CipherShift365 -- Architecture Overview
Stakeholders and Concerns
| Stakeholder |
Primary concerns |
| CISO / Compliance (A1) |
Accuracy & defensibility; auditability; offline guarantee |
| .NET Developer (A2) |
Simple, stable SDK; crypto-agility without code change; no production drag |
| Security Architect / Consultant (A3) |
One coherent lifecycle; consistent classification |
| DevOps / SRE (A4) |
Host non-disruption; SIEM fit; safe failure modes |
| Procurement / Supplier (A5) |
Independently verifiable, signed evidence |
| Owner / 365 Architect |
Maintainability; IP protection; buildable by one person |
Composition View
flowchart TB
subgraph AE["Analysis Engine -- shared, BUILD-TIME only"]
SRC["Source Analyzer (Roslyn)"]
DEP["Dependency Analyzer (IL + catalog)"]
CC["Cert/Config Parser"]
end
subgraph CORE["Shared Core -- lightweight, AOT-friendly"]
KB["Knowledge Base (versioned, signed)"]
CRE["Classification & Recommendation"]
RSE["Risk Scoring Engine"]
CBOM["CBOM Model & Serializer"]
ID["Identity Service"]
SIGN["Signing & Verification"]
POL["Policy Engine"]
end
subgraph COMPASS["Compass (Discover)"]
PLAN["Plan Generator (costed)"]
REP["Report Generator"]
CLI["CLI (dotnet tool)"]
CIT["CI task / GitHub Action"]
end
subgraph VAULT["Vault (Migrate) -- ships INTO customer apps"]
API["Crypto-Agility API"]
PROV["Provider Abstraction + Registry"]
HYB["Hybrid/Composite Engine"]
HDR["Artifact Header Codec"]
KSA["Key-Store Adapter"]
OBS["Observability Emitter"]
end
subgraph GUARD["Guardian (Guard)"]
GATE["CI/CD Gate"]
BM["Baseline Manager"]
RL["Runtime Listener"]
DRIFT["Drift Engine"]
EVT["Event Mapper + SIEM Connectors"]
HRM["Health/Recovery Manager"]
end
COMPASS --> AE
COMPASS --> CORE
AE --> CORE
GATE --> AE
GATE --> POL
GUARD --> CORE
VAULT --> CORE
OBS -.-> RL
DRIFT --> ID
PROV --> KSA
The Three Dependency Rules
- Shared Core is the hub. All three modules depend on Core (KB, classification, scoring, CBOM, identity, signing, policy) and never reimplement it.
- Build-time and runtime dependencies are separated. The Analysis Engine (Roslyn, IL inspection) is heavy and runs only at build time. Vault ships into customers' production applications, so it depends on the lightweight Core only -- never on the Analysis Engine.
- One analysis engine, two consumers. The static analysis engine is a shared component consumed by both Compass (CLI/CI) and Guardian's gate.
Component Catalog
| Component |
Responsibility |
| Knowledge Base |
Versioned, signed classification/recommendation data |
| Classification & Recommendation |
Map findings -- risk + PQC recommendation via KB rules |
| Risk Scoring Engine |
Single risk model + finding/component/system scores |
| CBOM Model & Serializer |
CycloneDX CBOM, deterministic, signable |
| Signing & Verification |
Fail-closed, offline-verifiable signing |
| Policy Engine |
Shared allow/deny + absolute/baseline-aware modes |
| Analysis Engine (Roslyn/IL) |
Shared static analysis consumed by Compass and gate |
| Crypto-Agility API |
Algorithm-agnostic SDK; per-algorithm provider policy |
| Hybrid/Composite Engine |
Composite schemes; self-describing artifacts |
| Gate / Listener / Drift |
Guardian build-time + runtime functions |