stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Zastava/StellaOps.Zastava.Observer/TASKS.md
View File

@@ -1,12 +0,0 @@
# Zastava Observer Task Board
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ZASTAVA-SURFACE-01 | TODO | Zastava Observer Guild | SURFACE-FS-02 | Integrate Surface.FS client for runtime drift detection (lookup cached layer hashes/entry traces). | Observer validates runtime vs cache; integration tests cover drift + cache-miss cases. |
| ZASTAVA-SURFACE-02 | TODO | Zastava Observer Guild | SURFACE-FS-02, ZASTAVA-SURFACE-01 | Adopt Surface manifest reader helpers to resolve `cas://` pointers and surface cache lineage in drift diagnostics. See `docs/modules/scanner/design/surface-fs-consumers.md` §4 for expectations. | Observer fetches manifests via new URI schema; drift diagnostics show manifest provenance; unit/integration tests cover pointer fetch and error fallback. |
| ZASTAVA-ENV-01 | TODO | Zastava Observer Guild | SURFACE-ENV-02 | Adopt Surface.Env helpers for cache endpoints, secret refs, and feature toggles. | Observer configuration centralised; misconfiguration warnings logged; docs updated. |
| ZASTAVA-SECRETS-01 | TODO | Zastava Observer Guild, Security Guild | SURFACE-SECRETS-02 | Retrieve CAS/attestation access via Surface.Secrets instead of inline secret stores. | Secrets resolved through shared provider; rotation/resilience tests pass. |
> 2025-10-24: Observer unit tests pending; `dotnet restore` requires offline copies of `Google.Protobuf`, `Grpc.Net.Client`, `Grpc.Tools` in `local-nuget` before execution can be verified.
| ZASTAVA-REACH-201-001 | TODO | Zastava Observer Guild | SIGNALS-24-001 | Stream runtime symbol hits + EntryTrace shell contexts to Signals `/runtime-facts`, attach build-id metadata, and emit CAS-backed trace blobs per scan/run. Update observer config/runbook references. | Runtime sampler unit/integration tests pass; ND-JSON batches accepted by Signals; docs + configs refreshed. |

9
src/Zastava/StellaOps.Zastava.Webhook/TASKS.md
View File

@@ -1,9 +0,0 @@
# Zastava Webhook Task Board
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ZASTAVA-SURFACE-02 | TODO | Zastava Webhook Guild | SURFACE-FS-02, ZASTAVA-SURFACE-01 | Enforce Surface.FS availability during admission (deny when cache missing/stale) and embed pointer checks in webhook response. | Admission tests cover cache present/missing paths; policy docs updated; metrics emitted. |
| ZASTAVA-ENV-02 | TODO | Zastava Webhook Guild | SURFACE-ENV-02 | Switch to Surface.Env helpers for webhook configuration (cache endpoint, secret refs, feature toggles). | Webhook uses helper; helm/compose manifests updated; integration tests cover env overrides. |
| ZASTAVA-SECRETS-02 | TODO | Zastava Webhook Guild, Security Guild | SURFACE-SECRETS-02 | Retrieve attestation verification secrets via Surface.Secrets. | Shared secret provider integrated; rotation/e2e tests pass; secrets no longer read directly from env. |
> Status update · 2025-10-19: Confirmed no prerequisites for ZASTAVA-WEBHOOK-12-101/102/103; tasks moved to DOING for kickoff. Implementation plan covering TLS bootstrap, backend contract, caching/metrics recorded in `IMPLEMENTATION_PLAN.md`.

6
src/Zastava/__Libraries/StellaOps.Zastava.Core/TASKS.md
View File

@@ -1,6 +0,0 @@
# Zastava Core Task Board
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
> Remark (2025-10-19): Prerequisites reviewed—none outstanding. ZASTAVA-CORE-12-201, ZASTAVA-CORE-12-202, ZASTAVA-CORE-12-203, and ZASTAVA-OPS-12-204 moved to DOING for Wave 0 kickoff.