stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
c2b9cd8d1f1a81af32c757063a460815ff4949a4
git.stella-ops.org/docs/modules/aoc
History

README.md

AOC (Append-Only Contracts)

Status: Implemented Source: src/Aoc/ Owner: Platform Team

Purpose

AOC provides compile-time enforcement of append-only contract rules during data ingestion. Uses Roslyn analyzers to prevent connectors from writing to fields that should only be computed by downstream merge/decisioning pipelines.

Components

Analyzers:

  • StellaOps.Aoc.Analyzers - Roslyn DiagnosticAnalyzers (AOC0001, AOC0002, AOC0003)

Libraries:

  • StellaOps.Aoc - Core abstractions (IAocGuard)
  • StellaOps.Aoc.AspNetCore - ASP.NET Core integration

CLI:

  • StellaOps.Aoc.Cli - Manual validation tool

Key Concepts

Forbidden Fields (ingestion-time writes forbidden):

  • severity, cvss, cvss_vector - Computed from CVSS + context
  • effective_status, effective_range - VEX consensus outcomes
  • risk_score, reachability, asset_criticality - Runtime analysis

Derived Fields:

  • Any field prefixed with effective_* is treated as derived and forbidden

Related Documentation

  • Architecture: ./architecture.md
  • Concelier: ../concelier/ (uses AOC for connectors)
  • Excititor: ../excititor/ (uses AOC for VEX ingestion)