sprints and audit work

2026-01-07 09:36:16 +02:00
parent 05833e0af2
commit ab364c6032
377 changed files with 64534 additions and 1627 deletions
--- a/src/Policy/__Libraries/StellaOps.Policy.Determinization/Models/GuardRails.cs
+++ b/src/Policy/__Libraries/StellaOps.Policy.Determinization/Models/GuardRails.cs
@@ -0,0 +1,112 @@
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Policy.Determinization.Models;
+
+/// <summary>
+/// Guardrails policy configuration for uncertain observations.
+/// Defines monitoring/restrictions when evidence is incomplete.
+/// </summary>
+public sealed record GuardRails
+{
+    /// <summary>
+    /// Enable runtime monitoring.
+    /// </summary>
+    [JsonPropertyName("enable_monitoring")]
+    public required bool EnableMonitoring { get; init; }
+
+    /// <summary>
+    /// Restrict deployment to non-production environments.
+    /// </summary>
+    [JsonPropertyName("restrict_to_non_prod")]
+    public required bool RestrictToNonProd { get; init; }
+
+    /// <summary>
+    /// Require manual approval before deployment.
+    /// </summary>
+    [JsonPropertyName("require_approval")]
+    public required bool RequireApproval { get; init; }
+
+    /// <summary>
+    /// Schedule automatic re-evaluation after this duration.
+    /// </summary>
+    [JsonPropertyName("reeval_after")]
+    public TimeSpan? ReevalAfter { get; init; }
+
+    /// <summary>
+    /// Additional notes/rationale for guardrails.
+    /// </summary>
+    [JsonPropertyName("notes")]
+    public string? Notes { get; init; }
+
+    /// <summary>
+    /// Creates GuardRails with default safe settings.
+    /// </summary>
+    public static GuardRails Default() => new()
+    {
+        EnableMonitoring = true,
+        RestrictToNonProd = false,
+        RequireApproval = false,
+        ReevalAfter = TimeSpan.FromDays(7),
+        Notes = null
+    };
+
+    /// <summary>
+    /// Creates GuardRails for high-uncertainty observations.
+    /// </summary>
+    public static GuardRails Strict() => new()
+    {
+        EnableMonitoring = true,
+        RestrictToNonProd = true,
+        RequireApproval = true,
+        ReevalAfter = TimeSpan.FromDays(3),
+        Notes = "High uncertainty - strict guardrails applied"
+    };
+
+    /// <summary>
+    /// Creates GuardRails with no restrictions (all evidence present).
+    /// </summary>
+    public static GuardRails None() => new()
+    {
+        EnableMonitoring = false,
+        RestrictToNonProd = false,
+        RequireApproval = false,
+        ReevalAfter = null,
+        Notes = null
+    };
+}
+
+/// <summary>
+/// Deployment environment classification.
+/// </summary>
+public enum DeploymentEnvironment
+{
+    /// <summary>Development environment.</summary>
+    Development = 0,
+
+    /// <summary>Testing environment.</summary>
+    Testing = 1,
+
+    /// <summary>Staging/pre-production environment.</summary>
+    Staging = 2,
+
+    /// <summary>Production environment.</summary>
+    Production = 3
+}
+
+/// <summary>
+/// Asset criticality classification.
+/// </summary>
+public enum AssetCriticality
+{
+    /// <summary>Low criticality - minimal impact if compromised.</summary>
+    Low = 0,
+
+    /// <summary>Medium criticality - moderate impact.</summary>
+    Medium = 1,
+
+    /// <summary>High criticality - significant impact.</summary>
+    High = 2,
+
+    /// <summary>Critical - severe impact if compromised.</summary>
+    Critical = 3
+}