stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e716bc6adca8d1a3ac5a24ad491e5fa99e31cf1c
git.stella-ops.org/docs/features/unchecked/doctor/doctor-check-quality-improvements.md

1.5 KiB
Raw Blame History

Doctor Check Quality Improvements (Real Diagnostics Replacing Mocks)

Module

Doctor

Status

IMPLEMENTED

Description

Replaced mock implementations in PolicyEngineHealthCheck, OidcProviderConnectivityCheck, and FipsComplianceCheck with real diagnostic logic. Added discriminating evidence fields for AI reasoning and safety annotations (IsDestructive/DryRunVariant) for destructive remediation commands.

Implementation Details

  • Policy engine check: src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Policy/Checks/PolicyEngineHealthCheck.cs
  • OIDC connectivity check: src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Auth/Checks/OidcProviderConnectivityCheck.cs
  • FIPS compliance check: src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Crypto/Checks/FipsComplianceCheck.cs
  • Other crypto checks: eIDAS (EidasComplianceCheck.cs), GOST (GostAvailabilityCheck.cs), HSM (HsmPkcs11AvailabilityCheck.cs), SM crypto (SmCryptoAvailabilityCheck.cs)
  • Remediation models: src/__Libraries/StellaOps.Doctor/Models/RemediationStep.cs -- includes IsDestructive/DryRunVariant safety annotations
  • Source: SPRINT_20260118_015_Doctor_check_quality_improvements.md

E2E Test Plan

  • Verify PolicyEngineHealthCheck performs real diagnostic (not mock)
  • Test OidcProviderConnectivityCheck actually probes OIDC endpoint
  • Verify FipsComplianceCheck validates FIPS mode status
  • Test remediation commands include safety annotations (IsDestructive, DryRunVariant)