CerbiStream.GovernanceAnalyzer 1.1.32

CerbiStream Governance Analyzer

🛡️ What is CerbiStream Governance Analyzer?

A high-performance Roslyn analyzer that enforces your organization’s structured-logging governance rules at build-time – before code reaches production. It supports customizable config files, flexible placement, and actionable diagnostics.

• Prevents PII leakage and missing telemetry fields
• Guarantees encryption settings for sensitive profiles
• Emits build errors with clear CERBI-IDs your CI pipeline can fail on

Zero code changes required. Add the NuGet package, define a governance profile, and compile.

🧐 For Stakeholders

Cerbi helps your teams log securely, consistently, and in compliance with privacy laws.

Cerbi is a seatbelt for your logs: invisible until something goes wrong — and essential when it does.

🚀 Quick-start

# Add to your project
$ dotnet add package CerbiStream.GovernanceAnalyzer

📂 Define Your Governance File

Create a profile (e.g. Configs/my_profile.json):

{
  "EnforcementMode": "Strict",
  "LoggingProfiles": {
    "default": {
      "RequireTopic": true,
      "AllowedTopics": ["Auth", "Payments"],
      "FieldSeverities": {
        "userId": "Required",
        "password": "Forbidden"
      },
      "EncryptionSettings": {
        "Mode": "AES",
        "FieldSeverity": "Required"
      },
      "AllowRelax": true
    }
  }
}

Then tell the analyzer where to find it:

🔍 Declare Config File in Your App

[assembly: Cerbi.Governance.CerbiGovernanceConfig("Configs/my_profile.json")]

✅ Place this at the top of any .cs file (before the namespace) or in Properties/AssemblyInfo.cs

The analyzer will automatically find and load the file relative to the source path.

📄 Real-world Examples

// Works with plain structured logs
logger.LogInformation(new {
  Topic = "Auth",
  userId = "user-123"
});

// Works with [CerbiTopic] at the class level
[CerbiTopic("Payments")]
public class PaymentService
{
  public void Charge()
  {
    _logger.LogInformation(new { userId }); // Topic = "Payments"
  }
}

// Triggers governance error: missing 'email'
logger.LogInformation(new {
  userId = "abc-123"
});

// Developer bypass with Relaxation flag (analyzer sees this)
logger.LogInformation(new Dictionary<string, object> {
  ["Topic"] = "Payments",
  ["GovernanceRelaxed"] = true,
  ["userId"] = "abc-123"
});

✨ Relaxation works only if the profile allows it via "AllowRelax": true.

🗂️ Diagnostics

🛀 Config Path Options

[assembly: Cerbi.Governance.CerbiGovernanceConfig("Configs/gdpr-profile.json")]

The path is relative to the file being analyzed, not to the build output.

🗱️ Multi-Profile Support

Multiple profiles are supported. Each log statement is matched to a governance profile using its Topic field (or [CerbiTopic("...")] if the topic is declared at the class level). The analyzer enforces rules from the matched profile accordingly.

🏑 Plugin & Reload Support

• Live reloading via file watcher
• Runtime validation supported via GovernanceHelper.TryValidate(...)
• Plugin hooks available via ICustomGovernancePlugin

🚧 Phase 2: Coming Soon

• Governance scoring
• IDE integration (log field hints)
• CI dashboards for governance health

⛔️ Limitations

• ❌ Build-time analyzers require the JSON config to be local. Remote configs (e.g., Blob Storage, GitHub) are not supported during compilation.
• ✅ Runtime validation (via CerbiStream) can support local or remote config loading (e.g., Azure Blob, GitHub URLs).
• Analyzer supports one config file per project (resolved via [assembly: CerbiGovernanceConfig(...)])
• Analyzer uses file-based JSON only — no centralized store (yet)

📁 Package Info

📢 Support & Contact

• License: MIT
• Email: hello@cerbi.io
• Website: https://cerbi.systems

Secure • Structured • Compliant

CerbiStream Governance Analyzer — © Cerbi LLC 2025