CerbiStream.GovernanceAnalyzer
1.1.4
dotnet add package CerbiStream.GovernanceAnalyzer --version 1.1.4
NuGet\Install-Package CerbiStream.GovernanceAnalyzer -Version 1.1.4
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="CerbiStream.GovernanceAnalyzer" Version="1.1.4" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="CerbiStream.GovernanceAnalyzer" Version="1.1.4" />
<PackageReference Include="CerbiStream.GovernanceAnalyzer" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add CerbiStream.GovernanceAnalyzer --version 1.1.4
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: CerbiStream.GovernanceAnalyzer, 1.1.4"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#addin nuget:?package=CerbiStream.GovernanceAnalyzer&version=1.1.4
#tool nuget:?package=CerbiStream.GovernanceAnalyzer&version=1.1.4
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
CerbiStream Governance Analyzer
π‘οΈ CerbiStream Governance Analyzer
CerbiStream-GovernanceAnalyzer is a high-performance, plugin-extensible governance engine for structured logging in .NET. It enables both runtime enforcement and compile-time analysis (via Roslyn Analyzer) to ensure logging consistency, security, and observability compliance.
β Whatβs New?
- π Live Reloading of JSON governance configs
- π§ Plugin Architecture β inject dynamic validation rules (per environment, compliance, etc.)
- 𧩠Per-field Type & Enum Enforcement
- π« DisallowedFields Support β prevent sensitive or restricted data from being logged
- π Governance Modes:
Permissive,WarnOnly,Strict - π Impact Scoring for governance violations (coming soon)
- π Roslyn Analyzer to catch issues at build-time
π¦ Installation
dotnet add package CerbiStream.GovernanceAnalyzer
---CerbiStream-GovernanceAnalyzer is a Roslyn-based static analysis tool designed to enforce structured logging standards within applications using CerbiStream. It ensures that log messages adhere to governance rules defined in JSON configurations, reducing runtime validation overhead and improving developer experience.
π₯ Why Use CerbiStream-GovernanceAnalyzer?
- Compile-Time Log Validation β Prevents misformatted logs before deployment.
- Structured Logging Enforcement β Ensures consistent log structures across teams.
- Customizable Rules via JSON β Allows organizations to define mandatory fields for logs.
- Seamless Integration with CerbiStream β Works alongside CerbiStream for log governance.
- Lightweight & Fast β Runs at build time, avoiding runtime performance impact.
π Installation
To add CerbiStream-GovernanceAnalyzer to your project, install it via NuGet:
dotnet add package CerbiStream.GovernanceAnalyzer
Or update your .csproj:
<ItemGroup>
<PackageReference Include="CerbiStream.GovernanceAnalyzer" Version="1.0.0" />
</ItemGroup>
π How It Works
Governance Rules via JSON
- Define required and optional logging fields in a
cerbi_governance.jsonfile. - Example:
{ "LoggingProfiles": { "Default": { "RequiredFields": ["Timestamp", "LogLevel", "Message", "ApplicationId"], "OptionalFields": ["UserId", "TransactionId"] } } }- Define required and optional logging fields in a
Static Analysis at Build-Time
- The analyzer verifies that logs match the governance profile during compilation.
- Example of a valid log:
logger.LogInformation("User login successful | UserId: {UserId}, Timestamp: {Timestamp}", userId, DateTime.UtcNow);- Example of an invalid log (missing required fields):
logger.LogInformation("User login successful"); // β Missing required metadata- The build will fail with a warning/error indicating missing required fields.
Enforce or Warn Mode
- Choose whether governance rules should fail the build (
Error Mode) or just warn developers (Warning Mode). - This can be controlled via the
cerbi_governance.jsonfile.
- Choose whether governance rules should fail the build (
π οΈ Configuration Options
| Option | Type | Description |
|---|---|---|
RequiredFields |
string[] |
Fields that must be present in logs. |
OptionalFields |
string[] |
Fields that are recommended but not mandatory. |
EnforcementLevel |
string |
Can be Error (fail build) or Warning (notify devs). |
π Example Usage
1οΈβ£ Enabling Governance in CerbiStream
In your Program.cs:
var serviceProvider = new ServiceCollection()
.AddLogging(builder =>
{
builder.AddCerbiStream(options =>
{
options.EnableGovernance();
});
})
.BuildServiceProvider();
2οΈβ£ Running the Governance Analyzer
The analyzer automatically runs during the build process. If any logs do not meet governance standards, youβll see build errors or warnings.
π― Future Enhancements
- Integration with CI/CD Pipelines β Enforce logging rules in GitHub Actions/Azure DevOps.
- Dashboard for Governance Management β UI to configure log governance dynamically.
- Multi-Project Support β Apply governance rules across microservices.
π License
CerbiStream-GovernanceAnalyzer is open-source under the MIT License.
π¬ Contact & Contributions
We welcome contributions! Submit an issue or a pull request on GitHub.
π§° Runtime Usage
π§ 1. Governance Config Example
{
{
"Version": "1.0",
"EnforcementMode": "Strict",
"LoggingProfiles": {
"API": {
"RequiredFields": ["Timestamp", "LogLevel", "Message", "ApplicationId"],
"OptionalFields": ["UserId", "TransactionId"],
"DisallowedFields": ["ssn", "creditCardNumber", "socialSecurityNumber"],
"AllowedLevels": ["Information", "Warning", "Error"],
"Encryption": "None",
"FieldTypes": {
"ApplicationId": "Guid"
},
"FieldEnums": {
"Environment": ["Development", "Staging", "Production"]
}
}
}
}
π How to Use
GovernanceConfigLoader.SetGovernanceFilePath("config/cerbi_governance.json");
var isValid = GovernanceHelper.TryValidate("PIILog", logData, out var errors);
π Requires a governance config file. See config/cerbi_governance.json for format.
β Summary
| Feature | Status |
|---|---|
| Governance rules loaded at runtime | β Ready |
| Profile validation logic | β Modular + extensible |
| Multi-profile support | β Aligned to schema |
| File-based config (no API calls) | β Lightweight + secure |
| Project structure | β Enterprise-friendly |
π§ͺ 2. Validate a Log Entry at Runtime
var logData = new Dictionary<string, object>
{
{ "Timestamp", DateTime.UtcNow },
{ "LogLevel", "Error" },
{ "Message", "Order failed" },
{ "ApplicationId", Guid.NewGuid() }
};
var valid = GovernanceHelper.TryValidate("API", logData, out var errors);
if (!valid)
{
Console.WriteLine("Governance violations:");
errors.ForEach(Console.WriteLine);
}
β Disallowed Fields
You can now explicitly block fields that must not appear in any log entry. This helps enforce compliance with security, privacy, or internal data handling policies (e.g., GDPR, HIPAA).
π Governance Config Example
{
"LoggingProfiles": {
"PIILog": {
"RequiredFields": ["Timestamp", "Message", "UserId"],
"DisallowedFields": ["SSN", "CreditCardNumber", "MedicalRecordId"],
"AllowedLevels": ["Information", "Error"]
}
}
}
𧩠Flat JSON-Only Governance Mode
CerbiStream.GovernanceAnalyzer uses a single, flat JSON file for rule configuration.
π See cerbi_governance.schema.json for full validation schema used by the dashboard and Monaco Editor.
No tenants. No runtime switching. No external lookups.
Just fast, lightweight governance.
| Mode | Behavior |
|---|---|
Permissive |
All logs accepted, violations ignored |
WarnOnly |
Violations logged (to console or telemetry), but logs still pass |
Strict |
Logs that violate governance are blocked or flagged |
βοΈ Runtime Enforcement
- π Live JSON reload (no restart)
- 𧩠Plugins (validate based on environment, team, user, etc.)
- π Field-level encryption enforcement
- π§ Impact scoring (optional)
π§ͺ Compile-Time Enforcement (Roslyn)
- π Catch missing fields at build time
- β Warn on disallowed log levels
- β Extensible for IDE feedback
β Example Governance Config (cerbi_governance.json)
{
"EnforcementMode": "Strict",
"LoggingProfiles": {
"PIILog": {
"RequiredFields": ["userId", "ssn"],
"AllowedLevels": ["Information", "Error"],
"Encryption": "AES"
},
"SecurityLog": {
"RequiredFields": ["userId", "IPAddress"],
"AllowedLevels": ["Error", "Critical"],
"Encryption": "AES"
}
}
}
π Governance Plugins (Extend Enforcement)
π Interface
public interface ICustomGovernancePlugin
{
string Id { get; }
string Description { get; }
PluginCategory Category { get; }
string[] AppliesToProfiles { get; }
bool Validate(string profileName, Dictionary<string, object> logData, out List<string> failures, out int impactScore);
}
βοΈ Example Plugin
public class TeamIdPlugin : ICustomGovernancePlugin
{
public string Id => "plugin.teamid.required";
public string Description => "Requires TeamId when Environment = Production";
public PluginCategory Category => PluginCategory.Security;
public string[] AppliesToProfiles => new[] { "*" };
public bool Validate(string profile, Dictionary<string, object> logData, out List<string> failures, out int impactScore)
{
failures = new();
impactScore = 0;
if (logData.TryGetValue("Environment", out var env) &&
env?.ToString()?.Equals("Production", StringComparison.OrdinalIgnoreCase) == true)
{
if (!logData.ContainsKey("TeamId"))
{
failures.Add("MissingField: TeamId is required in Production");
impactScore = 5;
return false;
}
}
return true;
}
}
π‘ Register your plugin once on startup:
GovernancePluginManager.Plugin = new TeamIdPlugin();
π§ͺ Developer Features
| Feature | Description |
|---|---|
| π Live JSON Reloading | Picks up changes without restarting |
| β οΈ Roslyn Analyzer | Catch missing or misused log fields at compile time |
| 𧩠Plugin Architecture | Inject your own rule logic dynamically |
| π§ Impact Scoring (Optional) | Rate violation severity to CerbIQ or dashboards |
| π Profile-Level Encryption | Mark logs as "AES", "Base64", etc. |
| π§ͺ Unit-Test Friendly | Supports mocking, config switching, and override injection |
π‘ Example Governance Violation
MissingField: ApplicationId
InvalidEnum: Environment must be one of [Development, Staging, Production]
InvalidType: ApplicationId expected guid
π€ CerbiStream + Governance Analyzer
Use both for complete log compliance, structure, and real-time observability
dotnet add package CerbiStream
dotnet add package CerbiStream.GovernanceAnalyzer
- CerbiStream handles routing, structure, and metadata
- GovernanceAnalyzer ensures enforcement and correctness
π Roadmap
| Feature | Status |
|---|---|
| π Plugin Metadata + Categories | β Done |
| π Governance Violation Scoring | β Done |
| π§ CLI Linter for JSON / Logs | π Planned |
| π CerbiShield Dashboard Controls | π Planned |
| π€ Copilot Hints + VSCode Plugin | π Planned |
π¬ Contact & Community
- π Website: Cerbi-CerbiStream
- π¦ NuGet: GovernanceAnalyzer on NuGet
- π« Email: thomasvnelson@live.com
π MIT Licensed Β· π¬ Built for real developers.
π§ Structured. Secure. Governed. Fast.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- Microsoft.CodeAnalysis.CSharp (>= 4.13.0)
- Newtonsoft.Json (>= 13.0.3)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Added plugin support, type/enum validation, severity scoring, and governance metadata. First governance milestone for enterprise adoption.