feat(secrets): Implement secret leak policies and signal binding

- Added `spl-secret-block@1.json` to block deployments with critical or high severity secret findings. - Introduced `spl-secret-warn@1.json` to warn on secret findings without blocking deployments. - Created `SecretSignalBinder.cs` to bind secret evidence to policy evaluation signals. - Developed unit tests for `SecretEvidenceContext` and `SecretSignalBinder` to ensure correct functionality. - Enhanced `SecretSignalContextExtensions` to integrate secret evidence into signal contexts.
2026-01-04 15:44:49 +02:00
parent 1f33143bd1
commit f7d27c6fda
44 changed files with 2406 additions and 1107 deletions
--- a/src/Scheduler/StellaOps.Scheduler.WebService/ISystemClock.cs
+++ b/src/Scheduler/StellaOps.Scheduler.WebService/ISystemClock.cs
@@ -1,11 +1,26 @@
 namespace StellaOps.Scheduler.WebService;

+/// <summary>
+/// Legacy system clock interface. Prefer using TimeProvider instead.
+/// </summary>
+[Obsolete("Use TimeProvider instead. This interface is retained for backward compatibility.")]
 public interface ISystemClock
 {
    DateTimeOffset UtcNow { get; }
 }

+/// <summary>
+/// Legacy system clock implementation. Prefer using TimeProvider instead.
+/// </summary>
+[Obsolete("Use TimeProvider instead. This class is retained for backward compatibility.")]
 public sealed class SystemClock : ISystemClock
 {
-    public DateTimeOffset UtcNow => DateTimeOffset.UtcNow;
+    private readonly TimeProvider _timeProvider;
+
+    public SystemClock(TimeProvider? timeProvider = null)
+    {
+        _timeProvider = timeProvider ?? TimeProvider.System;
+    }
+
+    public DateTimeOffset UtcNow => _timeProvider.GetUtcNow();
 }