Skip to content

cdcavell/AsiBackbone

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

440 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AsiBackbone governance spine icon

AsiBackbone

CI Line Coverage Gate Core Branch Coverage Gate OpenSSF Best Practices Documentation Docs .NET License Security Policy GitHub Release Zenodo DOI

Accountable Systems Infrastructure for governed .NET decision flow.

AI may provide the intellect. AsiBackbone provides the accountable spine.


The practical problem

Most software can tell you what happened. Far less can show that an action was evaluated before it executed: which rules shaped the decision, which policy version applied, whether acknowledgment was required, how follow-on authority was scoped, and where the host took responsibility for execution.

AsiBackbone is a .NET package family for that decision boundary. It helps a host application build safe policy context, evaluate constraints, return a structured decision, preserve a decision receipt, optionally scope continuation, and then let the host decide whether and how to execute.

In this software project, ASI means Accountable Systems Infrastructure.

Implementation-first mental model

A normal API adoption path looks like this:

HTTP request
  -> host builds safe evaluation context
  -> host-owned rules evaluate the request
  -> AsiBackbone returns a GovernanceDecision
  -> host writes audit residue / decision receipt
  -> host continues only when decision.CanProceed is true

Use plain engineering translations first:

Project term Practical meaning
Governance spine Policy decision pipeline around consequential operations.
Audit residue Decision receipt or audit-log payload.
Acknowledgment handshake Confirmation workflow before a risky operation.
Capability grant Short-lived scoped permission.
Governance outbox Durable outbox pattern for governance events.
OpenTelemetry projection Optional traces/metrics projection after local records exist.
Host-owned execution boundary The application code that performs or refuses the protected operation.

First code path

The snippet below is an intentionally small README slice, not a complete Program.cs. It shows the primary governance path: build safe context, evaluate policy, write audit residue, and let the host execute only after the decision allows it. The full compile-ready walkthrough lives in First 15 Minutes: Standard API Gating.

// Registration: Core evaluator + one host-owned rule + local in-memory audit sink.
builder.Services.AddAsiBackboneAspNetCore();
builder.Services.AddSingleton<InMemoryAuditLedger>();
builder.Services.AddSingleton<IAsiBackboneAuditSink>(sp =>
    sp.GetRequiredService<InMemoryAuditLedger>());
builder.Services.AddSingleton<IAsiBackboneConstraint<AsiBackboneConstraintEvaluationContext>, AllowedRegionConstraint>();
builder.Services.AddSingleton<IAsiBackbonePolicyEvaluator<AsiBackboneConstraintEvaluationContext>>(sp =>
    new DefaultAsiBackbonePolicyEvaluator<AsiBackboneConstraintEvaluationContext>(
        sp.GetServices<IAsiBackboneConstraint<AsiBackboneConstraintEvaluationContext>>(),
        decisionPolicy: null,
        options: new AsiBackbonePolicyEvaluatorOptions()));

app.MapPost("/api/orders/{region}/approve", async (
    string region,
    HttpContext httpContext,
    IAsiBackbonePolicyEvaluator<AsiBackboneConstraintEvaluationContext> evaluator,
    IAsiBackboneAuditSink auditSink,
    CancellationToken cancellationToken) =>
{
    var metadata = new Dictionary<string, string>(StringComparer.Ordinal)
    {
        ["operation"] = "orders.approve",
        ["region"] = region,
        ["risk"] = "routine-api-write"
    };

    var context = new AsiBackboneConstraintEvaluationContext(
        correlationId: httpContext.TraceIdentifier,
        policyVersion: "policy-v1",
        policyHash: "policy-hash-v1",
        metadata: metadata);

    GovernanceDecision decision = await evaluator.EvaluateAsync(context, cancellationToken);

    AuditResidue residue = AuditResidue.FromDecision(
        AsiBackboneActorContext.Human("example-user", "Example User"),
        operationName: "orders.approve",
        decision,
        metadata: context.Metadata);

    await auditSink.WriteAsync(residue, cancellationToken);
    if (!decision.CanProceed)
    {
        return Results.Json(new
        {
            allowed = false,
            decision = decision.Outcome.ToString(),
            decision.ReasonCodes,
            auditEventId = residue.EventId
        }, statusCode: StatusCodes.Status403Forbidden);
    }

    // Host-owned execution starts here. AsiBackbone does not approve the order itself.
    return Results.Ok(new
    {
        allowed = true,
        message = "Host order approval would run after this governance decision.",
        auditEventId = residue.EventId
    });
});

The 3.x evaluator defaults are intentionally fail-closed for governed surfaces: empty policy structures deny, eligible ordinary constraint exceptions deny with asibackbone.policy.constraint_exception, and threat-contributor exceptions deny. Set TreatConstraintExceptionAsDenial = false only when a host intentionally wants fail-fast exception propagation through its own exception, transaction, retry, telemetry, or incident-response boundary.

For production-style hosts, add durable audit/outbox persistence, signing or verification, DLP/classification, provider emission, and operational monitoring only where the host has explicitly chosen and configured those boundaries.

Package family

Stable 3.0.x package family. 3.0.1 is the current patch release. The package family carries forward the governance-spine surface with builder-facade, analyzer, OpenTelemetry, signing-provider, testing-harness, template package, endpoint diagnostics, endpoint reduced metadata mode, metadata budget guardrails, constraint-exception denial behavior, empty-policy warning diagnostics, managed-key fail-closed defaults, threat-model contributor hooks, strict governance profile helpers, EF Core JSON metadata storage guidance, policy-input hardening, production placeholder guardrails, samples, Source Link metadata, package SBOM/provenance artifacts, BenchmarkDotNet allocation baselines, benchmark guidance, custom decision-policy examples, and documentation-alignment surfaces.

The historical 3.0.0 release established the current major release line and binary assembly identity while preserving the simplified AsiBackbone.* package IDs and namespaces established by 2.0.0.

Package Role
AsiBackbone.Core Framework-neutral governance primitives: decisions, constraints, threat-model contributor hooks, acknowledgments, audit residue, lifecycle events, capability-token abstractions, durable outbox contracts, provider-neutral emission contracts, DLP/classification policy primitives, signing-ready metadata, canonical hashing/signing seams, verification-policy primitives, policy evaluator options, metadata budget helpers, and builder-style audit residue construction.
AsiBackbone.DependencyInjection Explicit AddAsiBackbone(...) builder facade for coordinating host-selected provider registrations without making Core own infrastructure.
AsiBackbone.Storage.InMemory Non-durable in-memory storage helpers for tests, samples, local validation, lifecycle events, and outbox proof paths.
AsiBackbone.EntityFrameworkCore EF Core model configuration and host-owned persistence for audit ledger, acknowledgments, lifecycle events, JSON metadata storage, and governance outbox records.
AsiBackbone.AspNetCore ASP.NET Core host adapters for actor context, request correlation, audit enrichment, HTTP result mapping, acknowledgment challenge flows, endpoint governance, endpoint metadata mode, strict-governance profile helpers, endpoint fast-abort metadata, and hosted outbox drain integration.
AsiBackbone.Testing Test-only harness helpers for deterministic endpoint governance, policy results, capability validation, in-memory audit inspection, non-durable outbox storage, and no-signature signing seams.
AsiBackbone.Templates dotnet new templates for generating governed ASP.NET Core host scaffolds with endpoint governance, sample policies, local in-memory audit inspection, analyzers, and README guidance.
AsiBackbone.Analyzers Roslyn analyzer safety rails for governance persistence and continuation flows.
AsiBackbone.OpenTelemetry Released OpenTelemetry governance emission provider that projects provider-neutral envelopes into .NET diagnostics.
AsiBackbone.Signing.LocalDevelopment Local-development signing and verification for tests, samples, and wiring proof paths only. Not for production key custody.
AsiBackbone.Signing.ManagedKey Provider-neutral managed-key signing adapter boundary. The host supplies the actual managed-key client, credentials, key operations, verification path, monitoring, and operational policy. Production-oriented registration fails closed by default when signing cannot complete.

Runtime governance-residue signing remains provider-neutral through AsiBackbone.Signing.ManagedKey. AsiBackbone does not ship first-party Azure Key Vault, AWS KMS, GCP Cloud KMS, HSM, certificate-store, enterprise KMS, or production-style signing sample-host implementations. Future Event Hubs, Purview, gateway, robotics, immutable-storage, or other non-signing provider packages are not part of the stable contract unless separately reviewed and released.

Supported target framework

Stable 3.0.x packages intentionally target net10.0. Consumers should plan on a .NET 10 SDK/runtime or later for the current package line.

The project is not multi-targeting .NET 8 for 3.0.x. That is an explicit adoption decision, not a defect workaround. The current package family uses a single repository-wide TargetFramework of net10.0, the EF Core integration is aligned with centrally managed EF Core 10.0.x dependencies, and backporting the full package, analyzer, template, CI, packaging, and smoke-test surface would add compatibility overhead for a short-lived adoption window.

If meaningful external consumer demand appears, additional TFM support can be reconsidered in a later release with CI, packaging validation, analyzer compatibility, template smoke tests, and documentation updated together. See the Target Framework Support Decision Record.

Start here

For implementation-first adoption:

For optional conceptual background:

The full, categorized documentation set lives at the documentation site.

Current status

Stable 3.0.x is the current released line, with 3.0.1 as the current patch release. This release preserves the simplified AsiBackbone.* package and namespace identity.

The historical 3.0.0 release remains the major-line baseline, preserving the package and namespace identity established by 2.0.0 and the binary assembly identity 3.0.0.0.

The stable API contract is documented in API Compatibility and SemVer. The current patch is recorded in 3.0.1 Release Notes and 3.0.1 Release Readiness Record. Consumers can use the 3.0.1 Consumer Verification Guide for package-source, package ID, Source Link, SBOM, provenance, and deferred-signing checks. The 3.0.0 major-release records and earlier 1.x and 2.x release notes remain available for historical traceability.

Security and vulnerability reporting

Please report sensitive concerns through the repository Security Policy.

Relationship to NetCoreApplicationTemplate

NetCoreApplicationTemplate may be used as a preferred host baseline during development and validation, but AsiBackbone does not require it.

NetCoreApplicationTemplate = preferred host baseline
AsiBackbone               = optional governance/module package family
Consumer application      = chooses whether to use either or both

A consumer should be able to use AsiBackbone in an application generated from NetCoreApplicationTemplate, in an existing ASP.NET Core application, or in a custom host that provides the required infrastructure. See NetCoreApplicationTemplate Host Validation.

Alignment boundary

AsiBackbone is a governance spine, not an intelligence engine. It implements governance-oriented software primitives for accountable decision flow and keeps execution authority with the host application. See Project Boundaries and Non-Claims for the full scope statement and safe wording guidance.

Current NuGet packages are intentionally published without package signing. This is a deliberate governance decision while the project is independently maintained, balancing operational complexity against practical value. Instead, the project emphasizes transparent source code, GitHub releases, Source Link, SBOM generation, and package provenance. Package signing remains on the long-term roadmap and will be reconsidered as the project's community, governance, and operational needs evolve. For current package verification guidance, see the 3.0.1 Consumer Verification Guide.

Design principles

  • Keep Core small.
  • Keep Core dependency-light.
  • Avoid hidden host assumptions.
  • Prefer explicit integration over magic.
  • Let the host own infrastructure.

About

AsiBackbone is a .NET package-family project providing framework-neutral governance primitives for consequential software decision flow, including actor context, constraint evaluation, governance decisions, audit residue, and acknowledgment handshakes.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors