CerbiStream.GovernanceAnalyzer 1.1.22

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package CerbiStream.GovernanceAnalyzer --version 1.1.22
                    


                    

                
NuGet\Install-Package CerbiStream.GovernanceAnalyzer -Version 1.1.22
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="CerbiStream.GovernanceAnalyzer" Version="1.1.22" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="CerbiStream.GovernanceAnalyzer" Version="1.1.22" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="CerbiStream.GovernanceAnalyzer" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add CerbiStream.GovernanceAnalyzer --version 1.1.22
                    


                    

                
#r "nuget: CerbiStream.GovernanceAnalyzer, 1.1.22"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package CerbiStream.GovernanceAnalyzer@1.1.22
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=CerbiStream.GovernanceAnalyzer&version=1.1.22
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=CerbiStream.GovernanceAnalyzer&version=1.1.22
                    


                            Install as a Cake Tool

CerbiStream Governance Analyzer

🛡️ What is CerbiStream Governance Analyzer?

A high‑performance Roslyn analyzer that enforces your organisation’s structured‑logging governance rules at build‑time – before code reaches production. It ships with a tiny runtime helper (optional) plus hot‑reloading JSON configs so you can evolve policy without redeploying.

  • Prevents PII leakage and missing telemetry fields.
  • Guarantees encryption settings for sensitive profiles.
  • Emits actionable build errors (CERBI‑IDs) your CI pipeline can fail on.

One package. Zero code changes. Add the NuGet, drop a cerbi_governance.json, hit build.

🚀 Quick‑start

Why build‑time? Catch errors before they ship. Compilation fails fast, blocking merges and eliminating "fix‑it‑in‑prod" hot‑patches.

# inside your project
$ dotnet add package CerbiStream.GovernanceAnalyzer

Place cerbi_governance.json in your repo root (or anywhere – set the path via MSBuild/Env). Example profile:

{
  "EnforcementMode": "Strict",
  "LoggingProfiles": {
    "default": {
      "RequireTopic": true,
      "AllowedTopics": ["Auth","Payments"],
      "FieldSeverities": {
        "userId": "Required",
        "password": "Forbidden"
      },
      "EncryptionSettings": {
        "Mode": "AES",
        "FieldSeverity": "Required"
      }
    }
  }
}

Write logs the usual way. The analyzer handles the rest.

logger.LogInformation(new {
    Topic   = "Auth",        // ✅ whitelisted
    userId  = userId,
});

Missing required field? CERBI001. Wrong topic? CERBI020/021. CI fails – issue caught before merge.

✨ Feature Matrix

Area Build‑time Runtime*
Required / Forbidden fields
Type & Enum validation
Encryption mode match
Topic governance (RequireTopic, AllowedTopics)
Relaxation flag (logger.Relax() or GovernanceRelaxed=true) ✅ CERBI000/007 ✅ (skips other checks)

*Runtime checks live in GovernanceHelper.TryValidate() – optional for API‑level validation/tests.

🖇️ Topic Governance

Cerbi lets you declare a default topic once per class (or file) so individual calls stay clean.

using CerbiStream;

[CerbiTopic("Auth")]              // 👈 attribute sets the default
public class LoginController
{
    private readonly ILogger<LoginController> _log;

    public void SignIn(Guid userId)
    {
        _log.LogInformation(new { userId }); // Topic inferred = "Auth"
    }
}

Need to override inside a specific method? just add the property:

_log.LogInformation(new { Topic = "Auth:Reset", userId, reason });
Profile knob Effect
RequireTopic: true Every log must supply a Topic → CERBI021 if absent.
AllowedTopics Whitelist. Topic outside list → CERBI020.
DefaultTopic Used when dev omits Topic (still checked against whitelist). 
// build errors
logger.LogInformation("ping");                         // CERBI021
logger.LogInformation(new { Topic = "Billing" });      // CERBI020

// success
logger.LogInformation(new { Topic = "Payments" });

Fast bypass for incident triage

for incident triage

logger.Relax().LogWarning("raw payload {json}", raw); // CERBI000 (Info)

If the profile sets "AllowRelax": false the build fails with CERBI007.

📄 Diagnostics Cheat‑sheet

ID Meaning Severity
CERBI000 Governance relaxed (allowed) Info
CERBI001 Required field missing Error
CERBI002 Forbidden field present Error
CERBI007 Relaxation not allowed Error
CERBI020 Unknown topic Error
CERBI021 Topic missing Error
CERBI999 No default profile in JSON Info

All IDs use the CERBI‑prefix so you can filter easily in IDEs & pipelines.

🔌 Extensibility

  • Plugin interface (ICustomGovernancePlugin) – add bespoke rules (e.g., team‑id in prod, audit score).
  • Live reload – JSON file watcher reloads policy without restarting.

🌍 Logger ecosystem & plug‑in roadmap

The governance JSON is identical for every sink—no XML, no per‑logger quirks. What varies is how we intercept the call site to feed the analyzer and, optionally, append governance tags at runtime.

Logger family Planned package Build‑time analysis Automatic runtime tags Status
CerbiStream (native) CerbiStream.GovernanceAnalyzer ✅ full diagnostics GovernanceRelaxed, encryption checks GA 1.x
Serilog CerbiStream.GovernanceAnalyzer.Serilog Analyse ForContext(...), message‑template params Adds GovernanceRelaxed / future GovernanceScore as enrichers Phase 2
Microsoft.Extensions.Logging (MEL) CerbiStream.GovernanceAnalyzer.MEL Inspect interpolated‑string handlers & BeginScope Scope enrichment Phase 2
NLog CerbiStream.GovAnalyzers.NLog Parse Logger.WithProperty() & layouts Layout renderer adds tags Backlog
log4net CerbiStream.GovAnalyzers.Log4Net Analyse LoggingEventData usage Appender enrichment Backlog
OpenTelemetry SDK CerbiStream.GovAnalyzers.OTel Inspect Activity.AddTag / baggage Activity tag injection Backlog

*Runtime tagging: when the plug‑in package is present, the logger automatically stamps GovernanceRelaxed (and phase‑2 GovernanceScore) on the emitted record so downstream pipelines or SIEM tools can filter.

🏆 Scoring (Phase 2 sneak‑peek)

Every violation will soon emit an impact score (0‑10). CI can fail on cumulative risk, not just presence of errors. Build output will include a summary table:

CERBI tally   :  4 errors   1 warning   26 score
Gate threshold: <=30  ✅ pass

Scoring is runtime‑friendly too—serialised as GovernanceScore for SIEM dashboards.

📚 Further reading

📦 Packaging & CI

Artifact Where Notes
CerbiStream.GovernanceAnalyzer NuGet Analyzer DLL + sample JSON + schema.
GitHub Action cerbi/ga-action Lints JSON and fails build on CERBI errors.

📢 License & Contact

Secure • Structured • Compliant

CerbiStream Governance Analyzer — © Cerbi LLC 2025

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.34 156 5/18/2025
1.1.33 116 5/18/2025
1.1.32 106 5/17/2025
1.1.31 122 5/17/2025
1.1.30 226 5/15/2025
1.1.29 233 5/15/2025
1.1.28 224 5/15/2025
1.1.27 224 5/15/2025
1.1.25 227 5/15/2025
1.1.24 238 5/13/2025
1.1.23 222 5/13/2025
1.1.22 223 5/13/2025
1.1.21 285 5/12/2025
1.1.10 158 4/29/2025
1.1.9 155 4/29/2025
1.1.8 162 4/24/2025
1.1.7 149 4/24/2025
1.1.6 156 4/24/2025
1.1.5 165 4/24/2025
1.1.4 90 4/19/2025
1.1.0 179 4/18/2025
1.0.5 130 3/28/2025
1.0.4 471 3/26/2025
1.0.3 166 3/23/2025
1.0.2 154 3/20/2025
1.0.1 213 3/19/2025
1.0.0 158 3/19/2025