Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
3f1e35f
Replace stale About licensing and version wording
masarray Jul 17, 2026
684e64f
test content support
masarray Jul 17, 2026
a94b71d
Stage release integrity patch chunk 00
masarray Jul 17, 2026
0dc8294
Stage release integrity patch chunk 01
masarray Jul 17, 2026
1de43a9
Stage release integrity patch chunk 02
masarray Jul 17, 2026
bb9c803
Stage release integrity patch chunk 03
masarray Jul 17, 2026
e7da89e
Stage release integrity patch chunk 05
masarray Jul 17, 2026
5067e44
Stage release integrity patch chunk 06
masarray Jul 17, 2026
e65bc5c
Stage release integrity patch chunk 07
masarray Jul 17, 2026
5829cdd
Stage release integrity patch chunk 08
masarray Jul 17, 2026
6c977ab
Stage release integrity patch chunk 09
masarray Jul 17, 2026
e295abe
Bind About dialog to build identity and legal resources
masarray Jul 17, 2026
1a5af42
Define the commercial licensor and agreement boundary
masarray Jul 17, 2026
aa59ea7
Version the contributor license agreement and acceptance record
masarray Jul 17, 2026
13132c2
Clarify post-transition release licensing in NOTICE
masarray Jul 17, 2026
34817e5
Harden source, package, and historical license boundaries
masarray Jul 17, 2026
d0a5c06
Expand third-party runtime, web asset, and SBOM notices
masarray Jul 17, 2026
1b5dfb3
Document provenance and redistribution boundaries for public assets
masarray Jul 17, 2026
dd60f44
Add deterministic GPL release-document generation
masarray Jul 17, 2026
51616fe
Add public wording and release-document validation
masarray Jul 17, 2026
3aa6859
Update issue intake for post-transition releases and sanitized evidence
masarray Jul 17, 2026
69f09bc
Validate generated PDFs and public licensing in CI
masarray Jul 17, 2026
07e2d2a
Add one-time release-integrity materialization workflow
masarray Jul 17, 2026
9c770fc
Regenerate GPL release documents and remove staging files
Jul 17, 2026
602f02f
Enforce versioned CLA, DCO, and release-integrity review
masarray Jul 17, 2026
429599f
Add versioned CLA and DCO validation
masarray Jul 17, 2026
254c0bf
Enforce CLA affirmation and DCO sign-off on pull requests
masarray Jul 17, 2026
6bd1ba2
Validate Pages on pull requests and smoke-test GPL deployment
masarray Jul 17, 2026
f6cd548
Generate deterministic CycloneDX release SBOM
masarray Jul 17, 2026
6a8276c
Add source offer, SBOM, build identity, and optional signing to packages
masarray Jul 17, 2026
1aaec87
Verify package source, SBOM, PDF, binary, and signing integrity
masarray Jul 17, 2026
dfd0f16
Build source-bound GPL candidates with SBOM evidence
masarray Jul 17, 2026
343c486
Require signed, attested, source-bound public releases
masarray Jul 17, 2026
b6da7ba
Enforce release integrity, governance, provenance, and public wording
masarray Jul 17, 2026
66491f5
Align security scope with the receive-only protocol surface
masarray Jul 17, 2026
70a0c6f
Document versioned CLA, DCO, asset, and release-integrity requirements
masarray Jul 17, 2026
7247461
Pin CodeQL and build actions to reviewed revisions
masarray Jul 17, 2026
d055ec1
Pin dependency-audit workflow dependencies
masarray Jul 17, 2026
1a02665
Add one-time deterministic PDF finalization workflow
masarray Jul 17, 2026
4082dbd
Add repeatable branch, tag, and ruleset governance configuration
masarray Jul 17, 2026
b55a8e7
Document signed source-bound beta release requirements
masarray Jul 17, 2026
0b20e68
Add one-time branch squashing workflow
masarray Jul 17, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: Bug report
description: Report a reproducible runtime, protocol, UI, replay, documentation, security-adjacent, or packaging defect.
title: "[Bug]: "
labels: [bug, triage]
body:
- type: markdown
attributes:
value: |
Thank you. Remove customer, employer, station, device, credential, MAC/IP, capture, screenshot, SCL, and project-sensitive information before submitting public evidence. Security vulnerabilities belong in a private security advisory.
- type: input
id: version
attributes:
label: Process Bus Insight version
description: Use the About dialog version and build commit, or provide the exact source commit.
placeholder: 1.4.0-beta.2; commit abcdef123456
validations:
required: true
- type: dropdown
id: area
attributes:
label: Area
options:
- SV analyzer / waveform / phasor
- PCAP replay / runtime snapshot
- GOOSE inspector
- PTP / timing context
- SCL validation
- Capture / Npcap / adapter
- About / licensing / legal notices
- Packaging / source offer / SBOM / checksum
- Documentation / website
- Other
validations:
required: true
- type: input
id: environment
attributes:
label: Environment
description: Windows version, Npcap version, adapter type, and authorized capture/replay path.
placeholder: Windows 11 x64; Npcap 1.x; Intel NIC via TAP or sanitized PCAP replay
validations:
required: true
- type: textarea
id: reproduce
attributes:
label: Reproduction steps
placeholder: |
1. Start capture or replay...
2. Select stream...
3. Change publisher setting or replay the sanitized file...
validations:
required: true
- type: textarea
id: expected
attributes:
label: Expected behavior
validations:
required: true
- type: textarea
id: actual
attributes:
label: Actual behavior
validations:
required: true
- type: textarea
id: evidence
attributes:
label: Sanitized evidence
description: Minimal screenshots, logs, SCL excerpt, package manifest, or PCAP. State whether evidence is synthetic, contributor-owned, or documented as authorized and sanitized.
- type: checkboxes
id: checks
attributes:
label: Required checks
options:
- label: I removed customer, employer, station, credential, private address inventory, device, and project-sensitive information.
required: true
- label: I have the legal right to share every attached artifact.
required: true
- label: I searched existing issues first.
required: true
11 changes: 6 additions & 5 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## Engineering intent

Describe the FAT/SAT, commissioning, interoperability, troubleshooting, or repository-quality problem addressed by this change.
Describe the FAT/SAT, commissioning, interoperability, troubleshooting, legal, documentation, or repository-quality problem addressed by this change.

## What changed

Expand All @@ -12,9 +12,10 @@ Describe the FAT/SAT, commissioning, interoperability, troubleshooting, or repos
- [ ] `dotnet build .\ProcessBusSuite.sln -c Release --no-restore`
- [ ] `dotnet test .\ProcessBusSuite.sln -c Release --no-build`
- [ ] `pwsh .\scripts\repository-health.ps1`
- [ ] `python .\scripts\generate-release-pdfs.py --check`
- [ ] Runtime smoke test on Windows, when runtime behavior changed
- [ ] Documentation/screenshots updated when user-visible behavior or claims changed
- [ ] Portable package verification completed when packaging or legal content changed
- [ ] Portable package, SOURCE.md, SBOM, checksum, and binary wording verification completed when packaging or legal content changed

## Product, claim, and evidence boundary

Expand All @@ -23,17 +24,17 @@ Describe the FAT/SAT, commissioning, interoperability, troubleshooting, or repos
- [ ] Expected configuration, observed traffic, software interpretation, and external-device behavior remain distinct
- [ ] No claim implies formal conformance, calibration, deterministic timing, functional safety, cybersecurity approval, universal interoperability, switching authority, or IED acceptance proof
- [ ] No customer, employer, station, device, credential, MAC/IP, capture, SCL, or project-sensitive data is included
- [ ] Any fixture or screenshot is synthetic, contributor-owned, or documented as authorized and sanitized
- [ ] Any fixture, screenshot, logo, icon, font, or image is synthetic, contributor-owned, or documented as authorized and sanitized
- [ ] No unrelated proprietary code, tests, wording, screenshot, report, asset, or UI design was copied or mechanically translated
- [ ] No `bin`, `obj`, `artifacts`, logs, captures, or local settings are committed

## Contribution licensing

- [ ] I have read and affirmatively accept `CONTRIBUTOR-LICENSE-AGREEMENT.md`
- [ ] I have read and affirmatively accept CONTRIBUTOR-LICENSE-AGREEMENT.md (CLA Version 1.0, effective 2026-07-17)
- [ ] I have the legal right and any required employer or organizational authorization to submit this contribution
- [ ] Every commit includes `Signed-off-by: Name <email>` under the DCO
- [ ] Any third-party material is identified with its license and provenance

## Compatibility / migration notes

None, or describe them here.
None, or describe them here.
91 changes: 58 additions & 33 deletions .github/workflows/candidate-package.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,17 @@ on:
- "TRADEMARK.md"
- "THIRD_PARTY_NOTICES.md"
- "docs/LICENSING.md"
- "docs/ASSET_PROVENANCE.md"
- "docs/QUICK_START.pdf"
- "docs/USER_MANUAL.pdf"
- "src/**"
- "tests/**"
- "scripts/publish-windows-portable.ps1"
- "scripts/verify-release-package.ps1"
- "scripts/generate-release-pdfs.py"
- "scripts/generate-sbom.ps1"
- "scripts/repository-health.ps1"
- "scripts/validate-public-content.py"
- "docs/RELEASE_NOTES_v*.md"
- ".github/workflows/candidate-package.yml"
- ".github/workflows/release-package.yml"
Expand All @@ -36,83 +42,102 @@ env:
jobs:
candidate:
name: Build verified Windows x64 candidate
if: github.event_name == 'workflow_dispatch' || startsWith(github.head_ref, 'stabilization/') || startsWith(github.head_ref, 'architecture/') || startsWith(github.head_ref, 'legal/')
runs-on: windows-latest
timeout-minutes: 35
if: github.event_name == 'workflow_dispatch' || startsWith(github.head_ref, 'stabilization/') || startsWith(github.head_ref, 'architecture/') || startsWith(github.head_ref, 'legal/') || startsWith(github.head_ref, 'hardening/')
runs-on: windows-2025
timeout-minutes: 40

steps:
- name: Checkout
uses: actions/checkout@v4
- name: Checkout tested ref
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: 0

- name: Setup .NET
uses: actions/setup-dotnet@v5
uses: actions/setup-dotnet@26b0ec14cb23fa6904739307f278c14f94c95bf1 # v5
with:
dotnet-version: 8.0.x
dotnet-version: 8.0.4xx

- name: Resolve repository version
id: version
- name: Install document validation dependencies
run: python -m pip install --disable-pip-version-check reportlab==4.4.9 pypdf==6.4.1

- name: Resolve build identity
id: identity
shell: pwsh
run: |
[xml]$props = Get-Content .\Directory.Build.props -Raw
$prefixNode = $props.SelectSingleNode('/Project/PropertyGroup/VersionPrefix')
$prefix = $props.SelectSingleNode('/Project/PropertyGroup/VersionPrefix').InnerText.Trim()
$suffixNode = $props.SelectSingleNode('/Project/PropertyGroup/VersionSuffix')
if ($null -eq $prefixNode) { throw 'VersionPrefix is missing.' }
$prefix = $prefixNode.InnerText.Trim()
$suffix = if ($null -eq $suffixNode) { '' } else { $suffixNode.InnerText.Trim() }
$version = if ([string]::IsNullOrWhiteSpace($suffix)) { $prefix } else { "$prefix-$suffix" }
if ([string]::IsNullOrWhiteSpace($version)) { throw 'Unable to resolve repository version.' }
"value=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8
Write-Host "Candidate version: $version"
$builtCommit = (git rev-parse HEAD).Trim()
$sourceHead = if ('${{ github.event_name }}' -eq 'pull_request') { '${{ github.event.pull_request.head.sha }}' } else { $builtCommit }
$testedMerge = $builtCommit
$sourceRef = if ('${{ github.event_name }}' -eq 'pull_request') { '${{ github.head_ref }}' } else { '${{ github.ref_name }}' }
"version=$version" | Out-File $env:GITHUB_OUTPUT -Append -Encoding utf8
"built_commit=$builtCommit" | Out-File $env:GITHUB_OUTPUT -Append -Encoding utf8
"source_head=$sourceHead" | Out-File $env:GITHUB_OUTPUT -Append -Encoding utf8
"tested_merge=$testedMerge" | Out-File $env:GITHUB_OUTPUT -Append -Encoding utf8
"source_ref=$sourceRef" | Out-File $env:GITHUB_OUTPUT -Append -Encoding utf8

- name: Verify generated PDFs and public wording
run: |
python .\scripts\generate-release-pdfs.py --check
python .\scripts\validate-public-content.py

- name: Repository health gate
shell: pwsh
run: .\scripts\repository-health.ps1 -ExpectedVersion '${{ steps.version.outputs.value }}'

- name: Restore
run: dotnet restore .\ProcessBusSuite.sln
run: .\scripts\repository-health.ps1 -ExpectedVersion '${{ steps.identity.outputs.version }}'

- name: Build
run: dotnet build .\ProcessBusSuite.sln -c Release --no-restore /p:ContinuousIntegrationBuild=true

- name: Test
run: dotnet test .\ProcessBusSuite.sln -c Release --no-build --logger "trx;LogFileName=candidate-tests.trx" --results-directory .\TestResults
- name: Restore, build, and test
shell: pwsh
run: |
dotnet restore .\ProcessBusSuite.sln
dotnet build .\ProcessBusSuite.sln -c Release --no-restore /p:ContinuousIntegrationBuild=true
dotnet test .\ProcessBusSuite.sln -c Release --no-build --logger "trx;LogFileName=candidate-tests.trx" --results-directory .\TestResults

- name: Publish portable package
shell: pwsh
run: .\scripts\publish-windows-portable.ps1 -Version '${{ steps.version.outputs.value }}' -Configuration Release -Runtime win-x64
env:
SOURCE_HEAD_COMMIT: ${{ steps.identity.outputs.source_head }}
TESTED_MERGE_COMMIT: ${{ steps.identity.outputs.tested_merge }}
SOURCE_REF: ${{ steps.identity.outputs.source_ref }}
run: .\scripts\publish-windows-portable.ps1 -Version '${{ steps.identity.outputs.version }}' -Configuration Release -Runtime win-x64

- name: Verify portable package
shell: pwsh
run: |
$zip = ".\artifacts\release\ProcessBusInsight-v${{ steps.version.outputs.value }}-win-x64-portable.zip"
.\scripts\verify-release-package.ps1 -PackageZip $zip
$zip = ".\artifacts\release\ProcessBusInsight-v${{ steps.identity.outputs.version }}-win-x64-portable.zip"
.\scripts\verify-release-package.ps1 -PackageZip $zip -ExpectedVersion '${{ steps.identity.outputs.version }}'

- name: Create candidate manifest
shell: pwsh
run: |
$manifest = [ordered]@{
product = 'Process Bus Insight'
version = '${{ steps.version.outputs.value }}'
version = '${{ steps.identity.outputs.version }}'
candidate = $true
commit = '${{ github.event.pull_request.head.sha || github.sha }}'
sourceRef = '${{ github.head_ref || github.ref_name }}'
builtCommit = '${{ steps.identity.outputs.built_commit }}'
sourceHeadCommit = '${{ steps.identity.outputs.source_head }}'
testedMergeCommit = '${{ steps.identity.outputs.tested_merge }}'
sourceRef = '${{ steps.identity.outputs.source_ref }}'
runtime = 'win-x64'
framework = 'net8.0-windows'
communityLicense = 'GPL-3.0-or-later'
historicalBoundary = '85d43a0fe58a5888a9e8008c168ab76d2333ea87'
signatureRequired = $false
timestampUtc = (Get-Date).ToUniversalTime().ToString('o')
}
$manifest | ConvertTo-Json | Set-Content .\artifacts\release\candidate-manifest.json -Encoding utf8

- name: Upload verified candidate
uses: actions/upload-artifact@v7
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: ProcessBusInsight-v${{ steps.version.outputs.value }}-win-x64-candidate-${{ github.run_number }}
name: ProcessBusInsight-v${{ steps.identity.outputs.version }}-win-x64-candidate-${{ github.run_number }}
path: |
artifacts/release/ProcessBusInsight-v${{ steps.version.outputs.value }}-win-x64-portable.zip
artifacts/release/ProcessBusInsight-v${{ steps.identity.outputs.version }}-win-x64-portable.zip
artifacts/release/SHA256SUMS.txt
artifacts/release/SOURCE.md
artifacts/release/ProcessBusInsight-SBOM.cdx.json
artifacts/release/candidate-manifest.json
TestResults/**
if-no-files-found: error
Expand Down
25 changes: 18 additions & 7 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,29 @@ env:

jobs:
build-test:
name: Build, test, and repository health
runs-on: windows-latest
timeout-minutes: 25
name: Build, test, documents, and repository health
runs-on: windows-2025
timeout-minutes: 30

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: 0

- name: Setup .NET
uses: actions/setup-dotnet@v5
uses: actions/setup-dotnet@26b0ec14cb23fa6904739307f278c14f94c95bf1 # v5
with:
dotnet-version: 8.0.x
dotnet-version: 8.0.4xx

- name: Install deterministic document dependencies
run: python -m pip install --disable-pip-version-check reportlab==4.4.9 pypdf==6.4.1

- name: Verify generated release PDFs
run: python .\scripts\generate-release-pdfs.py --check

- name: Validate public licensing and wording
run: python .\scripts\validate-public-content.py

- name: Repository health gate
shell: pwsh
Expand All @@ -54,7 +65,7 @@ jobs:

- name: Upload test evidence
if: always()
uses: actions/upload-artifact@v7
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: test-evidence-${{ github.run_id }}
path: TestResults/**
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,20 +25,20 @@ env:
jobs:
analyze:
name: Analyze C#
runs-on: windows-latest
runs-on: windows-2025
timeout-minutes: 35

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7

- name: Setup .NET
uses: actions/setup-dotnet@v5
uses: actions/setup-dotnet@26b0ec14cb23fa6904739307f278c14f94c95bf1 # v5
with:
dotnet-version: 8.0.x
dotnet-version: 8.0.4xx

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
with:
languages: csharp
build-mode: manual
Expand All @@ -50,4 +50,4 @@ jobs:
run: dotnet build .\ProcessBusSuite.sln -c Release --no-restore /p:ContinuousIntegrationBuild=true

- name: Analyze
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
28 changes: 28 additions & 0 deletions .github/workflows/contribution-governance.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Contribution governance

on:
pull_request_target:
branches: [main]
types: [opened, synchronize, reopened, edited]

permissions:
contents: read
pull-requests: read

concurrency:
group: contribution-governance-${{ github.event.pull_request.number }}
cancel-in-progress: true

jobs:
cla-dco:
name: CLA affirmation and DCO sign-off
runs-on: ubuntu-24.04
steps:
- name: Checkout trusted default-branch policy
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: main
fetch-depth: 0

- name: Verify pull-request governance
run: python3 scripts/verify-contribution-governance.py
Loading
Loading