bc4318ef97
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
1.3 KiB
1.3 KiB
Logging standards
Goals
- Deterministic, structured logs for all services.
- Safe for tenant isolation and offline review.
Required fields
- timestamp (UTC ISO-8601)
- tenant, workload, env, region, version
- level (debug, info, warn, error, fatal)
- category and operation
- trace_id, span_id, correlation_id when present
- message (concise, no secrets)
- status (ok, error, fault, throttle)
- error.code, error.message (redacted), retryable when status is not ok
Optional fields
- resource, http.method, http.status_code, duration_ms
- host, pid, thread
Offline kit import fields
- tenant_id, bundle_type, bundle_digest, bundle_path
- manifest_version, manifest_created_at
- force_activate, force_activate_reason
- result, reason_code, reason_message
- quarantine_id, quarantine_path
Redaction rules
- Never log auth headers, tokens, passwords, private keys, or full bodies.
- Redact to "[redacted]" and add redaction.reason.
- Hash low-cardinality identifiers and mark hashed=true.
Determinism and offline posture
- NDJSON with LF endings; UTC timestamps only.
- No external enrichment; rely on bundled metadata.
Sampling and rate limits
- Info logs rate-limited per component; warn and error never sampled.
- Audit logs are never sampled and include actor, action, target, result.