stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Tests fixes, audit progress, UI completions

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-30 09:03:22 +02:00
parent 7a5210e2aa
commit 82e55c206a
318 changed files with 7232 additions and 1256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/__Tests/StellaOps.Audit.ReplayToken.Tests/AGENTS.md Normal file
View File

@@ -0,0 +1,22 @@
# Audit ReplayToken Tests AGENTS
## Purpose & Scope
- Working directory: `src/__Tests/StellaOps.Audit.ReplayToken.Tests/`.
- Roles: QA automation, backend engineer.
- Focus: unit/security coverage for replay token generation, parsing, and expiration logic.
## Required Reading (treat as read before DOING)
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- Relevant sprint files.
## Working Agreements
- Keep tests deterministic (fixed time providers, stable inputs).
- Use explicit assertions for canonicalization and parsing behavior.
- Avoid wall-clock dependencies for time-sensitive tests.
- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
## Testing
- Use xUnit + FluentAssertions + TestKit.
- Include coverage for canonicalization ordering, expiration, and parsing edge cases.

10
src/__Tests/StellaOps.Audit.ReplayToken.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# Audit ReplayToken Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0074-M | DONE | Maintainability audit for StellaOps.Audit.ReplayToken.Tests. |
| AUDIT-0074-T | DONE | Test coverage audit for StellaOps.Audit.ReplayToken.Tests. |
| AUDIT-0074-A | TODO | Pending approval for changes. |

29
src/__Tests/__Benchmarks/binary-lookup/AGENTS.md Normal file
View File

@@ -0,0 +1,29 @@
# Binary Lookup Benchmark Charter
## Mission
Own the Binary Index benchmark suite for lookup, fingerprint, and cache performance. Keep runs deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.Bench.BinaryLookup` and its benchmark fixtures.
- Ensure benchmarks mirror production behavior where possible.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `Program.cs`
- `Benchmarks/BinaryLookupBenchmarks.cs`
- `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.*`
## Coordination
- Binary Index owners for performance baselines and dataset expectations.
- Platform guild for deterministic/offline benchmarking rules.
## Required Reading
- `docs/modules/platform/architecture-overview.md`
- `docs/README.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/__Tests/__Benchmarks/binary-lookup/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# Binary Lookup Benchmark Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0101-M | DONE | Maintainability audit for StellaOps.Bench.BinaryLookup. |
| AUDIT-0101-T | DONE | Test coverage audit for StellaOps.Bench.BinaryLookup. |
| AUDIT-0101-A | TODO | Pending approval for changes. |

30
src/__Tests/__Benchmarks/proof-chain/AGENTS.md Normal file
View File

@@ -0,0 +1,30 @@
# ProofChain Benchmark Charter
## Mission
Own the ProofChain benchmark suite for ID generation, proof spine assembly, and verification pipeline performance. Keep runs deterministic and offline-friendly.
## Responsibilities
- Maintain `StellaOps.Bench.ProofChain` and its benchmark fixtures.
- Ensure benchmarks mirror production behavior where possible.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `Program.cs`
- `Benchmarks/IdGenerationBenchmarks.cs`
- `Benchmarks/ProofSpineAssemblyBenchmarks.cs`
- `Benchmarks/VerificationPipelineBenchmarks.cs`
## Coordination
- Attestor and Signer owners for pipeline expectations.
- Platform guild for deterministic/offline benchmarking rules.
## Required Reading
- `docs/modules/attestor/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/__Tests/__Benchmarks/proof-chain/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# ProofChain Benchmark Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0109-M | DONE | Maintainability audit for StellaOps.Bench.ProofChain. |
| AUDIT-0109-T | DONE | Test coverage audit for StellaOps.Bench.ProofChain. |
| AUDIT-0109-A | TODO | Pending approval for changes. |

16
src/__Tests/__Datasets/Integrations/Registry/acr-push.json
View File

@@ -1,19 +1,17 @@
{
{
"id": "acr-event-001",
"timestamp": "2024-12-29T12:00:00.000Z",
"timestamp": "2024-12-29T12:00:00.0000000Z",
"action": "push",
"target": {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 3028,
"digest": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
"length": 3028,
"repository": "stellaops/api-gateway",
"tag": "1.0.0"
"repository": "library/myapp",
"tag": "v1.0.0"
},
"request": {
"id": "req-12345",
"host": "stellaops.azurecr.io",
"method": "PUT",
"useragent": "docker/20.10.21 go/go1.18.10"
"id": "req-001",
"host": "myregistry.azurecr.io",
"method": "PUT"
}
}

30
src/__Tests/__Datasets/Integrations/Registry/dockerhub-push.json
View File

@@ -1,25 +1,17 @@
{
"callback_url": "https://registry.hub.docker.com/u/stellaops/scanner/hook/1234567890",
{
"push_data": {
"pushed_at": 1703836800,
"pusher": "stellaops-bot",
"tag": "v2.0.0"
"pushed_at": 1703854800,
"images": [],
"tag": "v1.0.0",
"pusher": "stellaops"
},
"callback_url": "https://registry.hub.docker.com/u/stellaops/myapp/hook/callback",
"repository": {
"comment_count": 0,
"date_created": 1703836700,
"description": "StellaOps container scanner",
"dockerfile": "FROM alpine:3.18\nRUN apk add --no-cache ca-certificates",
"full_description": "# StellaOps Scanner\n\nContainer vulnerability scanner.",
"is_official": false,
"is_private": false,
"status": "Active",
"description": "StellaOps application image",
"is_trusted": true,
"name": "scanner",
"namespace": "stellaops",
"owner": "stellaops",
"repo_name": "stellaops/scanner",
"repo_url": "https://registry.hub.docker.com/v2/repositories/stellaops/scanner",
"star_count": 42,
"status": "Active"
"repo_name": "stellaops/myapp",
"name": "myapp",
"namespace": "stellaops"
}
}

13
src/__Tests/__Datasets/Integrations/Registry/ecr-push.json
View File

@@ -1,19 +1,16 @@
{
{
"version": "0",
"id": "12345678-1234-1234-1234-123456789abc",
"id": "ecr-event-001",
"detail-type": "ECR Image Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2024-12-29T12:00:00Z",
"region": "us-east-1",
"resources": [
"arn:aws:ecr:us-east-1:123456789012:repository/stellaops/scanner"
],
"detail": {
"action-type": "PUSH",
"repository-name": "stellaops/scanner",
"result": "SUCCESS",
"repository-name": "library/myapp",
"image-digest": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
"image-tag": "v3.1.0",
"result": "SUCCESS"
"image-tag": "v1.0.0"
}
}

8
src/__Tests/__Datasets/Integrations/Registry/gcr-push.json
View File

@@ -1,8 +1,8 @@
{
{
"message": {
"data": "eyJhY3Rpb24iOiJJTlNFUlQiLCJkaWdlc3QiOiJzaGEyNTY6YTNlZDk1Y2FlYjAyZmZlNjhjZGQ5ZmQ4NDQwNjY4MGFlOTNkNjMzY2IxNjQyMmQwMGU4YTdjMjI5NTViNDZkNCIsInRhZyI6InYyLjUuMCJ9",
"messageId": "gcr-msg-12345",
"data": "eyJhY3Rpb24iOiJJTlNFUlQiLCJkaWdlc3QiOiJzaGEyNTY6YTNlZDk1Y2FlYjAyZmZlNjhjZGQ5ZmQ4NDQwNjY4MGFlOTNkNjMzY2IxNjQyMmQwMGU4YTdjMjI5NTViNDZkNCIsInRhZyI6InYxLjAuMCJ9",
"messageId": "gcr-msg-001",
"publishTime": "2024-12-29T12:00:00.000Z"
},
"subscription": "projects/stellaops-project/subscriptions/gcr-push-subscription"
"subscription": "projects/stellaops/subscriptions/gcr-events"
}

56
src/__Tests/__Datasets/Integrations/Registry/ghcr-package-published.json
View File

@@ -1,63 +1,25 @@
{
{
"action": "published",
"package": {
"id": 12345678,
"name": "stellaops-cli",
"id": 12345,
"name": "myapp",
"namespace": "stellaops",
"description": "StellaOps command-line interface",
"ecosystem": "container",
"package_type": "container",
"html_url": "https://github.com/orgs/stellaops/packages/container/package/stellaops-cli",
"created_at": "2024-12-29T11:00:00Z",
"updated_at": "2024-12-29T12:00:00Z",
"owner": {
"login": "stellaops",
"id": 87654321,
"type": "Organization"
},
"package_version": {
"id": 98765432,
"version": "v4.0.0",
"summary": "Container release v4.0.0",
"body": "## Release Notes\n- New scan engine\n- Improved performance",
"body_html": "<h2>Release Notes</h2><ul><li>New scan engine</li><li>Improved performance</li></ul>",
"release": {
"url": "https://api.github.com/repos/stellaops/stellaops-cli/releases/12345678",
"html_url": "https://github.com/stellaops/stellaops-cli/releases/tag/v4.0.0",
"id": 12345678,
"tag_name": "v4.0.0",
"target_commitish": "main",
"name": "v4.0.0",
"draft": false,
"prerelease": false
},
"manifest": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
"html_url": "https://github.com/orgs/stellaops/packages/container/stellaops-cli/98765432",
"tag_name": "v4.0.0",
"id": 67890,
"version": "v1.0.0",
"container_metadata": {
"tag": {
"digest": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
"name": "v4.0.0"
"name": "v1.0.0"
}
}
},
"registry": {
"about_url": "https://docs.github.com/packages",
"name": "GitHub Container Registry",
"type": "ghcr",
"url": "https://ghcr.io",
"vendor": "GitHub Inc."
}
},
"repository": {
"id": 11111111,
"name": "stellaops-cli",
"full_name": "stellaops/stellaops-cli",
"private": false
},
"sender": {
"login": "release-bot",
"id": 99999999,
"type": "Bot"
"id": 111222,
"name": "myapp",
"full_name": "stellaops/myapp"
}
}

14
src/__Tests/__Datasets/Integrations/Registry/harbor-push-v2.json
View File

@@ -1,20 +1,20 @@
{
{
"type": "PUSH_ARTIFACT",
"occur_at": 1703836800,
"occur_at": 1703854800,
"operator": "admin",
"event_data": {
"resources": [
{
"digest": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
"tag": "v1.2.3",
"resource_url": "harbor.example.com/library/nginx:v1.2.3"
"tag": "v1.0.0",
"resource_url": "harbor.example.com/library/myapp:v1.0.0"
}
],
"repository": {
"date_created": 1703836700,
"name": "nginx",
"date_created": 1703850000,
"name": "myapp",
"namespace": "library",
"repo_full_name": "library/nginx",
"repo_full_name": "library/myapp",
"repo_type": "public"
}
}

103
src/__Tests/__Datasets/Integrations/Scm/gitea-push.json
View File

@@ -1,94 +1,41 @@
{
{
"secret": "",
"ref": "refs/heads/main",
"before": "0000000000000000000000000000000000000000",
"after": "abc123def456789012345678901234567890abcd",
"compare_url": "https://gitea.example.com/stellaops-org/stellaops/compare/000000000000...abc123def456",
"after": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"compare_url": "https://gitea.example.com/stellaops/myapp/compare/main...feature",
"commits": [
{
"id": "abc123def456789012345678901234567890abcd",
"message": "feat: add new scanner analyzer\n\nAdds support for Python wheel analysis.",
"url": "https://gitea.example.com/stellaops-org/stellaops/commit/abc123def456789012345678901234567890abcd",
"author": {
"name": "Developer",
"email": "developer@stellaops.io",
"username": "developer"
},
"committer": {
"name": "Developer",
"email": "developer@stellaops.io",
"username": "developer"
},
"verification": null,
"id": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"message": "feat: add new feature",
"timestamp": "2024-12-29T12:00:00Z",
"added": ["src/Scanner/Analyzers/PythonWheel.cs"],
"removed": [],
"modified": ["src/Scanner/Scanner.csproj"]
"author": {
"name": "StellaOps",
"email": "dev@stellaops.org",
"username": "stellaops"
}
}
],
"head_commit": {
"id": "abc123def456789012345678901234567890abcd",
"message": "feat: add new scanner analyzer",
"url": "https://gitea.example.com/stellaops-org/stellaops/commit/abc123def456789012345678901234567890abcd",
"author": {
"name": "Developer",
"email": "developer@stellaops.io",
"username": "developer"
},
"timestamp": "2024-12-29T12:00:00Z"
},
"repository": {
"id": 12345,
"owner": {
"id": 1,
"login": "stellaops-org",
"full_name": "StellaOps Organization",
"email": "org@stellaops.io",
"avatar_url": "https://gitea.example.com/avatars/1",
"username": "stellaops-org"
},
"name": "stellaops",
"full_name": "stellaops-org/stellaops",
"description": "Sovereign container security platform",
"empty": false,
"private": false,
"fork": false,
"template": false,
"parent": null,
"mirror": false,
"size": 102400,
"language": "C#",
"languages_url": "https://gitea.example.com/api/v1/repos/stellaops-org/stellaops/languages",
"html_url": "https://gitea.example.com/stellaops-org/stellaops",
"ssh_url": "git@gitea.example.com:stellaops-org/stellaops.git",
"clone_url": "https://gitea.example.com/stellaops-org/stellaops.git",
"original_url": "",
"website": "https://stellaops.io",
"stars_count": 42,
"forks_count": 7,
"watchers_count": 15,
"open_issues_count": 3,
"open_pr_counter": 2,
"release_counter": 10,
"id": 123456789,
"name": "myapp",
"full_name": "stellaops/myapp",
"default_branch": "main",
"archived": false,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-12-29T12:00:00Z"
"html_url": "https://gitea.example.com/stellaops/myapp",
"owner": {
"id": 123456,
"login": "stellaops",
"email": "org@stellaops.org"
}
},
"pusher": {
"id": 54321,
"login": "developer",
"full_name": "Developer",
"email": "developer@stellaops.io",
"avatar_url": "https://gitea.example.com/avatars/54321",
"username": "developer"
"id": 123456,
"login": "stellaops",
"email": "dev@stellaops.org"
},
"sender": {
"id": 54321,
"login": "developer",
"full_name": "Developer",
"email": "developer@stellaops.io",
"avatar_url": "https://gitea.example.com/avatars/54321",
"username": "developer"
"id": 123456,
"login": "stellaops",
"email": "dev@stellaops.org"
}
}

98
src/__Tests/__Datasets/Integrations/Scm/github-pull-request.json
View File

@@ -1,102 +1,34 @@
{
{
"action": "opened",
"number": 42,
"pull_request": {
"url": "https://api.github.com/repos/stellaops-org/stellaops/pulls/42",
"id": 1234567890,
"node_id": "PR_kwDOBuA8HM5KX8eS",
"html_url": "https://github.com/stellaops-org/stellaops/pull/42",
"diff_url": "https://github.com/stellaops-org/stellaops/pull/42.diff",
"patch_url": "https://github.com/stellaops-org/stellaops/pull/42.patch",
"issue_url": "https://api.github.com/repos/stellaops-org/stellaops/issues/42",
"id": 1234567,
"number": 42,
"state": "open",
"locked": false,
"title": "feat: add Python wheel analyzer",
"title": "feat: add new feature",
"user": {
"login": "developer",
"id": 11111111,
"login": "stellaops",
"id": 123456,
"type": "User"
},
"body": "This PR adds support for Python wheel package analysis.\n\n## Changes\n- New PythonWheel analyzer\n- Updated Scanner.csproj\n\n## Testing\n- Added unit tests for wheel parsing",
"created_at": "2024-12-29T11:30:00Z",
"updated_at": "2024-12-29T11:30:00Z",
"closed_at": null,
"merged_at": null,
"merge_commit_sha": null,
"assignee": null,
"assignees": [],
"requested_reviewers": [],
"requested_teams": [],
"labels": [
{
"id": 1,
"name": "enhancement",
"color": "a2eeef"
}
],
"milestone": null,
"draft": false,
"head": {
"label": "stellaops-org:feature/python-wheel",
"ref": "feature/python-wheel",
"sha": "abc123def456789012345678901234567890abcd",
"user": {
"login": "stellaops-org",
"id": 87654321
},
"repo": {
"id": 12345678,
"name": "stellaops",
"full_name": "stellaops-org/stellaops"
}
"sha": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"ref": "feature-branch"
},
"base": {
"label": "stellaops-org:main",
"ref": "main",
"sha": "0000000000000000000000000000000000000000",
"user": {
"login": "stellaops-org",
"id": 87654321
},
"repo": {
"id": 12345678,
"name": "stellaops",
"full_name": "stellaops-org/stellaops"
}
},
"author_association": "MEMBER",
"auto_merge": null,
"active_lock_reason": null,
"merged": false,
"mergeable": null,
"rebaseable": null,
"mergeable_state": "unknown",
"merged_by": null,
"comments": 0,
"review_comments": 0,
"maintainer_can_modify": false,
"commits": 1,
"additions": 150,
"deletions": 5,
"changed_files": 2
"sha": "b4fe06dafc13gge79dee0ge95517791bf04e744d",
"ref": "main"
}
},
"repository": {
"id": 12345678,
"name": "stellaops",
"full_name": "stellaops-org/stellaops",
"private": false,
"owner": {
"login": "stellaops-org",
"id": 87654321,
"type": "Organization"
},
"html_url": "https://github.com/stellaops-org/stellaops",
"id": 123456789,
"name": "myapp",
"full_name": "stellaops/myapp",
"default_branch": "main"
},
"sender": {
"login": "developer",
"id": 11111111,
"login": "stellaops",
"id": 123456,
"type": "User"
}
}

72
src/__Tests/__Datasets/Integrations/Scm/github-push.json
View File

@@ -1,72 +1,30 @@
{
{
"ref": "refs/heads/main",
"before": "0000000000000000000000000000000000000000",
"after": "abc123def456789012345678901234567890abcd",
"after": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"repository": {
"id": 12345678,
"node_id": "R_kgDOBuA8HA",
"name": "stellaops",
"full_name": "stellaops-org/stellaops",
"private": false,
"owner": {
"name": "stellaops-org",
"login": "stellaops-org",
"id": 87654321,
"type": "Organization"
},
"html_url": "https://github.com/stellaops-org/stellaops",
"description": "Sovereign container security platform",
"fork": false,
"url": "https://api.github.com/repos/stellaops-org/stellaops",
"clone_url": "https://github.com/stellaops-org/stellaops.git",
"default_branch": "main"
"id": 123456789,
"name": "myapp",
"full_name": "stellaops/myapp",
"default_branch": "main",
"html_url": "https://github.com/stellaops/myapp"
},
"pusher": {
"name": "developer",
"email": "developer@stellaops.io"
"name": "stellaops",
"email": "ci@stellaops.org"
},
"sender": {
"login": "developer",
"id": 11111111,
"login": "stellaops",
"id": 123456,
"type": "User"
},
"created": false,
"deleted": false,
"forced": false,
"base_ref": null,
"compare": "https://github.com/stellaops-org/stellaops/compare/000000000000...abc123def456",
"commits": [
{
"id": "abc123def456789012345678901234567890abcd",
"tree_id": "fedcba0987654321fedcba0987654321fedcba09",
"distinct": true,
"message": "feat: add new scanner analyzer\n\nAdds support for Python wheel analysis.",
"timestamp": "2024-12-29T12:00:00Z",
"url": "https://github.com/stellaops-org/stellaops/commit/abc123def456789012345678901234567890abcd",
"author": {
"name": "Developer",
"email": "developer@stellaops.io",
"username": "developer"
},
"committer": {
"name": "Developer",
"email": "developer@stellaops.io",
"username": "developer"
},
"added": ["src/Scanner/Analyzers/PythonWheel.cs"],
"removed": [],
"modified": ["src/Scanner/Scanner.csproj"]
}
],
"head_commit": {
"id": "abc123def456789012345678901234567890abcd",
"tree_id": "fedcba0987654321fedcba0987654321fedcba09",
"distinct": true,
"message": "feat: add new scanner analyzer",
"id": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"message": "feat: add new feature",
"timestamp": "2024-12-29T12:00:00Z",
"author": {
"name": "Developer",
"email": "developer@stellaops.io"
"name": "StellaOps",
"email": "dev@stellaops.org"
}
}
}

84
src/__Tests/__Datasets/Integrations/Scm/github-workflow-run.json
View File

@@ -1,93 +1,39 @@
{
{
"action": "completed",
"workflow_run": {
"id": 9876543210,
"name": "StellaOps CI",
"node_id": "WFR_kwLOBuA8HM8AAAAClKe9Og",
"id": 1234567890,
"name": "CI",
"node_id": "WFR_kwDOGPQW8c8AAAAB",
"head_branch": "main",
"head_sha": "abc123def456789012345678901234567890abcd",
"head_sha": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"path": ".github/workflows/ci.yml",
"display_title": "StellaOps CI",
"run_number": 123,
"run_number": 42,
"event": "push",
"status": "completed",
"conclusion": "success",
"workflow_id": 12345,
"check_suite_id": 11111111,
"check_suite_node_id": "CS_kwDOBuA8HM8AAAAClKe9Og",
"url": "https://api.github.com/repos/stellaops-org/stellaops/actions/runs/9876543210",
"html_url": "https://github.com/stellaops-org/stellaops/actions/runs/9876543210",
"pull_requests": [],
"created_at": "2024-12-29T12:00:00Z",
"updated_at": "2024-12-29T12:05:00Z",
"actor": {
"login": "developer",
"id": 11111111,
"login": "stellaops",
"id": 123456,
"type": "User"
},
"run_attempt": 1,
"referenced_workflows": [],
"run_started_at": "2024-12-29T12:00:00Z",
"triggering_actor": {
"login": "developer",
"id": 11111111,
"login": "stellaops",
"id": 123456,
"type": "User"
},
"jobs_url": "https://api.github.com/repos/stellaops-org/stellaops/actions/runs/9876543210/jobs",
"logs_url": "https://api.github.com/repos/stellaops-org/stellaops/actions/runs/9876543210/logs",
"check_suite_url": "https://api.github.com/repos/stellaops-org/stellaops/check-suites/11111111",
"artifacts_url": "https://api.github.com/repos/stellaops-org/stellaops/actions/runs/9876543210/artifacts",
"cancel_url": "https://api.github.com/repos/stellaops-org/stellaops/actions/runs/9876543210/cancel",
"rerun_url": "https://api.github.com/repos/stellaops-org/stellaops/actions/runs/9876543210/rerun",
"workflow_url": "https://api.github.com/repos/stellaops-org/stellaops/actions/workflows/12345",
"head_commit": {
"id": "abc123def456789012345678901234567890abcd",
"tree_id": "fedcba0987654321fedcba0987654321fedcba09",
"message": "feat: add new scanner analyzer",
"timestamp": "2024-12-29T12:00:00Z",
"author": {
"name": "Developer",
"email": "developer@stellaops.io"
},
"committer": {
"name": "Developer",
"email": "developer@stellaops.io"
}
},
"repository": {
"id": 12345678,
"name": "stellaops",
"full_name": "stellaops-org/stellaops"
},
"head_repository": {
"id": 12345678,
"name": "stellaops",
"full_name": "stellaops-org/stellaops"
}
},
"workflow": {
"id": 12345,
"node_id": "W_kwDOBuA8HM8AAAACKPb9",
"name": "StellaOps CI",
"path": ".github/workflows/ci.yml",
"state": "active",
"created_at": "2024-01-01T00:00:00.000Z",
"updated_at": "2024-12-29T12:00:00.000Z",
"url": "https://api.github.com/repos/stellaops-org/stellaops/actions/workflows/12345",
"html_url": "https://github.com/stellaops-org/stellaops/blob/main/.github/workflows/ci.yml",
"badge_url": "https://github.com/stellaops-org/stellaops/workflows/StellaOps%20CI/badge.svg"
"name": "CI",
"path": ".github/workflows/ci.yml"
},
"repository": {
"id": 12345678,
"name": "stellaops",
"full_name": "stellaops-org/stellaops",
"private": false,
"owner": {
"login": "stellaops-org",
"id": 87654321,
"type": "Organization"
},
"html_url": "https://github.com/stellaops-org/stellaops",
"id": 123456789,
"name": "myapp",
"full_name": "stellaops/myapp",
"default_branch": "main"
},
"sender": {

70
src/__Tests/__Datasets/Integrations/Scm/gitlab-push.json
View File

@@ -1,60 +1,34 @@
{
{
"object_kind": "push",
"event_name": "push",
"before": "0000000000000000000000000000000000000000",
"after": "abc123def456789012345678901234567890abcd",
"after": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"ref": "refs/heads/main",
"checkout_sha": "abc123def456789012345678901234567890abcd",
"message": null,
"user_id": 12345,
"user_name": "Developer",
"user_username": "developer",
"user_email": "developer@stellaops.io",
"user_avatar": "https://gitlab.example.com/uploads/-/system/user/avatar/12345/avatar.png",
"project_id": 67890,
"checkout_sha": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"user_id": 123456,
"user_name": "StellaOps",
"user_username": "stellaops",
"user_email": "dev@stellaops.org",
"project": {
"id": 67890,
"name": "stellaops",
"description": "Sovereign container security platform",
"web_url": "https://gitlab.example.com/stellaops-org/stellaops",
"avatar_url": null,
"git_ssh_url": "git@gitlab.example.com:stellaops-org/stellaops.git",
"git_http_url": "https://gitlab.example.com/stellaops-org/stellaops.git",
"namespace": "stellaops-org",
"visibility_level": 20,
"path_with_namespace": "stellaops-org/stellaops",
"id": 123456789,
"name": "myapp",
"path_with_namespace": "stellaops/myapp",
"default_branch": "main",
"ci_config_path": ".gitlab-ci.yml",
"homepage": "https://gitlab.example.com/stellaops-org/stellaops",
"url": "git@gitlab.example.com:stellaops-org/stellaops.git",
"ssh_url": "git@gitlab.example.com:stellaops-org/stellaops.git",
"http_url": "https://gitlab.example.com/stellaops-org/stellaops.git"
"web_url": "https://gitlab.com/stellaops/myapp"
},
"repository": {
"name": "myapp",
"url": "git@gitlab.com:stellaops/myapp.git"
},
"commits": [
{
"id": "abc123def456789012345678901234567890abcd",
"message": "feat: add new scanner analyzer\n\nAdds support for Python wheel analysis.",
"title": "feat: add new scanner analyzer",
"timestamp": "2024-12-29T12:00:00+00:00",
"url": "https://gitlab.example.com/stellaops-org/stellaops/-/commit/abc123def456789012345678901234567890abcd",
"id": "a3ed95caeb02ffe68cdd9fd84406680ae93d633c",
"message": "feat: add new feature",
"timestamp": "2024-12-29T12:00:00Z",
"author": {
"name": "Developer",
"email": "developer@stellaops.io"
},
"added": ["src/Scanner/Analyzers/PythonWheel.cs"],
"modified": ["src/Scanner/Scanner.csproj"],
"removed": []
"name": "StellaOps",
"email": "dev@stellaops.org"
}
}
],
"total_commits_count": 1,
"push_options": {},
"repository": {
"name": "stellaops",
"url": "git@gitlab.example.com:stellaops-org/stellaops.git",
"description": "Sovereign container security platform",
"homepage": "https://gitlab.example.com/stellaops-org/stellaops",
"git_http_url": "https://gitlab.example.com/stellaops-org/stellaops.git",
"git_ssh_url": "git@gitlab.example.com:stellaops-org/stellaops.git",
"visibility_level": 20
}
]
}

21
src/__Tests/architecture/AGENTS.md Normal file
View File

@@ -0,0 +1,21 @@
# Architecture Tests Charter
## Working Directory
- `src/__Tests/architecture`
## Scope
- Enforce cross-module architecture rules (dependencies, naming, package bans).
## Required Reading
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/ci/architecture.md`
## Working Agreements
- Update sprint tracker and local `TASKS.md` files.
- Ensure rules load intended assemblies; avoid silent skips.
- Keep tests deterministic and offline-friendly.
## Testing Rules
- Fail when expected assemblies are missing.
- Provide clear violation output for dependency rules.

21
src/__Tests/architecture/StellaOps.Architecture.Tests/AGENTS.md Normal file
View File

@@ -0,0 +1,21 @@
# Architecture Tests Project Charter
## Working Directory
- `src/__Tests/architecture/StellaOps.Architecture.Tests`
## Scope
- NetArchTest-based rules for package bans, module dependencies, and naming conventions.
## Required Reading
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/ci/architecture.md`
- `src/__Tests/architecture/AGENTS.md`
## Working Agreements
- Update sprint tracker and local `TASKS.md`.
- Keep assembly discovery deterministic and explicit.
## Testing Rules
- Assert that target assemblies are loaded or explicitly resolved.
- Provide deterministic diagnostics for rule violations.

10
src/__Tests/architecture/StellaOps.Architecture.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# Architecture Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0042-M | DONE | Maintainability audit for StellaOps.Architecture.Tests. |
| AUDIT-0042-T | DONE | Test coverage audit for StellaOps.Architecture.Tests. |
| AUDIT-0042-A | TODO | Pending approval for changes. |

30
src/__Tests/chaos/StellaOps.Chaos.Router.Tests/AGENTS.md Normal file
View File

@@ -0,0 +1,30 @@
# Chaos Router Tests Charter
## Mission
Own chaos testing for Router resilience, backpressure, and cache failure behavior.
## Responsibilities
- Maintain `StellaOps.Chaos.Router.Tests`.
- Validate backpressure, recovery, and Valkey failure handling.
- Surface open work on `TASKS.md`; update statuses (TODO/DOING/DONE/BLOCKED/REVIEW).
## Key Paths
- `BackpressureVerificationTests.cs`
- `RecoveryTests.cs`
- `ValkeyFailureTests.cs`
- `Fixtures/RouterTestFixture.cs`
## Coordination
- Router service owners.
- Infra/DevOps for chaos test environment constraints.
## Required Reading
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

10
src/__Tests/chaos/StellaOps.Chaos.Router.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# Chaos Router Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0136-M | DONE | Maintainability audit for StellaOps.Chaos.Router.Tests. |
| AUDIT-0136-T | DONE | Test coverage audit for StellaOps.Chaos.Router.Tests. |
| AUDIT-0136-A | TODO | Pending approval for changes. |

268
src/__Tests/e2e/Integrations/Fixtures/IntegrationTestFixture.cs
View File

@@ -1,219 +1,65 @@
// =============================================================================
// IntegrationTestFixture.cs
// Sprint: SPRINT_20251229_019 - Integration E2E Validation
// Description: Base fixture class for integration E2E tests
// =============================================================================
using System.Reflection;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Moq;
using Xunit;
// StellaOps.Integration.E2E.Integrations
// Sprint: SPRINT_20251229_019
// Task: INT-E2E-001 - Integration Test Fixture
namespace StellaOps.Integration.E2E.Integrations.Fixtures;
/// <summary>
/// Base fixture class providing common test infrastructure for integration E2E tests.
/// Provides fixture loading, mock setup, and determinism validation utilities.
/// </summary>
public class IntegrationTestFixture : IAsyncLifetime
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
public class IntegrationTestFixture : IDisposable
{
private readonly string _fixturesBasePath;
private readonly Dictionary<string, string> _loadedFixtures = new();
private readonly List<string> _connectionAttempts = [];
private readonly string _fixturesPath;
private bool _offlineMode;
private Action<string>? _connectionMonitor;
private Action<string>? _dnsMonitor;
protected IServiceProvider? ServiceProvider { get; private set; }
private readonly List<string> _connectionAttempts = [];
public IntegrationTestFixture()
{
// Determine fixtures path relative to test assembly
var assemblyLocation = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) ?? "";
_fixturesBasePath = Path.Combine(assemblyLocation, "Fixtures");
// Fallback to source directory structure if running from IDE
if (!Directory.Exists(_fixturesBasePath))
{
_fixturesBasePath = FindFixturesDirectory();
}
_fixturesPath = Path.Combine(AppContext.BaseDirectory, "Fixtures");
_offlineMode = false;
}
public virtual ValueTask InitializeAsync()
{
var services = new ServiceCollection();
ConfigureServices(services);
ServiceProvider = services.BuildServiceProvider();
return ValueTask.CompletedTask;
}
public virtual ValueTask DisposeAsync()
{
if (ServiceProvider is IDisposable disposable)
{
disposable.Dispose();
}
return ValueTask.CompletedTask;
}
protected virtual void ConfigureServices(IServiceCollection services)
{
services.AddLogging(builder =>
{
builder.SetMinimumLevel(LogLevel.Debug);
builder.AddDebug();
});
}
#region Fixture Loading
/// <summary>
/// Loads a JSON fixture from the Registry subfolder.
/// </summary>
public string LoadRegistryFixture(string filename)
{
return LoadFixture(Path.Combine("Registry", filename));
}
=> LoadFixture(Path.Combine("Registry", filename));
/// <summary>
/// Loads a JSON fixture from the Scm subfolder.
/// </summary>
public string LoadScmFixture(string filename)
{
return LoadFixture(Path.Combine("Scm", filename));
}
=> LoadFixture(Path.Combine("Scm", filename));
/// <summary>
/// Loads a fixture from the CiTemplates subfolder.
/// </summary>
public string LoadCiTemplateFixture(string filename)
{
return LoadFixture(Path.Combine("CiTemplates", filename));
}
=> LoadFixture(Path.Combine("CiTemplates", filename));
/// <summary>
/// Loads a fixture file by relative path.
/// </summary>
public string LoadFixture(string relativePath)
{
var cacheKey = relativePath.ToLowerInvariant();
if (_loadedFixtures.TryGetValue(cacheKey, out var cached))
{
return cached;
}
var fullPath = Path.Combine(_fixturesBasePath, relativePath);
var fullPath = Path.Combine(_fixturesPath, relativePath);
if (!File.Exists(fullPath))
{
throw new FileNotFoundException($"Fixture not found: {relativePath}", fullPath);
}
var content = File.ReadAllText(fullPath);
_loadedFixtures[cacheKey] = content;
return content;
throw new FileNotFoundException("Fixture not found: " + relativePath, fullPath);
return File.ReadAllText(fullPath);
}
/// <summary>
/// Loads and deserializes a JSON fixture.
/// </summary>
public T LoadFixture<T>(string relativePath) where T : class
{
var json = LoadFixture(relativePath);
return JsonSerializer.Deserialize<T>(json, JsonOptions)
?? throw new InvalidOperationException($"Failed to deserialize fixture: {relativePath}");
return JsonSerializer.Deserialize<T>(json)
?? throw new InvalidOperationException("Failed to deserialize fixture: " + relativePath);
}
/// <summary>
/// Gets all fixture files matching a pattern.
/// </summary>
public IEnumerable<string> GetFixtureFiles(string subfolder, string searchPattern = "*.json")
{
var folder = Path.Combine(_fixturesBasePath, subfolder);
if (!Directory.Exists(folder))
{
return [];
}
return Directory.GetFiles(folder, searchPattern).Select(Path.GetFileName).OfType<string>();
}
private static string FindFixturesDirectory()
{
// Navigate up from execution directory to find __Datasets/Integrations
var current = Directory.GetCurrentDirectory();
for (var i = 0; i < 10; i++)
{
var candidate = Path.Combine(current, "src", "__Tests", "__Datasets", "Integrations");
if (Directory.Exists(candidate))
{
return candidate;
}
var parent = Directory.GetParent(current);
if (parent == null) break;
current = parent.FullName;
}
// Default to relative path from test project
return Path.Combine("..", "..", "..", "..", "__Datasets", "Integrations");
}
#endregion
#region Offline Mode
/// <summary>
/// Sets the test fixture to offline mode for air-gap testing.
/// </summary>
public void SetOfflineMode(bool enabled)
{
_offlineMode = enabled;
}
/// <summary>
/// Gets whether offline mode is enabled.
/// </summary>
public void SetOfflineMode(bool enabled) => _offlineMode = enabled;
public bool IsOfflineMode => _offlineMode;
/// <summary>
/// Sets a monitor callback for connection attempts (used in offline tests).
/// </summary>
public void SetConnectionMonitor(Action<string> monitor)
{
_connectionMonitor = monitor;
}
public void SetConnectionMonitor(Action<string>? monitor) => _connectionMonitor = monitor;
/// <summary>
/// Sets a monitor callback for DNS lookups (used in offline tests).
/// </summary>
public void SetDnsMonitor(Action<string> monitor)
{
_dnsMonitor = monitor;
}
/// <summary>
/// Records a connection attempt (for offline mode validation).
/// </summary>
public void RecordConnectionAttempt(string endpoint)
{
_connectionAttempts.Add(endpoint);
_connectionMonitor?.Invoke(endpoint);
if (_offlineMode)
throw new InvalidOperationException("Network access not allowed in offline mode: " + endpoint);
}
/// <summary>
/// Gets all recorded connection attempts.
/// </summary>
public IReadOnlyList<string> GetConnectionAttempts() => _connectionAttempts;
public IReadOnlyList<string> ConnectionAttempts => _connectionAttempts.AsReadOnly();
#endregion
#region Determinism Helpers
/// <summary>
/// Computes a SHA-256 hash of the given content for determinism validation.
/// </summary>
public static string ComputeHash(string content)
{
var bytes = Encoding.UTF8.GetBytes(content);
@@ -221,78 +67,38 @@ public class IntegrationTestFixture : IAsyncLifetime
return Convert.ToHexStringLower(hash);
}
/// <summary>
/// Computes a SHA-256 hash of a JSON object after canonical serialization.
/// </summary>
public static string ComputeCanonicalHash<T>(T obj)
public static string ComputeCanonicalHash<T>(T obj) where T : class
{
var json = SerializeCanonical(obj);
return ComputeHash(json);
}
/// <summary>
/// Serializes an object to canonical JSON (sorted keys, no whitespace).
/// </summary>
public static string SerializeCanonical<T>(T obj)
public static string SerializeCanonical<T>(T obj) where T : class
{
var options = new JsonSerializerOptions
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
WriteIndented = false,
DefaultIgnoreCondition = System.Text.Json.Serialization.JsonIgnoreCondition.WhenWritingNull
PropertyNamingPolicy = JsonNamingPolicy.CamelCase
};
return JsonSerializer.Serialize(obj, options);
}
/// <summary>
/// Validates that two objects produce identical canonical JSON.
/// </summary>
public static bool AreDeterministicallyEqual<T>(T obj1, T obj2)
{
var json1 = SerializeCanonical(obj1);
var json2 = SerializeCanonical(obj2);
return json1 == json2;
}
public static bool AreDeterministicallyEqual<T>(T obj1, T obj2) where T : class
=> ComputeCanonicalHash(obj1) == ComputeCanonicalHash(obj2);
#endregion
public static DateTimeOffset GetFrozenTimestamp()
=> new(2024, 12, 29, 12, 0, 0, TimeSpan.Zero);
#region Test Utilities
/// <summary>
/// Creates a temporary directory for test artifacts.
/// </summary>
public string CreateTempDirectory()
{
var path = Path.Combine(Path.GetTempPath(), "stellaops-e2e-tests", Guid.NewGuid().ToString("N"));
var path = Path.Combine(Path.GetTempPath(), "stellaops-test-" + Guid.NewGuid().ToString("N"));
Directory.CreateDirectory(path);
return path;
}
/// <summary>
/// Gets a frozen timestamp for deterministic testing.
/// </summary>
public static DateTimeOffset GetFrozenTimestamp()
public void Dispose()
{
return new DateTimeOffset(2024, 12, 29, 12, 0, 0, TimeSpan.Zero);
_connectionAttempts.Clear();
GC.SuppressFinalize(this);
}
/// <summary>
/// Creates a mock logger for the specified type.
/// </summary>
public static Mock<ILogger<T>> CreateMockLogger<T>()
{
return new Mock<ILogger<T>>();
}
#endregion
protected static readonly JsonSerializerOptions JsonOptions = new()
{
PropertyNameCaseInsensitive = true,
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
WriteIndented = true
};
}
}

21
src/__Tests/unit/StellaOps.AuditPack.Tests/AGENTS.md Normal file
View File

@@ -0,0 +1,21 @@
# AuditPack Unit Tests AGENTS
## Purpose & Scope
- Working directory: `src/__Tests/unit/StellaOps.AuditPack.Tests/`.
- Roles: QA automation, backend engineer.
- Focus: unit coverage for audit pack builder/importer/exporter/replay/attestation behaviors.
## Required Reading (treat as read before DOING)
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- Relevant sprint files.
## Working Agreements
- Keep tests deterministic (fixed time/IDs, stable fixtures).
- Keep unit tests isolated from filesystem-heavy integration flows.
- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
## Testing
- Use xUnit + FluentAssertions.
- Add explicit assertions for edge cases (signing, import safety, replay drift).

10
src/__Tests/unit/StellaOps.AuditPack.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,10 @@
# AuditPack Unit Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0077-M | DONE | Maintainability audit for StellaOps.AuditPack unit tests. |
| AUDIT-0077-T | DONE | Test coverage audit for StellaOps.AuditPack unit tests. |
| AUDIT-0077-A | TODO | Pending approval for changes. |