stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
1,343 Commits 2 Branches 0 Tags
3d14332609315120b427f9fdcbd1a249b72aeafb
Commit Graph

6 Commits

Author SHA1 Message Date
master
78afc39d2d feat(integrations): secret authority service for UI-driven secret staging 
Add SecretAuthorityService + endpoints so the setup wizard and
integrations hub can stage secret bundles and bind authref URIs
directly from the UI, instead of requiring out-of-band Vault seeding.
Wire the new service behind IntegrationPolicies, expose
SecretAuthorityDtos on the contracts library, and register an
UpsertSecretBundle audit action for the emission library.

Closes BOOTSTRAP-006 from SPRINT_20260413_004.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-14 07:55:49 +03:00
master
537f4f17fc test(audit): comprehensive tests for emission, PII redaction, hash chain, enrichers 
- AuditPiiRedactorTests: 10 tests for recursive redaction + edge cases
- AuditActionFilterTests: 14 tests for capture, enrichment, fallback
- AuditModulesAndActionsTests: 3 tests for constant validation
- PostgresUnifiedAuditEventStoreTests: 8 tests for hash chain integrity
- UnifiedAuditAggregationServiceTests: 6 tests for new query filters
- AuditCleanseJobPluginTests: 7 tests for retention logic + validation
- PluginRegistryTests: 9 tests for plugin discovery
- Authority/Policy enricher tests: 8 tests for GUID resolution
- Total: ~65 new tests across 5 test projects
- Added InternalsVisibleTo for Audit.Emission and Timeline.WebService
- Created AuditCleanseJobPlugin implementation for retention-based cleanup

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 13:00:18 +03:00
master
5d245f958f refactor(audit): replace magic strings with AuditModules/AuditActions constants 
- Replace 349 .Audited("module", "action") calls with typed constants across 91 files
- Add 21 missing action constants to AuditActions.cs (Policy, Attestor, Evidence, Scanner)
- Compile-time safety for module/action naming across all 15 services

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 12:40:18 +03:00
master
2a69ad112c feat(audit): enhanced AuditActionFilter with body capture + enrichment hooks 
- Capture request body (JSON, up to 64KB, PII-redacted) in Details["requestBody"]
- Capture response resource ID for create operations in Details["responseResourceId"]
- Add IAuditResourceEnricher interface for GUID -> human-readable name resolution
- Add IAuditBeforeStateProvider for before-state snapshots in Details["beforeState"]
- Add AuditPiiRedactor with configurable field patterns (recursive JSON walk)
- AuditActionAttribute gains CaptureBody (bool?) + SensitiveFields (string[]?)
- AuditEmissionOptions gains MaxBodySizeBytes (64KB) + RedactedFieldPatterns
- All enrichment is optional and fire-and-forget (never blocks response)
- Add AuditModules constants (15 modules) and AuditActions constants (~200 actions)
  organized as nested static classes per module for type-safe annotations
- All 17 consuming services verified to compile successfully

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 11:49:54 +03:00
master
7c7525f353 feat(audit): annotate endpoints in EvidenceLocker + Integrations + Scanner (Batch 1) 
- Add AuditedRouteGroupExtensions with WithAuditFilter() and Audited() helpers
- EvidenceLocker: 7 endpoints (store, snapshot, verify, hold, store_verdict,
  verify_verdict, export)
- Integrations: 6 endpoints (create, update, delete, test, discover,
  run_code_guard)
- Scanner: ~55 annotations across 25 endpoint files covering sources CRUD,
  scan submission, scan policies, approvals, triage, webhooks, reports,
  reachability, secret detection, offline kit, runtime, and more
- Skipped read-only POSTs per convention (delta compare, counterfactual,
  EPSS batch, slice query, policy diagnostics/preview/runtime/overlay)
- All 3 services build clean with 0 errors/warnings
- Sprint 005: FILTER-001, FILTER-002, FILTER-003 marked DONE

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 11:08:00 +03:00
master
189171c594 Sidebar 5-group restructure + demo data badges + audit emission infrastructure 
Sprint 4 — Sidebar restructure (S4-T01+T02):
  5 groups: Release Control, Security, Operations, Audit & Evidence, Setup & Admin
  Groups 4+5 collapsed by default for new users
  Operations extracted from Release Control into own group
  Audit extracted from Security into own group
  groupOrder and resolveMenuGroupLabel updated
  Approvals badge moved to section-level

Sprint 2 — Demo data badges (S2-T04+T05):
  Backend: isDemo=true on all compatibility/seed responses in
    PackAdapterEndpoints, QuotaCompatibilityEndpoints, VulnerabilitiesController
  Frontend: "(Demo)" badges on Usage & Limits page quotas
  Frontend: "(Demo)" badges on triage artifact list when seed data
  New PlatformItemResponse/PlatformListResponse with IsDemo field

Sprint 6 — Audit emission infrastructure (S6-T01+T02):
  New shared library: src/__Libraries/StellaOps.Audit.Emission/
    - AuditActionAttribute: [AuditAction("module", "action")] endpoint tag
    - AuditActionFilter: IEndpointFilter that auto-emits UnifiedAuditEvent
    - HttpAuditEventEmitter: POSTs to Timeline /api/v1/audit/ingest
    - Single-line DI: services.AddAuditEmission(configuration)
  Timeline service: POST /api/v1/audit/ingest ingestion endpoint
    - IngestAuditEventStore: 10k-event ring buffer
    - CompositeUnifiedAuditEventProvider: merges HTTP-polled + ingested
  Documentation: docs/modules/audit/AUDIT_EMISSION_GUIDE.md

Angular build: 0 errors. .NET builds: 0 errors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 14:48:18 +02:00