stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/VexLens/StellaOps.VexLens/TASKS.md
View File

@@ -1,34 +0,0 @@
# VEX Lens Task Board — Epic 7: VEX Consensus Lens
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| VEXLENS-30-001 | TODO | VEX Lens Guild | EXCITITOR-LNM-21-001, CONCELIER-LNM-21-001 | Implement normalization pipeline for CSAF VEX, OpenVEX, CycloneDX VEX (status mapping, justification mapping, product tree parsing). | Normalization outputs deterministic canonical JSON; fixtures cover formats; unit tests pass. |
| VEXLENS-30-002 | TODO | VEX Lens Guild | VEXLENS-30-001, SBOM-VULN-29-001 | Build product mapping library (CPE/CPE2.3/vendor tokens → purl/version) with scope quality scoring and path metadata. | Mapping library handles target ecosystems with property tests; scope scores recorded; docs updated. |
| VEXLENS-30-003 | TODO | VEX Lens Guild, Issuer Directory Guild | ISSUER-30-001 | Integrate signature verification (Ed25519, DSSE, PKIX) using issuer keys, annotate evidence with verification state and failure reasons. | Signatures verified; failures logged; tests cover signed/unsigned/expired cases. |
| VEXLENS-30-004 | TODO | VEX Lens Guild, Policy Guild | POLICY-ENGINE-30-101 | Implement trust weighting engine (issuer base weights, signature modifiers, recency decay, justification modifiers, scope score adjustments) controlled by policy config. | Weighting functions configurable; policy overrides applied; unit tests validate formulas. |
| VEXLENS-30-005 | TODO | VEX Lens Guild | VEXLENS-30-001..004 | Implement consensus algorithm producing `consensus_state`, `confidence`, `weights`, `quorum`, `rationale`; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE. | Algorithm deterministic; unit/property tests cover conflict scenarios; rationale includes top evidences; docs drafted. |
| VEXLENS-30-006 | TODO | VEX Lens Guild, Findings Ledger Guild | VEXLENS-30-005, LEDGER-29-003 | Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers. | Projection generated for fixtures; backpressure metrics recorded; replay harness passes. |
| VEXLENS-30-007 | TODO | VEX Lens Guild | VEXLENS-30-006 | Expose APIs (`/vex/consensus`, `/vex/consensus/query`, `/vex/consensus/{id}`, `/vex/consensus/simulate`, `/vex/consensus/export`) with pagination, cost budgets, and OpenAPI docs. | APIs deployed with schema validation; integration tests cover filters/simulation/export; rate limits enforced. |
| VEXLENS-30-008 | TODO | VEX Lens Guild, Policy Guild | VEXLENS-30-006, POLICY-ENGINE-30-101 | Integrate consensus signals with Policy Engine (thresholds, suppression, simulation inputs) and Vuln Explorer detail view. | Policy consumes consensus via documented contract; Vuln Explorer shows consensus chip; e2e tests confirm suppression behavior. |
| VEXLENS-30-009 | TODO | VEX Lens Guild, Observability Guild | VEXLENS-30-006..008 | Instrument metrics (`vex_consensus_compute_latency`, `vex_consensus_disputed_total`, `vex_signature_verification_rate`), structured logs, and traces; publish dashboards/alerts. | Metrics/traces live; dashboards approved; alert thresholds configured. |
| VEXLENS-30-010 | TODO | VEX Lens Guild, QA Guild | VEXLENS-30-001..008 | Develop unit/property/integration/load tests (10M records), determinism harness, fuzz testing for malformed product trees. | Test suites green; load tests documented; determinism harness validated across two runs. |
| VEXLENS-30-011 | TODO | VEX Lens Guild, DevOps Guild | VEXLENS-30-006..009 | Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks. | Deployment docs merged; smoke deploy validated; offline kit updated; runbooks published. |
## Advisory AI (Sprint 31)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| VEXLENS-AIAI-31-001 | TODO | VEX Lens Guild | VEXLENS-30-005 | Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations. | API returns structured factors; docs updated; integration tests cover tuples. |
| VEXLENS-AIAI-31-002 | TODO | VEX Lens Guild | VEXLENS-30-006 | Provide caching hooks for consensus lookups used by Advisory AI (batch endpoints, TTL hints). | Batch API published; caches instrumented; telemetry recorded. |
## Orchestrator Dashboard
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| VEXLENS-ORCH-33-001 | TODO | VEX Lens Guild | ORCH-SVC-32-001, ORCH-SVC-32-003, ORCH-SVC-33-001 | Register `consensus_compute` job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches. | Job type documented; worker consumes orchestrator jobs; tests cover pause/retry; metrics exported. |
| VEXLENS-ORCH-34-001 | TODO | VEX Lens Guild | VEXLENS-ORCH-33-001, ORCH-SVC-34-002, ORCH-SVC-34-001 | Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata. | Ledger export includes consensus entries; events contain provenance; integration tests validate chain; docs cross-link to run-ledger. |
## Export Center (Epic 10)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| VEXLENS-EXPORT-35-001 | TODO | VEX Lens Guild | VEXLENS-30-006, LEDGER-EXPORT-35-001 | Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles. | Snapshot endpoint deployed; determinism tests pass; schema documented; metrics/logs instrumented. |