2e276d6676
- Added `MongoAdvisoryObservationEventPublisher` and `NatsAdvisoryObservationEventPublisher` for event publishing. - Registered `IAdvisoryObservationEventPublisher` to choose between NATS and MongoDB based on configuration. - Introduced `MongoAdvisoryObservationEventOutbox` for outbox pattern implementation. - Updated service collection to include new event publishers and outbox. - Added a new hosted service `AdvisoryObservationTransportWorker` for processing events. feat: Update project dependencies - Added `NATS.Client.Core` package to the project for NATS integration. test: Add unit tests for AdvisoryLinkset normalization - Created `AdvisoryLinksetNormalizationConfidenceTests` to validate confidence score calculations. fix: Adjust confidence assertion in `AdvisoryObservationAggregationTests` - Updated confidence assertion to allow a range instead of a fixed value. test: Implement tests for AdvisoryObservationEventFactory - Added `AdvisoryObservationEventFactoryTests` to ensure correct mapping and hashing of observation events. chore: Configure test project for Findings Ledger - Created `Directory.Build.props` for test project configuration. - Added `StellaOps.Findings.Ledger.Exports.Unit.csproj` for unit tests related to findings ledger exports. feat: Implement export contracts for findings ledger - Defined export request and response contracts in `ExportContracts.cs`. - Created various export item records for findings, VEX, advisories, and SBOMs. feat: Add export functionality to Findings Ledger Web Service - Implemented endpoints for exporting findings, VEX, advisories, and SBOMs. - Integrated `ExportQueryService` for handling export logic and pagination. test: Add tests for Node language analyzer phase 22 - Implemented `NodePhase22SampleLoaderTests` to validate loading of NDJSON fixtures. - Created sample NDJSON file for testing. chore: Set up isolated test environment for Node tests - Added `node-isolated.runsettings` for isolated test execution. - Created `node-tests-isolated.sh` script for running tests in isolation.
Scanner Design Dossiers
This directory contains deep technical designs for current and upcoming analyzers and surface components.
Language analyzers
ruby-analyzer.md— lockfile, runtime graph, capability signals for Ruby.deno-runtime-signals.md— runtime trace + policy signal contract for Deno analyzer.deno-runtime-shim.md— loader/trace shim plan for runtime NDJSON capture in Deno analyzer.
Surface & platform contracts
surface-fs.mdsurface-env.mdsurface-validation.mdsurface-secrets.md
OS ecosystem designs
macos-analyzer.md— Homebrew, pkgutil,.appbundle plan.windows-analyzer.md— MSI, WinSxS, Chocolatey, registry collectors.
Demand & dashboards
../../benchmarks/scanner/windows-macos-demand.md— demand tracker.../../benchmarks/scanner/windows-macos-interview-template.md— interview template.../../api/scanner/windows-coverage.md— coverage summary dashboard.../../api/scanner/windows-macos-summary.md— metric snapshot.
Utility & reference
../operations/field-engagement.md— SE workflow guidance.../operations/analyzers.md— operational runbook.../operations/rustfs-migration.md— storage migration notes.
Maintenance tips
- Keep demand tracker (
../../benchmarks/scanner/windows-macos-demand.md) and API dashboards in sync when updating macOS/Windows designs. - Cross-reference policy readiness briefs for associated predicates and waiver models.
Policy readiness
../policy/secret-leak-detection-readiness.md— secret leak pipeline decisions.../policy/windows-package-readiness.md— Windows analyzer policy decisions.