CerbiStream 1.1.91

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package CerbiStream --version 1.1.91
                    


                    

                
NuGet\Install-Package CerbiStream -Version 1.1.91
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="CerbiStream" Version="1.1.91" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="CerbiStream" Version="1.1.91" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="CerbiStream" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add CerbiStream --version 1.1.91
                    


                    

                
#r "nuget: CerbiStream, 1.1.91"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package CerbiStream@1.1.91
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=CerbiStream&version=1.1.91
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=CerbiStream&version=1.1.91
                    


                            Install as a Cake Tool

CerbiStream v2.0 β€” Developer-First Logging Governance for .NET

cerbi.io NuGet Downloads

CerbiStream v2.0 is the developer-first governance layer for .NET logging. One line of code gives you PII protection, automatic redaction, and enterprise-grade compliance.

Targets .NET 8.0, .NET 9.0, and .NET 10.0.

// That's it! One line to secure your logs.
builder.Logging.AddCerbiStream();

πŸš€ What's New in v2.0

Developer-First Experience

  • One-line setup β€” AddCerbiStream() just works with zero configuration
  • Auto-generated governance policy β€” Sensible PII defaults created automatically
  • Preset modes β€” EnableDeveloperMode(), ForProduction(), ForTesting(), ForPerformance()

Environment Variable Configuration (NEW!)

  • Zero-code deployments β€” Same code works everywhere, controlled by environment
  • Instant debugging β€” Enable console output in production without redeploying
  • Kubernetes/Docker native β€” 20+ environment variables for complete control

Enterprise Features

  • Azure App Insights integration β€” Built-in telemetry provider
  • Queue scoring β€” Send governance metadata to queues for analytics
  • Encrypted file fallback β€” AES-256 encrypted local logs when queues fail
  • Hot-reload governance β€” Policy changes apply instantly without restart

πŸ”‘ Key Features

Governance rules (runtime enforcement)

  • Validate log payloads against a governance profile (cerbi_governance.json).
  • Tag events with:
    • GovernanceViolations
    • GovernanceProfileVersion
    • GovernanceRelaxed
  • Case-insensitive matching for forbidden/disallowed fields.

Redaction

  • Automatic in-place redaction of:
    • DisallowedFields
    • Fields with severity Forbidden
  • Works on structured payloads so you don’t leak values to downstream sinks.

Runtime validation

  • Backed by Cerbi.Governance.Runtime.
  • File watcher for hot-reloading governance profiles when cerbi_governance.json changes.
  • Consistent behavior across CerbiStream, Cerbi.MEL.Governance, and Serilog/MEL plugins.

Analyzer integration

Pair CerbiStream with Cerbi analyzers to catch issues before runtime:

  • Lint for risky fields (e.g., password, ssn, creditCard).
  • Enforce required context and schemas during development.
  • Shift PII problems left into CI and IDEs.

Performance

  • Allocation-aware adapter:
    • Pooled dictionaries for structured state
    • Streaming JSON parsing (Utf8JsonReader) for violation fields
  • Minimal β€œdev mode” & β€œbenchmark mode” for hot-path tuning.
  • Benchmarks show parity with established loggers on baseline scenarios.

Encryption

  • Optional AES/Base64 encryption for file fallback logs.
  • Encrypted file rotation service for:
    • max size
    • max age
  • Centralized encryption mode selection via Cerbi options.

ML-ready metadata

  • Consistent, structured fields:
    • GovernanceViolations
    • GovernanceProfileVersion
    • GovernanceRelaxed
    • Environment/instance tags
  • Makes downstream queries and ML features predictable and repeatable across tools (Loki, Seq, ELK/OpenSearch, Graylog, VictoriaLogs, OpenObserve, etc.).

πŸ€” Why CerbiStream vs Serilog / NLog / OpenTelemetry?

CerbiStream is not trying to replace Serilog/NLog/OTEL. It’s a governance layer in front of them.

  • Serilog / NLog / log4net

    • Great at structured logging and sink ecosystems.
    • Do not enforce:
      • Required fields
      • Forbidden fields
      • Runtime redaction driven by governance profiles

  • OpenTelemetry (OTEL)

    • Great at telemetry pipelines and exporters (OTLP, OTEL Collector, Prometheus, etc.).
    • Does not enforce policy-based PII rules on application payloads.

CerbiStream complements these:

  • Validates/marks/redacts logs before:
    • Serilog sinks
    • NLog targets
    • OTEL exporters / Collector
    • Loki / Seq / ELK / Graylog / VictoriaLogs / OpenObserve / TelemetryHarbor / Fluentd / Alloy / syslog

Use CerbiStream when:

  • You need .NET logging governance with explicit profiles and enforcement.
  • You must guarantee PII-safe logging before data leaves the process.
  • You want runtime validation plus analyzer-time enforcement.
  • You prefer safe defaults with opt-in relaxation for diagnostics.

πŸ§ͺ Demo API for hands-on testing

Want to see CerbiStream governance in action without wiring up your own project? Try the public demo API built for quick evaluation:

  • Repository: Cerbistream.Governance.Demo.API
  • Includes ready-to-run .NET API endpoints that emit governed logs using CerbiStream.
  • Pair it with the demo’s cerbi_governance.json to watch runtime validation and redaction behaviors end-to-end.

⚑ Quickstart (One Line!)

1) Install

dotnet add package CerbiStream

2) Add to your app

// Program.cs - That's it! One line!
builder.Logging.AddCerbiStream();

Done! You now have:

  • βœ… PII protection (passwords, SSNs, credit cards auto-redacted)
  • βœ… Governance policy auto-generated
  • βœ… Console output for development
  • βœ… Auto-detects environment variables for zero-code config changes
  • βœ… Ready for production upgrade

3) Log as usual

// Just use standard ILogger - CerbiStream handles the rest
logger.LogInformation("User signup {email} {ssn}", "a@b.com", "111-11-1111");
// Output: ssn is automatically redacted to "***REDACTED***"

🎯 Configuration Presets

// Development (default) β€” Console on, queue off, governance on
builder.Logging.AddCerbiStream();

// Production β€” Full governance, telemetry, queue enabled
builder.Logging.AddCerbiStream(o => o.ForProduction());

// Testing β€” Governance on, no external dependencies
builder.Logging.AddCerbiStream(o => o.ForTesting());

// Performance β€” All enrichment disabled for benchmarks
builder.Logging.AddCerbiStream(o => o.ForPerformance());
Preset Console Queue Governance Telemetry
EnableDeveloperMode() βœ… ❌ βœ… ❌
ForProduction() ❌ βœ… βœ… βœ…
ForTesting() βœ… ❌ βœ… ❌
ForPerformance() ❌ ❌ ❌ ❌

🌍 Environment Variable Configuration (NEW!)

Zero code changes β€” deploy the same code everywhere, control behavior with environment variables.

Quick Mode Switch

# Linux/Mac
export CERBISTREAM_MODE=production

# Windows PowerShell
$env:CERBISTREAM_MODE = "production"

# Docker
docker run -e CERBISTREAM_MODE=production myapp

# Kubernetes
env:
  - name: CERBISTREAM_MODE
    value: "production"

All Environment Variables

Variable Values Description
CERBISTREAM_MODE development, production, testing, performance Master preset switch
CERBISTREAM_GOVERNANCE_ENABLED true/false Toggle PII redaction
CERBISTREAM_GOVERNANCE_PROFILE Profile name e.g., myapp, default
CERBI_GOVERNANCE_PATH File path Path to governance JSON
CERBISTREAM_QUEUE_ENABLED true/false Toggle queue sending
CERBISTREAM_QUEUE_TYPE AzureServiceBus, RabbitMQ, Kafka, etc. Queue provider
CERBISTREAM_QUEUE_CONNECTION Connection string Queue connection
CERBISTREAM_QUEUE_NAME Queue name Target queue/topic
CERBISTREAM_ENCRYPTION_MODE None, Base64, AES Encryption type
CERBISTREAM_CONSOLE_OUTPUT true/false Console logging
CERBISTREAM_TELEMETRY_ENABLED true/false Telemetry sending
CERBISTREAM_FILE_FALLBACK_ENABLED true/false File fallback

Debug Production Issues Instantly

# Enable console output without redeploying
kubectl set env deployment/myapp CERBISTREAM_CONSOLE_OUTPUT=true

# Disable queue temporarily
kubectl set env deployment/myapp CERBISTREAM_QUEUE_ENABLED=false

Layered Configuration

Environment variables + code config work together:

// Start from environment, then override specific settings
builder.Logging.AddCerbiStream(o => o
    .FromEnvironment()                    // Load from env vars
    .WithGovernanceProfile("override"));  // Code takes precedence

πŸ”§ Advanced Configuration

builder.Logging.AddCerbiStream(options => options
    .ForProduction()
    .WithGovernanceProfile("myservice")
    .WithQueueRetries(true, retryCount: 5, delayMilliseconds: 500)
    .WithFileFallback("logs/fallback.json", "logs/primary.json")
    .WithAesEncryption()
    .WithEncryptionKey(key, iv)
    .WithTelemetryProvider(myTelemetryProvider));

Governance Runtime & Analyzer Compatibility

TFM CerbiStream package Cerbi.Governance.Runtime CerbiStream.GovernanceAnalyzer
net8.0 1.1.21 1.1.7 1.1.21
net9.0 1.1.21 1.1.7 1.1.21
net10.0 1.1.21 1.1.7 1.5.48

AddCerbiGovernanceRuntime is compiled against the current Cerbi.Governance.Runtime API. Use the versions above to avoid Method not found: RuntimeGovernanceValidator..ctor when pairing governed logging with runtime validation.

πŸ” Governance Example: Before vs After

Before (unsafe):

{
  "message": "User signup",
  "email":   "a@b.com",
  "ssn":     "111-11-1111"
}

After (governed by CerbiStream):

{
  "message": "User signup",
  "email": "a@b.com",
  "ssn": "***REDACTED***",
  "GovernanceViolations": [
    { "Code": "ForbiddenField", "Field": "ssn" }
  ],
  "GovernanceProfileVersion": "1.0.0"
}

Opt-in relaxation for intentional diagnostics:

logger.LogInformation("debug payload", new
{
    GovernanceRelaxed = true,
    dump = secretPayload
});

When GovernanceRelaxed = true and your profile allows relax, CerbiStream skips enforcement/redaction for that entry but still tags it as relaxed for downstream scoring and audit.

🧾 Governance Profile (JSON) Template

{
  "Version": "1.0.0",
  "LoggingProfiles": {
    "default": {
      "RequiredFields": [ "message", "timestamp" ],
      "ForbiddenFields": [ "password" ],
      "DisallowedFields": [ "ssn", "creditCard" ],
      "FieldSeverities": {
        "password": "Forbidden",
        "creditCard": "Forbidden"
      },
      "SensitiveTags": [ "PII", "Secret" ],
      "Encryption": {
        "Mode": "AES",
        "RotateEncryptedFiles": true
      }
    }
  }
}

Notes:

  • DisallowedFields and any field with severity Forbidden will be redacted.
  • RequiredFields are validated and surfaced as violations when missing.
  • Profiles are just JSON – keep them in Git, and let Cerbi’s file watcher hot-reload changes.

πŸ“ˆ Performance

CerbiStream includes a Benchmark & Evaluation suite that compares it to:

  • Microsoft.Extensions.Logging (MEL)
  • Serilog
  • NLog
  • log4net

Baseline summary (Release, .NET 8, no-op sinks):

Scenario Relative throughput
Baseline (MEL console) 1.00x
Serilog console 0.95x–1.05x
NLog console 0.90x–1.00x
CerbiStream + console ~0.90x–0.98x

What makes it fast:

  • Allocation-aware adapter with:

    • Pooled Dictionary<string, object>
    • Pooled HashSet<string>

  • Streaming parse of governance metadata via Utf8JsonReader

  • Immediate short-circuit when GovernanceRelaxed is set

Run the repo’s benchmarks:

  • Windows: scripts/bench.ps1
  • Linux/macOS: scripts/bench.sh
  • Or directly:
dotnet run --project Cerbi-Benchmark-Tests/Cerbi-Benchmark-Tests.csproj -c Release

For full benchmark commentary, see the CerbiStream Benchmark & Evaluation Suite README in this repo.

πŸ”— Integration Patterns

  • MEL Primary integration via AddCerbiStream / AddCerbiGovernanceRuntime.

  • Serilog Wrap your Serilog-backed ILoggerFactory so Cerbi governance runs before Serilog sinks.

  • NLog / log4net Integrate via MEL or by routing governed events into existing targets.

  • OpenTelemetry Use CerbiStream in the app, then export via OTLP to the OTEL Collector. Logs arrive already governed/redacted.

  • Azure Container Apps (ACA) / Kubernetes CerbiStream is fully compatible with containerized .NET apps:

    • Environment variables: Set CERBI_GOVERNANCE_PATH=/app/config/cerbi_governance.json to override the default location.
    • ConfigMaps / Volumes: Mount your governance profile as a read-only volume; the library's FileSystemWatcher gracefully degrades on read-only mounts, falling back to timestamp-based reload checks.
    • AppContext.BaseDirectory: Falls back to ./cerbi_governance.json next to the app executable when CERBI_GOVERNANCE_PATH is not set.
    • Performance: Pooled dictionaries, HashSets, and streaming JSON parsing ensure minimal allocation overhead at high throughput.
    • Health checks: Use AddCerbiStreamHealthChecks() to expose /cerbistream/health and /cerbistream/metrics endpoints for ACA/K8s probes.

    Example for ACA deployment:

    containers:
  - name: myapp
    image: myregistry.azurecr.io/myapp:latest
    env:
      - name: CERBI_GOVERNANCE_PATH
        value: "/app/config/cerbi_governance.json"
    volumeMounts:
      - name: governance-config
        mountPath: /app/config
        readOnly: true
volumes:
  - name: governance-config
    secret:
      secretName: cerbi-governance

  • Downstream stacks CerbiStream plays nicely with:

    • Grafana Loki / Promtail / Alloy
    • Seq
    • ELK / OpenSearch
    • Graylog
    • VictoriaLogs / VictoriaMetrics
    • OpenObserve
    • TelemetryHarbor
    • Fluentd / Fluent Bit
    • Journald / basic syslog + grep/tail

You don't need a CerbiStream.Fluentd or CerbiStream.Alloy NuGet package. You need: CerbiStream in-process, plus configuration for your collector/exporter to ingest those governed logs.

❓ FAQ

Does this replace Serilog or NLog? No. CerbiStream is a governance layer, not a sink library. Keep Serilog/NLog/OTEL; add CerbiStream to enforce profiles and redaction before events flow into those stacks.

What about performance overhead? CerbiStream is designed to be competitive with top loggers. Baseline cost is close to raw MEL; governance/redaction cost is explicit and measurable in the included benchmarks.

What happens when governance is disabled or relaxed?

  • When disabled, CerbiStream behaves like a thin pass-through provider.

  • When GovernanceRelaxed = true, enforcement is skipped for that entry:

    • No redaction
    • Event is tagged as relaxed for downstream scoring

Can I manage governance profiles centrally? Yes. Profiles can be generated and deployed via CerbiShield (governance dashboard) and consumed by CerbiStream, MEL plugins, and Serilog governance adapters.

βœ… Test Coverage

325 tests passing across:

  • 55 integration tests
  • 270 unit tests (135 Γ— 2 frameworks: .NET 8 & .NET 10)

Test categories:

  • Zero-config setup
  • All preset modes
  • Governance redaction
  • Encryption pathways
  • Telemetry integration
  • Environment variable configuration
  • Queue scoring
  • File fallback

πŸ† Trusted By

  • Microsoft Partner (ISV)
  • Harvard Innovation Lab
  • 49.6K+ NuGet downloads

πŸ“š Documentation

πŸ”— Ecosystem

Package Purpose
CerbiStream Core logging governance
Cerbi.Governance.Runtime Runtime validation engine
Cerbi.Governance.Core Policy models and sources
CerbiShield Enterprise governance dashboard

✨ Call to Action

  • ⭐ Star the repo if CerbiStream helps keep your logs safe and compliant.

  • πŸ§ͺ Use it side-by-side with your existing logger to evaluate governance impact.

  • πŸ’¬ Open issues for:

    • Additional examples (Fluentd, Alloy, Loki, OTEL Collector configs)
    • Feature requests
    • Benchmark scenarios you care about

πŸ“ž Support

πŸ“„ License

MIT License β€” see LICENSE for details.

<p align="center"> <b>CerbiStream v2.0</b> β€” Developer-first logging governance for .NET<br> <a href="https://cerbi.io">cerbi.io</a> | <a href="https://www.nuget.org/packages/CerbiStream">NuGet</a> | <a href="https://github.com/Zeroshi/Cerbi-CerbiStream">GitHub</a> </p>

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.91 0 2/4/2026
1.1.88 44 1/31/2026
1.1.87 45 1/31/2026
1.1.86 145 1/1/2026
1.1.85 94 12/29/2025
1.1.84 91 12/29/2025
1.1.83 123 12/21/2025
1.1.82 722 12/19/2025
1.1.80 750 12/3/2025
1.1.79 664 12/3/2025
1.1.78 195 11/25/2025
1.1.77 248 11/22/2025
1.1.76 241 11/22/2025
1.1.75 237 11/22/2025
1.1.74 182 11/15/2025
1.1.73 184 11/15/2025
1.1.72 193 10/30/2025
1.1.71 197 10/30/2025
1.1.70 196 10/27/2025
1.1.69 191 10/27/2025
1.1.67 132 10/24/2025
1.1.66 128 10/24/2025
1.1.65 136 10/24/2025
1.1.64 140 10/24/2025
1.1.63 142 10/24/2025
1.1.62 134 10/24/2025
1.1.61 141 10/24/2025
1.1.60 136 10/24/2025
1.1.59 148 10/24/2025
1.1.58 182 10/24/2025
1.1.57 217 9/9/2025
1.1.55 190 9/7/2025
1.1.54 167 9/7/2025
1.1.19 141 7/4/2025
1.1.18 213 5/20/2025
1.1.17 212 5/20/2025
1.1.16 220 5/20/2025
1.1.15 185 5/18/2025
1.1.14 293 5/15/2025
1.1.13 300 5/14/2025
1.1.12 296 5/14/2025
1.1.11 301 5/14/2025
1.1.10 287 5/14/2025
1.1.9 279 5/13/2025
1.1.8 322 5/13/2025
1.1.7 202 5/6/2025
1.1.6 250 4/27/2025
1.1.5 226 4/27/2025
1.1.3 207 4/27/2025
1.1.2 224 4/25/2025
1.1.1 269 4/13/2025
1.1.0 239 4/13/2025
1.0.16 202 4/10/2025
1.0.15 192 4/7/2025
1.0.14 147 4/6/2025
1.0.13 186 3/28/2025
1.0.12 163 3/27/2025
1.0.11 499 3/26/2025
1.0.10 524 3/25/2025
1.0.9 192 3/23/2025
1.0.8 111 3/22/2025
1.0.7 181 3/21/2025
1.0.6 188 3/20/2025
1.0.5 195 3/20/2025
1.0.4 173 3/19/2025
1.0.3 182 3/19/2025
1.0.2 198 3/12/2025
1.0.1 197 3/12/2025

See docs/RELEASE-NOTES.md