stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Compare commits

base: stella-ops.org:635c70e828d70031b40c0fc9275acd36e19e57e6
Branches Tags
stella-ops.org:main stella-ops.org:feature/docs-mdx-skeletons
...
compare: stella-ops.org:feature/docs-mdx-skeletons
Branches Tags
stella-ops.org:main stella-ops.org:feature/docs-mdx-skeletons

11 Commits
635c70e828 ... feature/do

Author SHA1 Message Date
StellaOps Bot
43c281a8b2 Merge remote-tracking branch 'origin/main' into feature/docs-mdx-skeletons
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Symbols Server CI / symbols-smoke (push) Has been cancelled
Details
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Details
2025-12-05 23:14:58 +02:00
master
91550196fe more binary removals 2025-12-05 21:08:21 +00:00
master
e8eacde73e more binary files removal 2025-12-05 21:06:40 +00:00
master
5d7c687a77 chore: stop tracking dependencies and build artifacts 2025-12-05 21:03:18 +00:00
master
ffa219cfeb chore: stop tracking dependencies and build artifacts
Some checks failed
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
2025-12-05 21:01:09 +00:00
StellaOps Bot
579236bfce Add MongoDB storage library and update acceptance tests with deterministic stubs
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details 
- Created StellaOps.Notify.Storage.Mongo project with initial configuration.
- Added expected output files for acceptance tests (at1.txt to at10.txt).
- Added fixture input files for acceptance tests (at1 to at10).
- Created input and signature files for test cases fc1 to fc5.
 2025-12-05 22:56:01 +02:00
StellaOps Bot
18d87c64c5 feat: add PolicyPackSelectorComponent with tests and integration 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
 2025-12-05 21:24:34 +02:00
StellaOps Bot
347c88342c Add draft skeletons for various documentation topics 
- Created draft documentation for enabling reachability, CLI authentication, EntryTrace heuristics, Go stripped binaries, Java and Python lockfiles, Rust fingerprint enrichment, SAST integration, Windows/macOS analyzer coverage, scanner engine surface, multi-tenancy operations, RLS and data isolation, ABAC overlays, VEX trust model, VEX ops runbook, VEX mapping, scopes and roles, tenancy overview, VEX signatures, contract testing, VEX consensus algorithm, VEX consensus API, VEX consensus console, VEX consensus overview, and VEX issuer directory.
- Each document includes a status placeholder, purpose, and open TODOs for future updates.
 2025-12-05 21:23:21 +02:00
master
cc69d332e3 Add unit tests for RabbitMq and Udp transport servers and clients
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details 
- Implemented comprehensive unit tests for RabbitMqTransportServer, covering constructor, disposal, connection management, event handlers, and exception handling.
- Added configuration tests for RabbitMqTransportServer to validate SSL, durable queues, auto-recovery, and custom virtual host options.
- Created unit tests for UdpFrameProtocol, including frame parsing and serialization, header size validation, and round-trip data preservation.
- Developed tests for UdpTransportClient, focusing on connection handling, event subscriptions, and exception scenarios.
- Established tests for UdpTransportServer, ensuring proper start/stop behavior, connection state management, and event handling.
- Included tests for UdpTransportOptions to verify default values and modification capabilities.
- Enhanced service registration tests for Udp transport services in the dependency injection container.
 2025-12-05 19:01:12 +02:00
StellaOps Bot
53508ceccb Add unit tests and logging infrastructure for InMemory and RabbitMQ transports
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details 
- Implemented RecordingLogger and RecordingLoggerFactory for capturing log entries in tests.
- Added unit tests for InMemoryChannel, covering constructor behavior, property assignments, channel communication, and disposal.
- Created InMemoryTransportOptionsTests to validate default values and customizable options for InMemory transport.
- Developed RabbitMqFrameProtocolTests to ensure correct parsing and property creation for RabbitMQ frames.
- Added RabbitMqTransportOptionsTests to verify default settings and customization options for RabbitMQ transport.
- Updated project files for testing libraries and dependencies.
 2025-12-05 09:38:45 +02:00
StellaOps Bot
6a299d231f Add unit tests for Router configuration and transport layers
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details 
- Implemented tests for RouterConfig, RoutingOptions, StaticInstanceConfig, and RouterConfigOptions to ensure default values are set correctly.
- Added tests for RouterConfigProvider to validate configurations and ensure defaults are returned when no file is specified.
- Created tests for ConfigValidationResult to check success and error scenarios.
- Developed tests for ServiceCollectionExtensions to verify service registration for RouterConfig.
- Introduced UdpTransportTests to validate serialization, connection, request-response, and error handling in UDP transport.
- Added scripts for signing authority gaps and hashing DevPortal SDK snippets.
 2025-12-05 08:01:47 +02:00
8242 changed files with 74508 additions and 7470932 deletions
Expand all files Collapse all files

26
.claude/settings.local.json
View File

@@ -1,30 +1,8 @@
{ {
"permissions": { "permissions": {
"allow": [ "allow": [
"Bash(dotnet build:*)", "Bash(wc:*)",
"Bash(dotnet restore:*)", "Bash(sort:*)"
"Bash(chmod:*)",
"Bash(cat:*)",
"Bash(dotnet nuget:*)",
"Bash(cd /mnt/c/dev/New\\ folder/git.stella-ops.org && python3:*)",
"Bash(cd:*)",
"Bash(grep:*)",
"Bash(src/Cli/StellaOps.Cli/Commands/CommandHandlers.cs )",
"Bash(src/Cli/StellaOps.Cli/Configuration/CliProfile.cs )",
"Bash(src/Cli/StellaOps.Cli/Configuration/GlobalOptions.cs )",
"Bash(src/Cli/StellaOps.Cli/Output/CliError.cs )",
"Bash(src/Cli/StellaOps.Cli/Services/BackendOperationsClient.cs )",
"Bash(src/Cli/StellaOps.Cli/Services/OrchestratorClient.cs )",
"Bash(src/Cli/StellaOps.Cli/Services/PromotionAssembler.cs )",
"Bash(src/Cli/StellaOps.Cli/Services/VexObservationsClient.cs )",
"Bash(src/Cli/StellaOps.Cli/Telemetry/TraceparentHttpMessageHandler.cs)",
"Bash(python3:*)",
"Bash(dotnet list:*)",
"WebSearch",
"Bash(find:*)",
"Bash(xargs:*)",
"Bash(ls:*)",
"Bash(mkdir -p:*)"
], ],
"deny": [], "deny": [],
"ask": [] "ask": []

2
.gitea/workflows/airgap-sealed-ci.yml
View File

@@ -20,6 +20,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install dnslib - name: Install dnslib
run: pip install dnslib run: pip install dnslib
- name: Run sealed-mode smoke - name: Run sealed-mode smoke

6
.gitea/workflows/aoc-guard.yml
View File

@@ -32,6 +32,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go - name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh run: scripts/enable-openssl11-shim.sh
@@ -78,6 +81,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go - name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh run: scripts/enable-openssl11-shim.sh

2
.gitea/workflows/api-governance.yml
View File

@@ -17,6 +17,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:

3
.gitea/workflows/attestation-bundle.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Build bundle - name: Build bundle
run: | run: |
chmod +x scripts/attest/build-attestation-bundle.sh chmod +x scripts/attest/build-attestation-bundle.sh

3
.gitea/workflows/authority-key-rotation.yml
View File

@@ -58,6 +58,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Resolve Authority configuration - name: Resolve Authority configuration
id: config id: config
run: | run: |

2
.gitea/workflows/bench-determinism.yml
View File

@@ -8,6 +8,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5

62
.gitea/workflows/build-test-deploy.yml
View File

@@ -111,6 +111,10 @@ jobs:
- name: Validate telemetry storage configuration - name: Validate telemetry storage configuration
run: python3 ops/devops/telemetry/validate_storage_stack.py run: python3 ops/devops/telemetry/validate_storage_stack.py
- name: Task Pack offline bundle fixtures
run: |
python3 scripts/packs/run-fixtures-check.sh
- name: Telemetry tenant isolation smoke - name: Telemetry tenant isolation smoke
env: env:
COMPOSE_DIR: ${GITHUB_WORKSPACE}/deploy/compose COMPOSE_DIR: ${GITHUB_WORKSPACE}/deploy/compose
@@ -203,6 +207,14 @@ jobs:
--results-directory "$TEST_RESULTS_DIR" --results-directory "$TEST_RESULTS_DIR"
done done
- name: Run TimelineIndexer tests (EB1 evidence linkage gate)
run: |
mkdir -p "$TEST_RESULTS_DIR"
dotnet test src/TimelineIndexer/StellaOps.TimelineIndexer/StellaOps.TimelineIndexer.sln \
--configuration $BUILD_CONFIGURATION \
--logger "trx;LogFileName=timelineindexer-tests.trx" \
--results-directory "$TEST_RESULTS_DIR"
- name: Lint policy DSL samples - name: Lint policy DSL samples
run: dotnet run --project tools/PolicyDslValidator/PolicyDslValidator.csproj -- --strict docs/examples/policies/*.yaml run: dotnet run --project tools/PolicyDslValidator/PolicyDslValidator.csproj -- --strict docs/examples/policies/*.yaml
@@ -333,6 +345,56 @@ PY
--logger "trx;LogFileName=stellaops-scanner-lang-tests.trx" \ --logger "trx;LogFileName=stellaops-scanner-lang-tests.trx" \
--results-directory "$TEST_RESULTS_DIR" --results-directory "$TEST_RESULTS_DIR"
- name: Build and test Router components
run: |
set -euo pipefail
ROUTER_PROJECTS=(
src/__Libraries/StellaOps.Router.Common/StellaOps.Router.Common.csproj
src/__Libraries/StellaOps.Router.Config/StellaOps.Router.Config.csproj
src/__Libraries/StellaOps.Router.Transport.InMemory/StellaOps.Router.Transport.InMemory.csproj
src/__Libraries/StellaOps.Router.Transport.Tcp/StellaOps.Router.Transport.Tcp.csproj
src/__Libraries/StellaOps.Router.Transport.Tls/StellaOps.Router.Transport.Tls.csproj
src/__Libraries/StellaOps.Router.Transport.Udp/StellaOps.Router.Transport.Udp.csproj
src/__Libraries/StellaOps.Router.Transport.RabbitMq/StellaOps.Router.Transport.RabbitMq.csproj
src/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj
src/__Libraries/StellaOps.Microservice.SourceGen/StellaOps.Microservice.SourceGen.csproj
)
for project in "${ROUTER_PROJECTS[@]}"; do
echo "::group::Build $project"
dotnet build "$project" --configuration $BUILD_CONFIGURATION --no-restore -warnaserror
echo "::endgroup::"
done
- name: Run Router and Microservice tests
run: |
mkdir -p "$TEST_RESULTS_DIR"
ROUTER_TEST_PROJECTS=(
# Core Router libraries
src/__Libraries/__Tests/StellaOps.Router.Common.Tests/StellaOps.Router.Common.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Config.Tests/StellaOps.Router.Config.Tests.csproj
# Transport layers
src/__Libraries/__Tests/StellaOps.Router.Transport.InMemory.Tests/StellaOps.Router.Transport.InMemory.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Transport.Tcp.Tests/StellaOps.Router.Transport.Tcp.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Transport.Tls.Tests/StellaOps.Router.Transport.Tls.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Transport.Udp.Tests/StellaOps.Router.Transport.Udp.Tests.csproj
# Microservice SDK
src/__Libraries/__Tests/StellaOps.Microservice.Tests/StellaOps.Microservice.Tests.csproj
src/__Libraries/__Tests/StellaOps.Microservice.SourceGen.Tests/StellaOps.Microservice.SourceGen.Tests.csproj
# Integration tests
src/__Libraries/__Tests/StellaOps.Router.Integration.Tests/StellaOps.Router.Integration.Tests.csproj
# Gateway tests
src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests/StellaOps.Gateway.WebService.Tests.csproj
)
for project in "${ROUTER_TEST_PROJECTS[@]}"; do
name="$(basename "${project%.*}")"
echo "::group::Test $name"
dotnet test "$project" \
--configuration $BUILD_CONFIGURATION \
--logger "trx;LogFileName=${name}.trx" \
--results-directory "$TEST_RESULTS_DIR"
echo "::endgroup::"
done
- name: Run scanner analyzer performance benchmark - name: Run scanner analyzer performance benchmark
env: env:
PERF_OUTPUT_DIR: ${{ github.workspace }}/artifacts/perf/scanner-analyzers PERF_OUTPUT_DIR: ${{ github.workspace }}/artifacts/perf/scanner-analyzers

3
.gitea/workflows/cli-build.yml
View File

@@ -22,6 +22,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET - name: Setup .NET
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/cli-chaos-parity.yml
View File

@@ -18,6 +18,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET - name: Setup .NET
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/concelier-attestation-tests.yml
View File

@@ -17,6 +17,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 preview - name: Setup .NET 10 preview
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/console-ci.yml
View File

@@ -24,6 +24,9 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with: with:
fetch-depth: 0 fetch-depth: 0

3
.gitea/workflows/containers-multiarch.yml
View File

@@ -25,6 +25,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3

3
.gitea/workflows/cryptopro-optin.yml
View File

@@ -19,6 +19,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 (preview) - name: Setup .NET 10 (preview)
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/devportal-offline.yml
View File

@@ -11,6 +11,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node (corepack/pnpm) - name: Setup Node (corepack/pnpm)
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:

3
.gitea/workflows/docs.yml
View File

@@ -29,6 +29,9 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go - name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh run: scripts/enable-openssl11-shim.sh

28
.gitea/workflows/evidence-locker.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Emit retention summary - name: Emit retention summary
env: env:
RETENTION_TARGET: ${{ github.event.inputs.retention_target }} RETENTION_TARGET: ${{ github.event.inputs.retention_target }}
@@ -31,14 +34,35 @@ jobs:
needs: check-evidence-locker needs: check-evidence-locker
env: env:
STAGED_DIR: evidence-locker/zastava/2025-12-02 STAGED_DIR: evidence-locker/zastava/2025-12-02
MODULE_ROOT: docs/modules/zastava
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Package staged Zastava artefacts - name: Package staged Zastava artefacts
run: | run: |
test -d "$STAGED_DIR" || { echo "missing $STAGED_DIR" >&2; exit 1; } test -d "$MODULE_ROOT" || { echo "missing $MODULE_ROOT" >&2; exit 1; }
tar -cf /tmp/zastava-evidence.tar -C "$STAGED_DIR" . tmpdir=$(mktemp -d)
rsync -a --relative \
"$MODULE_ROOT/SHA256SUMS" \
"$MODULE_ROOT/schemas/" \
"$MODULE_ROOT/exports/" \
"$MODULE_ROOT/thresholds.yaml" \
"$MODULE_ROOT/thresholds.yaml.dsse" \
"$MODULE_ROOT/kit/verify.sh" \
"$MODULE_ROOT/kit/README.md" \
"$MODULE_ROOT/kit/ed25519.pub" \
"$MODULE_ROOT/kit/zastava-kit.tzst" \
"$MODULE_ROOT/kit/zastava-kit.tzst.dsse" \
"$MODULE_ROOT/evidence/README.md" \
"$tmpdir/"
(cd "$tmpdir/docs/modules/zastava" && sha256sum --check SHA256SUMS)
tar --sort=name --mtime="UTC 1970-01-01" --owner=0 --group=0 --numeric-owner \
-cf /tmp/zastava-evidence.tar -C "$tmpdir/docs/modules/zastava" .
sha256sum /tmp/zastava-evidence.tar
- name: Upload staged artefacts (fallback) - name: Upload staged artefacts (fallback)
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4

3
.gitea/workflows/export-ci.yml
View File

@@ -28,6 +28,9 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with: with:
fetch-depth: 0 fetch-depth: 0

3
.gitea/workflows/export-compat.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Trivy - name: Setup Trivy
uses: aquasecurity/trivy-action@v0.24.0 uses: aquasecurity/trivy-action@v0.24.0
with: with:

3
.gitea/workflows/graph-load.yml
View File

@@ -22,6 +22,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install k6 - name: Install k6
run: | run: |
sudo apt-get update -qq sudo apt-get update -qq

3
.gitea/workflows/graph-ui-sim.yml
View File

@@ -22,6 +22,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node - name: Setup Node
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:

3
.gitea/workflows/lnm-backfill.yml
View File

@@ -26,6 +26,9 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with: with:
fetch-depth: 0 fetch-depth: 0

3
.gitea/workflows/lnm-vex-backfill.yml
View File

@@ -30,6 +30,9 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with: with:
fetch-depth: 0 fetch-depth: 0

3
.gitea/workflows/mirror-sign.yml
View File

@@ -24,6 +24,9 @@ jobs:
dotnet-version: 10.0.100-rc.2.25502.107 dotnet-version: 10.0.100-rc.2.25502.107
include-prerelease: true include-prerelease: true
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Verify signing prerequisites - name: Verify signing prerequisites
run: scripts/mirror/check_signing_prereqs.sh run: scripts/mirror/check_signing_prereqs.sh

3
.gitea/workflows/oas-ci.yml
View File

@@ -20,6 +20,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:

3
.gitea/workflows/obs-slo.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Python (telemetry schema checks) - name: Setup Python (telemetry schema checks)
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:

3
.gitea/workflows/obs-stream.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install nats CLI - name: Install nats CLI
run: | run: |
curl -sSL https://github.com/nats-io/natscli/releases/download/v0.1.4/nats-0.1.4-linux-amd64.tar.gz -o /tmp/natscli.tgz curl -sSL https://github.com/nats-io/natscli/releases/download/v0.1.4/nats-0.1.4-linux-amd64.tar.gz -o /tmp/natscli.tgz

3
.gitea/workflows/policy-lint.yml
View File

@@ -26,6 +26,9 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with: with:
fetch-depth: 0 fetch-depth: 0

3
.gitea/workflows/policy-simulate.yml
View File

@@ -27,6 +27,9 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with: with:
fetch-depth: 0 fetch-depth: 0

3
.gitea/workflows/promote.yml
View File

@@ -25,6 +25,9 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Resolve staging credentials - name: Resolve staging credentials
id: staging id: staging
run: | run: |

3
.gitea/workflows/provenance-check.yml
View File

@@ -9,6 +9,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Emit provenance summary - name: Emit provenance summary
run: | run: |
mkdir -p out/provenance mkdir -p out/provenance

3
.gitea/workflows/release.yml
View File

@@ -44,6 +44,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Validate NuGet restore source ordering - name: Validate NuGet restore source ordering
run: python3 ops/devops/validate_restore_sources.py run: python3 ops/devops/validate_restore_sources.py

3
.gitea/workflows/scanner-analyzers-release.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET - name: Setup .NET
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/scanner-determinism.yml
View File

@@ -9,6 +9,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET - name: Setup .NET
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/sdk-generator.yml
View File

@@ -17,6 +17,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:

3
.gitea/workflows/sdk-publish.yml
View File

@@ -33,6 +33,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 RC - name: Setup .NET 10 RC
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/signals-ci.yml
View File

@@ -31,6 +31,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 RC - name: Setup .NET 10 RC
uses: actions/setup-dotnet@v4 uses: actions/setup-dotnet@v4
with: with:

3
.gitea/workflows/signals-dsse-sign.yml
View File

@@ -34,6 +34,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install cosign - name: Install cosign
uses: sigstore/cosign-installer@v3 uses: sigstore/cosign-installer@v3
with: with:

67
.gitea/workflows/signals-evidence-locker.yml Normal file
View File

@@ -0,0 +1,67 @@
name: signals-evidence-locker
on:
workflow_dispatch:
inputs:
retention_target:
description: "Retention days target"
required: false
default: "180"
jobs:
prepare-signals-evidence:
runs-on: ubuntu-latest
env:
MODULE_ROOT: docs/modules/signals
OUT_DIR: evidence-locker/signals/2025-12-05
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Build deterministic signals evidence tar
run: |
set -euo pipefail
test -d "$MODULE_ROOT" || { echo "missing $MODULE_ROOT" >&2; exit 1; }
tmpdir=$(mktemp -d)
rsync -a --relative \
"$OUT_DIR/SHA256SUMS" \
"$OUT_DIR/confidence_decay_config.sigstore.json" \
"$OUT_DIR/unknowns_scoring_manifest.sigstore.json" \
"$OUT_DIR/heuristics_catalog.sigstore.json" \
"$MODULE_ROOT/decay/confidence_decay_config.yaml" \
"$MODULE_ROOT/unknowns/unknowns_scoring_manifest.json" \
"$MODULE_ROOT/heuristics/heuristics.catalog.json" \
"$tmpdir/"
(cd "$tmpdir/$OUT_DIR" && sha256sum --check SHA256SUMS)
tar --sort=name --mtime="UTC 1970-01-01" --owner=0 --group=0 --numeric-owner \
-cf /tmp/signals-evidence.tar -C "$tmpdir" .
sha256sum /tmp/signals-evidence.tar > /tmp/signals-evidence.tar.sha256
- name: Upload artifact (fallback)
uses: actions/upload-artifact@v4
with:
name: signals-evidence-2025-12-05
path: |
/tmp/signals-evidence.tar
/tmp/signals-evidence.tar.sha256
- name: Push to Evidence Locker
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN != '' && env.EVIDENCE_LOCKER_URL != '' }}
env:
TOKEN: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN }}
URL: ${{ env.EVIDENCE_LOCKER_URL }}
run: |
curl -f -X PUT "$URL/signals/2025-12-05/signals-evidence.tar" \
-H "Authorization: Bearer $TOKEN" \
--data-binary @/tmp/signals-evidence.tar
- name: Skip push (missing secret or URL)
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN == '' || env.EVIDENCE_LOCKER_URL == '' }}
run: |
echo "Locker push skipped: set CI_EVIDENCE_LOCKER_TOKEN and EVIDENCE_LOCKER_URL to enable." >&2

3
.gitea/workflows/symbols-ci.yml
View File

@@ -26,6 +26,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go - name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh run: scripts/enable-openssl11-shim.sh

3
.gitea/workflows/symbols-release.yml
View File

@@ -17,6 +17,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go - name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh run: scripts/enable-openssl11-shim.sh

2
.gitea/workflows/vex-proof-bundles.yml
View File

@@ -21,6 +21,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5

25
.gitignore vendored
View File

@@ -39,3 +39,28 @@ build/
/src/Sdk/StellaOps.Sdk.Release/out/** /src/Sdk/StellaOps.Sdk.Release/out/**
/src/Sdk/StellaOps.Sdk.Generator/out/** /src/Sdk/StellaOps.Sdk.Generator/out/**
/out/scanner-analyzers/** /out/scanner-analyzers/**
# Node / frontend
node_modules/
dist/
.build/
.cache/
# .NET
bin/
obj/
# IDEs
.vscode/
.idea/
*.user
*.suo
# Misc
logs/
tmp/
coverage/
.nuget/
local-nugets/
local-nuget/
src/Sdk/StellaOps.Sdk.Generator/tools/jdk-21.0.1+12

BIN
.nuget/packages/AWSSDK.Core.4.0.1.3.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/AWSSDK.KeyManagementService.4.0.6.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.CommonProtos.2.17.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.Gax.4.11.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.Gax.Grpc.4.11.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.Gax.Grpc.4.7.0.nupkg
View File

Binary file not shown.

3
.nuget/packages/Google.Api.Gax.Grpc.GrpcCore.4.11.0.nupkg
View File

@@ -1,3 +0,0 @@
<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist.
RequestId:111b5cf5-801e-0033-51f3-4ee25c000000
Time:2025-11-06T08:00:59.9404934Z</Message></Error>

BIN
.nuget/packages/Google.Apis.1.69.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Apis.Auth.1.69.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Apis.Core.1.64.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Apis.Core.1.69.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Cloud.Iam.V1.3.4.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Cloud.Kms.V1.3.19.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Cloud.Location.2.3.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.LongRunning.3.3.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Protobuf.3.27.2.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Protobuf.3.31.1.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Auth.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Core.2.46.6.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Core.Api.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Core.Api.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Client.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Client.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Common.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Common.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Tools.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Tools.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.Authentication.JwtBearer.10.0.0-rc.1.25451.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.Authentication.JwtBearer.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.Mvc.Testing.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.OpenApi.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Bcl.AsyncInterfaces.6.0.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Bcl.AsyncInterfaces.8.0.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Data.Sqlite.9.0.0-rc.1.24451.1.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Caching.Memory.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Caching.Memory.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Binder.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Binder.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.CommandLine.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.EnvironmentVariables.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.FileExtensions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Json.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.Abstractions.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.Abstractions.9.0.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Diagnostics.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Diagnostics.HealthChecks.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.Abstractions.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.Abstractions.8.0.0.nupkg
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More