stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/TimelineIndexer/StellaOps.TimelineIndexer/TASKS.md
View File

@@ -1,14 +0,0 @@
# Timeline Indexer Task Board — Epic 15: Observability & Forensics
## Sprint 52 Timeline Foundations
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| TIMELINE-OBS-52-001 | TODO | Timeline Indexer Guild | TELEMETRY-OBS-50-001, AUTH-OBS-50-001 | Bootstrap `StellaOps.Timeline.Indexer` service with Postgres migrations for `timeline_events`, `timeline_event_details`, `timeline_event_digests`; enable RLS scaffolding and deterministic migration scripts. | Service builds/tests; migrations replay cleanly; baseline seed fixtures committed; compliance checklist recorded. |
| TIMELINE-OBS-52-002 | TODO | Timeline Indexer Guild | TIMELINE-OBS-52-001, DEVOPS-OBS-50-002 | Implement event ingestion pipeline (NATS/Redis consumers) with ordering guarantees, dedupe on `(event_id, tenant_id)`, correlation to trace IDs, and backpressure metrics. | Ingestion integration tests replay fixture stream; dedupe proven; metrics exposed; failure retries documented. |
| TIMELINE-OBS-52-003 | TODO | Timeline Indexer Guild | TIMELINE-OBS-52-002 | Expose REST/gRPC APIs for timeline queries (`GET /timeline`, `/timeline/{id}`) with filters, pagination, and tenant enforcement. Provide OpenAPI + contract tests. | APIs documented via OpenAPI; tests cover filters/pagination; latency budget <200ms P95 on seeded data; audit logs recorded. |
| TIMELINE-OBS-52-004 | TODO | Timeline Indexer Guild, Security Guild | TIMELINE-OBS-52-001 | Finalize RLS policies, scope checks (`timeline:read`), and audit logging for query access. Include integration tests for cross-tenant isolation and legal hold markers. | RLS proven with failing cross-tenant queries; audit logs include actor/tenant; legal hold flag prevents deletion; docs referenced. |
## Sprint 53 Evidence & Provenance Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| TIMELINE-OBS-53-001 | TODO | Timeline Indexer Guild, Evidence Locker Guild | TIMELINE-OBS-52-003, EVID-OBS-53-002 | Link timeline events to evidence bundle digests + attestation subjects; expose `/timeline/{id}/evidence` endpoint returning signed manifest references. | Endpoint returns evidence references with DSSE metadata; integration test verifies digest match; docs updated. |