From c5d7b96a7da5f49918edac00783e5e5bd503b67b Mon Sep 17 00:00:00 2001 From: GitHub Copilot Agent Date: Mon, 16 Feb 2026 08:34:33 +0100 Subject: [PATCH 1/2] docs(doku): DE-Dokumente fuer Sprach-Switch vervollstaendigen --- docs/audit/000_INDEX.MD | 10 +- .../003_SECURITY_ASSERTION_TRACEABILITY.MD | 14 +- docs/audit/009_SUPPLY_CHAIN_BASELINE.MD | 16 +- docs/audit/011_SECURITY_BENCHMARK.MD | 10 +- docs/audit/015_DOC_BILINGUAL_MAPPING.MD | 138 +++++++++--------- docs/ci/001_PIPELINE_CI.MD | 20 +-- docs/governance/001_POLICY_CI.MD | 62 ++++---- docs/governance/002_POLICY_LABELING.MD | 26 ++-- docs/governance/002_POLICY_NAMING_UNIFIED.MD | 50 +++---- docs/governance/003_INDEX_GOVERNANCE.MD | 6 +- docs/governance/003_POLICY_VERSIONING_SVT.MD | 34 ++--- docs/governance/006_INDEX_CI_RULES.MD | 4 +- docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD | 34 ++--- docs/versioning/002_HISTORY_VERSIONS.MD | 48 +++--- 14 files changed, 238 insertions(+), 234 deletions(-) diff --git a/docs/audit/000_INDEX.MD b/docs/audit/000_INDEX.MD index 2494d73..cbe4309 100644 --- a/docs/audit/000_INDEX.MD +++ b/docs/audit/000_INDEX.MD @@ -4,9 +4,9 @@ # Audit-Index -## Zweck und Scope -Zentraler Index fuer Evidence-/Hardening-Dokumente, die Claims aus `SECURITY.md` nachweisbar machen, ohne `SECURITY.md` selbst zu aendern. -Root-Landing-Page fuer Dritte: `SECURITY_ASSURANCE_INDEX.md`. +## Zweck und Geltungsbereich +Zentraler Index fuer Nachweis-/Hardeningsdokumente, die Aussagen aus `SECURITY.md` belegbar machen, ohne `SECURITY.md` selbst zu aendern. +Zentrale Einstiegsseite fuer Dritte: `SECURITY_ASSURANCE_INDEX.md`. ## Dokumente - `docs/audit/000_HASHING_BASELINE.MD` @@ -25,7 +25,7 @@ Root-Landing-Page fuer Dritte: `SECURITY_ASSURANCE_INDEX.md`. - `docs/audit/013_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` - `docs/audit/014_EVIDENCE_REPORT_ISSUE_67.MD` -## Maschinelle Evidence +## Maschinelle Nachweise - `artifacts/ci/security-claims-evidence/` - `artifacts/ci/code-analysis-evidence/` - `artifacts/audit/code_inventory.json` @@ -44,7 +44,7 @@ python3 tools/check-docs.py bash tools/versioning/verify-version-convergence.sh ``` -## Externe Assurance +## Externe Nachweise - OpenSSF Scorecard Workflow: `.github/workflows/scorecard.yml` - Artifact Attestations im Release-Workflow: `.github/workflows/release.yml` - Deep Analysis Evidence Workflow: `.github/workflows/code-analysis-evidence.yml` diff --git a/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD b/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD index ddfff74..fcd3c24 100644 --- a/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD +++ b/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD @@ -2,12 +2,12 @@ [DE](003_SECURITY_ASSERTION_TRACEABILITY.MD) | [EN](103_SECURITY_ASSERTION_TRACEABILITY.MD) -# Traceability: Security-Claims (SECURITY.md) +# Rueckverfolgbarkeit: Sicherheitsaussagen (SECURITY.md) -## Zweck und Scope -Mapping von Claims in `SECURITY.md` auf Evidence-Quellen und Verifikationskommandos. +## Zweck und Geltungsbereich +Abbildung von Aussagen in `SECURITY.md` auf Nachweisquellen und Verifikationskommandos. -| Claim ID | SECURITY-Anker | Claim-Zusammenfassung | Evidence-Quelle | Verifikationskommando | Pass-Kriterium | Blocker | +| Claim ID | SECURITY-Anker | Claim-Zusammenfassung | Nachweisquelle | Verifikationskommando | Pass-Kriterium | Blocker | |---|---|---|---|---|---|---| | SEC-CLAIM-001 | 2. Unterstuetzte Versionen | Security-Support ist an Major 5 gebunden | `src/FileTypeDetection/FileTypeDetectionLib.vbproj` | `sed -n 's:.*\([^<]*\).*:\1:p' src/FileTypeDetection/FileTypeDetectionLib.vbproj` | Version-Major ist `5` | yes | | SEC-CLAIM-002 | 3. Meldung | Private Vulnerability Reporting ist aktiv | GitHub API `private-vulnerability-reporting` | `gh api "repos/$REPO/private-vulnerability-reporting"` | `.enabled == true` | yes | @@ -26,10 +26,10 @@ Mapping von Claims in `SECURITY.md` auf Evidence-Quellen und Verifikationskomman | SEC-CLAIM-015 | 1. Zweck/Geltungsbereich | ISO/IEC 29147 und 30111 Orientierung ist dokumentiert | Policy + Roadmap-Dokus | `rg -n "29147|30111" SECURITY.md docs/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | Referenzen vorhanden (ohne Zertifizierungsclaim) | report-only | | SEC-CLAIM-016 | 9. Zertifizierungsgrenze | Es wird keine formale Produkt-Zertifizierung behauptet | `SECURITY.md` Section 9 | `rg -n "keine.*Zertifizierung|kein.*Rechtsgutachten" SECURITY.md` | expliziter Non-Claim vorhanden | yes | -## Full-Coverage-Hinweis -Claims, die normative Prozess-Statements sind (Policy-Intent), werden als `report-only` klassifiziert, solange sie nicht in deterministische Machine-Checks ueberfuehrt werden koennen. +## Vollstaendigkeits-Hinweis +Claims, die normative Prozessaussagen sind (Policy-Intent), werden als `report-only` klassifiziert, solange sie nicht in deterministische maschinelle Checks ueberfuehrt werden koennen. -## CI-Claim-Mapping +## CI-Claim-Abbildung Das Verifikationsscript verwendet `CI-SEC-CLAIM-*` Rule-IDs. Mapping auf normative Claims: - `CI-SEC-CLAIM-001` -> `SEC-CLAIM-002` (Repository/Reporting-Context ist aufloesbar) - `CI-SEC-CLAIM-002` -> `SEC-CLAIM-001` (Supported-Major-Version-Claim) diff --git a/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD b/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD index 86bfa56..d163475 100644 --- a/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD +++ b/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD @@ -2,12 +2,12 @@ [DE](009_SUPPLY_CHAIN_BASELINE.MD) | [EN](109_SUPPLY_CHAIN_BASELINE.MD) -# Supply-Chain-Baseline +# Supply-Chain-Basislinie ## 1. Ziel Minimum an reproduzierbaren Kontrollen fuer Source-to-Package-Integritaet in diesem Repository definieren. -## 2. Control-Baseline +## 2. Kontroll-Basislinie - S1 Source-Integritaet: - Branch-Protections und Required Status Checks auf dem Default-Branch - deterministische CI-Gates (`preflight`, `build`, `security-nuget`, `summary`) @@ -21,17 +21,17 @@ Minimum an reproduzierbaren Kontrollen fuer Source-to-Package-Integritaet in die - NuGet Vulnerability Gate (`security-nuget`) - Security-Claims-Verifikation (`security-claims-evidence`) -## 3. Evidence-Mapping -- E1 CI-Workflow Evidence: +## 3. Nachweis-Abbildung +- E1 CI-Workflow-Nachweise: - `.github/workflows/ci.yml` - `artifacts/ci/*` -- E2 Security-Claim Evidence: +- E2 Security-Claim-Nachweise: - `.github/workflows/security-claims-evidence.yml` - `artifacts/ci/security-claims-evidence/result.json` -- E3 Code-Analysis Evidence: +- E3 Code-Analysis-Nachweise: - `.github/workflows/code-analysis-evidence.yml` - `artifacts/ci/code-analysis-evidence/result.json` -- E4 Release/Provenance Evidence: +- E4 Release/Provenance-Nachweise: - `.github/workflows/release.yml` - `artifacts/nuget/attestation-verify.txt` (wenn der Release-Workflow laeuft) @@ -53,5 +53,5 @@ gh attestation verify "$NUPKG" --repo tomtastisch/FileClassifier - Regelmaessiger Review: Baseline-Dokus aktualisieren, wenn sich Controls oder Workflows aendern ## 6. Grenzen und Limits -- Diese Baseline liefert Assurance-Evidence, keine formale Third-Party-Zertifizierung. +- Diese Basislinie liefert Assurance-Nachweise, keine formale Third-Party-Zertifizierung. - Downstream Runtime-Hardening bleibt Verantwortung von Deployern/Operatoren. diff --git a/docs/audit/011_SECURITY_BENCHMARK.MD b/docs/audit/011_SECURITY_BENCHMARK.MD index 2cf3273..21cbdb4 100644 --- a/docs/audit/011_SECURITY_BENCHMARK.MD +++ b/docs/audit/011_SECURITY_BENCHMARK.MD @@ -2,11 +2,11 @@ [DE](011_SECURITY_BENCHMARK.MD) | [EN](111_SECURITY_BENCHMARK.MD) -# Security-Policy Benchmark (Stand: 2026-02-13) +# Security-Policy-Benchmark (Stand: 2026-02-13) ## 1. Ziel und Scope Vergleich der Security-Policy-Reife von `tomtastisch/FileClassifier` (PR-Branch `tomtastisch-patch-1`) mit verbreiteten .NET-Open-Source-Repositories anhand nachweisbarer GitHub- und Repository-Fakten. -Dieser Benchmark ist ein Snapshot vor Merge in `main` (Stand 2026-02-13). +Dieser Benchmark ist ein Snapshot vor dem Merge in `main` (Stand 2026-02-13). Verglichene Repositories: - `tomtastisch/FileClassifier` @@ -22,7 +22,7 @@ Verglichene Repositories: - `NLog/NLog` ## 2. Methodik (nur faktenbasiert) -Erhoben via GitHub API und lokale Dateiinspektion: +Erhoben ueber GitHub API und lokale Dateiinspektion: - Vorhandensein `SECURITY.md` (FileClassifier: repo-root `SECURITY.md`; andere Repos ggf. alternativ `.github/SECURITY.md`) - Status `private-vulnerability-reporting` - Sichtbare `security_and_analysis`-Felder (`dependabot_security_updates`, `secret_scanning`) @@ -30,7 +30,7 @@ Erhoben via GitHub API und lokale Dateiinspektion: - Vorhandensein von Workflow-Dateien mit `codeql` im Dateinamen - Inhaltsmerkmale der `SECURITY.md`: Support-Tabelle, Reporting, SLA-Zeitangaben, Safe Harbor, ISO/IEC 29147/30111, koordinierte Offenlegung -## 3. Ergebnis A - Plattform-/Repo-Merkmale +## 3. Ergebnis A - Plattform-/Repository-Merkmale | Repository | SECURITY.md | Private Vulnerability Reporting | Dependabot Security Updates | Secret Scanning | CodeQL Workflow-Datei | dependabot.yml | |---|---|---|---|---|---|---| | tomtastisch/FileClassifier | nein (Snapshot vor Merge in `main`) | true | enabled | enabled | nein | nein | @@ -78,7 +78,7 @@ Diese Punkte sind ausserhalb einer einzelnen `SECURITY.md`, aber notwendig fuer ## 7. Reproduzierbarkeit Verwendete Kommandos (Auszug): -All commands are intended to run from the repository root. +Alle Kommandos sind fuer die Ausfuehrung im Repository-Root gedacht. ```bash REPO="/" gh api "repos/$REPO" diff --git a/docs/audit/015_DOC_BILINGUAL_MAPPING.MD b/docs/audit/015_DOC_BILINGUAL_MAPPING.MD index 5e6b3d7..5b0b81f 100644 --- a/docs/audit/015_DOC_BILINGUAL_MAPPING.MD +++ b/docs/audit/015_DOC_BILINGUAL_MAPPING.MD @@ -4,10 +4,10 @@ # Bilinguale Dokumentation: DE<->EN Mapping (0NN_ -> 1NN_) -## 1. Ziel & Scope -Dieser Report dokumentiert deterministisch das Mapping aller Dokumente nach dem Schema `NNN_*` (DE ist Primary) auf ihre englischen Spiegeldateien `1NN_*`. +## 1. Ziel und Geltungsbereich +Dieser Report dokumentiert deterministisch das Mapping aller Dokumente nach dem Schema `NNN_*` (DE ist primaer) auf ihre englischen Spiegeldateien `1NN_*`. -Scope: +Geltungsbereich: - Betrifft alle Dokumente mit Dateinamen `NNN_.md` oder `NNN_.MD` (unabhaengig vom Ordner). - EN ist semantisch aequivalent zur DE-Version (gleiche Struktur/Abschnitte; Codebloecke/Commands identisch). @@ -23,60 +23,60 @@ Nicht-Ziele: Mapping-Funktion: - `0NN_*` -> `1NN_*` (gleicher Ordner, gleicher `slug`, gleiche Extension). -## 3. Inventory + Mapping-Tabelle -| DE_PATH | EN_PATH | STATUS | NOTES | +## 3. Bestand + Mapping-Tabelle +| DE_PFAD | EN_PFAD | STATUS | HINWEISE | |---|---|---|---| -| `docs/001_INDEX_CORE.MD` | `docs/101_INDEX_CORE.MD` | exists | | -| `docs/010_API_CORE.MD` | `docs/110_API_CORE.MD` | exists | | -| `docs/020_ARCH_CORE.MD` | `docs/120_ARCH_CORE.MD` | exists | | -| `docs/021_USAGE_NUGET.MD` | `docs/121_USAGE_NUGET.MD` | exists | | -| `docs/audit/000_HASHING_BASELINE.MD` | `docs/audit/100_HASHING_BASELINE.MD` | exists | | -| `docs/audit/000_INDEX.MD` | `docs/audit/100_INDEX.MD` | exists | | -| `docs/audit/002_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | `docs/audit/102_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | exists | | -| `docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD` | `docs/audit/103_SECURITY_ASSERTION_TRACEABILITY.MD` | exists | | -| `docs/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | `docs/audit/104_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | exists | | -| `docs/audit/005_CODE_ANALYSIS_METHOD.MD` | `docs/audit/105_CODE_ANALYSIS_METHOD.MD` | exists | | -| `docs/audit/006_CODE_REVIEW_FINDINGS.MD` | `docs/audit/106_CODE_REVIEW_FINDINGS.MD` | exists | | -| `docs/audit/007_THREAT_MODEL.MD` | `docs/audit/107_THREAT_MODEL.MD` | exists | | -| `docs/audit/008_INCIDENT_RESPONSE_RUNBOOK.MD` | `docs/audit/108_INCIDENT_RESPONSE_RUNBOOK.MD` | exists | | -| `docs/audit/009_SUPPLY_CHAIN_BASELINE.MD` | `docs/audit/109_SUPPLY_CHAIN_BASELINE.MD` | exists | | -| `docs/audit/010_REFACTOR_BACKLOG.MD` | `docs/audit/110_REFACTOR_BACKLOG.MD` | exists | | -| `docs/audit/011_SECURITY_BENCHMARK.MD` | `docs/audit/111_SECURITY_BENCHMARK.MD` | exists | | -| `docs/audit/012_WAVE_EXECUTION_DOD.MD` | `docs/audit/112_WAVE_EXECUTION_DOD.MD` | exists | | -| `docs/audit/013_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | `docs/audit/113_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | exists | | -| `docs/audit/014_EVIDENCE_REPORT_ISSUE_67.MD` | `docs/audit/114_EVIDENCE_REPORT_ISSUE_67.MD` | exists | | -| `docs/audit/015_DOC_BILINGUAL_MAPPING.MD` | `docs/audit/115_DOC_BILINGUAL_MAPPING.MD` | exists | Mapping-Report-Dateipaar (DE->EN). | -| `docs/ci/001_PIPELINE_CI.MD` | `docs/ci/101_PIPELINE_CI.MD` | exists | | -| `docs/ci/002_NUGET_TRUSTED_PUBLISHING.MD` | `docs/ci/102_NUGET_TRUSTED_PUBLISHING.MD` | exists | | -| `docs/contracts/001_CONTRACT_HASHING.MD` | `docs/contracts/101_CONTRACT_HASHING.MD` | exists | | -| `docs/governance/001_POLICY_CI.MD` | `docs/governance/101_POLICY_CI.MD` | exists | | -| `docs/governance/002_POLICY_LABELING.MD` | `docs/governance/102_POLICY_LABELING.MD` | exists | | -| `docs/governance/002_POLICY_NAMING_UNIFIED.MD` | `docs/governance/102_POLICY_NAMING_UNIFIED.MD` | exists | | -| `docs/governance/003_INDEX_GOVERNANCE.MD` | `docs/governance/103_INDEX_GOVERNANCE.MD` | exists | | -| `docs/governance/003_POLICY_VERSIONING_SVT.MD` | `docs/governance/103_POLICY_VERSIONING_SVT.MD` | exists | | -| `docs/governance/004_POLICY_DOCUMENTATION.MD` | `docs/governance/104_POLICY_DOCUMENTATION.MD` | exists | | -| `docs/governance/005_POLICY_NAMING.MD` | `docs/governance/105_POLICY_NAMING.MD` | exists | | -| `docs/governance/006_INDEX_CI_RULES.MD` | `docs/governance/106_INDEX_CI_RULES.MD` | exists | | -| `docs/governance/007_POLICY_BRANCH_PR_NAMING_DE.MD` | `docs/governance/107_POLICY_BRANCH_PR_NAMING_DE.MD` | exists | | -| `docs/guides/000_INDEX_GUIDES.MD` | `docs/guides/100_INDEX_GUIDES.MD` | exists | | -| `docs/guides/001_GUIDE_OPTIONS.MD` | `docs/guides/101_GUIDE_OPTIONS.MD` | exists | | -| `docs/guides/002_GUIDE_DATATYPE.MD` | `docs/guides/102_GUIDE_DATATYPE.MD` | exists | | -| `docs/guides/003_GUIDE_PORTABLE.MD` | `docs/guides/103_GUIDE_PORTABLE.MD` | exists | | -| `docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD` | `docs/guides/104_GUIDE_MIGRATE_LEGACY_NUGET.MD` | exists | | -| `docs/migrations/001_HASHING_RENAME.MD` | `docs/migrations/101_HASHING_RENAME.MD` | exists | | -| `docs/quality/001_CHECKLIST_PRODUCTION.MD` | `docs/quality/101_CHECKLIST_PRODUCTION.MD` | exists | | -| `docs/references/001_REFERENCES_CORE.MD` | `docs/references/101_REFERENCES_CORE.MD` | exists | | -| `docs/secure/001_HMAC_KEY_SETUP.MD` | `docs/secure/101_HMAC_KEY_SETUP.MD` | exists | | -| `docs/security/010_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | `docs/security/110_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | exists | | -| `docs/specs/001_SPEC_DIN.MD` | `docs/specs/101_SPEC_DIN.MD` | exists | | -| `docs/verification/001_INDEX_TESTS.MD` | `docs/verification/101_INDEX_TESTS.MD` | exists | | -| `docs/verification/002_FLOW_BDD.MD` | `docs/verification/102_FLOW_BDD.MD` | exists | | -| `docs/verification/003_CATALOG_BDD.MD` | `docs/verification/103_CATALOG_BDD.MD` | exists | | -| `docs/verification/004_MATRIX_HASHING.MD` | `docs/verification/104_MATRIX_HASHING.MD` | exists | | -| `docs/versioning/001_POLICY_VERSIONING.MD` | `docs/versioning/101_POLICY_VERSIONING.MD` | exists | | -| `docs/versioning/002_HISTORY_VERSIONS.MD` | `docs/versioning/102_HISTORY_VERSIONS.MD` | exists | | -| `docs/versioning/003_CHANGELOG_RELEASES.MD` | `docs/versioning/103_CHANGELOG_RELEASES.MD` | exists | | -| `docs/versioning/004_POLICY_LABELING.MD` | `docs/versioning/104_POLICY_LABELING.MD` | exists | | +| `docs/001_INDEX_CORE.MD` | `docs/101_INDEX_CORE.MD` | vorhanden | | +| `docs/010_API_CORE.MD` | `docs/110_API_CORE.MD` | vorhanden | | +| `docs/020_ARCH_CORE.MD` | `docs/120_ARCH_CORE.MD` | vorhanden | | +| `docs/021_USAGE_NUGET.MD` | `docs/121_USAGE_NUGET.MD` | vorhanden | | +| `docs/audit/000_HASHING_BASELINE.MD` | `docs/audit/100_HASHING_BASELINE.MD` | vorhanden | | +| `docs/audit/000_INDEX.MD` | `docs/audit/100_INDEX.MD` | vorhanden | | +| `docs/audit/002_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | `docs/audit/102_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | vorhanden | | +| `docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD` | `docs/audit/103_SECURITY_ASSERTION_TRACEABILITY.MD` | vorhanden | | +| `docs/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | `docs/audit/104_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | vorhanden | | +| `docs/audit/005_CODE_ANALYSIS_METHOD.MD` | `docs/audit/105_CODE_ANALYSIS_METHOD.MD` | vorhanden | | +| `docs/audit/006_CODE_REVIEW_FINDINGS.MD` | `docs/audit/106_CODE_REVIEW_FINDINGS.MD` | vorhanden | | +| `docs/audit/007_THREAT_MODEL.MD` | `docs/audit/107_THREAT_MODEL.MD` | vorhanden | | +| `docs/audit/008_INCIDENT_RESPONSE_RUNBOOK.MD` | `docs/audit/108_INCIDENT_RESPONSE_RUNBOOK.MD` | vorhanden | | +| `docs/audit/009_SUPPLY_CHAIN_BASELINE.MD` | `docs/audit/109_SUPPLY_CHAIN_BASELINE.MD` | vorhanden | | +| `docs/audit/010_REFACTOR_BACKLOG.MD` | `docs/audit/110_REFACTOR_BACKLOG.MD` | vorhanden | | +| `docs/audit/011_SECURITY_BENCHMARK.MD` | `docs/audit/111_SECURITY_BENCHMARK.MD` | vorhanden | | +| `docs/audit/012_WAVE_EXECUTION_DOD.MD` | `docs/audit/112_WAVE_EXECUTION_DOD.MD` | vorhanden | | +| `docs/audit/013_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | `docs/audit/113_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | vorhanden | | +| `docs/audit/014_EVIDENCE_REPORT_ISSUE_67.MD` | `docs/audit/114_EVIDENCE_REPORT_ISSUE_67.MD` | vorhanden | | +| `docs/audit/015_DOC_BILINGUAL_MAPPING.MD` | `docs/audit/115_DOC_BILINGUAL_MAPPING.MD` | vorhanden | Mapping-Report-Dateipaar (DE->EN). | +| `docs/ci/001_PIPELINE_CI.MD` | `docs/ci/101_PIPELINE_CI.MD` | vorhanden | | +| `docs/ci/002_NUGET_TRUSTED_PUBLISHING.MD` | `docs/ci/102_NUGET_TRUSTED_PUBLISHING.MD` | vorhanden | | +| `docs/contracts/001_CONTRACT_HASHING.MD` | `docs/contracts/101_CONTRACT_HASHING.MD` | vorhanden | | +| `docs/governance/001_POLICY_CI.MD` | `docs/governance/101_POLICY_CI.MD` | vorhanden | | +| `docs/governance/002_POLICY_LABELING.MD` | `docs/governance/102_POLICY_LABELING.MD` | vorhanden | | +| `docs/governance/002_POLICY_NAMING_UNIFIED.MD` | `docs/governance/102_POLICY_NAMING_UNIFIED.MD` | vorhanden | | +| `docs/governance/003_INDEX_GOVERNANCE.MD` | `docs/governance/103_INDEX_GOVERNANCE.MD` | vorhanden | | +| `docs/governance/003_POLICY_VERSIONING_SVT.MD` | `docs/governance/103_POLICY_VERSIONING_SVT.MD` | vorhanden | | +| `docs/governance/004_POLICY_DOCUMENTATION.MD` | `docs/governance/104_POLICY_DOCUMENTATION.MD` | vorhanden | | +| `docs/governance/005_POLICY_NAMING.MD` | `docs/governance/105_POLICY_NAMING.MD` | vorhanden | | +| `docs/governance/006_INDEX_CI_RULES.MD` | `docs/governance/106_INDEX_CI_RULES.MD` | vorhanden | | +| `docs/governance/007_POLICY_BRANCH_PR_NAMING_DE.MD` | `docs/governance/107_POLICY_BRANCH_PR_NAMING_DE.MD` | vorhanden | | +| `docs/guides/000_INDEX_GUIDES.MD` | `docs/guides/100_INDEX_GUIDES.MD` | vorhanden | | +| `docs/guides/001_GUIDE_OPTIONS.MD` | `docs/guides/101_GUIDE_OPTIONS.MD` | vorhanden | | +| `docs/guides/002_GUIDE_DATATYPE.MD` | `docs/guides/102_GUIDE_DATATYPE.MD` | vorhanden | | +| `docs/guides/003_GUIDE_PORTABLE.MD` | `docs/guides/103_GUIDE_PORTABLE.MD` | vorhanden | | +| `docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD` | `docs/guides/104_GUIDE_MIGRATE_LEGACY_NUGET.MD` | vorhanden | | +| `docs/migrations/001_HASHING_RENAME.MD` | `docs/migrations/101_HASHING_RENAME.MD` | vorhanden | | +| `docs/quality/001_CHECKLIST_PRODUCTION.MD` | `docs/quality/101_CHECKLIST_PRODUCTION.MD` | vorhanden | | +| `docs/references/001_REFERENCES_CORE.MD` | `docs/references/101_REFERENCES_CORE.MD` | vorhanden | | +| `docs/secure/001_HMAC_KEY_SETUP.MD` | `docs/secure/101_HMAC_KEY_SETUP.MD` | vorhanden | | +| `docs/security/010_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | `docs/security/110_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | vorhanden | | +| `docs/specs/001_SPEC_DIN.MD` | `docs/specs/101_SPEC_DIN.MD` | vorhanden | | +| `docs/verification/001_INDEX_TESTS.MD` | `docs/verification/101_INDEX_TESTS.MD` | vorhanden | | +| `docs/verification/002_FLOW_BDD.MD` | `docs/verification/102_FLOW_BDD.MD` | vorhanden | | +| `docs/verification/003_CATALOG_BDD.MD` | `docs/verification/103_CATALOG_BDD.MD` | vorhanden | | +| `docs/verification/004_MATRIX_HASHING.MD` | `docs/verification/104_MATRIX_HASHING.MD` | vorhanden | | +| `docs/versioning/001_POLICY_VERSIONING.MD` | `docs/versioning/101_POLICY_VERSIONING.MD` | vorhanden | | +| `docs/versioning/002_HISTORY_VERSIONS.MD` | `docs/versioning/102_HISTORY_VERSIONS.MD` | vorhanden | | +| `docs/versioning/003_CHANGELOG_RELEASES.MD` | `docs/versioning/103_CHANGELOG_RELEASES.MD` | vorhanden | | +| `docs/versioning/004_POLICY_LABELING.MD` | `docs/versioning/104_POLICY_LABELING.MD` | vorhanden | | ## 4. Checks (fail-closed) Alle Checks sind vom Repo-Root ausfuehrbar. @@ -88,7 +88,7 @@ find . -type f \( -name '0??_*.md' -o -name '0??_*.MD' \) -print | sed 's|^\./|| find . -type f \( -name '1??_*.md' -o -name '1??_*.MD' \) -print | sed 's|^\./||' | sort > /tmp/docs_1nn.txt ``` -Output (0NN): +Ausgabe (0NN): ```text docs/001_INDEX_CORE.MD docs/010_API_CORE.MD @@ -143,7 +143,7 @@ docs/versioning/003_CHANGELOG_RELEASES.MD docs/versioning/004_POLICY_LABELING.MD ``` -Output (1NN): +Ausgabe (1NN): ```text docs/101_INDEX_CORE.MD docs/110_API_CORE.MD @@ -205,19 +205,19 @@ sed 's|/0\\([0-9][0-9]\\)_|/1\\1_|' /tmp/docs_0nn.txt | sort > /tmp/docs_expecte echo "count_0 $(wc -l < /tmp/docs_0nn.txt)" echo "count_1 $(wc -l < /tmp/docs_1nn.txt)" echo "count_expected_1 $(wc -l < /tmp/docs_expected_1nn.txt)" -echo 'missing_en:'; comm -23 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt -echo 'orphan_en:'; comm -13 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt -echo 'mapping_collisions:'; sort /tmp/docs_expected_1nn.txt | uniq -d +echo 'fehlende_en:'; comm -23 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt +echo 'verwaiste_en:'; comm -13 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt +echo 'mapping_kollisionen:'; sort /tmp/docs_expected_1nn.txt | uniq -d ``` -Output: +Ausgabe: ```text count_0 51 count_1 51 count_expected_1 51 -missing_en: -orphan_en: -mapping_collisions: +fehlende_en: +verwaiste_en: +mapping_kollisionen: ``` ### 4.3 Keine NNN_* ausserhalb 0NN/1NN @@ -228,7 +228,7 @@ find . -type f \( -name '*.md' -o -name '*.MD' \) -name '[0-9][0-9][0-9]_*' -pri | rg -v '(^|/)0[0-9]{2}_.+\\.(md|MD)$|(^|/)1[0-9]{2}_.+\\.(md|MD)$' ``` -Output: +Ausgabe: ```text ``` @@ -238,7 +238,7 @@ Kommandos: rg -n --glob 'docs/**/1??_*.M{D,d}' -S 'docs/0[0-9]{2}_' docs ``` -Output: +Ausgabe: ```text ``` @@ -250,7 +250,7 @@ python3 tools/check-doc-consistency.py python3 tools/check-doc-shell-compat.py ``` -Output: +Ausgabe: ```text Doc check OK Doc consistency check OK @@ -263,7 +263,7 @@ Kommandos: git diff --name-only main...HEAD | rg -v '\\.(md|MD)$' ``` -Output: +Ausgabe: ```text ``` diff --git a/docs/ci/001_PIPELINE_CI.MD b/docs/ci/001_PIPELINE_CI.MD index eb20282..5f4e6e5 100644 --- a/docs/ci/001_PIPELINE_CI.MD +++ b/docs/ci/001_PIPELINE_CI.MD @@ -4,13 +4,13 @@ # CI-Pipeline (SSOT) -## Zweck und Scope +## Zweck und Geltungsbereich Dieses Dokument beschreibt die ausfuehrbare CI-Topologie und den Artefaktvertrag. Normative Policy-Schwellenwerte und Regelparameter liegen in `tools/ci/policies/rules/` und `docs/governance/001_POLICY_CI.MD`. ## Erforderliche Status-Contexts Die Branch-Protection auf `main` verlangt exakt diese Contexts (`strict: true`): `preflight`, `version-policy`, `build`, `api-contract`, `pack`, `consumer-smoke`, `package-backed-tests`, `security-nuget`, `tests-bdd-coverage`. -Evidence: Branch-Protection API Output (`required_status_checks.contexts`), `.github/workflows/ci.yml:59-347` und `.github/workflows/ruleset-placeholders.yml` (Context `version-policy`). +Nachweis: Branch-Protection-API-Ausgabe (`required_status_checks.contexts`), `.github/workflows/ci.yml:59-347` und `.github/workflows/ruleset-placeholders.yml` (Context `version-policy`). Hinweis: Die normative Versionierungsentscheidung (RaC) wird zusaetzlich durch `.github/workflows/version-policy.yml` als Check `versioning-policy` ausgewertet (nicht Teil der Branch-Protection-Contexts). ## Workflow-Topologie @@ -69,11 +69,11 @@ Jeder Aufruf `tools/ci/bin/run.sh ` initialisiert und finalisiert ein - `result.json` - `diag.json` -Evidence: +Nachweis: - Artefaktpfad-Initialisierung: `tools/ci/lib/result.sh:12-20`. - File-Materialisierung: `tools/ci/lib/result.sh:28-34`. - Finale `result.json` Komposition: `tools/ci/lib/result.sh:78-112`. -- Universal Runner Wiring: `tools/ci/bin/run.sh:16-28`. +- Universelles Runner-Wiring: `tools/ci/bin/run.sh:16-28`. ## Vertragsmatrix | Job | Entrypoint | Artefaktpfad | Vertragsvalidierung | Evidence | @@ -92,14 +92,14 @@ Evidence: | `summary` | `bash tools/ci/bin/run.sh summary` | `artifacts/ci/summary/` | Policy contract aggregation | `.github/workflows/ci.yml:417-427`, `tools/ci/bin/run.sh:424-430` | | `pr-labeling` | `bash tools/ci/bin/run.sh pr-labeling` | `artifacts/ci/pr-labeling/` | Label decision schema + apply+verify | `.github/workflows/ci.yml:45-57`, `tools/ci/bin/run.sh:350-400` | -## Labeling- und Versionierungs-Entscheidungspfad -- Decision-Generierung: `compute-pr-labels.js` schreibt `decision.json` (`tools/ci/bin/run.sh:371-372`). +## Labeling- und Versionierungsentscheidungs-Pfad +- Entscheidungs-Generierung: `compute-pr-labels.js` schreibt `decision.json` (`tools/ci/bin/run.sh:371-372`). - Schema-Validierung: `validate-label-decision.js` (`tools/ci/bin/run.sh:374`). -- Label-Anwendung und Post-Apply-Verifikation: deterministischer GitHub API PUT (curl-backed) und anschliessender Re-Read (`tools/ci/bin/run.sh:375-399`, `tools/ci/bin/github_api.py`). +- Label-Anwendung und Post-Apply-Verifikation: deterministischer GitHub-API-PUT (curl-backed) und anschliessender Re-Read (`tools/ci/bin/run.sh:375-399`, `tools/ci/bin/github_api.py`). - Workflow-Token-Quelle: `GH_TOKEN: ${{ github.token }}` (`.github/workflows/ci.yml:46-50`). ## Qodana: Vertragsposition Qodana laeuft in einem separaten Workflow und wird durch `run.sh qodana` validiert: -- Qodana action execution and SARIF output path (`.github/workflows/qodana.yml:34-40`, `.github/workflows/qodana.yml:59`). -- Contract check invocation (`.github/workflows/qodana.yml:47-48`, `tools/ci/bin/run.sh:402-422`). -- Qodana artifact upload (`.github/workflows/qodana.yml:54-60`). +- Qodana-Action-Ausfuehrung und SARIF-Ausgabepfad (`.github/workflows/qodana.yml:34-40`, `.github/workflows/qodana.yml:59`). +- Vertragscheck-Aufruf (`.github/workflows/qodana.yml:47-48`, `tools/ci/bin/run.sh:402-422`). +- Qodana-Artefakt-Upload (`.github/workflows/qodana.yml:54-60`). diff --git a/docs/governance/001_POLICY_CI.MD b/docs/governance/001_POLICY_CI.MD index caab5bb..046d164 100644 --- a/docs/governance/001_POLICY_CI.MD +++ b/docs/governance/001_POLICY_CI.MD @@ -2,56 +2,56 @@ [DE](001_POLICY_CI.MD) | [EN](101_POLICY_CI.MD) -# CI Policy (SSOT) +# CI-Richtlinie (SSOT) -## Scope -This document defines policy principles, severity handling, and exit code policy. -Normative policy definitions live in: +## Geltungsbereich +Dieses Dokument definiert Richtlinienprinzipien, Severity-Behandlung und Exit-Code-Politik fuer die CI. +Normative Richtliniendefinitionen liegen in: - `tools/ci/policies/schema/rules.schema.json` - `tools/ci/policies/rules/` -Entry index: +Einstiegsindex: - `docs/governance/006_INDEX_CI_RULES.MD` -## Global Rules -- Fail-closed: no silent bypass paths. -- Workflow YAML only calls entry scripts under `tools/ci/bin/`. -- Required branch-protection contexts remain fixed: `preflight`, `version-policy`, `build`, `api-contract`, `pack`, `consumer-smoke`, `package-backed-tests`, `security-nuget`, `tests-bdd-coverage`. - Evidence: branch protection API (`required_status_checks.contexts`) and `.github/workflows/ci.yml:59-347`. +## Globale Regeln +- Fail-closed: keine stillen Bypass-Pfade. +- Workflow-YAML ruft nur Entry-Skripte unter `tools/ci/bin/` auf. +- Erforderliche Branch-Protection-Contexts bleiben fix: `preflight`, `version-policy`, `build`, `api-contract`, `pack`, `consumer-smoke`, `package-backed-tests`, `security-nuget`, `tests-bdd-coverage`. + Nachweis: Branch-Protection-API (`required_status_checks.contexts`) und `.github/workflows/ci.yml:59-347`. -## Result Contract -All required checks MUST write: +## Ergebnisvertrag +Alle erforderlichen Checks MUESSEN schreiben: - `artifacts/ci//raw.log` - `artifacts/ci//summary.md` - `artifacts/ci//result.json` -`result.json` must comply with `tools/ci/schema/result.schema.json`. -Implementation evidence: `tools/ci/lib/result.sh:12-20`, `tools/ci/lib/result.sh:28-34`, `tools/ci/lib/result.sh:78-112`. +`result.json` muss `tools/ci/schema/result.schema.json` entsprechen. +Implementierungsnachweis: `tools/ci/lib/result.sh:12-20`, `tools/ci/lib/result.sh:28-34`, `tools/ci/lib/result.sh:78-112`. -## Governance View (Execution Boundary) +## Governance-Sicht (Ausfuehrungsgrenze) ```mermaid flowchart LR - yml["Workflow declarations\n.github/workflows/*.yml"] --> run["Single entrypoint\n tools/ci/bin/run.sh "] - run --> result["Result contract artifacts\nraw.log / summary.md / result.json / diag.json"] - result --> policy["Policy validators / schema\nPolicyRunner + result schema"] + yml["Workflow-Deklarationen\n.github/workflows/*.yml"] --> run["Einziger Einstiegspunkt\n tools/ci/bin/run.sh "] + run --> result["Ergebnisvertrag-Artefakte\nraw.log / summary.md / result.json / diag.json"] + result --> policy["Policy-Validatoren / Schema\nPolicyRunner + Result-Schema"] ``` -The detailed job DAG and contract matrix are maintained in `docs/ci/001_PIPELINE_CI.MD` to avoid duplication. +Der detaillierte Job-DAG und die Vertragsmatrix liegen in `docs/ci/001_PIPELINE_CI.MD`, um Duplikate zu vermeiden. -## Rule Catalog -- Rule IDs and file ownership are indexed in `docs/governance/006_INDEX_CI_RULES.MD`. -- Evaluation details and thresholds are defined only in `tools/ci/policies/rules/`. +## Regelkatalog +- Rule-IDs und Datei-Zuordnung sind in `docs/governance/006_INDEX_CI_RULES.MD` indexiert. +- Auswertungsdetails und Schwellwerte sind ausschliesslich in `tools/ci/policies/rules/` definiert. -## Severity Rules -- `warn`: visible, non-blocking. -- `fail`: blocking, exit code non-zero. +## Severity-Regeln +- `warn`: sichtbar, nicht blockierend. +- `fail`: blockierend, Exit-Code ungleich Null. -## Exit Code Matrix -- `0`: success (`pass` or `warn`) -- `1`: policy/contract/check failure (`fail`) -- `2`: invalid invocation or missing prerequisites +## Exit-Code-Matrix +- `0`: Erfolg (`pass` oder `warn`) +- `1`: Richtlinien-/Vertrags-/Check-Fehler (`fail`) +- `2`: ungueltiger Aufruf oder fehlende Voraussetzungen -## Allow-lists -Allow-list definitions are managed in rule parameters under `tools/ci/policies/rules/`. +## Allow-Lists +Allow-List-Definitionen werden in Regelparametern unter `tools/ci/policies/rules/` gepflegt. ## RoC-Bezug - [Artifact-Contract-Regel](https://github.com/tomtastisch/FileClassifier/blob/main/tools/ci/policies/rules/artifact_contract.yaml) diff --git a/docs/governance/002_POLICY_LABELING.MD b/docs/governance/002_POLICY_LABELING.MD index 925fa12..58f606c 100644 --- a/docs/governance/002_POLICY_LABELING.MD +++ b/docs/governance/002_POLICY_LABELING.MD @@ -2,28 +2,28 @@ [DE](002_POLICY_LABELING.MD) | [EN](102_POLICY_LABELING.MD) -# Labeling Ownership +# Labeling-Verantwortung -## 1. Scope -This governance policy applies to deterministic PR auto-labeling and auto-versioning behavior. +## 1. Geltungsbereich +Diese Governance-Richtlinie gilt fuer deterministisches PR-Auto-Labeling und Auto-Versionierungsverhalten. -## 2. Owned Files +## 2. Verantwortete Dateien - `.github/workflows/ci.yml` - `tools/versioning/*` - `docs/versioning/001_POLICY_VERSIONING.MD` - `docs/versioning/004_POLICY_LABELING.MD` -## 3. Change Requirements -Any change to taxonomy, priority, caps, or versioning decision logic must include: -- Updated docs -- Updated/added golden testcases -- Passing label engine validation +## 3. Aenderungsanforderungen +Jede Aenderung an Taxonomie, Prioritaet, Caps oder Versionierungsentscheidungslogik muss enthalten: +- aktualisierte Dokumentation +- aktualisierte/neu hinzugefuegte Golden-Testfaelle +- erfolgreiche Label-Engine-Validierung -## 4. Review Policy -At least one maintainer owner review is required for the owned files. +## 4. Review-Policy +Mindestens ein Maintainer-Owner-Review ist fuer die verantworteten Dateien erforderlich. -## 5. Non-Goals -This policy does not change product runtime behavior; it governs repository automation only. +## 5. Nicht-Ziele +Diese Richtlinie aendert nicht das Laufzeitverhalten des Produkts; sie regelt ausschliesslich Repository-Automation. ## RoC-Bezug - [Artifact-Contract-Regel](https://github.com/tomtastisch/FileClassifier/blob/main/tools/ci/policies/rules/artifact_contract.yaml) diff --git a/docs/governance/002_POLICY_NAMING_UNIFIED.MD b/docs/governance/002_POLICY_NAMING_UNIFIED.MD index b0e9b12..97768be 100644 --- a/docs/governance/002_POLICY_NAMING_UNIFIED.MD +++ b/docs/governance/002_POLICY_NAMING_UNIFIED.MD @@ -2,38 +2,38 @@ [DE](002_POLICY_NAMING_UNIFIED.MD) | [EN](102_POLICY_NAMING_UNIFIED.MD) -# Unified Naming Policy (SSOT) +# Einheitliche Naming-Richtlinie (SSOT) -## 1. Purpose -This policy defines one canonical public identity for package naming, assembly naming, namespace root, docs install snippets, and CI checks. +## 1. Zweck +Diese Richtlinie definiert eine kanonische oeffentliche Identitaet fuer Paketname, Assembly-Name, Namespace-Root, Doku-Install-Snippets und CI-Checks. ## 2. SSOT -Normative source: `tools/ci/policies/data/naming.json`. +Normative Quelle: `tools/ci/policies/data/naming.json`. -## 3. SHALL Statements (Canonical Equality) -- `canonical_name` SHALL equal `package_id`. -- `canonical_name` SHALL equal `assembly_name`. -- `canonical_name` SHALL equal `root_namespace`. -- `canonical_name` SHALL be the public root namespace in source declarations. -- Canonical value is `Tomtastisch.FileClassifier`. +## 3. SHALL-Statements (kanonische Gleichheit) +- `canonical_name` SHALL gleich `package_id` sein. +- `canonical_name` SHALL gleich `assembly_name` sein. +- `canonical_name` SHALL gleich `root_namespace` sein. +- `canonical_name` SHALL als oeffentlicher Namespace-Root in Source-Definitionen verwendet werden. +- Kanonischer Wert ist `Tomtastisch.FileClassifier`. -## 4. Deprecated Package Rule -- `deprecated_package_ids` SHALL list legacy package IDs. -- Deprecated package IDs (from SSOT `deprecated_package_ids`) SHALL NOT appear in install snippets or PackageReference examples. -- Deprecated IDs MAY appear only in migration documentation. +## 4. Regel fuer veraltete Pakete +- `deprecated_package_ids` SHALL veraltete Paket-IDs listen. +- Veraltete Paket-IDs (aus SSOT `deprecated_package_ids`) SHALL NICHT in Install-Snippets oder PackageReference-Beispielen erscheinen. +- Veraltete IDs MAY nur in Migrationsdokumentation erscheinen. -## 5. GitHub Slug Limitation -- GitHub repository slug is operational identity (`repo_identity`) and MAY differ from package ID. -- Current slug is `FileClassifier`; canonical package remains `Tomtastisch.FileClassifier`. -- If literal slug equality is required, manual rename steps are required: - 1. GitHub repository Settings -> Rename repository. - 2. Update `repository_url` in `tools/ci/policies/data/naming.json`. - 3. Update `RepositoryUrl`/`PackageProjectUrl` in `src/FileTypeDetection/FileTypeDetectionLib.vbproj`. - 4. Update local remotes (`git remote set-url origin ...`) and CI references. +## 5. GitHub-Slug-Einschraenkung +- GitHub-Repository-Slug ist operative Identitaet (`repo_identity`) und MAY von der Paket-ID abweichen. +- Aktueller Slug ist `FileClassifier`; kanonisches Paket bleibt `Tomtastisch.FileClassifier`. +- Falls literal gleiche Slugs erforderlich sind, sind manuelle Rename-Schritte notwendig: + 1. GitHub Repository Settings -> Rename repository. + 2. `repository_url` in `tools/ci/policies/data/naming.json` aktualisieren. + 3. `RepositoryUrl`/`PackageProjectUrl` in `src/FileTypeDetection/FileTypeDetectionLib.vbproj` aktualisieren. + 4. Lokale Remotes (`git remote set-url origin ...`) und CI-Referenzen aktualisieren. -## 6. CI Enforcement Mapping -- Rule ID is fixed: `CI-NAMING-001`. -- Rule file: `tools/ci/policies/rules/naming_snt.yaml`. +## 6. CI-Enforcement-Mapping +- Rule-ID ist fix: `CI-NAMING-001`. +- Regeldatei: `tools/ci/policies/rules/naming_snt.yaml`. - Checker: `tools/ci/check-naming-snt.sh`. - Reports: - `artifacts/naming_snt_report.json` diff --git a/docs/governance/003_INDEX_GOVERNANCE.MD b/docs/governance/003_INDEX_GOVERNANCE.MD index 1f05d86..551b063 100644 --- a/docs/governance/003_INDEX_GOVERNANCE.MD +++ b/docs/governance/003_INDEX_GOVERNANCE.MD @@ -2,11 +2,11 @@ [DE](003_INDEX_GOVERNANCE.MD) | [EN](103_INDEX_GOVERNANCE.MD) -# Policy Index (SSOT Navigation) +# Richtlinienindex (SSOT-Navigation) -This index is non-normative. Normative policy definitions are the rule files under `tools/ci/policies/rules/`. +Dieser Index ist nicht normativ. Normative Richtliniendefinitionen sind die Regeldateien unter `tools/ci/policies/rules/`. -| Rule ID | Rule File | +| Rule ID | Regeldatei | | --- | --- | | `CI-ARTIFACT-001` | `tools/ci/policies/rules/artifact_contract.yaml` | | `CI-SHELL-001` | `tools/ci/policies/rules/shell_safety.yaml` | diff --git a/docs/governance/003_POLICY_VERSIONING_SVT.MD b/docs/governance/003_POLICY_VERSIONING_SVT.MD index 45bed8a..976a4db 100644 --- a/docs/governance/003_POLICY_VERSIONING_SVT.MD +++ b/docs/governance/003_POLICY_VERSIONING_SVT.MD @@ -2,31 +2,31 @@ [DE](003_POLICY_VERSIONING_SVT.MD) | [EN](103_POLICY_VERSIONING_SVT.MD) -# Versioning Policy (SVT) +# Versionierungsrichtlinie (SVT) -## 1. Purpose -This policy enforces Single Version Truth (SVT) for the canonical package release pipeline. +## 1. Zweck +Diese Richtlinie erzwingt Single Version Truth (SVT) fuer die kanonische Paket-Release-Pipeline. ## 2. SSOT -Normative source: `tools/ci/policies/data/versioning.json`. +Normative Quelle: `tools/ci/policies/data/versioning.json`. -## 3. SVT Definition -For canonical package `Tomtastisch.FileClassifier`, the following SHALL match exactly: +## 3. SVT-Definition +Fuer das kanonische Paket `Tomtastisch.FileClassifier` MUESSEN die folgenden Werte exakt uebereinstimmen: - `git tag vX.Y.Z` - vbproj `X.Y.Z` - vbproj `X.Y.Z` -- produced `.nupkg` version `X.Y.Z` -- published NuGet version `X.Y.Z` (release job) +- erzeugte `.nupkg`-Version `X.Y.Z` +- veroeffentlichte NuGet-Version `X.Y.Z` (Release-Job) -## 4. SHALL Statements -- Release tags SHALL use prefix `v` and semantic version core (`vMAJOR.MINOR.PATCH`). -- Release pack step SHALL derive `VERSION=${GITHUB_REF_NAME#v}`. -- `dotnet pack` SHALL pass `-p:Version=$VERSION -p:PackageVersion=$VERSION`. -- CI SHALL fail-closed on ambiguity (for example multiple matching tags on HEAD). -- Legacy package versions are out of canonical SVT scope and SHALL be deprecated/unlisted. +## 4. SHALL-Statements +- Release-Tags SHALL Prefix `v` und semantischen Versionskern verwenden (`vMAJOR.MINOR.PATCH`). +- Der Release-Pack-Schritt SHALL `VERSION=${GITHUB_REF_NAME#v}` ableiten. +- `dotnet pack` SHALL `-p:Version=$VERSION -p:PackageVersion=$VERSION` setzen. +- CI SHALL bei Mehrdeutigkeit fail-closed abbrechen (z. B. mehrere passende Tags auf HEAD). +- Legacy-Paketversionen liegen ausserhalb des kanonischen SVT-Scopes und SHALL als veraltet/deprecated behandelt werden. -## 5. CI Enforcement Mapping -- Rule ID: `CI-VERSION-001`. -- Rule file: `tools/ci/policies/rules/versioning_svt.yaml`. +## 5. CI-Enforcement-Mapping +- Rule-ID: `CI-VERSION-001`. +- Regeldatei: `tools/ci/policies/rules/versioning_svt.yaml`. - Checker: `tools/ci/check-versioning-svt.sh`. - Report: `artifacts/versioning_report.json`. diff --git a/docs/governance/006_INDEX_CI_RULES.MD b/docs/governance/006_INDEX_CI_RULES.MD index fbb5e85..87b36fa 100644 --- a/docs/governance/006_INDEX_CI_RULES.MD +++ b/docs/governance/006_INDEX_CI_RULES.MD @@ -2,9 +2,9 @@ [DE](006_INDEX_CI_RULES.MD) | [EN](106_INDEX_CI_RULES.MD) -# CI Policy Rules +# CI-Richtlinienregeln -| rule_id | file | +| rule_id | datei | | --- | --- | | `CI-ARTIFACT-000` | `tools/ci/policies/rules/artifact_contract.yaml` | | `CI-DOCS-000` | `tools/ci/policies/rules/docs_drift.yaml` | diff --git a/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD b/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD index a0bbf42..7828c44 100644 --- a/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD +++ b/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD @@ -2,35 +2,35 @@ [DE](004_GUIDE_MIGRATE_LEGACY_NUGET.MD) | [EN](104_GUIDE_MIGRATE_LEGACY_NUGET.MD) -# Migration Guide: Legacy NuGet ID to Canonical Package +# Migrationsleitfaden: Legacy-NuGet-ID zum kanonischen Paket -## Scope -This guide covers migration from deprecated package `Tomtastisch.FileTypeDetection` to canonical package `Tomtastisch.FileClassifier`. +## Geltungsbereich +Dieser Leitfaden beschreibt die Migration vom veralteten Paket `Tomtastisch.FileTypeDetection` auf das kanonische Paket `Tomtastisch.FileClassifier`. -## Why -- Legacy package is deprecated and unlisted on NuGet.org. -- Canonical package receives ongoing updates and policy-backed CI validation. -- Public root namespace is unified to `Tomtastisch.FileClassifier` (Level 3 public surface rename). +## Warum +- Das Legacy-Paket ist veraltet und auf NuGet.org unlisted. +- Das kanonische Paket erhaelt laufende Updates und policy-gestuetzte CI-Validierung. +- Der oeffentliche Root-Namespace ist auf `Tomtastisch.FileClassifier` vereinheitlicht (Level-3 Public-Surface-Rename). -## PackageReference Migration -Replace: +## PackageReference-Migration +Ersetze: ```xml ``` -with: +durch: ```xml ``` -CLI install command: +CLI-Installationskommando: ```bash dotnet add package Tomtastisch.FileClassifier --version X.Y.Z ``` -## Namespace Migration -Update source imports/usings from legacy root namespace to `Tomtastisch.FileClassifier`. +## Namespace-Migration +Passe Source-Imports/Usings vom Legacy-Root-Namespace auf `Tomtastisch.FileClassifier` an. -## Unlist + Deprecate Policy -- Legacy versions are unlisted using `dotnet nuget delete` (NuGet.org unlist semantics). -- Deprecation should point users to `Tomtastisch.FileClassifier`. -- If CLI deprecation is unavailable, apply deprecation in NuGet.org UI for all legacy versions. +## Unlist- und Deprecation-Policy +- Legacy-Versionen werden mit `dotnet nuget delete` unlisted (NuGet.org-Unlist-Semantik). +- Deprecation soll auf `Tomtastisch.FileClassifier` verweisen. +- Falls CLI-Deprecation nicht verfuegbar ist, Deprecation fuer alle Legacy-Versionen in der NuGet.org-UI setzen. diff --git a/docs/versioning/002_HISTORY_VERSIONS.MD b/docs/versioning/002_HISTORY_VERSIONS.MD index 09a6e53..5bfd233 100644 --- a/docs/versioning/002_HISTORY_VERSIONS.MD +++ b/docs/versioning/002_HISTORY_VERSIONS.MD @@ -14,34 +14,38 @@ Heuristik fuer die Rueckwirkungs-Zuordnung: Aktueller Entwicklungsstand: - Aktuelle Entwicklungslinie enthaelt `5.x` (aktuell veroeffentlichtes Tag: `v5.1.4`; Details in `docs/versioning/003_CHANGELOG_RELEASES.MD`). +Hinweis: +- Die Spalte `Keyword` verwendet den technischen Klassifizierungswert aus der Historie. +- Einzelne Committitel bleiben in der Originalsprache, wenn sie als exakter Quelltextnachweis uebernommen wurden. + | Version | Kurzbeschreibung | Commit | Keyword | |---|---|---|---| | `5.1.4` | Refactor-Cluster 7C abgeschlossen + Qodana-Alerts auf 0 + Version-Bump fuer Release | [2adeb83](https://github.com/tomtastisch/FileClassifier/commit/2adeb83) | patch | | `5.1.3` | PR-Governance-Haertung (DE-Naming, PR-Template, fail-closed Gate fuer `security/code-scanning/tools = 0`) | [0b488ac](https://github.com/tomtastisch/FileClassifier/commit/0b488ac) | patch | | `5.1.2` | Gate4 Polling-Optimierung und Release-Haertung | [f12711d](https://github.com/tomtastisch/FileClassifier/commit/f12711d) | patch | | `5.1.1` | Dependabot security-only mode und fail-closed Guards fuer secret-pflichtige Workflows | [d0ad8ec](https://github.com/tomtastisch/FileClassifier/commit/d0ad8ec) | patch | -| `5.1.0` | Security/Governance hardening wave: pinned actions, dependency review, labeler fixes, root assurance index | [e2a4a42](https://github.com/tomtastisch/FileClassifier/commit/e2a4a42) | minor | -| `5.0.0` | Finalize hashing API rename to EvidenceHashing and add optional HMAC digests | [444d027](https://github.com/tomtastisch/FileClassifier/commit/444d027) | breaking | -| `4.2.1` | Bump version to 4.2.1 for quality-gate hardening | [8ab274d](https://github.com/tomtastisch/FileClassifier/commit/8ab274d) | chore | -| `4.2.0` | docs: fix root readme parity, link sha targets, and preflight version gate | [9691bec](https://github.com/tomtastisch/FileClassifier/commit/9691bec) | docs | -| `4.1.3` | docs: deterministic restructure with SHA-locked links and policy-roc gate | [90a2825](https://github.com/tomtastisch/FileClassifier/commit/90a2825) | docs | -| `4.1.2` | chore(version): bump version for xunit v3 migration release | [d1ed2a9](https://github.com/tomtastisch/FileClassifier/commit/d1ed2a9) | chore | -| `4.1.1` | chore(version): bump patch version to satisfy CI guard | [d67050c](https://github.com/tomtastisch/FileClassifier/commit/d67050c) | chore | -| `4.1.0` | chore: update version to 4.1.0 and improve versioning logic | [a3dfe23](https://github.com/tomtastisch/FileClassifier/commit/a3dfe23) | chore | -| `4.0.0` | chore(versioning): bump baseline to 4.0.0 | [2a78f97](https://github.com/tomtastisch/FileClassifier/commit/2a78f97) | chore | -| `3.0.24` | docs: fix umlaut spellings | [22d40b9](https://github.com/tomtastisch/FileClassifier/commit/22d40b9) | docs | -| `3.0.23` | docs: normalize markdown language | [90310a0](https://github.com/tomtastisch/FileClassifier/commit/90310a0) | docs | -| `3.0.22` | docs: unify markdown structure and add maintenance checklists | [cb3341d](https://github.com/tomtastisch/FileClassifier/commit/cb3341d) | docs | -| `3.0.21` | docs(guides): unify structure and add step-by-step checklists with examples | [5f5c6ab](https://github.com/tomtastisch/FileClassifier/commit/5f5c6ab) | docs | -| `3.0.20` | docs: add guides for options and datatype extensions (#5) | [392c628](https://github.com/tomtastisch/FileClassifier/commit/392c628) | docs | -| `3.0.19` | docs(guides): add options and datatype extension playbooks | [1427e1e](https://github.com/tomtastisch/FileClassifier/commit/1427e1e) | docs | -| `3.0.18` | Refactor: deterministic hashing, archive hardening, and test/CI stabilization (#4) | [374732a](https://github.com/tomtastisch/FileClassifier/commit/374732a) | refactor | -| `3.0.17` | tooling(test): simplify readable output and strip technical test noise | [514922c](https://github.com/tomtastisch/FileClassifier/commit/514922c) | tooling | -| `3.0.16` | ci(docs): validate markdown heading anchors in link checker | [02884ff](https://github.com/tomtastisch/FileClassifier/commit/02884ff) | ci | -| `3.0.15` | ci(docs): add markdown link check gate | [cdbdfbd](https://github.com/tomtastisch/FileClassifier/commit/cdbdfbd) | ci | -| `3.0.14` | docs(structure): enforce readme coverage and update all abstraction references | [0d4cc5e](https://github.com/tomtastisch/FileClassifier/commit/0d4cc5e) | docs | -| `3.0.13` | docs(readme): add abstractions folder hierarchy graphic | [5853dd9](https://github.com/tomtastisch/FileClassifier/commit/5853dd9) | docs | -| `3.0.12` | docs(abstractions): finalize references after model folder split | [afdc592](https://github.com/tomtastisch/FileClassifier/commit/afdc592) | docs | +| `5.1.0` | Security-/Governance-Haertungswelle: gepinnte Actions, Dependency-Review, Labeler-Fixes, Root-Assurance-Index | [e2a4a42](https://github.com/tomtastisch/FileClassifier/commit/e2a4a42) | minor | +| `5.0.0` | Hashing-API-Rename auf `EvidenceHashing` finalisiert und optionale HMAC-Digests hinzugefuegt | [444d027](https://github.com/tomtastisch/FileClassifier/commit/444d027) | breaking | +| `4.2.1` | Version auf 4.2.1 fuer Quality-Gate-Haertung angehoben | [8ab274d](https://github.com/tomtastisch/FileClassifier/commit/8ab274d) | chore | +| `4.2.0` | Dokumentation: Root-README-Paritaet korrigiert, SHA-Links angepasst und Preflight-Version-Gate haerter gemacht | [9691bec](https://github.com/tomtastisch/FileClassifier/commit/9691bec) | docs | +| `4.1.3` | Dokumentation: deterministische Restrukturierung mit SHA-fixierten Links und Policy-RoC-Gate | [90a2825](https://github.com/tomtastisch/FileClassifier/commit/90a2825) | docs | +| `4.1.2` | Versionierungs-Chore: Versionsbump fuer xUnit-v3-Migrationsrelease | [d1ed2a9](https://github.com/tomtastisch/FileClassifier/commit/d1ed2a9) | chore | +| `4.1.1` | Versionierungs-Chore: Patch-Version erhoeht, um CI-Guard zu erfuellen | [d67050c](https://github.com/tomtastisch/FileClassifier/commit/d67050c) | chore | +| `4.1.0` | Version auf 4.1.0 aktualisiert und Versionierungslogik verbessert | [a3dfe23](https://github.com/tomtastisch/FileClassifier/commit/a3dfe23) | chore | +| `4.0.0` | Versionierungs-Basislinie auf 4.0.0 angehoben | [2a78f97](https://github.com/tomtastisch/FileClassifier/commit/2a78f97) | chore | +| `3.0.24` | Dokumentation: Umlaut-Schreibweisen korrigiert | [22d40b9](https://github.com/tomtastisch/FileClassifier/commit/22d40b9) | docs | +| `3.0.23` | Dokumentation: Markdown-Sprache normalisiert | [90310a0](https://github.com/tomtastisch/FileClassifier/commit/90310a0) | docs | +| `3.0.22` | Dokumentation: Struktur vereinheitlicht und Wartungs-Checklisten ergaenzt | [cb3341d](https://github.com/tomtastisch/FileClassifier/commit/cb3341d) | docs | +| `3.0.21` | Dokumentation (Guides): Struktur vereinheitlicht und Schritt-fuer-Schritt-Checklisten mit Beispielen ergaenzt | [5f5c6ab](https://github.com/tomtastisch/FileClassifier/commit/5f5c6ab) | docs | +| `3.0.20` | Dokumentation: Leitfaeden fuer Optionen und Datentyp-Erweiterungen hinzugefuegt (#5) | [392c628](https://github.com/tomtastisch/FileClassifier/commit/392c628) | docs | +| `3.0.19` | Dokumentation (Guides): Playbooks fuer Optionen und Datentyp-Erweiterungen hinzugefuegt | [1427e1e](https://github.com/tomtastisch/FileClassifier/commit/1427e1e) | docs | +| `3.0.18` | Refactor: deterministisches Hashing, Archive-Haertung und Test/CI-Stabilisierung (#4) | [374732a](https://github.com/tomtastisch/FileClassifier/commit/374732a) | refactor | +| `3.0.17` | Tooling (Test): lesbares Ausgabeformat vereinfacht und technisches Testrauschen reduziert | [514922c](https://github.com/tomtastisch/FileClassifier/commit/514922c) | tooling | +| `3.0.16` | CI (Docs): Markdown-Heading-Anker im Link-Checker validiert | [02884ff](https://github.com/tomtastisch/FileClassifier/commit/02884ff) | ci | +| `3.0.15` | CI (Docs): Markdown-Link-Check als Gate hinzugefuegt | [cdbdfbd](https://github.com/tomtastisch/FileClassifier/commit/cdbdfbd) | ci | +| `3.0.14` | Dokumentation (Struktur): README-Abdeckung erzwungen und Abstraction-Referenzen aktualisiert | [0d4cc5e](https://github.com/tomtastisch/FileClassifier/commit/0d4cc5e) | docs | +| `3.0.13` | Dokumentation (README): Grafik fuer Abstractions-Ordnerhierarchie hinzugefuegt | [5853dd9](https://github.com/tomtastisch/FileClassifier/commit/5853dd9) | docs | +| `3.0.12` | Dokumentation (Abstractions): Referenzen nach Model-Ordnersplit finalisiert | [afdc592](https://github.com/tomtastisch/FileClassifier/commit/afdc592) | docs | | `3.0.11` | refactor(abstractions): split models into detection archive hashing folders | [f25256f](https://github.com/tomtastisch/FileClassifier/commit/f25256f) | refactor | | `3.0.10` | tooling(test): render bdd-readable output as clean per-test blocks | [268afe5](https://github.com/tomtastisch/FileClassifier/commit/268afe5) | tooling | | `3.0.9` | test(core): add fail-closed internals coverage and raise ci gates | [27659c8](https://github.com/tomtastisch/FileClassifier/commit/27659c8) | test | From 96dff352805ca9d53ecfacbf7ee88c165c15815c Mon Sep 17 00:00:00 2001 From: GitHub Copilot Agent Date: Mon, 16 Feb 2026 08:40:42 +0100 Subject: [PATCH 2/2] docs(doku): review-feedback sprachlich nachschaerfen --- docs/audit/011_SECURITY_BENCHMARK.MD | 2 +- docs/governance/003_POLICY_VERSIONING_SVT.MD | 2 +- docs/governance/006_INDEX_CI_RULES.MD | 2 +- docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/audit/011_SECURITY_BENCHMARK.MD b/docs/audit/011_SECURITY_BENCHMARK.MD index 21cbdb4..22620b0 100644 --- a/docs/audit/011_SECURITY_BENCHMARK.MD +++ b/docs/audit/011_SECURITY_BENCHMARK.MD @@ -4,7 +4,7 @@ # Security-Policy-Benchmark (Stand: 2026-02-13) -## 1. Ziel und Scope +## 1. Ziel und Geltungsbereich Vergleich der Security-Policy-Reife von `tomtastisch/FileClassifier` (PR-Branch `tomtastisch-patch-1`) mit verbreiteten .NET-Open-Source-Repositories anhand nachweisbarer GitHub- und Repository-Fakten. Dieser Benchmark ist ein Snapshot vor dem Merge in `main` (Stand 2026-02-13). diff --git a/docs/governance/003_POLICY_VERSIONING_SVT.MD b/docs/governance/003_POLICY_VERSIONING_SVT.MD index 976a4db..3a71123 100644 --- a/docs/governance/003_POLICY_VERSIONING_SVT.MD +++ b/docs/governance/003_POLICY_VERSIONING_SVT.MD @@ -19,7 +19,7 @@ Fuer das kanonische Paket `Tomtastisch.FileClassifier` MUESSEN die folgenden Wer - veroeffentlichte NuGet-Version `X.Y.Z` (Release-Job) ## 4. SHALL-Statements -- Release-Tags SHALL Prefix `v` und semantischen Versionskern verwenden (`vMAJOR.MINOR.PATCH`). +- Release-Tags SHALL den Prefix `v` sowie einen semantischen Versionskern verwenden (`vMAJOR.MINOR.PATCH`). - Der Release-Pack-Schritt SHALL `VERSION=${GITHUB_REF_NAME#v}` ableiten. - `dotnet pack` SHALL `-p:Version=$VERSION -p:PackageVersion=$VERSION` setzen. - CI SHALL bei Mehrdeutigkeit fail-closed abbrechen (z. B. mehrere passende Tags auf HEAD). diff --git a/docs/governance/006_INDEX_CI_RULES.MD b/docs/governance/006_INDEX_CI_RULES.MD index 87b36fa..4bfa6ad 100644 --- a/docs/governance/006_INDEX_CI_RULES.MD +++ b/docs/governance/006_INDEX_CI_RULES.MD @@ -4,7 +4,7 @@ # CI-Richtlinienregeln -| rule_id | datei | +| rule_id | Datei | | --- | --- | | `CI-ARTIFACT-000` | `tools/ci/policies/rules/artifact_contract.yaml` | | `CI-DOCS-000` | `tools/ci/policies/rules/docs_drift.yaml` | diff --git a/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD b/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD index 7828c44..b36468c 100644 --- a/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD +++ b/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD @@ -9,7 +9,7 @@ Dieser Leitfaden beschreibt die Migration vom veralteten Paket `Tomtastisch.File ## Warum - Das Legacy-Paket ist veraltet und auf NuGet.org unlisted. -- Das kanonische Paket erhaelt laufende Updates und policy-gestuetzte CI-Validierung. +- Das kanonische Paket erhaelt laufende Updates und Policy-gestuetzte CI-Validierung. - Der oeffentliche Root-Namespace ist auf `Tomtastisch.FileClassifier` vereinheitlicht (Level-3 Public-Surface-Rename). ## PackageReference-Migration