stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Tests fixes, audit progress, UI completions

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-30 09:03:22 +02:00
parent 7a5210e2aa
commit 82e55c206a
318 changed files with 7232 additions and 1256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/AGENTS.md Normal file
View File

@@ -0,0 +1,29 @@
# BinaryIndex Builders Charter
## Mission
Own reproducible build orchestration and function-level fingerprinting for BinaryIndex. Keep outputs deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Builders` and related interfaces.
- Keep builder options deterministic and safe for air-gapped execution.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `ReproducibleBuildJobTypes.cs`
- `PatchDiffEngine.cs`
- `BuilderOptions.cs`
## Coordination
- BinaryIndex owners for fingerprinting and builder orchestration.
- Scanner and Policy teams for downstream consumers.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Builders Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0112-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Builders. |
| AUDIT-0112-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Builders. |
| AUDIT-0112-A | TODO | Pending approval for changes. |

30
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Cache/AGENTS.md Normal file
View File

@@ -0,0 +1,30 @@
# BinaryIndex Cache Charter
## Mission
Own Valkey/Redis caching for BinaryIndex lookup and resolution flows. Ensure deterministic keying and offline-friendly behavior.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Cache` services and options.
- Preserve deterministic cache keys and predictable TTL behavior.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `CachedBinaryVulnerabilityService.cs`
- `ResolutionCacheService.cs`
- `BinaryCacheOptions.cs`
- `BinaryCacheServiceExtensions.cs`
## Coordination
- BinaryIndex owners for lookup and fix index behavior.
- WebService team for DI and runtime configuration.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Cache/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Cache Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0114-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Cache. |
| AUDIT-0114-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Cache. |
| AUDIT-0114-A | TODO | Pending approval for changes. |

27
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Contracts/AGENTS.md Normal file
View File

@@ -0,0 +1,27 @@
# BinaryIndex Contracts Charter
## Mission
Own API contract types for BinaryIndex resolution endpoints. Keep contracts stable, validated, and deterministic.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Contracts` contract types and documentation.
- Ensure contract fields are explicit, versionable, and validation-friendly.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `Resolution/VulnResolutionContracts.cs`
## Coordination
- BinaryIndex WebService and API consumers.
- Policy and Scanner teams for contract integration.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Contracts/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Contracts Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0115-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Contracts. |
| AUDIT-0115-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Contracts. |
| AUDIT-0115-A | TODO | Pending approval for changes. |

31
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/AGENTS.md Normal file
View File

@@ -0,0 +1,31 @@
# BinaryIndex Core Charter
## Mission
Own core BinaryIndex models, resolution logic, and feature extractors. Keep outputs deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Core` models and services.
- Ensure binary identity and resolution behaviors are consistent and testable.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `Models/BinaryIdentity.cs`
- `Resolution/ResolutionService.cs`
- `Services/ElfFeatureExtractor.cs`
- `Services/PeFeatureExtractor.cs`
- `Services/MachoFeatureExtractor.cs`
## Coordination
- BinaryIndex cache and web service owners.
- Scanner team for resolution and identity consumption.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Core Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0116-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Core. |
| AUDIT-0116-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Core. |
| AUDIT-0116-A | TODO | Pending approval for changes. |

30
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus.Alpine/AGENTS.md Normal file
View File

@@ -0,0 +1,30 @@
# BinaryIndex Corpus Alpine Charter
## Mission
Own Alpine corpus connectors and package extraction. Keep APK parsing deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Corpus.Alpine` components.
- Ensure deterministic package ordering, snapshot metadata, and extraction outputs.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `AlpineCorpusConnector.cs`
- `AlpinePackageExtractor.cs`
- `ApkBuildSecfixesExtractor.cs`
- `IAlpinePackageSource.cs`
## Coordination
- BinaryIndex core/corpus owners.
- FixIndex team for secfixes extraction.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus.Alpine/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Corpus Alpine Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0119-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Corpus.Alpine. |
| AUDIT-0119-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Corpus.Alpine. |
| AUDIT-0119-A | TODO | Pending approval for changes. |

30
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus.Debian/AGENTS.md Normal file
View File

@@ -0,0 +1,30 @@
# BinaryIndex Corpus Debian Charter
## Mission
Own Debian/Ubuntu corpus connectors and package extraction. Keep package parsing deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Corpus.Debian` components.
- Ensure deterministic package ordering, snapshot metadata, and extraction outputs.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `DebianCorpusConnector.cs`
- `DebianMirrorPackageSource.cs`
- `DebianPackageExtractor.cs`
- `IDebianPackageSource.cs`
## Coordination
- BinaryIndex core/corpus owners.
- Persistence team for snapshot storage.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus.Debian/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Corpus Debian Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0120-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Corpus.Debian. |
| AUDIT-0120-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Corpus.Debian. |
| AUDIT-0120-A | TODO | Pending approval for changes. |

30
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus.Rpm/AGENTS.md Normal file
View File

@@ -0,0 +1,30 @@
# BinaryIndex Corpus RPM Charter
## Mission
Own RPM corpus connectors and package extraction. Keep package parsing deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Corpus.Rpm` components.
- Ensure deterministic package ordering, snapshot metadata, and extraction outputs.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `RpmCorpusConnector.cs`
- `RpmPackageExtractor.cs`
- `SrpmChangelogExtractor.cs`
- `IRpmPackageSource.cs`
## Coordination
- BinaryIndex core/corpus owners.
- FixIndex team for SRPM changelog extraction.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus.Rpm/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Corpus RPM Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0121-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Corpus.Rpm. |
| AUDIT-0121-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Corpus.Rpm. |
| AUDIT-0121-A | TODO | Pending approval for changes. |

28
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus/AGENTS.md Normal file
View File

@@ -0,0 +1,28 @@
# BinaryIndex Corpus Charter
## Mission
Own BinaryIndex corpus connector contracts and snapshot records. Keep contract types deterministic and validation-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Corpus` interfaces and models.
- Ensure corpus queries and snapshots are stable across offline runs.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `IBinaryCorpusConnector.cs`
- `ICorpusSnapshotRepository.cs`
## Coordination
- BinaryIndex Core and corpus connector implementations (Alpine/Debian/RPM).
- Scanner team for downstream consumers.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Corpus/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Corpus Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0118-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Corpus. |
| AUDIT-0118-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Corpus. |
| AUDIT-0118-A | TODO | Pending approval for changes. |

31
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Fingerprints/AGENTS.md Normal file
View File

@@ -0,0 +1,31 @@
# BinaryIndex Fingerprints Charter
## Mission
Own vulnerability fingerprint generation, matching, and storage contracts. Keep outputs deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Fingerprints` models, generators, matching, and pipeline components.
- Ensure fingerprint algorithms are deterministic and validated by tests.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `Generators/*.cs`
- `Matching/*.cs`
- `Models/VulnFingerprint.cs`
- `Pipeline/ReferenceBuildPipeline.cs`
- `Storage/FingerprintBlobStorage.cs`
## Coordination
- BinaryIndex core and scanner teams for fingerprint consumption.
- FixIndex team for differential build inputs.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Fingerprints/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Fingerprints Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0122-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Fingerprints. |
| AUDIT-0122-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Fingerprints. |
| AUDIT-0122-A | TODO | Pending approval for changes. |

30
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/AGENTS.md Normal file
View File

@@ -0,0 +1,30 @@
# BinaryIndex FixIndex Charter
## Mission
Own fix index models, parsers, and builder logic. Keep outputs deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.FixIndex` models, parsers, and services.
- Ensure CVE extraction and evidence generation are deterministic and validated.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `Models/FixEvidence.cs`
- `Parsers/*.cs`
- `Services/FixIndexBuilder.cs`
- `Repositories/IFixIndexRepository.cs`
## Coordination
- Corpus connectors for Debian/Alpine/RPM.
- Persistence layer for index storage.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex FixIndex Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0124-M | DONE | Maintainability audit for StellaOps.BinaryIndex.FixIndex. |
| AUDIT-0124-T | DONE | Test coverage audit for StellaOps.BinaryIndex.FixIndex. |
| AUDIT-0124-A | TODO | Pending approval for changes. |

31
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/AGENTS.md Normal file
View File

@@ -0,0 +1,31 @@
# BinaryIndex Persistence Charter
## Mission
Own BinaryIndex persistence layer, migrations, and repositories. Keep data access deterministic and tenant-safe.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.Persistence` repositories, migrations, and services.
- Ensure RLS tenant context handling is safe and consistent.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `BinaryIndexDbContext.cs`
- `BinaryIndexMigrationRunner.cs`
- `Repositories/*.cs`
- `Services/BinaryVulnerabilityService.cs`
- `Migrations/*.sql`
## Coordination
- BinaryIndex core/corpus/fix index/fingerprint owners.
- Infrastructure.Postgres team for migrations and testing.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

150
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Repositories/BinaryIdentityRepository.cs
View File

@@ -21,9 +21,23 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
await using var conn = await _dbContext.OpenConnectionAsync(ct);
const string sql = """
SELECT id, tenant_id, binary_key, build_id, build_id_type, file_sha256, text_sha256, blake3_hash,
format, architecture, osabi, binary_type, is_stripped, first_seen_snapshot_id,
last_seen_snapshot_id, created_at, updated_at
SELECT id AS "Id",
tenant_id AS "TenantId",
binary_key AS "BinaryKey",
build_id AS "BuildId",
build_id_type AS "BuildIdType",
file_sha256 AS "FileSha256",
text_sha256 AS "TextSha256",
blake3_hash AS "Blake3Hash",
format AS "Format",
architecture AS "Architecture",
osabi AS "OsAbi",
binary_type AS "BinaryType",
is_stripped AS "IsStripped",
first_seen_snapshot_id AS "FirstSeenSnapshotId",
last_seen_snapshot_id AS "LastSeenSnapshotId",
created_at AS "CreatedAt",
updated_at AS "UpdatedAt"
FROM binaries.binary_identity
WHERE build_id = @BuildId AND build_id_type = @BuildIdType
LIMIT 1
@@ -38,9 +52,23 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
await using var conn = await _dbContext.OpenConnectionAsync(ct);
const string sql = """
SELECT id, tenant_id, binary_key, build_id, build_id_type, file_sha256, text_sha256, blake3_hash,
format, architecture, osabi, binary_type, is_stripped, first_seen_snapshot_id,
last_seen_snapshot_id, created_at, updated_at
SELECT id AS "Id",
tenant_id AS "TenantId",
binary_key AS "BinaryKey",
build_id AS "BuildId",
build_id_type AS "BuildIdType",
file_sha256 AS "FileSha256",
text_sha256 AS "TextSha256",
blake3_hash AS "Blake3Hash",
format AS "Format",
architecture AS "Architecture",
osabi AS "OsAbi",
binary_type AS "BinaryType",
is_stripped AS "IsStripped",
first_seen_snapshot_id AS "FirstSeenSnapshotId",
last_seen_snapshot_id AS "LastSeenSnapshotId",
created_at AS "CreatedAt",
updated_at AS "UpdatedAt"
FROM binaries.binary_identity
WHERE binary_key = @BinaryKey
LIMIT 1
@@ -67,9 +95,23 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
ON CONFLICT (tenant_id, binary_key) DO UPDATE SET
updated_at = EXCLUDED.updated_at,
last_seen_snapshot_id = EXCLUDED.last_seen_snapshot_id
RETURNING id, tenant_id, binary_key, build_id, build_id_type, file_sha256, text_sha256, blake3_hash,
format, architecture, osabi, binary_type, is_stripped, first_seen_snapshot_id,
last_seen_snapshot_id, created_at, updated_at
RETURNING id AS "Id",
tenant_id AS "TenantId",
binary_key AS "BinaryKey",
build_id AS "BuildId",
build_id_type AS "BuildIdType",
file_sha256 AS "FileSha256",
text_sha256 AS "TextSha256",
blake3_hash AS "Blake3Hash",
format AS "Format",
architecture AS "Architecture",
osabi AS "OsAbi",
binary_type AS "BinaryType",
is_stripped AS "IsStripped",
first_seen_snapshot_id AS "FirstSeenSnapshotId",
last_seen_snapshot_id AS "LastSeenSnapshotId",
created_at AS "CreatedAt",
updated_at AS "UpdatedAt"
""";
var row = await conn.QuerySingleAsync<BinaryIdentityRow>(sql, new
@@ -83,7 +125,7 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
Format = identity.Format.ToString().ToLowerInvariant(),
identity.Architecture,
identity.OsAbi,
BinaryType = identity.Type?.ToString().ToLowerInvariant(),
BinaryType = ToDbBinaryType(identity.Type),
identity.IsStripped,
identity.FirstSeenSnapshotId,
identity.LastSeenSnapshotId,
@@ -99,9 +141,23 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
await using var conn = await _dbContext.OpenConnectionAsync(ct);
const string sql = """
SELECT id, tenant_id, binary_key, build_id, build_id_type, file_sha256, text_sha256, blake3_hash,
format, architecture, osabi, binary_type, is_stripped, first_seen_snapshot_id,
last_seen_snapshot_id, created_at, updated_at
SELECT id AS "Id",
tenant_id AS "TenantId",
binary_key AS "BinaryKey",
build_id AS "BuildId",
build_id_type AS "BuildIdType",
file_sha256 AS "FileSha256",
text_sha256 AS "TextSha256",
blake3_hash AS "Blake3Hash",
format AS "Format",
architecture AS "Architecture",
osabi AS "OsAbi",
binary_type AS "BinaryType",
is_stripped AS "IsStripped",
first_seen_snapshot_id AS "FirstSeenSnapshotId",
last_seen_snapshot_id AS "LastSeenSnapshotId",
created_at AS "CreatedAt",
updated_at AS "UpdatedAt"
FROM binaries.binary_identity
WHERE binary_key = ANY(@BinaryKeys)
""";
@@ -110,25 +166,25 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
return rows.Select(r => r.ToModel()).ToImmutableArray();
}
private sealed record BinaryIdentityRow
private sealed class BinaryIdentityRow
{
public Guid Id { get; init; }
public Guid TenantId { get; init; }
public string BinaryKey { get; init; } = string.Empty;
public string? BuildId { get; init; }
public string? BuildIdType { get; init; }
public string FileSha256 { get; init; } = string.Empty;
public string? TextSha256 { get; init; }
public string? Blake3Hash { get; init; }
public string Format { get; init; } = string.Empty;
public string Architecture { get; init; } = string.Empty;
public string? OsAbi { get; init; }
public string? BinaryType { get; init; }
public bool IsStripped { get; init; }
public Guid? FirstSeenSnapshotId { get; init; }
public Guid? LastSeenSnapshotId { get; init; }
public DateTimeOffset CreatedAt { get; init; }
public DateTimeOffset UpdatedAt { get; init; }
public Guid Id { get; set; }
public Guid TenantId { get; set; }
public string BinaryKey { get; set; } = string.Empty;
public string? BuildId { get; set; }
public string? BuildIdType { get; set; }
public string FileSha256 { get; set; } = string.Empty;
public string? TextSha256 { get; set; }
public string? Blake3Hash { get; set; }
public string Format { get; set; } = string.Empty;
public string Architecture { get; set; } = string.Empty;
public string? OsAbi { get; set; }
public string? BinaryType { get; set; }
public bool IsStripped { get; set; }
public Guid? FirstSeenSnapshotId { get; set; }
public Guid? LastSeenSnapshotId { get; set; }
public DateTimeOffset CreatedAt { get; set; }
public DateTimeOffset UpdatedAt { get; set; }
public BinaryIdentity ToModel() => new()
{
@@ -142,7 +198,7 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
Format = Enum.Parse<BinaryFormat>(Format, ignoreCase: true),
Architecture = Architecture,
OsAbi = OsAbi,
Type = BinaryType != null ? Enum.Parse<BinaryType>(BinaryType, ignoreCase: true) : null,
Type = FromDbBinaryType(BinaryType),
IsStripped = IsStripped,
FirstSeenSnapshotId = FirstSeenSnapshotId,
LastSeenSnapshotId = LastSeenSnapshotId,
@@ -150,4 +206,34 @@ public sealed class BinaryIdentityRepository : IBinaryIdentityRepository
UpdatedAt = UpdatedAt
};
}
private static string? ToDbBinaryType(BinaryType? type)
{
return type switch
{
null => null,
BinaryType.Executable => "executable",
BinaryType.SharedLibrary => "shared_library",
BinaryType.StaticLibrary => "static_library",
BinaryType.Object => "object",
_ => type.ToString()
};
}
private static BinaryType? FromDbBinaryType(string? value)
{
if (string.IsNullOrWhiteSpace(value))
{
return null;
}
return value switch
{
"executable" => BinaryType.Executable,
"shared_library" => BinaryType.SharedLibrary,
"static_library" => BinaryType.StaticLibrary,
"object" => BinaryType.Object,
_ => Enum.Parse<BinaryType>(value, ignoreCase: true)
};
}
}

40
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Repositories/CorpusSnapshotRepository.cs
View File

@@ -45,7 +45,12 @@ public sealed class CorpusSnapshotRepository : ICorpusSnapshotRepository
@MetadataDigest,
NOW()
)
RETURNING id, distro, release, architecture, repo_metadata_digest AS metadata_digest, created_at AS captured_at
RETURNING id AS "Id",
distro AS "Distro",
release AS "Release",
architecture AS "Architecture",
repo_metadata_digest AS "MetadataDigest",
created_at AS "CapturedAt"
""";
var row = await conn.QuerySingleAsync<CorpusSnapshotRow>(sql, new
@@ -74,9 +79,12 @@ public sealed class CorpusSnapshotRepository : ICorpusSnapshotRepository
await using var conn = await _dbContext.OpenConnectionAsync(ct);
const string sql = """
SELECT id, distro, release, architecture,
repo_metadata_digest AS metadata_digest,
created_at AS captured_at
SELECT id AS "Id",
distro AS "Distro",
release AS "Release",
architecture AS "Architecture",
repo_metadata_digest AS "MetadataDigest",
created_at AS "CapturedAt"
FROM binaries.corpus_snapshots
WHERE distro = @Distro
AND release = @Release
@@ -100,9 +108,12 @@ public sealed class CorpusSnapshotRepository : ICorpusSnapshotRepository
await using var conn = await _dbContext.OpenConnectionAsync(ct);
const string sql = """
SELECT id, distro, release, architecture,
repo_metadata_digest AS metadata_digest,
created_at AS captured_at
SELECT id AS "Id",
distro AS "Distro",
release AS "Release",
architecture AS "Architecture",
repo_metadata_digest AS "MetadataDigest",
created_at AS "CapturedAt"
FROM binaries.corpus_snapshots
WHERE id = @Id
""";
@@ -112,14 +123,15 @@ public sealed class CorpusSnapshotRepository : ICorpusSnapshotRepository
return row?.ToModel();
}
private sealed record CorpusSnapshotRow(
Guid Id,
string Distro,
string Release,
string Architecture,
string MetadataDigest,
DateTimeOffset CapturedAt)
private sealed class CorpusSnapshotRow
{
public Guid Id { get; set; }
public string Distro { get; set; } = string.Empty;
public string Release { get; set; } = string.Empty;
public string Architecture { get; set; } = string.Empty;
public string MetadataDigest { get; set; } = string.Empty;
public DateTimeOffset CapturedAt { get; set; }
public CorpusSnapshot ToModel() => new(
Id: Id,
Distro: Distro,

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex Persistence Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0125-M | DONE | Maintainability audit for StellaOps.BinaryIndex.Persistence. |
| AUDIT-0125-T | DONE | Test coverage audit for StellaOps.BinaryIndex.Persistence. |
| AUDIT-0125-A | TODO | Pending approval for changes. |

32
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.VexBridge/AGENTS.md Normal file
View File

@@ -0,0 +1,32 @@
# BinaryIndex VexBridge Charter
## Mission
Bridge binary match results to VEX observations with deterministic IDs and evidence payloads.
## Responsibilities
- Maintain `StellaOps.BinaryIndex.VexBridge` evidence schema and generator.
- Ensure deterministic ordering, timestamps, and DSSE signing behavior.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `VexEvidenceGenerator.cs`
- `BinaryMatchEvidenceSchema.cs`
- `VexBridgeOptions.cs`
- `ServiceCollectionExtensions.cs`
- `IDsseSigningAdapter.cs`
## Coordination
- Excititor observations for persistence.
- Attestor envelope for DSSE signing.
## Required Reading
- `docs/modules/binaryindex/architecture.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/vex-lens/architecture.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.VexBridge/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# BinaryIndex VexBridge Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0127-M | DONE | Maintainability audit for StellaOps.BinaryIndex.VexBridge. |
| AUDIT-0127-T | DONE | Test coverage audit for StellaOps.BinaryIndex.VexBridge. |
| AUDIT-0127-A | TODO | Pending approval for changes. |