stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Compare commits

base: stella-ops.org:d92973d6fdeb259a3a8c5a67b0b6e95aaca8633f
Branches Tags
stella-ops.org:main stella-ops.org:feature/docs-mdx-skeletons
...
compare: stella-ops.org:feature/docs-mdx-skeletons
Branches Tags
stella-ops.org:main stella-ops.org:feature/docs-mdx-skeletons

76 Commits
d92973d6fd ... feature/do

Author SHA1 Message Date
StellaOps Bot
43c281a8b2 Merge remote-tracking branch 'origin/main' into feature/docs-mdx-skeletons
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Symbols Server CI / symbols-smoke (push) Has been cancelled
Details
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Details
2025-12-05 23:14:58 +02:00
master
91550196fe more binary removals 2025-12-05 21:08:21 +00:00
master
e8eacde73e more binary files removal 2025-12-05 21:06:40 +00:00
master
5d7c687a77 chore: stop tracking dependencies and build artifacts 2025-12-05 21:03:18 +00:00
master
ffa219cfeb chore: stop tracking dependencies and build artifacts
Some checks failed
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
2025-12-05 21:01:09 +00:00
StellaOps Bot
579236bfce Add MongoDB storage library and update acceptance tests with deterministic stubs
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details 
- Created StellaOps.Notify.Storage.Mongo project with initial configuration.
- Added expected output files for acceptance tests (at1.txt to at10.txt).
- Added fixture input files for acceptance tests (at1 to at10).
- Created input and signature files for test cases fc1 to fc5.
 2025-12-05 22:56:01 +02:00
StellaOps Bot
18d87c64c5 feat: add PolicyPackSelectorComponent with tests and integration 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
 2025-12-05 21:24:34 +02:00
StellaOps Bot
347c88342c Add draft skeletons for various documentation topics 
- Created draft documentation for enabling reachability, CLI authentication, EntryTrace heuristics, Go stripped binaries, Java and Python lockfiles, Rust fingerprint enrichment, SAST integration, Windows/macOS analyzer coverage, scanner engine surface, multi-tenancy operations, RLS and data isolation, ABAC overlays, VEX trust model, VEX ops runbook, VEX mapping, scopes and roles, tenancy overview, VEX signatures, contract testing, VEX consensus algorithm, VEX consensus API, VEX consensus console, VEX consensus overview, and VEX issuer directory.
- Each document includes a status placeholder, purpose, and open TODOs for future updates.
 2025-12-05 21:23:21 +02:00
master
cc69d332e3 Add unit tests for RabbitMq and Udp transport servers and clients
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details 
- Implemented comprehensive unit tests for RabbitMqTransportServer, covering constructor, disposal, connection management, event handlers, and exception handling.
- Added configuration tests for RabbitMqTransportServer to validate SSL, durable queues, auto-recovery, and custom virtual host options.
- Created unit tests for UdpFrameProtocol, including frame parsing and serialization, header size validation, and round-trip data preservation.
- Developed tests for UdpTransportClient, focusing on connection handling, event subscriptions, and exception scenarios.
- Established tests for UdpTransportServer, ensuring proper start/stop behavior, connection state management, and event handling.
- Included tests for UdpTransportOptions to verify default values and modification capabilities.
- Enhanced service registration tests for Udp transport services in the dependency injection container.
 2025-12-05 19:01:12 +02:00
StellaOps Bot
53508ceccb Add unit tests and logging infrastructure for InMemory and RabbitMQ transports
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details 
- Implemented RecordingLogger and RecordingLoggerFactory for capturing log entries in tests.
- Added unit tests for InMemoryChannel, covering constructor behavior, property assignments, channel communication, and disposal.
- Created InMemoryTransportOptionsTests to validate default values and customizable options for InMemory transport.
- Developed RabbitMqFrameProtocolTests to ensure correct parsing and property creation for RabbitMQ frames.
- Added RabbitMqTransportOptionsTests to verify default settings and customization options for RabbitMQ transport.
- Updated project files for testing libraries and dependencies.
 2025-12-05 09:38:45 +02:00
StellaOps Bot
6a299d231f Add unit tests for Router configuration and transport layers
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details 
- Implemented tests for RouterConfig, RoutingOptions, StaticInstanceConfig, and RouterConfigOptions to ensure default values are set correctly.
- Added tests for RouterConfigProvider to validate configurations and ensure defaults are returned when no file is specified.
- Created tests for ConfigValidationResult to check success and error scenarios.
- Developed tests for ServiceCollectionExtensions to verify service registration for RouterConfig.
- Introduced UdpTransportTests to validate serialization, connection, request-response, and error handling in UDP transport.
- Added scripts for signing authority gaps and hashing DevPortal SDK snippets.
 2025-12-05 08:01:47 +02:00
StellaOps Bot
635c70e828 feat: Refactor policy findings recording to include sealed mode tagging
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
2025-12-05 01:00:45 +02:00
StellaOps Bot
0de3c8a3f0 feat: Enhance telemetry metrics recording with sealed mode tagging 2025-12-05 01:00:29 +02:00
StellaOps Bot
175b750e29 Implement InMemory Transport Layer for StellaOps Router 
- Added InMemoryTransportOptions class for configuration settings including timeouts and latency.
- Developed InMemoryTransportServer class to handle connections, frame processing, and event management.
- Created ServiceCollectionExtensions for easy registration of InMemory transport services.
- Established project structure and dependencies for InMemory transport library.
- Implemented comprehensive unit tests for endpoint discovery, connection management, request/response flow, and streaming capabilities.
- Ensured proper handling of cancellation, heartbeat, and hello frames within the transport layer.
 2025-12-05 01:00:10 +02:00
StellaOps Bot
8768c27f30 Add signal contracts for reachability, exploitability, trust, and unknown symbols
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / sign-signals-artifacts (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / verify-signatures (push) Has been cancelled
Details 
- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.
 2025-12-05 00:27:00 +02:00
StellaOps Bot
b018949a8d Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-12-04 21:36:12 +02:00
StellaOps Bot
f214edff82 feat: Add Storybook configuration and motion tokens implementation 
- Introduced Storybook configuration files (`main.ts`, `preview.ts`, `tsconfig.json`) for Angular components.
- Created motion tokens in `motion-tokens.ts` to define durations, easing functions, and transforms.
- Developed a Storybook story for motion tokens showcasing their usage and reduced motion fallback.
- Added SCSS variables for motion durations, easing, and transforms in `_motion.scss`.
- Implemented accessibility smoke tests using Playwright and Axe for automated accessibility checks.
- Created portable and sealed bundle structures with corresponding JSON files for evidence locker.
- Added shell script for verifying notify kit determinism.
 2025-12-04 21:36:06 +02:00
master
75f6942769 Add integration tests for migration categories and execution
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details 
- Implemented MigrationCategoryTests to validate migration categorization for startup, release, seed, and data migrations.
- Added tests for edge cases, including null, empty, and whitespace migration names.
- Created StartupMigrationHostTests to verify the behavior of the migration host with real PostgreSQL instances using Testcontainers.
- Included tests for migration execution, schema creation, and handling of pending release migrations.
- Added SQL migration files for testing: creating a test table, adding a column, a release migration, and seeding data.
 2025-12-04 19:10:54 +02:00
StellaOps Bot
600f3a7a3c feat(graph): introduce graph.inspect.v1 contract and schema for SBOM relationships
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details 
- Added graph.inspect.v1 documentation outlining payload structure and determinism rules.
- Created JSON schema for graph.inspect.v1 to enforce payload validation.
- Defined mapping rules for graph relationships, advisories, and VEX statements.

feat(notifications): establish remediation blueprint for gaps NR1-NR10

- Documented requirements, evidence, and tests for Notifier runtime.
- Specified deliverables and next steps for addressing identified gaps.

docs(notifications): organize operations and schemas documentation

- Created README files for operations, schemas, and security notes to clarify deliverables and policies.

feat(advisory): implement PostgreSQL caching for Link-Not-Merge linksets

- Created database schema for advisory linkset cache.
- Developed repository for managing advisory linkset cache operations.
- Added tests to ensure correct functionality of the AdvisoryLinksetCacheRepository.
 2025-12-04 09:36:59 +02:00
StellaOps Bot
4dc7cf834a Add sample proof bundle configurations and verification script
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Details 
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`.
- Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs.
- Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details.
- Enhanced evidence entries with expiration dates and hashes for better integrity checks.
- Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
 2025-12-04 08:54:32 +02:00
StellaOps Bot
e1262eb916 Add receipt input JSON and SHA256 hash for CVSS policy scoring tests 
- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring.
- Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.
 2025-12-04 07:30:42 +02:00
StellaOps Bot
2d079d61ed up
Some checks failed
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
2025-12-03 09:50:44 +02:00
StellaOps Bot
e0b585c799 feat: Add JSON schema definitions for coverage and trace artifacts in reachability benchmark 2025-12-03 09:49:59 +02:00
StellaOps Bot
de53785176 feat: Update benchmark manifest schema to include hashedPath references and remove signatures 2025-12-03 09:48:56 +02:00
StellaOps Bot
ca91f40051 feat: Add attestation and SBOM JSON outputs for various Python applications
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
2025-12-03 09:47:40 +02:00
StellaOps Bot
35c8f9216f Add tests and implement timeline ingestion options with NATS and Redis subscribers 
- Introduced `BinaryReachabilityLifterTests` to validate binary lifting functionality.
- Created `PackRunWorkerOptions` for configuring worker paths and execution persistence.
- Added `TimelineIngestionOptions` for configuring NATS and Redis ingestion transports.
- Implemented `NatsTimelineEventSubscriber` for subscribing to NATS events.
- Developed `RedisTimelineEventSubscriber` for reading from Redis Streams.
- Added `TimelineEnvelopeParser` to normalize incoming event envelopes.
- Created unit tests for `TimelineEnvelopeParser` to ensure correct field mapping.
- Implemented `TimelineAuthorizationAuditSink` for logging authorization outcomes.
 2025-12-03 09:46:48 +02:00
StellaOps Bot
e923880694 feat: Add DigestUpsertRequest and LockEntity models
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details 
- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil.
- Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt.

feat: Implement ILockRepository interface and LockRepository class

- Defined ILockRepository interface with methods for acquiring and releasing locks.
- Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations.

feat: Add SurfaceManifestPointer record for manifest pointers

- Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest.

feat: Create PolicySimulationInputLock and related validation logic

- Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests.
- Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements.

test: Add unit tests for ReplayVerificationService and ReplayVerifier

- Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios.
- Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic.

test: Implement PolicySimulationInputLockValidatorTests

- Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions.

chore: Add cosign key example and signing scripts

- Included a placeholder cosign key example for development purposes.
- Added a script for signing Signals artifacts using cosign with support for both v2 and v3.

chore: Create script for uploading evidence to the evidence locker

- Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.
 2025-12-03 07:51:50 +02:00
StellaOps Bot
37cba83708 up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
2025-12-03 00:10:19 +02:00
StellaOps Bot
ea1d58a89b add cosign 2025-12-02 21:31:52 +02:00
StellaOps Bot
47168fec38 feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports 
- Introduced a new VEX compact fixture for testing purposes.
- Implemented `verify_export.py` script to validate Findings Ledger exports, ensuring deterministic ordering and applying redaction manifests.
- Added a lightweight stub `HarnessRunner` for unit tests to validate ledger hashing expectations.
- Documented tasks related to the Mirror Creator.
- Created models for entropy signals and implemented the `EntropyPenaltyCalculator` to compute penalties based on scanner outputs.
- Developed unit tests for `EntropyPenaltyCalculator` to ensure correct penalty calculations and handling of edge cases.
- Added tests for symbol ID normalization in the reachability scanner.
- Enhanced console status service with comprehensive unit tests for connection handling and error recovery.
- Included Cosign tool version 2.6.0 with checksums for various platforms.
 2025-12-02 21:08:01 +02:00
StellaOps Bot
6d049905c7 Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-12-02 19:25:16 +02:00
StellaOps Bot
acbb0ff637 feat: Enhance traceability and logging in Risk and Vulnerability clients 
- Implemented shared trace ID generation utility for Risk and Vulnerability clients, ensuring consistent trace headers across API calls.
- Updated RiskHttpClient and VulnerabilityHttpClient to utilize the new trace ID generation method.
- Added validation for artifact metadata in PackRun endpoints, ensuring all artifacts include a digest and positive size.
- Enhanced logging payloads in PackRun to include artifact digests and sizes.
- Created a utility for generating trace IDs, preferring crypto.randomUUID when available, with a fallback to a ULID-style string.
- Added unit tests to verify the presence of trace IDs in HTTP requests for VulnerabilityHttpClient.
- Documented query-hash metrics for Vuln Explorer, detailing hashing rules and logging filters to ensure compliance with privacy standards.
- Consolidated findings from late-November reviews into a comprehensive advisory for Scanner and SBOM/VEX areas, outlining remediation tracks and gaps.
 2025-12-02 19:24:26 +02:00
master
d785a9095f Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-12-02 18:38:37 +02:00
master
0c9e8d5d18 router planning 2025-12-02 18:38:32 +02:00
StellaOps Bot
76ecea482e archive advisories
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
2025-12-02 09:28:11 +02:00
StellaOps Bot
2d08f52715 feat(zastava): add evidence locker plan and schema examples 
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps.
- Added example JSON schemas for observer events and webhook admissions.
- Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control.
- Created alert rules for Vuln Explorer to monitor API latency and projection errors.
- Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails.
- Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization.
- Added expected projection SHA256 for vulnerability events.
- Created k6 load testing script for Vuln Explorer API.
- Added sample projection and replay event data for testing.
- Implemented ReplayInputsLock for deterministic replay inputs management.
- Developed tests for ReplayInputsLock to ensure stable hash computation.
- Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity.
- Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality.
- Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
 2025-12-02 09:27:31 +02:00
StellaOps Bot
885ce86af4 feat: Add VEX Lens CI and Load Testing Plan
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details 
- Introduced a comprehensive CI job structure for VEX Lens, including build, test, linting, and load testing.
- Defined load test parameters and SLOs for VEX Lens API and Issuer Directory.
- Created Grafana dashboards and alerting mechanisms for monitoring API performance and error rates.
- Established offline posture guidelines for CI jobs and load testing.

feat: Implement deterministic projection verification script

- Added `verify_projection.sh` script for verifying the integrity of projection exports against expected hashes.
- Ensured robust error handling for missing files and hash mismatches.

feat: Develop Vuln Explorer CI and Ops Plan

- Created CI jobs for Vuln Explorer, including build, test, and replay verification.
- Implemented backup and disaster recovery strategies for MongoDB and Redis.
- Established Merkle anchoring verification and automation for ledger projector.

feat: Introduce EventEnvelopeHasher for hashing event envelopes

- Implemented `EventEnvelopeHasher` to compute SHA256 hashes for event envelopes.

feat: Add Risk Store and Dashboard components

- Developed `RiskStore` for managing risk data and state.
- Created `RiskDashboardComponent` for displaying risk profiles with filtering capabilities.
- Implemented unit tests for `RiskStore` and `RiskDashboardComponent`.

feat: Enhance Vulnerability Detail Component

- Developed `VulnerabilityDetailComponent` for displaying detailed information about vulnerabilities.
- Implemented error handling for missing vulnerability IDs and loading failures.
 2025-12-02 07:18:28 +02:00
StellaOps Bot
44171930ff feat: Add UI benchmark driver and scenarios for graph interactions
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details 
- Introduced `ui_bench_driver.mjs` to read scenarios and fixture manifest, generating a deterministic run plan.
- Created `ui_bench_plan.md` outlining the purpose, scope, and next steps for the benchmark.
- Added `ui_bench_scenarios.json` containing various scenarios for graph UI interactions.
- Implemented tests for CLI commands, ensuring bundle verification and telemetry defaults.
- Developed schemas for orchestrator components, including replay manifests and event envelopes.
- Added mock API for risk management, including listing and statistics functionalities.
- Implemented models for risk profiles and query options to support the new API.
 2025-12-02 01:28:17 +02:00
StellaOps Bot
909d9b6220 up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
2025-12-01 21:16:22 +02:00
master
790801f329 add advisories 2025-12-01 17:50:11 +02:00
StellaOps Bot
c11d87d252 feat: Add tests for RichGraphPublisher and RichGraphWriter
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details 
- Implement unit tests for RichGraphPublisher to verify graph publishing to CAS.
- Implement unit tests for RichGraphWriter to ensure correct writing of canonical graphs and metadata.

feat: Implement AOC Guard validation logic

- Add AOC Guard validation logic to enforce document structure and field constraints.
- Introduce violation codes for various validation errors.
- Implement tests for AOC Guard to validate expected behavior.

feat: Create Console Status API client and service

- Implement ConsoleStatusClient for fetching console status and streaming run events.
- Create ConsoleStatusService to manage console status polling and event subscriptions.
- Add tests for ConsoleStatusClient to verify API interactions.

feat: Develop Console Status component

- Create ConsoleStatusComponent for displaying console status and run events.
- Implement UI for showing status metrics and handling user interactions.
- Add styles for console status display.

test: Add tests for Console Status store

- Implement tests for ConsoleStatusStore to verify event handling and state management.
 2025-12-01 07:34:50 +02:00
StellaOps Bot
7df0677e34 up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
2025-11-30 22:36:03 +02:00
StellaOps Bot
b39eb34226 sprints up 2025-11-30 22:35:50 +02:00
StellaOps Bot
808ab87b21 up 2025-11-30 21:01:00 +02:00
StellaOps Bot
25254e3831 news advisories 2025-11-30 21:00:38 +02:00
StellaOps Bot
0bef705bcc true the date
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-11-30 19:23:21 +02:00
StellaOps Bot
71e9a56cfd feat: Add Scanner CI runner and related artifacts
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details 
- Implemented `run-scanner-ci.sh` to build and run tests for the Scanner solution with a warmed NuGet cache.
- Created `excititor-vex-traces.json` dashboard for monitoring Excititor VEX observations.
- Added Docker Compose configuration for the OTLP span sink in `docker-compose.spansink.yml`.
- Configured OpenTelemetry collector in `otel-spansink.yaml` to receive and process traces.
- Developed `run-spansink.sh` script to run the OTLP span sink for Excititor traces.
- Introduced `FileSystemRiskBundleObjectStore` for storing risk bundle artifacts in the filesystem.
- Built `RiskBundleBuilder` for creating risk bundles with associated metadata and providers.
- Established `RiskBundleJob` to execute the risk bundle creation and storage process.
- Defined models for risk bundle inputs, entries, and manifests in `RiskBundleModels.cs`.
- Implemented signing functionality for risk bundle manifests with `HmacRiskBundleManifestSigner`.
- Created unit tests for `RiskBundleBuilder`, `RiskBundleJob`, and signing functionality to ensure correctness.
- Added filesystem artifact reader tests to validate manifest parsing and artifact listing.
- Included test manifests for egress scenarios in the task runner tests.
- Developed timeline query service tests to verify tenant and event ID handling.
 2025-11-30 19:12:35 +02:00
StellaOps Bot
17d45a6d30 feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context
Some checks failed
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details 
- Added `FilesystemPackRunProvenanceWriter` to write provenance manifests to the filesystem.
- Introduced `MongoPackRunArtifactReader` to read artifacts from MongoDB.
- Created `MongoPackRunProvenanceWriter` to store provenance manifests in MongoDB.
- Developed unit tests for filesystem and MongoDB provenance writers.
- Established `ITimelineEventStore` and `ITimelineIngestionService` interfaces for timeline event handling.
- Implemented `TimelineIngestionService` to validate and persist timeline events with hashing.
- Created PostgreSQL schema and migration scripts for timeline indexing.
- Added dependency injection support for timeline indexer services.
- Developed tests for timeline ingestion and schema validation.
 2025-11-30 15:38:14 +02:00
StellaOps Bot
8f54ffa203 up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
2025-11-29 11:37:00 +02:00
StellaOps Bot
3488b22c0c up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
2025-11-29 11:08:08 +02:00
StellaOps Bot
7e7be4d2fd up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
2025-11-29 02:40:21 +02:00
StellaOps Bot
887b0a1c67 Merge: resolve advisory filename conflicts 
Resolved conflicts:
- Removed deleted file: 24-Nov-2025 - Designing a Deterministic Reachability Benchmarkmd
- Kept regular hyphen version: 25-Nov-2025 - Half-Life Confidence Decay for Unknowns.md
- Removed en-dash variant to standardize filename format

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-29 00:39:53 +00:00
StellaOps Bot
a4c4fda2a1 up 2025-11-29 02:19:58 +02:00
StellaOps Bot
b34f13dc03 up 2025-11-29 02:19:50 +02:00
master
39d0ef6728 Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-11-29 01:36:32 +02:00
StellaOps Bot
2548abc56f up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
2025-11-29 01:35:49 +02:00
master
b3656e5cb7 update advisories
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-11-29 01:32:00 +02:00
StellaOps Bot
d040c001ac up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-11-28 19:23:54 +02:00
master
d1cbb905f8 up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
2025-11-28 18:21:46 +02:00
StellaOps Bot
05da719048 up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
2025-11-28 09:41:08 +02:00
StellaOps Bot
1c6730a1d2 up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
2025-11-28 00:45:16 +02:00
StellaOps Bot
3b96b2e3ea up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
2025-11-27 23:45:09 +02:00
StellaOps Bot
ef6e4b2067 Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
2025-11-27 21:45:32 +02:00
StellaOps Bot
8abbf9574d up 2025-11-27 21:10:06 +02:00
StellaOps Bot
cfa2274d31 up 2025-11-27 21:09:47 +02:00
master
4c55b01222 feat: add entropy policy banner and policy gate indicator components
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details 
- Implemented EntropyPolicyBannerComponent with configuration for entropy policies, including thresholds, current scores, and mitigation steps.
- Created PolicyGateIndicatorComponent to display the status of policy gates, including passed, failed, and warning gates, with detailed views for determinism and entropy gates.
- Added HTML and SCSS for both components to ensure proper styling and layout.
- Introduced computed properties and signals for reactive state management in Angular.
- Included remediation hints and actions for user interaction within the policy gate indicator.
 2025-11-27 18:11:27 +02:00
master
e950474a77 up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
2025-11-27 15:16:31 +02:00
StellaOps Bot
e901d31acf up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-11-27 08:52:59 +02:00
StellaOps Bot
c34fb7256d up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
2025-11-27 08:51:10 +02:00
StellaOps Bot
ea970ead2a up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
2025-11-27 07:46:56 +02:00
StellaOps Bot
d63af51f84 up
Some checks failed
api-governance / spectral-lint (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
2025-11-26 20:23:28 +02:00
StellaOps Bot
4831c7fcb0 up
Some checks failed
api-governance / spectral-lint (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
2025-11-26 09:28:16 +02:00
StellaOps Bot
1c782897f7 up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
2025-11-26 07:47:08 +02:00
StellaOps Bot
56e2f64d07 reachability test material 2025-11-25 23:26:46 +02:00
StellaOps Bot
9f6e6f7fb3 up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
2025-11-25 22:09:44 +02:00
StellaOps Bot
6bee1fdcf5 work
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
2025-11-25 08:01:23 +02:00
12245 changed files with 1635129 additions and 7506817 deletions
Expand all files Collapse all files

11
.claude/settings.local.json Normal file
View File

@@ -0,0 +1,11 @@
{
"permissions": {
"allow": [
"Bash(wc:*)",
"Bash(sort:*)"
],
"deny": [],
"ask": []
},
"outputStyle": "default"
}

2
.gitea/workflows/airgap-sealed-ci.yml
View File

@@ -20,6 +20,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install dnslib
run: pip install dnslib
- name: Run sealed-mode smoke

6
.gitea/workflows/aoc-guard.yml
View File

@@ -32,6 +32,9 @@ jobs:
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh
@@ -78,6 +81,9 @@ jobs:
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh

2
.gitea/workflows/api-governance.yml
View File

@@ -17,6 +17,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node.js
uses: actions/setup-node@v4
with:

3
.gitea/workflows/attestation-bundle.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Build bundle
run: |
chmod +x scripts/attest/build-attestation-bundle.sh

3
.gitea/workflows/authority-key-rotation.yml
View File

@@ -58,6 +58,9 @@ jobs:
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Resolve Authority configuration
id: config
run: |

30
.gitea/workflows/bench-determinism.yml Normal file
View File

@@ -0,0 +1,30 @@
name: bench-determinism
on:
workflow_dispatch: {}
jobs:
bench-determinism:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Run determinism bench
env:
BENCH_DETERMINISM_THRESHOLD: "0.95"
run: |
chmod +x scripts/bench/determinism-run.sh
scripts/bench/determinism-run.sh
- name: Upload determinism artifacts
uses: actions/upload-artifact@v4
with:
name: bench-determinism
path: out/bench-determinism/**

85
.gitea/workflows/build-test-deploy.yml
View File

@@ -111,6 +111,10 @@ jobs:
- name: Validate telemetry storage configuration
run: python3 ops/devops/telemetry/validate_storage_stack.py
- name: Task Pack offline bundle fixtures
run: |
python3 scripts/packs/run-fixtures-check.sh
- name: Telemetry tenant isolation smoke
env:
COMPOSE_DIR: ${GITHUB_WORKSPACE}/deploy/compose
@@ -180,6 +184,37 @@ jobs:
--logger "trx;LogFileName=stellaops-concelier-tests.trx" \
--results-directory "$TEST_RESULTS_DIR"
- name: Run PostgreSQL storage integration tests (Testcontainers)
env:
POSTGRES_TEST_IMAGE: postgres:16-alpine
run: |
set -euo pipefail
mkdir -p "$TEST_RESULTS_DIR"
PROJECTS=(
src/__Libraries/__Tests/StellaOps.Infrastructure.Postgres.Tests/StellaOps.Infrastructure.Postgres.Tests.csproj
src/Authority/__Tests/StellaOps.Authority.Storage.Postgres.Tests/StellaOps.Authority.Storage.Postgres.Tests.csproj
src/Scheduler/__Tests/StellaOps.Scheduler.Storage.Postgres.Tests/StellaOps.Scheduler.Storage.Postgres.Tests.csproj
src/Concelier/__Tests/StellaOps.Concelier.Storage.Postgres.Tests/StellaOps.Concelier.Storage.Postgres.Tests.csproj
src/Excititor/__Tests/StellaOps.Excititor.Storage.Postgres.Tests/StellaOps.Excititor.Storage.Postgres.Tests.csproj
src/Notify/__Tests/StellaOps.Notify.Storage.Postgres.Tests/StellaOps.Notify.Storage.Postgres.Tests.csproj
src/Policy/__Tests/StellaOps.Policy.Storage.Postgres.Tests/StellaOps.Policy.Storage.Postgres.Tests.csproj
)
for project in "${PROJECTS[@]}"; do
name="$(basename "${project%.*}")"
dotnet test "$project" \
--configuration $BUILD_CONFIGURATION \
--logger "trx;LogFileName=${name}.trx" \
--results-directory "$TEST_RESULTS_DIR"
done
- name: Run TimelineIndexer tests (EB1 evidence linkage gate)
run: |
mkdir -p "$TEST_RESULTS_DIR"
dotnet test src/TimelineIndexer/StellaOps.TimelineIndexer/StellaOps.TimelineIndexer.sln \
--configuration $BUILD_CONFIGURATION \
--logger "trx;LogFileName=timelineindexer-tests.trx" \
--results-directory "$TEST_RESULTS_DIR"
- name: Lint policy DSL samples
run: dotnet run --project tools/PolicyDslValidator/PolicyDslValidator.csproj -- --strict docs/examples/policies/*.yaml
@@ -310,6 +345,56 @@ PY
--logger "trx;LogFileName=stellaops-scanner-lang-tests.trx" \
--results-directory "$TEST_RESULTS_DIR"
- name: Build and test Router components
run: |
set -euo pipefail
ROUTER_PROJECTS=(
src/__Libraries/StellaOps.Router.Common/StellaOps.Router.Common.csproj
src/__Libraries/StellaOps.Router.Config/StellaOps.Router.Config.csproj
src/__Libraries/StellaOps.Router.Transport.InMemory/StellaOps.Router.Transport.InMemory.csproj
src/__Libraries/StellaOps.Router.Transport.Tcp/StellaOps.Router.Transport.Tcp.csproj
src/__Libraries/StellaOps.Router.Transport.Tls/StellaOps.Router.Transport.Tls.csproj
src/__Libraries/StellaOps.Router.Transport.Udp/StellaOps.Router.Transport.Udp.csproj
src/__Libraries/StellaOps.Router.Transport.RabbitMq/StellaOps.Router.Transport.RabbitMq.csproj
src/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj
src/__Libraries/StellaOps.Microservice.SourceGen/StellaOps.Microservice.SourceGen.csproj
)
for project in "${ROUTER_PROJECTS[@]}"; do
echo "::group::Build $project"
dotnet build "$project" --configuration $BUILD_CONFIGURATION --no-restore -warnaserror
echo "::endgroup::"
done
- name: Run Router and Microservice tests
run: |
mkdir -p "$TEST_RESULTS_DIR"
ROUTER_TEST_PROJECTS=(
# Core Router libraries
src/__Libraries/__Tests/StellaOps.Router.Common.Tests/StellaOps.Router.Common.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Config.Tests/StellaOps.Router.Config.Tests.csproj
# Transport layers
src/__Libraries/__Tests/StellaOps.Router.Transport.InMemory.Tests/StellaOps.Router.Transport.InMemory.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Transport.Tcp.Tests/StellaOps.Router.Transport.Tcp.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Transport.Tls.Tests/StellaOps.Router.Transport.Tls.Tests.csproj
src/__Libraries/__Tests/StellaOps.Router.Transport.Udp.Tests/StellaOps.Router.Transport.Udp.Tests.csproj
# Microservice SDK
src/__Libraries/__Tests/StellaOps.Microservice.Tests/StellaOps.Microservice.Tests.csproj
src/__Libraries/__Tests/StellaOps.Microservice.SourceGen.Tests/StellaOps.Microservice.SourceGen.Tests.csproj
# Integration tests
src/__Libraries/__Tests/StellaOps.Router.Integration.Tests/StellaOps.Router.Integration.Tests.csproj
# Gateway tests
src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests/StellaOps.Gateway.WebService.Tests.csproj
)
for project in "${ROUTER_TEST_PROJECTS[@]}"; do
name="$(basename "${project%.*}")"
echo "::group::Test $name"
dotnet test "$project" \
--configuration $BUILD_CONFIGURATION \
--logger "trx;LogFileName=${name}.trx" \
--results-directory "$TEST_RESULTS_DIR"
echo "::endgroup::"
done
- name: Run scanner analyzer performance benchmark
env:
PERF_OUTPUT_DIR: ${{ github.workspace }}/artifacts/perf/scanner-analyzers

3
.gitea/workflows/cli-build.yml
View File

@@ -22,6 +22,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:

3
.gitea/workflows/cli-chaos-parity.yml
View File

@@ -18,6 +18,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:

47
.gitea/workflows/concelier-attestation-tests.yml Normal file
View File

@@ -0,0 +1,47 @@
name: Concelier Attestation Tests
on:
push:
paths:
- 'src/Concelier/**'
- '.gitea/workflows/concelier-attestation-tests.yml'
pull_request:
paths:
- 'src/Concelier/**'
- '.gitea/workflows/concelier-attestation-tests.yml'
jobs:
attestation-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 preview
uses: actions/setup-dotnet@v4
with:
dotnet-version: '10.0.100-rc.2.25502.107'
- name: Restore Concelier solution
run: dotnet restore src/Concelier/StellaOps.Concelier.sln
- name: Build WebService Tests (no analyzers)
run: dotnet build src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj -c Release -p:DisableAnalyzers=true
- name: Run WebService attestation test
run: dotnet test src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj -c Release --filter InternalAttestationVerify --no-build --logger trx --results-directory TestResults
- name: Build Core Tests (no analyzers)
run: dotnet build src/Concelier/__Tests/StellaOps.Concelier.Core.Tests/StellaOps.Concelier.Core.Tests.csproj -c Release -p:DisableAnalyzers=true
- name: Run Core attestation builder tests
run: dotnet test src/Concelier/__Tests/StellaOps.Concelier.Core.Tests/StellaOps.Concelier.Core.Tests.csproj -c Release --filter EvidenceBundleAttestationBuilderTests --no-build --logger trx --results-directory TestResults
- name: Upload TRX results
uses: actions/upload-artifact@v4
with:
name: concelier-attestation-tests-trx
path: '**/TestResults/*.trx'

3
.gitea/workflows/console-ci.yml
View File

@@ -24,6 +24,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with:
fetch-depth: 0

3
.gitea/workflows/containers-multiarch.yml
View File

@@ -25,6 +25,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

40
.gitea/workflows/cryptopro-optin.yml Normal file
View File

@@ -0,0 +1,40 @@
name: cryptopro-optin
on:
workflow_dispatch:
inputs:
configuration:
description: Build configuration
default: Release
run_tests:
description: Run CryptoPro signer tests (requires CSP installed on runner)
default: true
jobs:
cryptopro:
runs-on: windows-latest
env:
STELLAOPS_CRYPTO_PRO_ENABLED: "1"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 (preview)
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.100-rc.2.25502.107
- name: Build CryptoPro plugin
run: |
dotnet build src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/StellaOps.Cryptography.Plugin.CryptoPro.csproj -c ${{ github.event.inputs.configuration || 'Release' }}
- name: Run CryptoPro signer tests (requires CSP pre-installed)
if: ${{ github.event.inputs.run_tests != 'false' }}
run: |
powershell -File scripts/crypto/run-cryptopro-tests.ps1 -Configuration ${{ github.event.inputs.configuration || 'Release' }}
# NOTE: This workflow assumes the windows runner already has CryptoPro CSP installed and licensed.
# Leave it opt-in to avoid breaking default CI lanes.

3
.gitea/workflows/devportal-offline.yml
View File

@@ -11,6 +11,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node (corepack/pnpm)
uses: actions/setup-node@v4
with:

3
.gitea/workflows/docs.yml
View File

@@ -29,6 +29,9 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh

59
.gitea/workflows/evidence-locker.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Emit retention summary
env:
RETENTION_TARGET: ${{ github.event.inputs.retention_target }}
@@ -25,3 +28,59 @@ jobs:
with:
name: evidence-locker
path: out/evidence-locker/**
push-zastava-evidence:
runs-on: ubuntu-latest
needs: check-evidence-locker
env:
STAGED_DIR: evidence-locker/zastava/2025-12-02
MODULE_ROOT: docs/modules/zastava
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Package staged Zastava artefacts
run: |
test -d "$MODULE_ROOT" || { echo "missing $MODULE_ROOT" >&2; exit 1; }
tmpdir=$(mktemp -d)
rsync -a --relative \
"$MODULE_ROOT/SHA256SUMS" \
"$MODULE_ROOT/schemas/" \
"$MODULE_ROOT/exports/" \
"$MODULE_ROOT/thresholds.yaml" \
"$MODULE_ROOT/thresholds.yaml.dsse" \
"$MODULE_ROOT/kit/verify.sh" \
"$MODULE_ROOT/kit/README.md" \
"$MODULE_ROOT/kit/ed25519.pub" \
"$MODULE_ROOT/kit/zastava-kit.tzst" \
"$MODULE_ROOT/kit/zastava-kit.tzst.dsse" \
"$MODULE_ROOT/evidence/README.md" \
"$tmpdir/"
(cd "$tmpdir/docs/modules/zastava" && sha256sum --check SHA256SUMS)
tar --sort=name --mtime="UTC 1970-01-01" --owner=0 --group=0 --numeric-owner \
-cf /tmp/zastava-evidence.tar -C "$tmpdir/docs/modules/zastava" .
sha256sum /tmp/zastava-evidence.tar
- name: Upload staged artefacts (fallback)
uses: actions/upload-artifact@v4
with:
name: zastava-evidence-locker-2025-12-02
path: /tmp/zastava-evidence.tar
- name: Push to Evidence Locker
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN != '' && env.EVIDENCE_LOCKER_URL != '' }}
env:
TOKEN: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN }}
URL: ${{ env.EVIDENCE_LOCKER_URL }}
run: |
curl -f -X PUT "$URL/zastava/2025-12-02/zastava-evidence.tar" \
-H "Authorization: Bearer $TOKEN" \
--data-binary @/tmp/zastava-evidence.tar
- name: Skip push (missing secret or URL)
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN == '' || env.EVIDENCE_LOCKER_URL == '' }}
run: |
echo "Locker push skipped: set CI_EVIDENCE_LOCKER_TOKEN and EVIDENCE_LOCKER_URL to enable." >&2

11
.gitea/workflows/export-ci.yml
View File

@@ -28,6 +28,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with:
fetch-depth: 0
@@ -60,6 +63,14 @@ jobs:
- name: Trivy/OCI smoke
run: ops/devops/export/trivy-smoke.sh
- name: Schema lint
run: |
python -m json.tool docs/modules/export-center/schemas/export-profile.schema.json >/dev/null
python -m json.tool docs/modules/export-center/schemas/export-manifest.schema.json >/dev/null
- name: Offline kit verify (fixtures)
run: bash docs/modules/export-center/operations/verify-export-kit.sh src/ExportCenter/__fixtures/export-kit
- name: SBOM
run: syft dir:src/ExportCenter -o spdx-json=$ARTIFACT_DIR/exportcenter.spdx.json

3
.gitea/workflows/export-compat.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Trivy
uses: aquasecurity/trivy-action@v0.24.0
with:

3
.gitea/workflows/graph-load.yml
View File

@@ -22,6 +22,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install k6
run: |
sudo apt-get update -qq

3
.gitea/workflows/graph-ui-sim.yml
View File

@@ -22,6 +22,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node
uses: actions/setup-node@v4
with:

3
.gitea/workflows/lnm-backfill.yml
View File

@@ -26,6 +26,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with:
fetch-depth: 0

3
.gitea/workflows/lnm-vex-backfill.yml
View File

@@ -30,6 +30,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with:
fetch-depth: 0

15
.gitea/workflows/mirror-sign.yml
View File

@@ -21,15 +21,23 @@ jobs:
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.100-rc.1.25451.107
dotnet-version: 10.0.100-rc.2.25502.107
include-prerelease: true
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Verify signing prerequisites
run: scripts/mirror/check_signing_prereqs.sh
- name: Run mirror signing
run: |
set -euo pipefail
scripts/mirror/check_signing_prereqs.sh
scripts/mirror/ci-sign.sh
- name: Verify signed bundle
run: |
scripts/mirror/verify_thin_bundle.py out/mirror/thin/mirror-thin-v1.tar.gz
- name: Upload signed artifacts
uses: actions/upload-artifact@v4
with:
@@ -40,5 +48,6 @@ jobs:
out/mirror/thin/mirror-thin-v1.manifest.dsse.json
out/mirror/thin/tuf/
out/mirror/thin/oci/
out/mirror/thin/milestone.json
if-no-files-found: error
retention-days: 14

3
.gitea/workflows/oas-ci.yml
View File

@@ -20,6 +20,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node.js
uses: actions/setup-node@v4
with:

18
.gitea/workflows/obs-slo.yml
View File

@@ -14,6 +14,17 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Python (telemetry schema checks)
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install telemetry schema deps
run: python -m pip install --upgrade pip jsonschema
- name: Run SLO evaluator
env:
PROM_URL: ${{ github.event.inputs.prom_url }}
@@ -21,6 +32,13 @@ jobs:
chmod +x scripts/observability/slo-evaluator.sh
scripts/observability/slo-evaluator.sh
- name: Telemetry schema/bundle checks
env:
TELEMETRY_BUNDLE_SCHEMA: docs/modules/telemetry/schemas/telemetry-bundle.schema.json
run: |
chmod +x ops/devops/telemetry/tests/ci-run.sh
ops/devops/telemetry/tests/ci-run.sh
- name: Upload SLO results
uses: actions/upload-artifact@v4
with:

3
.gitea/workflows/obs-stream.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install nats CLI
run: |
curl -sSL https://github.com/nats-io/natscli/releases/download/v0.1.4/nats-0.1.4-linux-amd64.tar.gz -o /tmp/natscli.tgz

70
.gitea/workflows/policy-lint.yml Normal file
View File

@@ -0,0 +1,70 @@
name: Policy Lint & Smoke
on:
pull_request:
paths:
- 'docs/policy/**'
- 'docs/examples/policies/**'
- 'src/Cli/**'
- '.gitea/workflows/policy-lint.yml'
push:
branches: [ main ]
paths:
- 'docs/policy/**'
- 'docs/examples/policies/**'
- 'src/Cli/**'
- '.gitea/workflows/policy-lint.yml'
jobs:
policy-lint:
runs-on: ubuntu-22.04
env:
DOTNET_NOLOGO: 1
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
TZ: UTC
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with:
fetch-depth: 0
- name: Setup .NET 10 RC
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.100-rc.2.25502.107
include-prerelease: true
- name: Cache NuGet packages
uses: actions/cache@v4
with:
path: |
~/.nuget/packages
local-nugets/packages
key: policy-lint-nuget-${{ runner.os }}-${{ hashFiles('**/*.csproj') }}
- name: Restore CLI
run: |
dotnet restore src/Cli/StellaOps.Cli/StellaOps.Cli.csproj --configfile nuget.config
- name: Lint policies (deterministic)
run: |
mkdir -p out/policy-lint
dotnet run --project src/Cli/StellaOps.Cli/StellaOps.Cli.csproj -- \
policy lint docs/examples/policies/*.stella \
--format json --no-color \
> out/policy-lint/lint.json
- name: Smoke simulate entrypoint
run: |
dotnet run --project src/Cli/StellaOps.Cli/StellaOps.Cli.csproj -- policy simulate --help > out/policy-lint/simulate-help.txt
- name: Upload lint artifacts
uses: actions/upload-artifact@v4
with:
name: policy-lint
path: out/policy-lint
retention-days: 7

89
.gitea/workflows/policy-simulate.yml Normal file
View File

@@ -0,0 +1,89 @@
name: Policy Simulation
on:
pull_request:
paths:
- 'docs/policy/**'
- 'docs/examples/policies/**'
- 'scripts/policy/**'
- '.gitea/workflows/policy-simulate.yml'
push:
branches: [ main ]
paths:
- 'docs/policy/**'
- 'docs/examples/policies/**'
- 'scripts/policy/**'
- '.gitea/workflows/policy-simulate.yml'
jobs:
policy-simulate:
runs-on: ubuntu-22.04
env:
DOTNET_NOLOGO: 1
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
TZ: UTC
THRESHOLD: 0
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
with:
fetch-depth: 0
- name: Setup .NET 10 RC
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.100-rc.2.25502.107
include-prerelease: true
- name: Install Cosign
uses: sigstore/cosign-installer@v3.4.0
- name: Cache NuGet packages
uses: actions/cache@v4
with:
path: |
~/.nuget/packages
local-nugets/packages
key: policy-sim-nuget-${{ runner.os }}-${{ hashFiles('**/*.csproj') }}
- name: Restore CLI
run: |
dotnet restore src/Cli/StellaOps.Cli/StellaOps.Cli.csproj --configfile nuget.config
- name: Generate policy signing key (ephemeral)
run: |
OUT_DIR=out/policy-sign/keys PREFIX=ci-policy COSIGN_PASSWORD= scripts/policy/rotate-key.sh
- name: Sign sample policy blob
run: |
export COSIGN_KEY_B64=$(base64 -w0 out/policy-sign/keys/ci-policy-cosign.key)
COSIGN_PASSWORD= \
scripts/policy/sign-policy.sh --file docs/examples/policies/baseline.stella --out-dir out/policy-sign
- name: Attest and verify sample policy blob
run: |
export COSIGN_KEY_B64=$(base64 -w0 out/policy-sign/keys/ci-policy-cosign.key)
COSIGN_PASSWORD= \
scripts/policy/attest-verify.sh --file docs/examples/policies/baseline.stella --out-dir out/policy-sign
- name: Run batch policy simulation
run: |
scripts/policy/batch-simulate.sh
- name: Upload simulation artifacts
uses: actions/upload-artifact@v4
with:
name: policy-simulation
path: out/policy-sim
retention-days: 7
- name: Upload signing artifacts
uses: actions/upload-artifact@v4
with:
name: policy-signing
path: out/policy-sign
retention-days: 7

17
.gitea/workflows/promote.yml
View File

@@ -22,13 +22,16 @@ jobs:
runs-on: ubuntu-22.04
environment: production
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Resolve staging credentials
id: staging
run: |
missing=()
- name: Checkout repository
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Resolve staging credentials
id: staging
run: |
missing=()
host="${{ secrets.STAGING_DEPLOYMENT_HOST }}"
if [ -z "$host" ]; then host="${{ vars.STAGING_DEPLOYMENT_HOST }}"; fi

3
.gitea/workflows/provenance-check.yml
View File

@@ -9,6 +9,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Emit provenance summary
run: |
mkdir -p out/provenance

3
.gitea/workflows/release.yml
View File

@@ -44,6 +44,9 @@ jobs:
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Validate NuGet restore source ordering
run: python3 ops/devops/validate_restore_sources.py

3
.gitea/workflows/scanner-analyzers-release.yml
View File

@@ -14,6 +14,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:

3
.gitea/workflows/scanner-determinism.yml
View File

@@ -9,6 +9,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:

38
.gitea/workflows/sdk-generator.yml Normal file
View File

@@ -0,0 +1,38 @@
name: sdk-generator-smoke
on:
push:
paths:
- "src/Sdk/StellaOps.Sdk.Generator/**"
- "package.json"
pull_request:
paths:
- "src/Sdk/StellaOps.Sdk.Generator/**"
- "package.json"
jobs:
sdk-smoke:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
- name: Setup Java 21
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "21"
- name: Install npm deps (scripts only)
run: npm install --ignore-scripts --no-progress --no-audit --no-fund
- name: Run SDK smoke suite (TS/Python/Go/Java)
run: npm run sdk:smoke

92
.gitea/workflows/sdk-publish.yml Normal file
View File

@@ -0,0 +1,92 @@
name: SDK Publish & Sign
on:
pull_request:
paths:
- 'src/Sdk/**'
- 'ops/devops/sdk/**'
- 'scripts/sdk/**'
- '.gitea/workflows/sdk-publish.yml'
push:
branches: [ main ]
paths:
- 'src/Sdk/**'
- 'ops/devops/sdk/**'
- 'scripts/sdk/**'
- '.gitea/workflows/sdk-publish.yml'
jobs:
sdk-publish:
runs-on: ubuntu-22.04
env:
DOTNET_NOLOGO: 1
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
TZ: UTC
SDK_NUGET_SOURCE: ${{ secrets.SDK_NUGET_SOURCE || 'local-nugets/packages' }}
SDK_NUGET_API_KEY: ${{ secrets.SDK_NUGET_API_KEY }}
SDK_SIGNING_CERT_B64: ${{ secrets.SDK_SIGNING_CERT_B64 }}
SDK_SIGNING_CERT_PASSWORD: ${{ secrets.SDK_SIGNING_CERT_PASSWORD }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 RC
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.100-rc.2.25502.107
include-prerelease: true
- name: Cache NuGet packages
uses: actions/cache@v4
with:
path: |
~/.nuget/packages
local-nugets/packages
key: sdk-nuget-${{ runner.os }}-${{ hashFiles('src/Sdk/**/*.csproj') }}
- name: Restore (best effort; skipped if no csproj)
run: |
set -e
if compgen -G "src/Sdk/**/*.csproj" > /dev/null; then
dotnet restore --configfile nuget.config src/Sdk/StellaOps.Sdk.Release/StellaOps.Sdk.Release.csproj || true
else
echo "No SDK csproj present; skipping restore."
fi
- name: Build & Test (best effort)
run: |
set -e
if compgen -G "src/Sdk/**/*.csproj" > /dev/null; then
dotnet build src/Sdk/StellaOps.Sdk.Release/StellaOps.Sdk.Release.csproj -c Release --no-restore || true
if compgen -G "src/Sdk/**/__Tests/**/*.csproj" > /dev/null; then
dotnet test src/Sdk/**/__Tests/**/*.csproj -c Release --no-build --logger "trx;LogFileName=sdk-tests.trx" || true
fi
else
echo "No SDK csproj present; skipping build/test."
fi
- name: Sign packages (if present)
run: |
chmod +x scripts/sdk/sign-packages.sh
scripts/sdk/sign-packages.sh
- name: Publish packages (if present)
run: |
chmod +x scripts/sdk/publish.sh
scripts/sdk/publish.sh
- name: Upload SDK artifacts
uses: actions/upload-artifact@v4
with:
name: sdk-artifacts
path: |
out/sdk
local-nugets/packages/*.nupkg
if-no-files-found: warn
retention-days: 7

75
.gitea/workflows/signals-ci.yml Normal file
View File

@@ -0,0 +1,75 @@
name: Signals CI & Image
on:
pull_request:
paths:
- 'src/Signals/**'
- '.gitea/workflows/signals-ci.yml'
- 'ops/devops/signals/**'
- 'helm/signals/**'
- 'scripts/signals/**'
push:
branches: [ main ]
paths:
- 'src/Signals/**'
- '.gitea/workflows/signals-ci.yml'
- 'ops/devops/signals/**'
- 'helm/signals/**'
- 'scripts/signals/**'
jobs:
signals-ci:
runs-on: ubuntu-22.04
env:
DOTNET_NOLOGO: 1
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
TZ: UTC
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup .NET 10 RC
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.100-rc.2.25502.107
include-prerelease: true
- name: Cache NuGet packages
uses: actions/cache@v4
with:
path: |
~/.nuget/packages
local-nugets/packages
key: signals-nuget-${{ runner.os }}-${{ hashFiles('src/Signals/**/*.csproj') }}
- name: Restore
run: dotnet restore src/Signals/StellaOps.Signals.sln --configfile nuget.config
- name: Build
run: dotnet build src/Signals/StellaOps.Signals.sln -c Release --no-restore
- name: Test
run: dotnet test src/Signals/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj -c Release --no-build --logger "trx;LogFileName=signals-tests.trx"
- name: Publish service
run: dotnet publish src/Signals/StellaOps.Signals/StellaOps.Signals.csproj -c Release -o out/signals/publish --no-build
- name: Build container image
run: |
chmod +x scripts/signals/build.sh
scripts/signals/build.sh
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: signals-offline-kit
path: |
out/signals
out/signals/signals-image.tar
retention-days: 7

171
.gitea/workflows/signals-dsse-sign.yml Normal file
View File

@@ -0,0 +1,171 @@
name: Signals DSSE Sign & Evidence Locker
on:
workflow_dispatch:
inputs:
out_dir:
description: "Output directory for signed artifacts"
required: false
default: "evidence-locker/signals/2025-12-01"
allow_dev_key:
description: "Allow dev key for testing (1=yes, 0=no)"
required: false
default: "0"
push:
branches: [main]
paths:
- 'docs/modules/signals/decay/**'
- 'docs/modules/signals/unknowns/**'
- 'docs/modules/signals/heuristics/**'
- 'docs/modules/signals/SHA256SUMS'
- 'tools/cosign/sign-signals.sh'
jobs:
sign-signals-artifacts:
runs-on: ubuntu-22.04
env:
COSIGN_PRIVATE_KEY_B64: ${{ secrets.COSIGN_PRIVATE_KEY_B64 }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
OUT_DIR: ${{ github.event.inputs.out_dir || 'evidence-locker/signals/2025-12-01' }}
COSIGN_ALLOW_DEV_KEY: ${{ github.event.inputs.allow_dev_key || '0' }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Install cosign
uses: sigstore/cosign-installer@v3
with:
cosign-release: 'v2.2.4'
- name: Verify artifacts exist
run: |
cd docs/modules/signals
sha256sum -c SHA256SUMS
echo "All artifacts verified against SHA256SUMS"
- name: Check signing key availability
id: check-key
run: |
if [[ -n "$COSIGN_PRIVATE_KEY_B64" ]]; then
echo "key_source=ci_secret" >> "$GITHUB_OUTPUT"
echo "Signing key available via CI secret"
elif [[ "$COSIGN_ALLOW_DEV_KEY" == "1" ]]; then
echo "key_source=dev_key" >> "$GITHUB_OUTPUT"
echo "[warn] Using development key - NOT for production Evidence Locker"
else
echo "key_source=none" >> "$GITHUB_OUTPUT"
echo "::error::No signing key available. Set COSIGN_PRIVATE_KEY_B64 secret or enable dev key."
exit 1
fi
- name: Sign signals artifacts
run: |
chmod +x tools/cosign/sign-signals.sh
OUT_DIR="${OUT_DIR}" tools/cosign/sign-signals.sh
- name: Verify signatures
run: |
cd "$OUT_DIR"
# List generated artifacts
echo "=== Generated Artifacts ==="
ls -la
echo ""
echo "=== SHA256SUMS ==="
cat SHA256SUMS
- name: Upload signed artifacts
uses: actions/upload-artifact@v4
with:
name: signals-dsse-signed-${{ github.run_number }}
path: |
${{ env.OUT_DIR }}/*.sigstore.json
${{ env.OUT_DIR }}/*.dsse
${{ env.OUT_DIR }}/SHA256SUMS
if-no-files-found: error
retention-days: 90
- name: Push to Evidence Locker
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN != '' && env.EVIDENCE_LOCKER_URL != '' }}
env:
TOKEN: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN }}
URL: ${{ env.EVIDENCE_LOCKER_URL }}
run: |
tar -cf /tmp/signals-dsse.tar -C "$OUT_DIR" .
curl -f -X PUT "$URL/signals/dsse/$(date -u +%Y-%m-%d)/signals-dsse.tar" \
-H "Authorization: Bearer $TOKEN" \
--data-binary @/tmp/signals-dsse.tar
echo "Pushed to Evidence Locker"
- name: Evidence Locker skip notice
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN == '' || env.EVIDENCE_LOCKER_URL == '' }}
run: |
echo "::notice::Evidence Locker push skipped (CI_EVIDENCE_LOCKER_TOKEN or EVIDENCE_LOCKER_URL not set)"
echo "Artifacts available as workflow artifact for manual ingestion"
verify-signatures:
runs-on: ubuntu-22.04
needs: sign-signals-artifacts
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download signed artifacts
uses: actions/download-artifact@v4
with:
name: signals-dsse-signed-${{ github.run_number }}
path: signed-artifacts/
- name: Install cosign
uses: sigstore/cosign-installer@v3
with:
cosign-release: 'v2.2.4'
- name: Verify decay config signature
run: |
if [[ -f signed-artifacts/confidence_decay_config.sigstore.json ]]; then
cosign verify-blob \
--key tools/cosign/cosign.dev.pub \
--bundle signed-artifacts/confidence_decay_config.sigstore.json \
docs/modules/signals/decay/confidence_decay_config.yaml \
&& echo "✓ decay config signature verified" \
|| echo "::warning::Signature verification failed (may need production public key)"
fi
- name: Verify unknowns manifest signature
run: |
if [[ -f signed-artifacts/unknowns_scoring_manifest.sigstore.json ]]; then
cosign verify-blob \
--key tools/cosign/cosign.dev.pub \
--bundle signed-artifacts/unknowns_scoring_manifest.sigstore.json \
docs/modules/signals/unknowns/unknowns_scoring_manifest.json \
&& echo "✓ unknowns manifest signature verified" \
|| echo "::warning::Signature verification failed (may need production public key)"
fi
- name: Verify heuristics catalog signature
run: |
if [[ -f signed-artifacts/heuristics_catalog.sigstore.json ]]; then
cosign verify-blob \
--key tools/cosign/cosign.dev.pub \
--bundle signed-artifacts/heuristics_catalog.sigstore.json \
docs/modules/signals/heuristics/heuristics.catalog.json \
&& echo "✓ heuristics catalog signature verified" \
|| echo "::warning::Signature verification failed (may need production public key)"
fi
- name: Summary
run: |
echo "## Signals DSSE Signing Summary" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "| Artifact | Status |" >> "$GITHUB_STEP_SUMMARY"
echo "|----------|--------|" >> "$GITHUB_STEP_SUMMARY"
for f in signed-artifacts/*.sigstore.json signed-artifacts/*.dsse; do
[[ -f "$f" ]] && echo "| $(basename $f) | ✓ Signed |" >> "$GITHUB_STEP_SUMMARY"
done
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "Run ID: ${{ github.run_number }}" >> "$GITHUB_STEP_SUMMARY"

67
.gitea/workflows/signals-evidence-locker.yml Normal file
View File

@@ -0,0 +1,67 @@
name: signals-evidence-locker
on:
workflow_dispatch:
inputs:
retention_target:
description: "Retention days target"
required: false
default: "180"
jobs:
prepare-signals-evidence:
runs-on: ubuntu-latest
env:
MODULE_ROOT: docs/modules/signals
OUT_DIR: evidence-locker/signals/2025-12-05
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Build deterministic signals evidence tar
run: |
set -euo pipefail
test -d "$MODULE_ROOT" || { echo "missing $MODULE_ROOT" >&2; exit 1; }
tmpdir=$(mktemp -d)
rsync -a --relative \
"$OUT_DIR/SHA256SUMS" \
"$OUT_DIR/confidence_decay_config.sigstore.json" \
"$OUT_DIR/unknowns_scoring_manifest.sigstore.json" \
"$OUT_DIR/heuristics_catalog.sigstore.json" \
"$MODULE_ROOT/decay/confidence_decay_config.yaml" \
"$MODULE_ROOT/unknowns/unknowns_scoring_manifest.json" \
"$MODULE_ROOT/heuristics/heuristics.catalog.json" \
"$tmpdir/"
(cd "$tmpdir/$OUT_DIR" && sha256sum --check SHA256SUMS)
tar --sort=name --mtime="UTC 1970-01-01" --owner=0 --group=0 --numeric-owner \
-cf /tmp/signals-evidence.tar -C "$tmpdir" .
sha256sum /tmp/signals-evidence.tar > /tmp/signals-evidence.tar.sha256
- name: Upload artifact (fallback)
uses: actions/upload-artifact@v4
with:
name: signals-evidence-2025-12-05
path: |
/tmp/signals-evidence.tar
/tmp/signals-evidence.tar.sha256
- name: Push to Evidence Locker
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN != '' && env.EVIDENCE_LOCKER_URL != '' }}
env:
TOKEN: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN }}
URL: ${{ env.EVIDENCE_LOCKER_URL }}
run: |
curl -f -X PUT "$URL/signals/2025-12-05/signals-evidence.tar" \
-H "Authorization: Bearer $TOKEN" \
--data-binary @/tmp/signals-evidence.tar
- name: Skip push (missing secret or URL)
if: ${{ secrets.CI_EVIDENCE_LOCKER_TOKEN == '' || env.EVIDENCE_LOCKER_URL == '' }}
run: |
echo "Locker push skipped: set CI_EVIDENCE_LOCKER_TOKEN and EVIDENCE_LOCKER_URL to enable." >&2

3
.gitea/workflows/symbols-ci.yml
View File

@@ -26,6 +26,9 @@ jobs:
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh

3
.gitea/workflows/symbols-release.yml
View File

@@ -17,6 +17,9 @@ jobs:
with:
fetch-depth: 0
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Export OpenSSL 1.1 shim for Mongo2Go
run: scripts/enable-openssl11-shim.sh

40
.gitea/workflows/vex-proof-bundles.yml Normal file
View File

@@ -0,0 +1,40 @@
name: VEX Proof Bundles
on:
pull_request:
paths:
- 'scripts/vex/**'
- 'tests/Vex/ProofBundles/**'
- 'docs/benchmarks/vex-evidence-playbook*'
- '.gitea/workflows/vex-proof-bundles.yml'
push:
branches: [ main ]
paths:
- 'scripts/vex/**'
- 'tests/Vex/ProofBundles/**'
- 'docs/benchmarks/vex-evidence-playbook*'
- '.gitea/workflows/vex-proof-bundles.yml'
jobs:
verify-bundles:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Task Pack offline bundle fixtures
run: python3 scripts/packs/run-fixtures-check.sh
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install deps
run: pip install --disable-pip-version-check --no-cache-dir -r scripts/vex/requirements.txt
- name: Verify proof bundles (offline)
env:
PYTHONHASHSEED: "0"
run: |
chmod +x tests/Vex/ProofBundles/test_verify_sample.sh
tests/Vex/ProofBundles/test_verify_sample.sh

50
.gitignore vendored
View File

@@ -14,11 +14,11 @@ obj/
.idea/
.vscode/
# Packages and logs
*.log
TestResults/
local-nuget/
local-nugets/packages/
# Packages and logs
*.log
TestResults/
local-nuget/
local-nugets/packages/
.dotnet
.DS_Store
@@ -31,10 +31,36 @@ seed-data/cert-bund/**/*.sha256
out/offline-kit/web/**/*
**/node_modules/**/*
**/.angular/**/*
**/.cache/**/*
**/dist/**/*
tmp/**/*
build/
/out/cli/**
/src/Sdk/StellaOps.Sdk.Release/out/**
/out/scanner-analyzers/**
**/.cache/**/*
**/dist/**/*
tmp/**/*
build/
/out/cli/**
/src/Sdk/StellaOps.Sdk.Release/out/**
/src/Sdk/StellaOps.Sdk.Generator/out/**
/out/scanner-analyzers/**
# Node / frontend
node_modules/
dist/
.build/
.cache/
# .NET
bin/
obj/
# IDEs
.vscode/
.idea/
*.user
*.suo
# Misc
logs/
tmp/
coverage/
.nuget/
local-nugets/
local-nuget/
src/Sdk/StellaOps.Sdk.Generator/tools/jdk-21.0.1+12

BIN
.nuget/packages/AWSSDK.Core.4.0.1.3.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/AWSSDK.KeyManagementService.4.0.6.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.CommonProtos.2.17.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.Gax.4.11.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.Gax.Grpc.4.11.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Api.Gax.Grpc.4.7.0.nupkg
View File

Binary file not shown.

3
.nuget/packages/Google.Api.Gax.Grpc.GrpcCore.4.11.0.nupkg
View File

@@ -1,3 +0,0 @@
<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist.
RequestId:111b5cf5-801e-0033-51f3-4ee25c000000
Time:2025-11-06T08:00:59.9404934Z</Message></Error>

BIN
.nuget/packages/Google.Apis.1.69.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Apis.Auth.1.69.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Apis.Core.1.64.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Apis.Core.1.69.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Cloud.Iam.V1.3.4.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Cloud.Kms.V1.3.19.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Cloud.Location.2.3.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.LongRunning.3.3.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Protobuf.3.27.2.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Google.Protobuf.3.31.1.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Auth.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Core.2.46.6.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Core.Api.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Core.Api.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Client.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Client.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Common.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Net.Common.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Tools.2.65.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Grpc.Tools.2.71.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.Authentication.JwtBearer.10.0.0-rc.1.25451.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.Authentication.JwtBearer.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.Mvc.Testing.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.AspNetCore.OpenApi.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Bcl.AsyncInterfaces.6.0.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Bcl.AsyncInterfaces.8.0.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Data.Sqlite.9.0.0-rc.1.24451.1.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Caching.Memory.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Caching.Memory.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Binder.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Binder.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.CommandLine.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.EnvironmentVariables.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.FileExtensions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Configuration.Json.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.Abstractions.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.DependencyInjection.Abstractions.9.0.0.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Diagnostics.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Diagnostics.HealthChecks.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.Abstractions.10.0.0-preview.7.25380.108.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.Abstractions.10.0.0-rc.2.25502.107.nupkg
View File

Binary file not shown.

BIN
.nuget/packages/Microsoft.Extensions.Hosting.Abstractions.8.0.0.nupkg
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More