CerbiStream.GovernanceAnalyzer 1.1.30

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package CerbiStream.GovernanceAnalyzer --version 1.1.30
                    


                    

                
NuGet\Install-Package CerbiStream.GovernanceAnalyzer -Version 1.1.30
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="CerbiStream.GovernanceAnalyzer" Version="1.1.30" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="CerbiStream.GovernanceAnalyzer" Version="1.1.30" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="CerbiStream.GovernanceAnalyzer" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add CerbiStream.GovernanceAnalyzer --version 1.1.30
                    


                    

                
#r "nuget: CerbiStream.GovernanceAnalyzer, 1.1.30"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#addin nuget:?package=CerbiStream.GovernanceAnalyzer&version=1.1.30
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=CerbiStream.GovernanceAnalyzer&version=1.1.30
                    


                            Install as a Cake Tool

CerbiStream Governance Analyzer

🛡️ What is CerbiStream Governance Analyzer?

A high‑performance Roslyn analyzer that enforces your organisation’s structured‑logging governance rules at build‑time – before code reaches production. It ships with a tiny runtime helper (optional) plus hot‑reloading JSON configs so you can evolve policy without redeploying.

  • Prevents PII leakage and missing telemetry fields.
  • Guarantees encryption settings for sensitive profiles.
  • Emits actionable build errors (CERBI‑IDs) your CI pipeline can fail on.

One package. Zero code changes. Add the NuGet, drop a cerbi_governance.json, hit build.

🧠 For Stakeholders

Cerbi helps your developers log securely, consistently, and in compliance with privacy laws — automatically.

If a developer accidentally logs something they shouldn’t (like an email, password, or ID), Cerbi catches it before the code is deployed. It’s like spellcheck for logs, preventing mistakes before they go live.

Concern Cerbi Helps By...
Security Blocking logs with PII/PHI or insecure data
Compliance (HIPAA/GDPR) Enforcing encryption and structure for audit-readiness
Developer productivity Catching errors early so bugs don’t ship or waste debugging time
Incident response Making logs consistent, complete, and easy to search during outages
CI/CD Integrity Preventing risky changes from merging via automated checks

Cerbi is a seatbelt for your logs: invisible until something goes wrong — and essential when it does.

🚀 Quick‑start

Why build‑time? Catch errors before they ship. Compilation fails fast, blocking merges and eliminating "fix‑it‑in‑prod" hot‑patches.

# inside your project
$ dotnet add package CerbiStream.GovernanceAnalyzer

Place cerbi_governance.json in your repo root (or anywhere – set the path via MSBuild/Env). Example profile:

{
  "EnforcementMode": "Strict",
  "LoggingProfiles": {
    "default": {
      "RequireTopic": true,
      "AllowedTopics": ["Auth","Payments"],
      "FieldSeverities": {
        "userId": "Required",
        "password": "Forbidden"
      },
      "EncryptionSettings": {
        "Mode": "AES",
        "FieldSeverity": "Required"
      }
    }
  }
}

Write logs the usual way. The analyzer handles the rest.

logger.LogInformation(new {
    Topic   = "Auth",        // ✅ whitelisted
    userId  = userId,
});

Missing required field? CERBI001. Wrong topic? CERBI020/021. CI fails – issue caught before merge.

Want even faster logging?

logger.LogInformation("User login ok");

This works too — as long as your governance rules don’t require specific structured fields. We support both!

Note: Logs passed via new {} become structured log fields. Cerbi uses this structure to validate governance rules, like required fields, forbidden fields, and allowed topics. If you use plain text ("string only"), governance validation is skipped — use only when you don’t need governance enforcement.

✅ Real-world Usage Examples

1. Implicit (no attributes)

logger.LogInformation(new {
    Topic = "Payments",
    userId = userId,
    email = "demo@domain.com"
});

Works out-of-the-box. The analyzer validates against the default profile.

2. Using [CerbiTopic("...")] to set topic for class

using CerbiStream.Governance;

[CerbiTopic("Auth")]
public class LoginService
{
    private readonly ILogger<LoginService> _logger;

    public void Login(Guid userId)
    {
        _logger.LogInformation(new { userId }); // Topic inferred = "Auth"
    }
}

3. Relax() for incident/triage bypass

logger.Relax().LogWarning(new {
    Topic = "Auth",
    rawPayload = "{ data }"
});

Triggers CERBI000. Allowed only if AllowRelax: true.

4. Override topic at log-site

[CerbiTopic("Users")]
public class AccountController
{
    public void Reset()
    {
        _logger.LogInformation(new {
            Topic = "Users:Reset",
            userId,
            reason
        });
    }
}

5. Optional runtime validation (for tests / API gateways)

var result = GovernanceHelper.TryValidate("Payments", logDict, out var errors);

6. Incorrect usage (will fail build)

logger.LogInformation("hello world");           // CERBI021 – missing Topic
logger.LogInformation(new { Topic = "XYZ" });   // CERBI020 – invalid topic

✨ Feature Matrix

Area Build‑time Runtime*
Required / Forbidden fields
Type & Enum validation
Encryption mode match
Topic governance (RequireTopic, AllowedTopics)
Relaxation flag (logger.Relax() or GovernanceRelaxed=true) ✅ CERBI000/007 ✅ (skips other checks)

*Runtime checks live in GovernanceHelper.TryValidate() – optional for API‑level validation/tests.

🖇️ Topic Governance

Cerbi lets you declare a default topic once per class (or file) so individual calls stay clean.

using CerbiStream.Governance;

[CerbiTopic("Auth")]
public class LoginController
{
    private readonly ILogger<LoginController> _log;

    public void SignIn(Guid userId)
    {
        _log.LogInformation(new { userId }); // Topic inferred = "Auth"
    }
}

Need to override inside a specific method? just add the property:

_log.LogInformation(new { Topic = "Auth:Reset", userId, reason });
Profile knob Effect
RequireTopic: true Every log must supply a Topic → CERBI021 if absent.
AllowedTopics Whitelist. Topic outside list → CERBI020.
DefaultTopic Used when dev omits Topic (still checked against whitelist).

📄 Diagnostics Cheat‑sheet

ID Meaning Severity
CERBI000 Governance relaxed (allowed) Info
CERBI001 Required field missing Error
CERBI002 Forbidden field present Error
CERBI007 Relaxation not allowed Error
CERBI020 Unknown topic Error
CERBI021 Topic missing Error
CERBI999 No default profile in JSON Info

All IDs use the CERBI‑prefix so you can filter easily in IDEs & pipelines.

🔌 Extensibility

  • Plugin interface (ICustomGovernancePlugin) – add bespoke rules (e.g., team‑id in prod, audit score).
  • Live reload – JSON file watcher reloads policy without restarting.

🏆 Scoring (Phase 2 sneak‑peek)

Every violation will soon emit an impact score (0‑10). CI can fail on cumulative risk, not just presence of errors. Build output will include a summary table:

CERBI tally   :  4 errors   1 warning   26 score
Gate threshold: <=30  ✅ pass

Scoring is runtime‑friendly too—serialised as GovernanceScore for SIEM dashboards.

📚 Further reading

📦 Packaging & CI

Artifact Where Notes
CerbiStream.GovernanceAnalyzer NuGet Analyzer DLL + sample JSON + schema.
GitHub Action cerbi/ga-action Lints JSON and fails build on CERBI errors.

📢 License & Contact

Secure • Structured • Compliant

CerbiStream Governance Analyzer — © Cerbi LLC 2025

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.34 147 5/18/2025
1.1.33 106 5/18/2025
1.1.32 101 5/17/2025
1.1.31 116 5/17/2025
1.1.30 219 5/15/2025
1.1.29 223 5/15/2025
1.1.28 219 5/15/2025
1.1.27 217 5/15/2025
1.1.25 220 5/15/2025
1.1.24 229 5/13/2025
1.1.23 218 5/13/2025
1.1.22 217 5/13/2025
1.1.21 280 5/12/2025
1.1.10 154 4/29/2025
1.1.9 151 4/29/2025
1.1.8 154 4/24/2025
1.1.7 144 4/24/2025
1.1.6 149 4/24/2025
1.1.5 157 4/24/2025
1.1.4 83 4/19/2025
1.1.0 170 4/18/2025
1.0.5 126 3/28/2025
1.0.4 464 3/26/2025
1.0.3 161 3/23/2025
1.0.2 147 3/20/2025
1.0.1 205 3/19/2025
1.0.0 149 3/19/2025