stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6be4a25d178319a8f79ecea48434cff0174482d3
git.stella-ops.org/docs/features/checked/telemetry/telemetry-exporter-guard.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.6 KiB
Raw Blame History

Telemetry Exporter Guard

Module

Telemetry

Status

IMPLEMENTED

Description

Guard that prevents telemetry export to unauthorized endpoints, enforcing sealed-mode restrictions.

Implementation Details

  • TelemetryExporterGuard: src/Telemetry/StellaOps.Telemetry.Core/StellaOps.Telemetry.Core/TelemetryExporterGuard.cs -- IsExporterAllowed(descriptor, options, signal, endpoint, out decision) that applies IEgressPolicy from StellaOps.AirGap.Policy; returns allow/deny with EgressDecision details; logs enforcement results
  • TelemetrySignal: src/Telemetry/StellaOps.Telemetry.Core/StellaOps.Telemetry.Core/TelemetrySignal.cs -- signal types (traces, metrics, logs) for per-signal guard evaluation
  • TelemetryServiceDescriptor: src/Telemetry/StellaOps.Telemetry.Core/StellaOps.Telemetry.Core/TelemetryServiceDescriptor.cs -- service identity for guard evaluation
  • StellaOpsTelemetryOptions.CollectorOptions: src/Telemetry/StellaOps.Telemetry.Core/StellaOps.Telemetry.Core/StellaOpsTelemetryOptions.cs -- collector endpoint and component configuration
  • Tests: src/Telemetry/StellaOps.Telemetry.Core/StellaOps.Telemetry.Core.Tests/TelemetryExporterGuardTests.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify guard blocks telemetry export to unauthorized endpoints when air-gap policy is active
  • Test guard allows export when no egress policy is configured (permissive default)
  • Verify per-signal guard evaluation (traces, metrics, logs can have different policies)
  • Test guard logs enforcement decisions for audit trail
  • Verify integration with SealedModeTelemetryService for complete export blocking