Stratara.Mediator 3.1.3

.NET 10.0

dotnet add package Stratara.Mediator --version 3.1.3

NuGet\Install-Package Stratara.Mediator -Version 3.1.3

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Stratara.Mediator" Version="3.1.3" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Stratara.Mediator" Version="3.1.3" />
                    

                            Directory.Packages.props

<PackageReference Include="Stratara.Mediator" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Stratara.Mediator --version 3.1.3

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Stratara.Mediator, 3.1.3"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Stratara.Mediator@3.1.3

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Stratara.Mediator&version=3.1.3
                    

                            Install as a Cake Addin

#tool nuget:?package=Stratara.Mediator&version=3.1.3
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Stratara.Mediator

License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.

In-process mediator with DI-resolved handlers and pipeline behaviors. Drop-in replacement for MediatR-style routing without the runtime cost of MethodInfo.Invoke — uses a typed wrapper cache and direct DI dispatch.

Quick start

services.AddMediator()
    .AddCommandHandlersFromAssemblyContaining<Program>()
    .AddQueryHandlersFromAssemblyContaining<Program>()
    .AddPipelineBehaviorWithResult(typeof(LoggingBehavior<,>))
    .AddPipelineBehavior(typeof(LoggingBehavior<>));

// Optional: wrap in authorization decorator
services.AddAuthorizingMediator<MyAuthorizationProvider>();

What's in the box

IMediator.HandleAsync<TResult>(IRequest<TResult>, CancellationToken) — routes queries and commands-with-result to IQueryHandler<TRequest, TResult> through any registered IPipelineBehavior<TRequest, TResult> chain.
IMediator.HandleAsync<TRequest>(TRequest, CancellationToken) — routes void commands to ICommandHandler<TRequest> through any registered IPipelineBehavior<TRequest> chain.
AuthorizingMediator decorator — checks [RequireRole] attributes on the request type via IAuthorizationProvider before delegating to the inner mediator.
BucketLockPool — concurrency primitive that serialises IAggregateScopedCommand dispatch per bucket id. Used by message-bus consumers (e.g. Stratara.Infrastructure's MediatorCommandWorker) to keep aggregate writes single-writer.

Pipeline behavior contract

Behaviors run outer-to-inner in DI registration order:

public sealed class LoggingBehavior<TRequest, TResult> : IPipelineBehavior<TRequest, TResult>
    where TRequest : IRequest<TResult>
{
    public async Task<TResult> HandleAsync(
        TRequest request, Func<Task<TResult>> next, CancellationToken cancellationToken)
    {
        // before
        var result = await next();
        // after
        return result;
    }
}

Tenant isolation

AddStrataraTenantIsolation() registers a pipeline behavior that enforces tenant isolation at the mediator entrance — before the handler runs — for any request that opts in by implementing the ITenantScopedRequest marker. Requests that do not implement the marker pass through untouched.

public sealed record GetCustomerQuery(Guid CustomerId, Guid TenantId)
    : IQuery<CustomerDto>, ITenantScopedRequest;

services
    .AddStrataraValidation()           // validation stays outermost
    .AddStrataraTenantIsolation();     // then tenant isolation

The behavior compares the request's TenantId (the data owner) against the ambient session's data-owner tenant (SessionContext.TenantId), not the actor tenant (SessionContext.ActorTenantId). A request whose payload names a different tenant than the established session subject is rejected with TenantAccessDeniedException (translated to HTTP 403 by AuthorizationExceptionMiddleware on ASP.NET hosts; surfaced through the message-failure path on workers).

Default vs. strict mode

TenantIsolationMode.Default — enforces only the subject match. A privileged cross-tenant operation (actor tenant ≠ data-owner tenant) passes, because the calling endpoint is expected to have promoted the session's data-owner tenant to the target before dispatch.
TenantIsolationMode.Strict — additionally routes every cross-tenant operation through an ICrossTenantAuthorizer. Stratara registers a deny-all default (via TryAdd), so strict mode rejects all cross-tenant access until you register your own authorizer that grants it:

services.AddStrataraTenantIsolation(o => o.Mode = TenantIsolationMode.Strict);
services.AddScoped<ICrossTenantAuthorizer, PlatformAdminCrossTenantAuthorizer>();

internal sealed class PlatformAdminCrossTenantAuthorizer(IHttpContextAccessor http)
    : ICrossTenantAuthorizer
{
    public ValueTask<bool> IsCrossTenantAllowedAsync(SessionContext session, CancellationToken ct) =>
        ValueTask.FromResult(http.HttpContext?.User.IsInRole("PlatformAdmin") ?? false);
}

The behavior runs both in-process (queries via IMediator at the endpoint, where HttpContext is available) and worker-side (commands dispatched through the outbox, where there is no HttpContext). An ICrossTenantAuthorizer that needs request-role state should be applied on the in-process path; the worker path must base its decision on the SessionContext alone.

Dependencies

Stratara.Abstractions — for IMediator/IRequest/ICommand/IQuery/IPipelineBehavior contracts, plus ITenantScopedRequest/ICrossTenantAuthorizer/TenantAccessDeniedException.
Stratara.Diagnostics — log-event IDs for the tenant-isolation behavior.
Microsoft.Extensions.DependencyInjection.Abstractions.
Microsoft.Extensions.Logging.Abstractions.
OpenTelemetry.Api — emits an Activity per dispatch under the Stratara.Application source.

No EF Core, no message bus, no event sourcing. Library-safe.

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- JetBrains.Annotations (>= 2025.2.4)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Hosting.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.8)
- OpenTelemetry.Api (>= 1.15.3)
- Stratara.Abstractions (>= 3.1.3)
- Stratara.Diagnostics (>= 3.1.3)

NuGet packages (3)

Showing the top 3 NuGet packages that depend on Stratara.Mediator:

Package	Downloads
Stratara.Validation Vendor-neutral request validation for the Stratara framework — a mediator pipeline behavior that runs IValidator<T> implementations before the handler and throws an aggregated StrataraValidationException on failure. No FluentValidation dependency; an optional adapter is shipped separately.	951
Stratara.Outbox.RabbitMQ Outbox-pattern command and event dispatch for the Stratara event-sourced stack — RabbitMQ IMessageBus implementation, retry worker, mediator command worker, and Redis-coordinated projection-replay state. Azure Service Bus support ships as the sibling Stratara.Outbox.AzureServiceBus package.	685
Stratara.Infrastructure Infrastructure glue for the Stratara framework — authorization decorators, configuration providers, and DI composition helpers that wire Mediator, Outbox, Identity, and EF Core into a hosted app.	594

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
3.1.3	75	6/10/2026
3.1.2	161	6/5/2026
3.1.1	707	6/1/2026
3.1.0	144	5/30/2026
3.0.23	142	5/28/2026

### Added

- **Mediator tenant-isolation behavior** (`Stratara.Mediator`) — `AddStrataraTenantIsolation()`
registers a pipeline behavior that enforces tenant isolation at the mediator entrance, before the
handler runs, for any request that opts in via the new `ITenantScopedRequest` marker
(`Stratara.Abstractions.Multitenancy`). The behavior compares the request's `TenantId` (data owner)
against the ambient session's data-owner tenant and rejects a mismatch with the new
`TenantAccessDeniedException` (translated to HTTP 403 on ASP.NET hosts). `TenantIsolationMode.Default`
enforces only the subject match (privileged cross-tenant operations pass when the endpoint promoted
the session subject to the target); `TenantIsolationMode.Strict` additionally routes every
cross-tenant operation through the new `ICrossTenantAuthorizer`, whose shipped default denies all
cross-tenant access until a consumer registers its own authorizer. Complements the existing
database-side `ApplyGlobalTenantQueryFilters` with a command-/query-entrance guard. New log-event
IDs `114_101`/`114_102`/`114_003` in `Stratara.Diagnostics`.
- **`Stratara.Abstractions.Persistence.ConcurrencyConflictException`** — provider-agnostic
wrapper for an optimistic-concurrency conflict detected during commit. Allows framework-level
code in `Stratara.Projections` (and any consumer outside the `EntityFrameworkCore` package) to
react to concurrency without taking an EF Core dependency. EF Core's `DbUpdateConcurrencyException`
(and provider equivalents) flow through this type.

### Changed

- **`EfTransaction.SaveChangesAsync`** (in `Stratara.EventSourcing.EntityFrameworkCore`) now
wraps `DbUpdateConcurrencyException` thrown by EF Core in the new
`ConcurrencyConflictException`. PostgreSQL unique-violation paths remain on `DbUpdateException`
(different semantics — duplicate-key on insert vs. stale-row on update/delete).
- **`EventSource.SaveChangesAsync`** (write-side append flow) extends its concurrency-handling
catch to the new exception type so the existing append-conflict recovery path keeps working
after the wrap. Behaviour for both EF concurrency conflicts and PostgreSQL unique violations
is unchanged.

### Fixed

- **`TenantProjection` no longer aborts the event bundle on a parallel delete race.** The two
delete handlers (`TenantDeleted`, `CustomerTenantsDeleted`) now swallow
`ConcurrencyConflictException` silently — a missing row is the desired end-state of a delete.
Before this fix, a consumer-side customer-delete cascade saga that emits both
`CustomerTenantsDeleted` and a follow-up `TenantDeleted` for the same tenants would race the
two parallel projection bundles on the same `TenantView` row; the loser threw
`DbUpdateConcurrencyException` out of `SaveChangesAsync`, which propagated through
`ProjectionWorker` and caused `RabbitMqBus` to roll back the entire bundle — including
sibling projections that had already committed. Update handlers (rename / activate /
deactivate / locale / customer-assigned) keep their current behaviour: a concurrency failure
there is a real race that propagates.