bc4318ef97
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
1.4 KiB
1.4 KiB
Observability standards
Common envelope fields
- Trace context: trace_id, span_id, trace_flags; propagate W3C traceparent and baggage.
- Tenant and workload: tenant, workload (service), region, env, version.
- Subject: component, operation, resource (purl or uri when safe).
- Timing: UTC ISO-8601 timestamp; durations in milliseconds.
- Outcome: status (ok, error, fault, throttle), error.code, redacted error.message, retryable.
Scrubbing policy
- Denylist PII and secrets: emails, tokens, auth headers, private keys, passwords.
- Redact to "[redacted]" and add redaction.reason (secret, pii, tenant_policy).
- Hash low-cardinality identifiers with sha256 and mark hashed=true.
- Never log full request or response bodies; store hashes and lengths only.
Sampling defaults
- Traces: 10% non-prod, 5% prod; always sample error or audit spans.
- Logs: info logs rate-limited; warn and error never sampled.
- Metrics: never sampled; stable histogram buckets per component.
Redaction override
- Overrides require a ticket id and are time-bound.
- Config: telemetry.redaction.overrides and telemetry.redaction.override_ttl (default 24h).
- Emit telemetry.redaction.audit with actor, fields, and TTL.
Determinism and offline
- No external enrichers; use bundled service maps and tenant metadata only.
- Export ordering: timestamp, workload, operation.
- Always use UTC; NDJSON for log exports.