CerbiStream 1.1.73

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package CerbiStream --version 1.1.73
                    


                    

                
NuGet\Install-Package CerbiStream -Version 1.1.73
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="CerbiStream" Version="1.1.73" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="CerbiStream" Version="1.1.73" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="CerbiStream" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add CerbiStream --version 1.1.73
                    


                    

                
#r "nuget: CerbiStream, 1.1.73"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package CerbiStream@1.1.73
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=CerbiStream&version=1.1.73
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=CerbiStream&version=1.1.73
                    


                            Install as a Cake Tool

CerbiStream — Governance‑Enforced, PII‑Safe Logging for .NET

CerbiStream is a drop‑in governance layer for .NET logging that validates, redacts, tags, and optionally encrypts logs at runtime before they reach any sink. Use your existing pipeline (Microsoft.Extensions.Logging, Serilog adapters) while adding policy‑driven safety, consistency, and ML‑ready metadata.

Key features

  • Governance rules (runtime enforcement)
    • Validate payloads against a governance profile; add GovernanceViolations, GovernanceProfileVersion, and GovernanceRelaxed tags.
    • Redact disallowed/forbidden fields in‑place using case‑insensitive matching.
  • Redaction
    • Automatic redaction of forbidden/disallowed fields derived from runtime violations and policy (cerbi_governance.json).
  • Runtime validation
    • Backed by Cerbi.Governance.Runtime; hot‑reload policy via file watcher when the profile changes.
  • Analyzer integration
    • Pair with Cerbi analyzers to prevent unsafe logging during development (lint for risky fields and missing governance context).
  • Performance
    • Allocation‑aware adapter with pooled dictionaries and streaming JSON parsing for violation fields.
    • Minimal dev mode and benchmark mode for hot paths.
  • Encryption
    • Optional AES/Base64 for file fallback logs; rotation service for encrypted files.
  • ML‑ready metadata
    • Consistent keys and governance tags enable reliable analytics and model features.

Why CerbiStream vs Serilog / NLog / OpenTelemetry?

CerbiStream is not a sink or a general‑purpose logger; it’s a governance and safety layer that sits in front of your sinks.

  • Serilog/NLog: excellent structured logging and rich sinks. They don’t enforce governance policies (required fields, forbidden fields, runtime redaction) out of the box. CerbiStream adds policy enforcement and verification across any sinks you already use.
  • OpenTelemetry: excellent telemetry pipeline. It does not perform policy‑based field governance or PII enforcement for application logs. CerbiStream complements OTEL by validating/redacting application payloads before export.
  • CerbiStream focuses on governance, redaction, and runtime verification so teams can prove “PII‑safe logging” and consistent schemas without replacing their stack.

When to use CerbiStream:

  • You need .NET logging governance with explicit profiles and enforcement.
  • You must guarantee PII‑safe logging before data leaves the process.
  • You want runtime validation plus analyzer‑time feedback.
  • You need safe defaults with opt‑in relaxation for controlled diagnostics.

Quickstart (≤ 60 seconds)

  1. Install package
Install-Package CerbiStream
# or
 dotnet add package CerbiStream
  1. Add a minimal governance profile file (next to your app): cerbi_governance.json
{
  "Version": "1.0.0",
  "LoggingProfiles": {
    "default": {
      "DisallowedFields": ["ssn", "creditCard"],
      "FieldSeverities": { "password": "Forbidden" }
    }
  }
}
  1. Wire CerbiStream into Microsoft.Extensions.Logging
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using CerbiStream.Configuration; // AddCerbiStream / AddCerbiGovernanceRuntime

var host = Host.CreateDefaultBuilder(args)
    .ConfigureLogging(logging =>
    {
        logging.ClearProviders();
        logging.AddConsole();

        // Option A: Wrap an inner factory with governance
        var innerFactory = LoggerFactory.Create(b => b.AddConsole());
        logging.AddCerbiGovernanceRuntime(innerFactory, profileName: "default", configPath: "./cerbi_governance.json");

        // Option B: Opinionated registration with options
        logging.AddCerbiStream(options =>
        {
            options
                .WithFileFallback("logs/fallback.json", "logs/primary.json")
                .WithAesEncryption()
                .WithEncryptionKey(
                    System.Text.Encoding.UTF8.GetBytes("1234567890123456"),
                    System.Text.Encoding.UTF8.GetBytes("1234567890123456"))
                .WithGovernanceChecks(true)
                .WithTelemetryEnrichment(true);
        });

        // Optional health + metrics endpoints (ASP.NET Core)
        logging.AddCerbiStreamHealthChecks();
    })
    .Build();

await host.RunAsync();
  1. Log as usual
var logger = host.Services.GetRequiredService<ILogger<Program>>();
logger.LogInformation("User signup", new { email = "a@b.com", ssn = "111-11-1111" });

Result: Disallowed/forbidden fields are redacted, and governance tags are added before any sink processes the log.

Governance example: before vs after

  • Before (unsafe):
{"message":"User signup","email":"a@b.com","ssn":"111-11-1111"}
  • After (governed by CerbiStream):
{
  "message": "User signup",
  "email": "a@b.com",
  "ssn": "***REDACTED***",
  "GovernanceViolations": [
    { "Code": "ForbiddenField", "Field": "ssn" }
  ],
  "GovernanceProfileVersion": "1.0.0"
}

Opt‑in relaxation for intentional diagnostics:

logger.LogInformation("debug payload", new { GovernanceRelaxed = true, dump = secretPayload });

Governance profile (JSON) template

{
  "Version": "1.0.0",
  "LoggingProfiles": {
    "default": {
      "RequiredFields": ["message", "timestamp"],
      "ForbiddenFields": ["password"],
      "DisallowedFields": ["ssn", "creditCard"],
      "FieldSeverities": {
        "password": "Forbidden",
        "creditCard": "Forbidden"
      },
      "SensitiveTags": ["PII", "Secret"],
      "Encryption": {
        "Mode": "AES",
        "RotateEncryptedFiles": true
      }
    }
  }
}

Notes

  • DisallowedFields and any field with severity Forbidden will be redacted.
  • RequiredFields are validated by the governance runtime and raised as violations when missing.
  • Store profiles under version control; Cerbi’s file watcher hot‑reloads updates.

Performance

Benchmark highlights (Release, .NET 8, local dev representative):

Scenario Relative throughput
Baseline (MEL console) 1.00x
Serilog console 0.95x–1.05x
NLog console 0.9x–1.0x
CerbiStream governance + console ~0.9x–0.98x

What makes it fast

  • Allocation‑aware adapter with pooled Dictionary<string,object> and pooled HashSet<string>.
  • Streaming parse of GovernanceViolations with Utf8JsonReader (no JsonDocument allocations for strings).
  • Short‑circuit for GovernanceRelaxed.

Run the repo’s benchmarks

  • Windows: scripts/bench.ps1
  • Linux/macOS: scripts/bench.sh
  • Or run BenchmarkSuite1 directly: dotnet run --project BenchmarkSuite1/BenchmarkSuite1.csproj -c Release -- --join --runtimes net8.0

Integration

  • Microsoft.Extensions.Logging (MEL): primary integration via AddCerbiStream or AddCerbiGovernanceRuntime.
  • Serilog: use Cerbi governance runtime to wrap a Serilog‑backed ILoggerFactory so governance runs before Serilog sinks.
  • OpenTelemetry: continue exporting via OTEL; CerbiStream governs fields before export.
  • Runtime enforcement uses Cerbi.Governance.Core and Cerbi.Governance.Runtime under the hood.

FAQ

  • Does this replace Serilog?

    • No. CerbiStream is a governance layer. Keep Serilog/NLog/OTEL; add Cerbi to enforce policies and redaction.

  • What about performance?

    • The adapter is allocation‑aware and competitive with top loggers. See benchmark notes above and run the included suite.

  • What if governance is disabled or relaxed?

    • If disabled, CerbiStream behaves like a thin provider. If a log sets GovernanceRelaxed = true, enforcement/redaction is skipped for that entry.

Call to action

  • Star the repo if this helps you build safer logging.
  • Open an issue to request integrations (Fluentd, Alloy, Loki, etc.).

Appendix: .NET logging governance topics (SEO)

  • .NET logging governance
  • PII‑safe logging for .NET
  • Runtime log redaction for C#
  • Policy‑driven structured logging
  • Governance profiles and analyzer‑assisted safety
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.103 59 3/20/2026
1.1.102 93 2/27/2026
1.1.95 104 2/12/2026
1.1.94 104 2/10/2026
1.1.91 103 2/4/2026
1.1.88 110 1/31/2026
1.1.87 111 1/31/2026
1.1.86 164 1/1/2026
1.1.85 116 12/29/2025
1.1.84 103 12/29/2025
1.1.83 136 12/21/2025
1.1.82 1,088 12/19/2025
1.1.80 846 12/3/2025
1.1.79 680 12/3/2025
1.1.78 213 11/25/2025
1.1.77 264 11/22/2025
1.1.76 258 11/22/2025
1.1.75 254 11/22/2025
1.1.74 194 11/15/2025
1.1.73 201 11/15/2025
Loading failed

See docs/RELEASE-NOTES.md