stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Tests fixes, audit progress, UI completions

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-30 09:03:22 +02:00
parent 7a5210e2aa
commit 82e55c206a
318 changed files with 7232 additions and 1256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Authority/__Libraries/StellaOps.Authority.Core/AGENTS.md Normal file
View File

@@ -0,0 +1,22 @@
# Authority Core AGENTS
## Purpose & Scope
- Working directory: `src/Authority/__Libraries/StellaOps.Authority.Core/`.
- Roles: backend engineer, QA automation.
- Focus: verdict manifests, replay verification, manifest signing interfaces, and deterministic serialization.
## Required Reading (treat as read before DOING)
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/authority/architecture.md`
- Relevant sprint files.
## Working Agreements
- Preserve deterministic ordering and timestamps (TimeProvider where possible).
- Keep manifests replayable with explicit inputs and stable serialization.
- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
## Testing
- Use xUnit + FluentAssertions.
- Cover manifest builder/serializer, replay verification, and store pagination.

10
src/Authority/__Libraries/StellaOps.Authority.Core/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# Authority Core Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0086-M | DONE | Maintainability audit for StellaOps.Authority.Core. |
| AUDIT-0086-T | DONE | Test coverage audit for StellaOps.Authority.Core. |
| AUDIT-0086-A | TODO | Pending approval for changes. |

22
src/Authority/__Libraries/StellaOps.Authority.Persistence/AGENTS.md Normal file
View File

@@ -0,0 +1,22 @@
# Authority Persistence AGENTS
## Purpose & Scope
- Working directory: `src/Authority/__Libraries/StellaOps.Authority.Persistence/`.
- Roles: backend engineer, QA automation.
- Focus: Authority persistence layer (Postgres repositories, in-memory stores, migrations, and EF Core scaffolding).
## Required Reading (treat as read before DOING)
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/authority/architecture.md`
- Relevant sprint files.
## Working Agreements
- Preserve deterministic ordering and timestamps; avoid implicit NOW()/UtcNow for testable paths.
- Keep schema usage consistent with configured Postgres options.
- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
## Testing
- Use xUnit + FluentAssertions + Moq.
- Cover repository CRUD, pagination, schema overrides, and in-memory store behavior.

8
src/Authority/__Libraries/StellaOps.Authority.Persistence/Migrations/001_initial_schema.sql
View File

@@ -2,8 +2,6 @@
-- Consolidated from migrations 001-005 (pre_1.0 archived)
-- Creates the complete authority schema for IAM, tenants, users, tokens, RLS, and audit
BEGIN;
-- ============================================================================
-- SECTION 1: Schema Creation
-- ============================================================================
@@ -78,15 +76,20 @@ CREATE TABLE IF NOT EXISTS authority.users (
display_name TEXT,
password_hash TEXT,
password_salt TEXT,
enabled BOOLEAN NOT NULL DEFAULT TRUE,
password_algorithm TEXT DEFAULT 'argon2id',
status TEXT NOT NULL DEFAULT 'active' CHECK (status IN ('active', 'inactive', 'locked', 'deleted')),
email_verified BOOLEAN NOT NULL DEFAULT FALSE,
mfa_enabled BOOLEAN NOT NULL DEFAULT FALSE,
mfa_secret TEXT,
mfa_backup_codes TEXT,
failed_login_attempts INT NOT NULL DEFAULT 0,
locked_until TIMESTAMPTZ,
last_login_at TIMESTAMPTZ,
password_changed_at TIMESTAMPTZ,
last_password_change_at TIMESTAMPTZ,
password_expires_at TIMESTAMPTZ,
settings JSONB NOT NULL DEFAULT '{}',
metadata JSONB NOT NULL DEFAULT '{}',
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
@@ -606,4 +609,3 @@ BEGIN
END
$$;
COMMIT;

6
src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Repositories/TenantRepository.cs
View File

@@ -121,7 +121,7 @@ public sealed class TenantRepository : RepositoryBase<AuthorityDataSource>, ITen
public async Task<bool> UpdateAsync(TenantEntity tenant, CancellationToken cancellationToken = default)
{
const string sql = """
UPDATE auth.tenants
UPDATE authority.tenants
SET name = @name,
description = @description,
contact_email = @contact_email,
@@ -152,7 +152,7 @@ public sealed class TenantRepository : RepositoryBase<AuthorityDataSource>, ITen
/// <inheritdoc />
public async Task<bool> DeleteAsync(Guid id, CancellationToken cancellationToken = default)
{
const string sql = "DELETE FROM auth.tenants WHERE id = @id";
const string sql = "DELETE FROM authority.tenants WHERE id = @id";
var rows = await ExecuteAsync(
SystemTenantId,
@@ -166,7 +166,7 @@ public sealed class TenantRepository : RepositoryBase<AuthorityDataSource>, ITen
/// <inheritdoc />
public async Task<bool> SlugExistsAsync(string slug, CancellationToken cancellationToken = default)
{
const string sql = "SELECT EXISTS(SELECT 1 FROM auth.tenants WHERE slug = @slug)";
const string sql = "SELECT EXISTS(SELECT 1 FROM authority.tenants WHERE slug = @slug)";
var result = await ExecuteScalarAsync<bool>(
SystemTenantId,

20
src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Repositories/UserRepository.cs
View File

@@ -22,7 +22,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
public async Task<UserEntity> CreateAsync(UserEntity user, CancellationToken cancellationToken = default)
{
const string sql = """
INSERT INTO auth.users (
INSERT INTO authority.users (
id, tenant_id, username, email, display_name, password_hash, password_salt,
enabled, email_verified, mfa_enabled, mfa_secret, mfa_backup_codes,
settings, metadata, created_by
@@ -58,7 +58,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
enabled, email_verified, mfa_enabled, mfa_secret, mfa_backup_codes,
failed_login_attempts, locked_until, last_login_at, password_changed_at,
settings::text, metadata::text, created_at, updated_at, created_by
FROM auth.users
FROM authority.users
WHERE tenant_id = @tenant_id AND id = @id
""";
@@ -82,7 +82,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
enabled, email_verified, mfa_enabled, mfa_secret, mfa_backup_codes,
failed_login_attempts, locked_until, last_login_at, password_changed_at,
settings::text, metadata::text, created_at, updated_at, created_by
FROM auth.users
FROM authority.users
WHERE tenant_id = @tenant_id AND username = @username
""";
@@ -106,7 +106,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
enabled, email_verified, mfa_enabled, mfa_secret, mfa_backup_codes,
failed_login_attempts, locked_until, last_login_at, password_changed_at,
settings::text, metadata::text, created_at, updated_at, created_by
FROM auth.users
FROM authority.users
WHERE tenant_id = @tenant_id AND email = @email
""";
@@ -135,7 +135,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
enabled, email_verified, mfa_enabled, mfa_secret, mfa_backup_codes,
failed_login_attempts, locked_until, last_login_at, password_changed_at,
settings::text, metadata::text, created_at, updated_at, created_by
FROM auth.users
FROM authority.users
WHERE tenant_id = @tenant_id
""";
@@ -167,7 +167,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
public async Task<bool> UpdateAsync(UserEntity user, CancellationToken cancellationToken = default)
{
const string sql = """
UPDATE auth.users
UPDATE authority.users
SET username = @username,
email = @email,
display_name = @display_name,
@@ -207,7 +207,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
/// <inheritdoc />
public async Task<bool> DeleteAsync(string tenantId, Guid id, CancellationToken cancellationToken = default)
{
const string sql = "DELETE FROM auth.users WHERE tenant_id = @tenant_id AND id = @id";
const string sql = "DELETE FROM authority.users WHERE tenant_id = @tenant_id AND id = @id";
var rows = await ExecuteAsync(
tenantId,
@@ -231,7 +231,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
CancellationToken cancellationToken = default)
{
const string sql = """
UPDATE auth.users
UPDATE authority.users
SET password_hash = @password_hash,
password_salt = @password_salt,
password_changed_at = NOW()
@@ -261,7 +261,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
CancellationToken cancellationToken = default)
{
const string sql = """
UPDATE auth.users
UPDATE authority.users
SET failed_login_attempts = failed_login_attempts + 1,
locked_until = @locked_until
WHERE tenant_id = @tenant_id AND id = @id
@@ -289,7 +289,7 @@ public sealed class UserRepository : RepositoryBase<AuthorityDataSource>, IUserR
CancellationToken cancellationToken = default)
{
const string sql = """
UPDATE auth.users
UPDATE authority.users
SET failed_login_attempts = 0,
locked_until = NULL,
last_login_at = NOW()

10
src/Authority/__Libraries/StellaOps.Authority.Persistence/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# Authority Persistence Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0088-M | DONE | Maintainability audit for StellaOps.Authority.Persistence. |
| AUDIT-0088-T | DONE | Test coverage audit for StellaOps.Authority.Persistence. |
| AUDIT-0088-A | TODO | Pending approval for changes. |