feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline

- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners. - Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process. - Implemented unit tests for Advisory AI to block known injection patterns and redact secrets. - Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
2025-11-08 23:18:28 +02:00
parent 536f6249a6
commit ae69b1a8a1
187 changed files with 4326 additions and 3196 deletions
--- a/src/Concelier/__Tests/StellaOps.Concelier.Connector.Common.Tests/Common/SourceFetchServiceGuardTests.cs
+++ b/src/Concelier/__Tests/StellaOps.Concelier.Connector.Common.Tests/Common/SourceFetchServiceGuardTests.cs
@@ -1,8 +1,7 @@
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Security.Cryptography;
-using System.Text;
+using System.Text;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using Mongo2Go;
@@ -13,9 +12,10 @@ using StellaOps.Concelier.Connector.Common.Fetch;
 using StellaOps.Concelier.Connector.Common.Http;
 using StellaOps.Concelier.Core.Aoc;
 using StellaOps.Concelier.Core.Linksets;
-using StellaOps.Concelier.RawModels;
-using StellaOps.Concelier.Storage.Mongo;
-using StellaOps.Concelier.Storage.Mongo.Documents;
+using StellaOps.Concelier.RawModels;
+using StellaOps.Concelier.Storage.Mongo;
+using StellaOps.Concelier.Storage.Mongo.Documents;
+using StellaOps.Cryptography;

 namespace StellaOps.Concelier.Connector.Common.Tests;

@@ -23,14 +23,16 @@ public sealed class SourceFetchServiceGuardTests : IAsyncLifetime
 {
    private readonly MongoDbRunner _runner;
    private readonly IMongoDatabase _database;
-    private readonly RawDocumentStorage _rawStorage;
+    private readonly RawDocumentStorage _rawStorage;
+    private readonly ICryptoHash _hash;

    public SourceFetchServiceGuardTests()
    {
        _runner = MongoDbRunner.Start(singleNodeReplSet: true);
        var client = new MongoClient(_runner.ConnectionString);
        _database = client.GetDatabase($"source-fetch-guard-{Guid.NewGuid():N}");
-        _rawStorage = new RawDocumentStorage(_database);
+        _rawStorage = new RawDocumentStorage(_database);
+        _hash = CryptoHashFactory.CreateDefault();
    }

    [Fact]
@@ -53,17 +55,18 @@ public sealed class SourceFetchServiceGuardTests : IAsyncLifetime

        var linksetMapper = new NoopAdvisoryLinksetMapper();

-        var service = new SourceFetchService(
-            httpClientFactory,
-            _rawStorage,
-            documentStore,
-            NullLogger<SourceFetchService>.Instance,
-            jitter,
-            guard,
-            linksetMapper,
-            TimeProvider.System,
-            httpOptions,
-            storageOptions);
+        var service = new SourceFetchService(
+            httpClientFactory,
+            _rawStorage,
+            documentStore,
+            NullLogger<SourceFetchService>.Instance,
+            jitter,
+            guard,
+            linksetMapper,
+            _hash,
+            TimeProvider.System,
+            httpOptions,
+            storageOptions);

        var request = new SourceFetchRequest("client", "vndr.msrc", new Uri("https://example.test/advisories/ADV-1234"))
        {
@@ -82,7 +85,7 @@ public sealed class SourceFetchServiceGuardTests : IAsyncLifetime
        Assert.Equal("tenant-default", guard.LastDocument!.Tenant);
        Assert.Equal("msrc", guard.LastDocument.Source.Vendor);
        Assert.Equal("ADV-1234", guard.LastDocument.Upstream.UpstreamId);
-        var expectedHash = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(responsePayload))).ToLowerInvariant();
+        var expectedHash = _hash.ComputeHashHex(Encoding.UTF8.GetBytes(responsePayload), HashAlgorithms.Sha256);
        Assert.Equal(expectedHash, guard.LastDocument.Upstream.ContentHash);
        Assert.NotNull(documentStore.LastRecord);
        Assert.True(documentStore.UpsertCount > 0);
@@ -114,17 +117,18 @@ public sealed class SourceFetchServiceGuardTests : IAsyncLifetime

        var linksetMapper = new NoopAdvisoryLinksetMapper();

-        var service = new SourceFetchService(
-            httpClientFactory,
-            _rawStorage,
-            documentStore,
-            NullLogger<SourceFetchService>.Instance,
-            jitter,
-            guard,
-            linksetMapper,
-            TimeProvider.System,
-            httpOptions,
-            storageOptions);
+        var service = new SourceFetchService(
+            httpClientFactory,
+            _rawStorage,
+            documentStore,
+            NullLogger<SourceFetchService>.Instance,
+            jitter,
+            guard,
+            linksetMapper,
+            _hash,
+            TimeProvider.System,
+            httpOptions,
+            storageOptions);

        var request = new SourceFetchRequest("client", "nvd", new Uri("https://example.test/data/XYZ"))
        {
--- a/src/Concelier/__Tests/StellaOps.Concelier.Connector.Common.Tests/Common/SourceStateSeedProcessorTests.cs
+++ b/src/Concelier/__Tests/StellaOps.Concelier.Connector.Common.Tests/Common/SourceStateSeedProcessorTests.cs
@@ -11,6 +11,7 @@ using StellaOps.Concelier.Connector.Common.Fetch;
 using StellaOps.Concelier.Connector.Common.State;
 using StellaOps.Concelier.Storage.Mongo;
 using StellaOps.Concelier.Storage.Mongo.Documents;
+using StellaOps.Cryptography;

 namespace StellaOps.Concelier.Connector.Common.Tests;

@@ -23,6 +24,7 @@ public sealed class SourceStateSeedProcessorTests : IAsyncLifetime
    private readonly RawDocumentStorage _rawStorage;
    private readonly MongoSourceStateRepository _stateRepository;
    private readonly FakeTimeProvider _timeProvider;
+    private readonly ICryptoHash _hash;

    public SourceStateSeedProcessorTests()
    {
@@ -33,6 +35,7 @@ public sealed class SourceStateSeedProcessorTests : IAsyncLifetime
        _rawStorage = new RawDocumentStorage(_database);
        _stateRepository = new MongoSourceStateRepository(_database, NullLogger<MongoSourceStateRepository>.Instance);
        _timeProvider = new FakeTimeProvider(new DateTimeOffset(2025, 10, 28, 12, 0, 0, TimeSpan.Zero));
+        _hash = CryptoHashFactory.CreateDefault();
    }

    [Fact]
@@ -199,6 +202,7 @@ public sealed class SourceStateSeedProcessorTests : IAsyncLifetime
            _documentStore,
            _rawStorage,
            _stateRepository,
+            _hash,
            _timeProvider,
            NullLogger<SourceStateSeedProcessor>.Instance);

--- a/src/Concelier/__Tests/StellaOps.Concelier.Connector.Common.Tests/StellaOps.Concelier.Connector.Common.Tests.csproj
+++ b/src/Concelier/__Tests/StellaOps.Concelier.Connector.Common.Tests/StellaOps.Concelier.Connector.Common.Tests.csproj
@@ -20,5 +20,6 @@
  <ItemGroup>
    <ProjectReference Include="../../__Libraries/StellaOps.Concelier.Connector.Common/StellaOps.Concelier.Connector.Common.csproj" />
    <ProjectReference Include="../../__Libraries/StellaOps.Concelier.Storage.Mongo/StellaOps.Concelier.Storage.Mongo.csproj" />
+    <ProjectReference Include="../../../__Libraries/StellaOps.Cryptography/StellaOps.Cryptography.csproj" />
  </ItemGroup>
 </Project>