git.stella-ops.org/docs/features/unchecked/zastava/windows-container-runtime-support.md

Windows Container Runtime Support

Module

Zastava

Status

IMPLEMENTED

Description

Windows container runtime monitoring with ETW event source integration, PE format library hashing, and Windows-specific container lifecycle tracking within the Zastava Observer.

Implementation Details

• IWindowsContainerRuntimeClient interface: src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/IWindowsContainerRuntimeClient.cs -- Windows-specific container runtime client
• DockerWindowsRuntimeClient: src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/DockerWindowsRuntimeClient.cs -- Docker for Windows runtime client implementation
• WindowsContainerInfo: src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/WindowsContainerInfo.cs -- Windows container metadata model
• WindowsLibraryHashCollector: src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/WindowsLibraryHashCollector.cs -- PE format library hashing for Windows DLLs
• ContainerStateTracker: src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/ContainerStateTracker.cs -- shared container lifecycle state tracking
• ContainerStateTrackerFactory: src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/ContainerStateTrackerFactory.cs -- factory for creating state trackers per runtime type
• Tests: src/Zastava/__Tests/StellaOps.Zastava.Observer.Tests/ContainerRuntime/Windows/WindowsContainerRuntimeTests.cs
• Source: SPRINT_0420_0001_0001_zastava_hybrid_gaps.md

E2E Test Plan

• Verify Docker for Windows runtime client enumerates running Windows containers
• Test PE format library hashing collects DLL hashes for SBOM correlation
• Verify Windows container lifecycle tracking (start/stop/restart)
• Test container state tracker handles Windows-specific container states
• Verify Windows library hash collector supports .NET Framework and .NET Core DLLs