sln build fix (again), tests fixes, audit work and doctors work

2026-01-12 22:15:51 +02:00
parent 9873f80830
commit 9330c64349
812 changed files with 48051 additions and 3891 deletions
--- a/docs/code-of-conduct/CODE_OF_CONDUCT.md
+++ b/docs/code-of-conduct/CODE_OF_CONDUCT.md
@@ -0,0 +1,88 @@
+# Stella Ops Code of Conduct  
+*Contributor Covenant v2.1 + project‑specific escalation paths*
+
+> We pledge to make participation in the Stella Ops community a
+> harassment‑free experience for everyone, regardless of age, body size,
+> disability, ethnicity, sex characteristics, gender identity and expression,
+> level of experience, education, socio‑economic status, nationality,
+> personal appearance, race, religion, or sexual identity and orientation.
+
+---
+
+## 0 · Our standard
+
+This project adopts the
+[**Contributor Covenant v2.1**](https://www.contributor-covenant.org/version/2/1/code_of_conduct/)
+with the additions and clarifications listed below.  
+If anything here conflicts with the upstream covenant, *our additions win*.
+
+---
+
+## 1 · Scope
+
+| Applies to | Examples |
+|------------|----------|
+| **All official spaces** | Repos under `git.stella-ops.org/stella-ops.org/*`, Matrix rooms (`#stellaops:*`), issue trackers, pull‑request reviews, community calls, and any event officially sponsored by Stella Ops |
+| **Unofficial spaces that impact the project** | Public social‑media posts that target or harass community members, coordinated harassment campaigns, doxxing, etc. |
+
+---
+
+## 2 · Reporting a violation ☎️
+
+| Channel | When to use |
+|---------|-------------|
+| `conduct@stella-ops.org` (PGP key [`keys/#pgp`](https://stella-ops.org/keys/#pgp)) | **Primary, confidential** – anything from micro‑aggressions to serious harassment |
+| Matrix `/msg @coc-bot:libera.chat` | Quick, in‑chat nudge for minor issues |
+| Public issue with label `coc` | Transparency preferred and **you feel safe** doing so |
+
+We aim to acknowledge **within 48 hours** (business days, UTC).
+
+---
+
+## 3 · Incident handlers 🛡️
+
+| Name | Role | Alt‑contact |
+|------|------|-------------|
+| Alice Doe (`@alice`) | Core Maintainer • Security WG | `+1‑555‑0123` |
+| Bob Ng (`@bob`) | UI Maintainer • Community lead | `+1‑555‑0456` |
+
+If **any** handler is the subject of a complaint, skip them and contact another
+handler directly or email `conduct@stella-ops.org` only.
+
+---
+
+## 4 · Enforcement ladder ⚖️
+
+1. **Private coaches / mediation** – first attempt to resolve misunderstandings.  
+2. **Warning** – written, includes corrective actions & cooling‑off period.  
+3. **Temporary exclusion** – mute (chat), read‑only (repo) for *N* days.  
+4. **Permanent ban** – removal from all official spaces + revocation of roles.  
+
+All decisions are documented **privately** (for confidentiality) but a summary
+is published quarterly in the “Community Health” report.
+
+---
+
+## 5 · Appeals 🔄
+
+A sanctioned individual may appeal **once** by emailing
+`appeals@stella-ops.org` within **14 days** of the decision.  
+Appeals are reviewed by **three maintainers not involved in the original case**
+and resolved within 30 days.
+
+---
+
+## 6 · No‑retaliation policy 🛑
+
+Retaliation against reporters **will not be tolerated** and results in
+immediate progression to **Step 4** of the enforcement ladder.
+
+---
+
+## 7 · Attribution & licence 📜
+
+* Text adapted from Contributor Covenant v2.1 –  
+  Copyright © 2014‑2024 Contributor Covenant Contributors  
+  Licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/).
+
+---
--- a/docs/code-of-conduct/TESTING_PRACTICES.md
+++ b/docs/code-of-conduct/TESTING_PRACTICES.md
@@ -0,0 +1,29 @@
+# Testing Practices
+
+## Scope
+- Applies to all modules, shared libraries, and tooling in this repository.
+- Covers quality, maintainability, security, reusability, and test readiness.
+
+## Required test layers
+- Unit tests for every library and service (happy paths, edge cases, determinism, serialization).
+- Integration tests for cross-component flows (database, messaging, storage, and service contracts).
+- End-to-end tests for user-visible workflows and release-critical flows.
+- Performance tests for scanners, exporters, and release orchestration paths.
+- Security tests for authn/authz, input validation, and dependency risk checks.
+- Offline and airgap validation: all suites must run without network access.
+
+## Cadence
+- Per change: unit tests plus relevant integration tests and determinism checks.
+- Nightly: full integration and end-to-end suites per module.
+- Weekly: performance baselines and flakiness triage.
+- Release gate: full test matrix, security verification, and reproducible build checks.
+
+## Evidence and reporting
+- Record results in sprint Execution Logs with date, scope, and outcomes.
+- Track flaky tests and block releases until mitigations are documented.
+- Store deterministic fixtures and hashes for any generated artifacts.
+
+## Environment expectations
+- Use UTC timestamps, fixed seeds, and CultureInfo.InvariantCulture where relevant.
+- Avoid live network calls; rely on fixtures and local emulators only.
+- Inject time and ID providers (TimeProvider, IGuidGenerator) for testability.