Stratara.Validation
3.1.1
dotnet add package Stratara.Validation --version 3.1.1
NuGet\Install-Package Stratara.Validation -Version 3.1.1
<PackageReference Include="Stratara.Validation" Version="3.1.1" />
<PackageVersion Include="Stratara.Validation" Version="3.1.1" />
<PackageReference Include="Stratara.Validation" />
paket add Stratara.Validation --version 3.1.1
#r "nuget: Stratara.Validation, 3.1.1"
#:package Stratara.Validation@3.1.1
#addin nuget:?package=Stratara.Validation&version=3.1.1
#tool nuget:?package=Stratara.Validation&version=3.1.1
Stratara.Validation
License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.
Vendor-neutral request validation for Stratara's CQRS pipeline. A mediator pipeline behavior
runs your IValidator<T> implementations before the handler and throws an aggregated
StrataraValidationException when validation fails — no third-party validation dependency in
the default path.
Quick start
// 1. Register the behavior (outermost) + discover validators.
builder.Services
.AddStrataraValidation()
.AddValidatorsFromAssemblyContaining<IAppMarker>();
// 2. Write a validator (the contracts live in Stratara.Abstractions.Validation).
public sealed class CreateOrderValidator : IValidator<CreateOrder>
{
public ValueTask<ValidationResult> ValidateAsync(CreateOrder cmd, CancellationToken ct = default)
=> ValueTask.FromResult(string.IsNullOrWhiteSpace(cmd.CustomerId)
? new ValidationResult([new ValidationFailure(nameof(cmd.CustomerId), "Customer is required.")])
: ValidationResult.Success);
}
// 3. Catch the failure in your global handler and map it to your error model.
catch (StrataraValidationException ex)
{
// ex.Failures -> RFC-7807 ProblemDetails 400, your error codes, etc.
}
How it works
AddStrataraValidation()registersIPipelineBehaviorfor both request shapes (IRequestandIRequest<TResult>). Register it before other behaviors so validation runs outermost — before authorization, auditing, and the handler.- All validators for a request run; their failures are aggregated.
- Severity policy: only
ValidationSeverity.Errorblocks (throwsStrataraValidationException).WarningandInfofailures pass through and are logged.
Contracts
The validation contracts (IValidator<T>, ValidationResult, ValidationFailure,
ValidationSeverity, StrataraValidationException) live in Stratara.Abstractions
(namespace Stratara.Abstractions.Validation) so consumers can implement validators and catch
the exception without referencing this behavior package.
The contract shape is FluentValidation-compatible; an optional
Stratara.Validation.FluentValidation adapter can be shipped to plug FluentValidation
validators into the same pipeline.
Dependencies
Stratara.AbstractionsStratara.MediatorStratara.DiagnosticsMicrosoft.Extensions.DependencyInjection.AbstractionsMicrosoft.Extensions.Logging.Abstractions
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- JetBrains.Annotations (>= 2025.2.4)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.8)
- Stratara.Abstractions (>= 3.1.1)
- Stratara.Diagnostics (>= 3.1.1)
- Stratara.Mediator (>= 3.1.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
### Fixed
- **`FileMasterKeyProvider` now rejects a master KEK that is not exactly 32 bytes at startup.**
The KEK is used directly as an AES-256-GCM key, which accepts only 16/24/32-byte keys. The
provider previously required merely *at least* 32 bytes, so a longer KEK (for example the
48-byte output of `openssl rand -base64 48`, a common HKDF master-key recipe) passed both
construction and the eager `FileKeyStoreStartupProbe`, then threw
`CryptographicException: Specified key is not a valid size for this algorithm` on the **first**
key creation at runtime — defeating the purpose of the boot-time probe. The provider now
validates the decoded length is exactly 32 bytes and fails fast at boot with an actionable
message (`Generate one with: openssl rand -base64 32`). A 32-byte KEK is unaffected.
- **`EnvelopeFileKeyStore` is now safe for multiple processes sharing one store file** (for
example several containers bind-mounting the same host directory). Previously a process only
read the store once at construction, so a data-encryption key created by another process after
startup was invisible (`GetDataEncryptionKeyAsync` returned `null`, breaking decryption), and
two processes creating keys concurrently could overwrite each other's keys or mint colliding
versions for the same scope. Reads now reload from disk on a cache miss (guarded by the file's
last-write time to avoid reload storms), and every mutation serializes through an exclusive
cross-process lock file and re-reads the latest on-disk state before writing. A networked file
system (NFS/SMB) remains unsupported — it guarantees neither atomic rename nor reliable advisory
locks.
### Added
- **`LogEvents.KeyManagement.KeyStoreReloaded` (112_006)** — debug-level event emitted when the
file key store reloads its state from disk to pick up keys written by another process.