@@ -10,18 +10,18 @@ Focus: Policy & Reasoning focus on Policy (phase III).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| 1 | POLICY-ENGINE-29-003 | TODO | Surface path/scope awareness in determinations (signal optional/dev/test downgrade, runtime boost) for Vuln Explorer display (Deps: POLICY-ENGINE-29-002) | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 2 | POLICY-ENGINE-29-004 | TODO | Add metrics/logs for batch evaluation (latency, queue depth) and simulation diff counts; update dashboards (Deps: POLICY-ENGINE-29-003) | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 3 | POLICY-ENGINE-30-001 | TODO | Define overlay contract for graph nodes/edges (status, severity, rationale refs, path relevance), expose projection API for Cartographer, and document schema versioning (Deps: POLICY-ENGINE-29-004) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 4 | POLICY-ENGINE-30-002 | TODO | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs (Deps: POLICY-ENGINE-30-001) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 5 | POLICY-ENGINE-30-003 | TODO | Emit change events (`policy.effective.updated`) with graph-friendly payloads so Cartographer overlay worker refreshes nodes/edges within 2 minutes (Deps: POLICY-ENGINE-30-002) | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 6 | POLICY-ENGINE-30-101 | TODO | Surface trust weighting configuration (issuer base weights, signature modifiers, recency decay, scope adjustments) for VEX Lens via Policy Studio + API; ensure deterministic evaluation (Deps: POLICY-ENGINE-30-003) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 7 | POLICY-ENGINE-31-001 | TODO | Expose policy knobs for Advisory AI (trust presets, temperature, token limits, plan ranking weights, TTLs) via Policy Studio and config APIs (Deps: POLICY-ENGINE-30-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 8 | POLICY-ENGINE-31-002 | TODO | Provide batch endpoint delivering policy context (thresholds, obligations) consumed by Advisory AI remediation planner (Deps: POLICY-ENGINE-31-001) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 9 | POLICY-ENGINE-32-101 | TODO | Define orchestrator `policy_eval` job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events (Deps: POLICY-ENGINE-31-002) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 10 | POLICY-ENGINE-33-101 | TODO | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics (Deps: POLICY-ENGINE-32-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 11 | POLICY-ENGINE-34-101 | TODO | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger (Deps: POLICY-ENGINE-33-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 12 | POLICY-ENGINE-35-201 | TODO | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption (Deps: POLICY-ENGINE-34-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 13 | POLICY-ENGINE-38-201 | TODO | Emit enriched policy violation events (decision rationale ids, risk bands) via orchestrator event bus for Notifications Studio (Deps: POLICY-ENGINE-35-201) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 14 | POLICY-ENGINE-40-001 | TODO | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies (max, preferred source, policy-defined) (Deps: POLICY-ENGINE-38-201) | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 15 | POLICY-ENGINE-40-002 | TODO | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs (Deps: POLICY-ENGINE-40-001) | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 1 | POLICY-ENGINE-29-003 | TODO | Surface path/scope awareness in determinations (signal optional/dev/test downgrade, runtime boost) for Vuln Explorer display (Deps: POLICY-ENGINE-29-002) | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-ENGINE-29-004 | TODO | Add metrics/logs for batch evaluation (latency, queue depth) and simulation diff counts; update dashboards (Deps: POLICY-ENGINE-29-003) | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-ENGINE-30-001 | TODO | Define overlay contract for graph nodes/edges (status, severity, rationale refs, path relevance), expose projection API for Cartographer, and document schema versioning (Deps: POLICY-ENGINE-29-004) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
| 4 | POLICY-ENGINE-30-002 | TODO | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs (Deps: POLICY-ENGINE-30-001) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
| 5 | POLICY-ENGINE-30-003 | TODO | Emit change events (`policy.effective.updated`) with graph-friendly payloads so Cartographer overlay worker refreshes nodes/edges within 2 minutes (Deps: POLICY-ENGINE-30-002) | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
| 6 | POLICY-ENGINE-30-101 | TODO | Surface trust weighting configuration (issuer base weights, signature modifiers, recency decay, scope adjustments) for VEX Lens via Policy Studio + API; ensure deterministic evaluation (Deps: POLICY-ENGINE-30-003) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 7 | POLICY-ENGINE-31-001 | TODO | Expose policy knobs for Advisory AI (trust presets, temperature, token limits, plan ranking weights, TTLs) via Policy Studio and config APIs (Deps: POLICY-ENGINE-30-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 8 | POLICY-ENGINE-31-002 | TODO | Provide batch endpoint delivering policy context (thresholds, obligations) consumed by Advisory AI remediation planner (Deps: POLICY-ENGINE-31-001) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 9 | POLICY-ENGINE-32-101 | TODO | Define orchestrator `policy_eval` job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events (Deps: POLICY-ENGINE-31-002) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 10 | POLICY-ENGINE-33-101 | TODO | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics (Deps: POLICY-ENGINE-32-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 11 | POLICY-ENGINE-34-101 | TODO | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger (Deps: POLICY-ENGINE-33-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 12 | POLICY-ENGINE-35-201 | TODO | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption (Deps: POLICY-ENGINE-34-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 13 | POLICY-ENGINE-38-201 | TODO | Emit enriched policy violation events (decision rationale ids, risk bands) via orchestrator event bus for Notifications Studio (Deps: POLICY-ENGINE-35-201) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 14 | POLICY-ENGINE-40-001 | TODO | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies (max, preferred source, policy-defined) (Deps: POLICY-ENGINE-38-201) | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine |
| 15 | POLICY-ENGINE-40-002 | TODO | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs (Deps: POLICY-ENGINE-40-001) | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine |