stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

fix: filter domain assembly scans to Default ALC to prevent type identity mismatches

Browse Source 
Plugin assemblies loaded via PluginHost into isolated AssemblyLoadContexts
produce distinct types even from the same DLL. When AppDomain.GetAssemblies()
returns both Default and plugin-ALC copies, DI registration and IOptions<T>
resolution silently fail (e.g. ValkeyTransportOptions defaulting to localhost).

Applied AssemblyLoadContext.Default filter to all 7 assembly discovery sites:
- MessagingServiceCollectionExtensions (transport plugin scan)
- StellaRouterIntegrationHelper (transport plugin loader)
- Gateway.WebService Program.cs (startup transport scan)
- GeneratedEndpointDiscoveryProvider (endpoint provider scan)
- ReflectionEndpointDiscoveryProvider (endpoint attribute scan)
- ServiceCollectionExtensions (schema provider scan)
- MigrationModulePluginDiscovery (migration plugin scan)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
master
2026-03-04 14:01:12 +02:00
parent aaad8104cb
commit 7bafcc3eef
27 changed files with 32 additions and 634 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
docs/modules/advisory-lens/architecture.md
View File

@@ -1,65 +0,0 @@
# Advisory Lens Architecture
> **Status: Production (Shared Library).** AdvisoryLens is a standalone deterministic library at `src/__Libraries/StellaOps.AdvisoryLens/`, **not** merged into AdvisoryAI. The two modules serve different purposes: AdvisoryLens provides pattern-based case matching without AI inference; AdvisoryAI provides LLM-powered advisory analysis with guardrails. They can be composed together but are architecturally independent. The library is currently available for integration but not yet referenced from any WebService `Program.cs`.
## Purpose
StellaOps.AdvisoryLens is a deterministic, offline-first library for semantic case matching of vulnerability advisories. It produces ranked suggestions and contextual hints without AI/LLM inference.
## Scope
- Working directory: `src/__Libraries/StellaOps.AdvisoryLens/`
- Tests: `src/__Libraries/__Tests/StellaOps.AdvisoryLens.Tests/`
- Integration entry point: `services.AddAdvisoryLens(...)`
## Models
| Type | Purpose |
|------|---------|
| `AdvisoryCase` | Advisory input including CVE, PURL, severity, and metadata |
| `LensContext` | Evaluation envelope (advisory case, tenant id, evidence refs, optional timestamp) |
| `CasePattern` | Matching rule with severity/ecosystem/CVE conditions and default suggestion payload |
| `LensSuggestion` | Ranked operator-facing recommendation with confidence and action |
| `LensHint` | Contextual evidence hint grouped by deterministic categories |
| `LensResult` | Evaluation output containing suggestions, hints, matched pattern ids, timestamp, and input hash |
## Matching Algorithm
1. `CaseMatcher` evaluates each `CasePattern` against the input `AdvisoryCase`
2. Scoring factors are severity range match, PURL ecosystem match, and CVE pattern match
3. Disqualifying mismatches (severity out of range, wrong ecosystem) return score `0.0`
4. If no factors are configured for a pattern, score defaults to `0.5`
5. Positive-score matches are sorted by score descending, then `PatternId` ascending for deterministic tie-breaking
6. `AdvisoryLensService` maps sorted matches into suggestions with rank = position + 1
## Hint Generation
Hints are derived from `LensContext` and sorted by category ordinal then text:
- Severity: `High` or `Critical` advisories emit a priority remediation hint
- Reachability: non-empty reachability evidence emits code-path guidance
- VEX: non-empty VEX references emit a count-based hint
- Policy: non-empty policy traces emit a count-based hint
## Integration
```csharp
services.AddAdvisoryLens(patterns, timeProvider);
```
- Registers `IAdvisoryLensService` as a singleton
- Uses empty patterns when none are provided
- Uses `TimeProvider.System` when no provider is injected
## Determinism Guarantees
- Stable ordering for matches and hints
- Input hash computed as `sha256:` + SHA-256 over canonical JSON (`camelCase`, no indentation, nulls ignored)
- Timestamp comes from `LensContext.EvaluationTimestampUtc` or injected `TimeProvider`
- Identical inputs and clock source produce identical `LensResult`
## Offline Posture
- No network dependencies in library behavior
- In-process, side-effect-free evaluation and scoring
- Tests validate execution with no HTTP or external service setup

52
docs/modules/cartographer/README.md
View File

@@ -1,52 +0,0 @@
# Cartographer Module
**Status:** Implemented
**Source:** `src/Cartographer/`
## Purpose
The Cartographer service materializes immutable SBOM property graphs, precomputes layout tiles, and hydrates policy and VEX overlays so other services (API, UI, CLI) can navigate and reason about dependency relationships with context.
Boundary note: Cartographer is not the source of truth for environment topology
or promotion lanes; those are owned by Release Orchestrator ENVMGR/PROMOT.
## Components
**Services:**
- **StellaOps.Cartographer** - Core graph materialization, overlay management, and tile serving
## Key Features
- **Graph Materialization** - Convert normalized SBOMs (CycloneDX/SPDX) into immutable, versioned graph snapshots
- **Property Graph Generation** - Build dependency relationship graphs with context-aware nodes and edges
- **Overlay Hydration** - Merge Policy Engine findings and VEX metadata onto graph nodes and edges
- **Layout Tiles** - Precomputed viewport tiles for efficient UI navigation
- **Path Relevance** - Compute path importance within the dependency graph
- **Graph Diffing** - Compare SBOM versions to track changes
- **Tenant-Aware Storage** - Per-tenant graph isolation and versioning
## API Capabilities
- Viewport tile serving for large graphs (≥50k nodes)
- Path exploration and filtering
- Graph export and simulation overlays
- RBAC-enforced access control via Authority
## Dependencies
- **PostgreSQL** - Graph and overlay storage
- **Policy Engine** - Effective findings computation
- **SBom Service** - Normalized SBOM projections
- **Excititor** - VEX metadata ingestion
- **Authority** - Authentication and RBAC enforcement (scopes: `graph:*`, `sbom:read`, `findings:read`)
- **Scheduler** - Overlay update coordination
## Related Documentation
- **Architecture Charter:** See `src/Cartographer/StellaOps.Cartographer/AGENTS.md` for charter and responsibilities
- **Sprint Plan:** Check `docs/implplan/SPRINT_*.md` for current development status
- **Tasks:** Completed tasks documented in `src/Cartographer/StellaOps.Cartographer/TASKS.completed.md`
## Current Status
Active development. Materializes immutable SBOM property graphs with overlay hydration, deterministic snapshots, and optimized tile serving for dependency navigation.