stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search

2026-02-22 19:27:54 +02:00
parent a29f438f53
commit bd8fee6ed8
373 changed files with 832097 additions and 3369 deletions
--- a/src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Program.cs
+++ b/src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Program.cs
@@ -114,8 +114,7 @@ internal static class Program
    {
        var assembly = Assembly.GetExecutingAssembly();
        var version = assembly.GetCustomAttribute<AssemblyInformationalVersionAttribute>()?.InformationalVersion
-                      ?? assembly.GetName().Version?.ToString()
-                      ?? "unknown";
+                      ?? "1.0.0";
        Console.WriteLine(version);
        return 0;
    }
@@ -234,8 +233,7 @@ internal static class Program

        var assembly = Assembly.GetExecutingAssembly();
        var version = assembly.GetCustomAttribute<AssemblyInformationalVersionAttribute>()?.InformationalVersion
-                      ?? assembly.GetName().Version?.ToString()
-                      ?? "0.0.0";
+                      ?? "1.0.0";

        var request = new DescriptorRequest
        {
@@ -625,4 +623,3 @@ internal static class Program
        }
    }
 }
-
--- a/src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/StellaOps.Scanner.Sbomer.BuildXPlugin.csproj
+++ b/src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/StellaOps.Scanner.Sbomer.BuildXPlugin.csproj
@@ -7,10 +7,10 @@
    <OutputType>Exe</OutputType>
    <AssemblyName>StellaOps.Scanner.Sbomer.BuildXPlugin</AssemblyName>
    <RootNamespace>StellaOps.Scanner.Sbomer.BuildXPlugin</RootNamespace>
-    <Version>0.1.0-alpha</Version>
-    <FileVersion>0.1.0.0</FileVersion>
-    <AssemblyVersion>0.1.0.0</AssemblyVersion>
-    <InformationalVersion>0.1.0-alpha</InformationalVersion>
+    <Version>1.0.0-alpha1</Version>
+    <FileVersion>1.0.0.0</FileVersion>
+    <AssemblyVersion>1.0.0.0</AssemblyVersion>
+    <InformationalVersion>1.0.0-alpha1</InformationalVersion>
  </PropertyGroup>

  <ItemGroup>
--- a/src/Scanner/StellaOps.Scanner.WebService/Program.cs
+++ b/src/Scanner/StellaOps.Scanner.WebService/Program.cs
@@ -84,10 +84,11 @@ builder.Services.AddStellaOpsCrypto(bootstrapOptions.Crypto);
 builder.Services.AddControllers();

 // Stella Router integration - enables ASP.NET endpoints to be registered with the Router
-builder.Services.TryAddStellaRouter(
+var routerEnabled = builder.Services.AddRouterMicroservice(
+    builder.Configuration,
    serviceName: "scanner",
-    version: typeof(Program).Assembly.GetName().Version?.ToString() ?? "1.0.0",
-    routerOptions: bootstrapOptions.Router);
+    version: System.Reflection.CustomAttributeExtensions.GetCustomAttribute<System.Reflection.AssemblyInformationalVersionAttribute>(System.Reflection.Assembly.GetExecutingAssembly())?.InformationalVersion ?? "1.0.0",
+    routerOptionsSection: "Router");

 builder.Services.AddOptions<ScannerWebServiceOptions>()
    .Bind(builder.Configuration.GetSection(ScannerWebServiceOptions.SectionName))
@@ -437,12 +438,20 @@ if (bootstrapOptions.Authority.Enabled)
        options.AddStellaOpsScopePolicy(ScannerPolicies.ScansEnqueue, bootstrapOptions.Authority.RequiredScopes.ToArray());
        options.AddStellaOpsScopePolicy(ScannerPolicies.ScansRead, ScannerAuthorityScopes.ScansRead);
        options.AddStellaOpsScopePolicy(ScannerPolicies.ScansWrite, ScannerAuthorityScopes.ScansWrite);
-        options.AddStellaOpsScopePolicy(ScannerPolicies.ScansApprove, ScannerAuthorityScopes.ScansWrite);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.ScansApprove, ScannerAuthorityScopes.ScansApprove);
        options.AddStellaOpsScopePolicy(ScannerPolicies.Reports, ScannerAuthorityScopes.ReportsRead);
        options.AddStellaOpsScopePolicy(ScannerPolicies.RuntimeIngest, ScannerAuthorityScopes.RuntimeIngest);
        options.AddStellaOpsScopePolicy(ScannerPolicies.CallGraphIngest, ScannerAuthorityScopes.CallGraphIngest);
        options.AddStellaOpsScopePolicy(ScannerPolicies.TriageRead, ScannerAuthorityScopes.ScansRead);
        options.AddStellaOpsScopePolicy(ScannerPolicies.TriageWrite, ScannerAuthorityScopes.ScansWrite);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.Admin, ScannerAuthorityScopes.Admin);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.SourcesRead, ScannerAuthorityScopes.SourcesRead);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.SourcesWrite, ScannerAuthorityScopes.SourcesWrite);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.SourcesAdmin, ScannerAuthorityScopes.SourcesAdmin);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.SecretSettingsRead, ScannerAuthorityScopes.SecretSettingsRead);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.SecretSettingsWrite, ScannerAuthorityScopes.SecretSettingsWrite);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.SecretExceptionsRead, ScannerAuthorityScopes.SecretExceptionsRead);
+        options.AddStellaOpsScopePolicy(ScannerPolicies.SecretExceptionsWrite, ScannerAuthorityScopes.SecretExceptionsWrite);
        options.AddStellaOpsScopePolicy(ScannerPolicies.OfflineKitImport, StellaOpsScopes.AirgapImport);
        options.AddStellaOpsScopePolicy(ScannerPolicies.OfflineKitStatusRead, StellaOpsScopes.AirgapStatusRead);
        options.AddStellaOpsScopePolicy(ScannerPolicies.OfflineKitManifestRead, StellaOpsScopes.AirgapStatusRead);
@@ -469,6 +478,14 @@ else
        options.AddPolicy(ScannerPolicies.CallGraphIngest, policy => policy.RequireAssertion(_ => true));
        options.AddPolicy(ScannerPolicies.TriageRead, policy => policy.RequireAssertion(_ => true));
        options.AddPolicy(ScannerPolicies.TriageWrite, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.Admin, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.SourcesRead, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.SourcesWrite, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.SourcesAdmin, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.SecretSettingsRead, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.SecretSettingsWrite, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.SecretExceptionsRead, policy => policy.RequireAssertion(_ => true));
+        options.AddPolicy(ScannerPolicies.SecretExceptionsWrite, policy => policy.RequireAssertion(_ => true));
        options.AddPolicy(ScannerPolicies.OfflineKitImport, policy => policy.RequireAssertion(_ => true));
        options.AddPolicy(ScannerPolicies.OfflineKitStatusRead, policy => policy.RequireAssertion(_ => true));
        options.AddPolicy(ScannerPolicies.OfflineKitManifestRead, policy => policy.RequireAssertion(_ => true));
@@ -594,7 +611,7 @@ app.UseAuthentication();
 app.UseAuthorization();

 // Stella Router integration - enables request dispatch from Router to ASP.NET endpoints
-app.TryUseStellaRouter(resolvedOptions.Router);
+app.TryUseStellaRouter(routerEnabled);

 // Idempotency middleware (Sprint: SPRINT_3500_0002_0003)
 app.UseIdempotency();
@@ -651,7 +668,7 @@ app.MapOpenApiIfAvailable();
 app.MapSliceEndpoints(); // Sprint: SPRINT_3820_0001_0001

 // Refresh Router endpoint cache after all endpoints are registered
-app.TryRefreshStellaRouterEndpoints(resolvedOptions.Router);
+app.TryRefreshStellaRouterEndpoints(routerEnabled);

 await app.RunAsync().ConfigureAwait(false);

@@ -674,3 +691,5 @@ internal sealed class SurfaceCacheOptionsConfigurator : IConfigureOptions<Surfac
        options.RootDirectory = settings.CacheRoot.FullName;
    }
 }
+
+
--- a/src/Scanner/StellaOps.Scanner.WebService/Security/ScannerAuthorityScopes.cs
+++ b/src/Scanner/StellaOps.Scanner.WebService/Security/ScannerAuthorityScopes.cs
@@ -8,9 +8,20 @@ internal static class ScannerAuthorityScopes
    public const string ScansEnqueue = "scanner.scans.enqueue";
    public const string ScansRead = "scanner.scans.read";
    public const string ScansWrite = "scanner.scans.write";
+    public const string ScansApprove = "scanner.scans.approve";
    public const string ReportsRead = "scanner.reports.read";
    public const string RuntimeIngest = "scanner.runtime.ingest";
    public const string CallGraphIngest = "scanner.callgraph.ingest";
+    public const string Admin = "scanner.admin";
+    public const string SourcesRead = "scanner.sources.read";
+    public const string SourcesWrite = "scanner.sources.write";
+    public const string SourcesAdmin = "scanner.sources.admin";
+    public const string SecretSettingsRead = "scanner.secrets.settings.read";
+    public const string SecretSettingsWrite = "scanner.secrets.settings.write";
+    public const string SecretExceptionsRead = "scanner.secrets.exceptions.read";
+    public const string SecretExceptionsWrite = "scanner.secrets.exceptions.write";
    public const string OfflineKitImport = "scanner.offline-kit.import";
    public const string OfflineKitStatusRead = "scanner.offline-kit.status.read";
+    public const string OfflineKitManifestRead = "scanner.offline-kit.manifest.read";
+    public const string OfflineKitValidate = "scanner.offline-kit.validate";
 }
--- a/src/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj
+++ b/src/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj
@@ -64,4 +64,8 @@
  <ItemGroup>
    <Compile Remove="Endpoints\\UnknownsEndpoints.cs" />
  </ItemGroup>
+  <PropertyGroup Label="StellaOpsReleaseVersion">
+    <Version>1.0.0-alpha1</Version>
+    <InformationalVersion>1.0.0-alpha1</InformationalVersion>
+  </PropertyGroup>
 </Project>