stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/Signals/StellaOps.Signals/TASKS.md
View File

@@ -1,17 +0,0 @@
# Signals Service Task Board — Reachability v1
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| SIGNALS-24-001 | DOING (2025-11-07) | Signals Guild, Authority Guild | AUTH-SIG-26-001 | Stand up Signals API skeleton with RBAC + health checks, sealed-mode config, and DPoP/mTLS plumbing; seed config/tests for `/facts` ingestion. | Host scaffold deployed; `/healthz` and `/facts` endpoints respond with tenant-enforced RBAC; integration tests cover token binding; docs outline bootstrap steps. |
> 2025-11-07: DPoP nonce store wired to Authority preview tenants; `/healthz` + `/facts` smoke tests passing in CI with sealed-mode env.
| SIGNALS-24-002 | DOING (2025-11-07) | Signals Guild | SIGNALS-24-001 | Implement callgraph ingestion/normalisation pipeline (Java/Node/Python/Go), persist artifacts to CAS, and expose retrieval APIs. | Parser fixtures recorded; storage writes deterministic; retries/backoff documented; integration tests cover dedupe and failure paths. |
> 2025-11-07: Java/Node ingestion harness writing CAS blobs locally; Python/Go parsers next along with Mongo upserts.
> 2025-10-29: Skeleton live with scope policies, stub endpoints, integration tests. Sample config added under `etc/signals.yaml.sample`.
> 2025-10-29: JSON parsers for java/nodejs/python/go implemented; artifacts stored on filesystem with SHA-256, callgraphs upserted into Mongo with unique index; integration tests cover success + malformed requests.
| SIGNALS-24-003 | BLOCKED (2025-10-27) | Signals Guild, Runtime Guild | SIGNALS-24-001 | Implement runtime facts ingestion endpoint and normalizer (process, sockets, container metadata) populating `context_facts` with AOC provenance. | Endpoint ingests fixture batches; duplicates deduped; schema enforced; tests cover privacy filters. |
> 2025-10-27: Depends on SIGNALS-24-001 for base API host + authentication plumbing.
| SIGNALS-24-004 | BLOCKED (2025-10-27) | Signals Guild, Data Science | SIGNALS-24-002, SIGNALS-24-003 | Deliver reachability scoring engine producing states/scores and writing to `reachability_facts`; expose configuration for weights. | Scoring engine deterministic; tests cover state transitions; metrics emitted. |
> 2025-10-27: Upstream ingestion pipelines (SIGNALS-24-002/003) blocked; scoring engine cannot proceed.
| SIGNALS-24-005 | BLOCKED (2025-10-27) | Signals Guild, Platform Events Guild | SIGNALS-24-004 | Implement Redis caches (`reachability_cache:*`), invalidation on new facts, and publish `signals.fact.updated` events. | Cache hit rate tracked; invalidations working; events delivered with idempotent ids; integration tests pass. |
> 2025-10-27: Awaiting scoring engine and ingestion layers before wiring cache/events.
| SIGNALS-REACH-201-003 | DOING (2025-11-08) | Signals Guild | SIGNALS-24-002 | Normalize multi-language callgraphs + runtime facts into `reachability_graphs` CAS layout, expose `/graphs/{scanId}` APIs, and document schema validations. | Parser fixtures for JVM/.NET/Go/Node/Rust/Swift pass; CAS manifests stored; API integration tests cover RBAC/tenancy. |
| SIGNALS-REACH-201-004 | DOING (2025-11-08) | Signals Guild, Policy Guild | SIGNALS-24-004 | Build reachability scoring + cache pipeline (state/score/confidence), emit `signals.fact.updated` events, and provide policy-ready projections with reachability weights. | Engine produces deterministic outputs; Redis cache hit metrics tracked; Policy integration tests consume signals successfully. |