ci: fail on deprecated and vulnerable NuGet packages; align server package baselines

Author: MPCoreDeveloper

.github/copilot-instructions.md

@@ -6,10 +6,17 @@
 - Provide periodic progress updates while work is ongoing to ensure the assistant is not stuck.
 
 ## Code Style
-- Use specific formatting rules
-- Follow naming conventions
+- Use specific formatting rules.
+- Follow naming conventions.
+- Use native .NET 10 code and C# 14 across SharpCoreDB; do not suggest downgrading framework or assuming pre-.NET 10 context.
+
+## Package Policy
+- Prefer latest stable released NuGet packages and package versions.
+- Prefer Microsoft-backed packages by default.
+- If a non-Microsoft package is used (e.g., Serilog), keep it on latest stable and avoid deprecated versions.
+- Avoid prerelease packages unless explicitly requested.
 
 ## Project-Specific Rules
-- Custom requirement A
-- Custom requirement B
+- Custom requirement A.
+- Custom requirement B.
 - Require full SQLite compatibility: SharpCoreDB sync and provider must support all SQLite syntax/features users could use, never less; extra capabilities are fine.

.github/dependabot.yml

@@ -0,0 +1,37 @@
+version: 2
+updates:
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "06:00"
+      timezone: "Europe/Amsterdam"
+    open-pull-requests-limit: 20
+    labels:
+      - "dependencies"
+      - "nuget"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    groups:
+      dotnet-microsoft:
+        patterns:
+          - "Microsoft.*"
+          - "System.*"
+          - "Aspire.*"
+          - "Grpc.*"
+          - "OpenTelemetry.*"
+      serilog:
+        patterns:
+          - "Serilog*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/Amsterdam"
+    labels:
+      - "dependencies"
+      - "github-actions"

.github/workflows/ci.yml

@@ -42,6 +42,44 @@ jobs:
     - name: Restore dependencies
       run: dotnet restore SharpCoreDB.CI.slnf
 
+    - name: Fail on deprecated NuGet packages
+      shell: pwsh
+      run: |
+        $output = dotnet list SharpCoreDB.CI.slnf package --deprecated
+        $outputText = $output | Out-String
+        Write-Host $outputText
+
+        if ($LASTEXITCODE -ne 0) {
+          Write-Error "Failed to evaluate deprecated packages."
+          exit $LASTEXITCODE
+        }
+
+        if ($outputText -match "has the following deprecated packages") {
+          Write-Error "Deprecated NuGet packages detected. CI is configured to fail."
+          exit 1
+        }
+
+        Write-Host "No deprecated NuGet packages detected."
+      
+    - name: Fail on vulnerable NuGet packages
+      shell: pwsh
+      run: |
+        $output = dotnet list SharpCoreDB.CI.slnf package --vulnerable
+        $outputText = $output | Out-String
+        Write-Host $outputText
+
+        if ($LASTEXITCODE -ne 0) {
+          Write-Error "Failed to evaluate vulnerable packages."
+          exit $LASTEXITCODE
+        }
+
+        if ($outputText -match "has the following vulnerable packages") {
+          Write-Error "Vulnerable NuGet packages detected. CI is configured to fail."
+          exit 1
+        }
+
+        Write-Host "No vulnerable NuGet packages detected."
+      
     - name: Build
       run: dotnet build SharpCoreDB.CI.slnf --configuration Release --no-restore /p:ContinuousIntegrationBuild=true
 

src/SharpCoreDB.Client.Protocol/SharpCoreDB.Client.Protocol.csproj

@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>14.0</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    
+    <!-- Assembly info -->
+    <AssemblyName>SharpCoreDB.Client.Protocol</AssemblyName>
+    <Version>1.5.0</Version>
+    <Description>Client-side protocol implementation for SharpCoreDB (gRPC, binary)</Description>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <!-- gRPC & Protobuf (latest stable) -->
+    <PackageReference Include="Grpc.Net.Client" Version="2.70.0" />
+    <PackageReference Include="Google.Protobuf" Version="3.29.3" />
+    <PackageReference Include="Grpc.Tools" Version="2.70.0" PrivateAssets="All" />
+    
+    <!-- Include .proto files (shared with server) -->
+    <Protobuf Include="..\SharpCoreDB.Server.Protocol\Protos\*.proto" GrpcServices="Client" Link="Protos\%(Filename)%(Extension)" />
+  </ItemGroup>
+
+</Project>

src/SharpCoreDB.Client/SharpCoreDB.Client.csproj

@@ -0,0 +1,40 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>14.0</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    
+    <!-- Assembly info -->
+    <AssemblyName>SharpCoreDB.Client</AssemblyName>
+    <Version>1.5.0</Version>
+    <Description>.NET client library for SharpCoreDB network server (ADO.NET-like API)</Description>
+    
+    <!-- NuGet packaging -->
+    <PackageId>SharpCoreDB.Client</PackageId>
+    <Authors>MPCoreDeveloper</Authors>
+    <Company>SharpCoreDB</Company>
+    <Product>SharpCoreDB.Client</Product>
+    <PackageTags>database;client;grpc;adonet;sharpcoredb</PackageTags>
+    <PackageLicenseExpression>MIT</PackageLicenseExpression>
+    <PackageProjectUrl>https://github.com/MPCoreDeveloper/SharpCoreDB</PackageProjectUrl>
+    <RepositoryUrl>https://github.com/MPCoreDeveloper/SharpCoreDB</RepositoryUrl>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <!-- gRPC Client (latest stable) -->
+    <PackageReference Include="Grpc.Net.Client" Version="2.70.0" />
+    <PackageReference Include="Google.Protobuf" Version="3.29.3" />
+    
+    <!-- Connection pooling -->
+    <PackageReference Include="Microsoft.Extensions.ObjectPool" Version="10.0.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <!-- Project references -->
+    <ProjectReference Include="..\SharpCoreDB.Client.Protocol\SharpCoreDB.Client.Protocol.csproj" />
+  </ItemGroup>
+
+</Project>

src/SharpCoreDB.Server.Core/SharpCoreDB.Server.Core.csproj

@@ -0,0 +1,40 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>14.0</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    
+    <!-- Assembly info -->
+    <AssemblyName>SharpCoreDB.Server.Core</AssemblyName>
+    <Version>1.5.0</Version>
+    <Description>Core server infrastructure for SharpCoreDB network server</Description>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <!-- Core dependencies (.NET 10 - latest stable) -->
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.3" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.3" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.3" />
+    
+    <!-- Async utilities -->
+    <PackageReference Include="System.Threading.Channels" Version="10.0.3" />
+    
+    <!-- Security (latest stable for .NET 10 - updated to non-deprecated) -->
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.4.0" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.4.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <!-- Project references -->
+    <ProjectReference Include="..\SharpCoreDB\SharpCoreDB.csproj" />
+    <ProjectReference Include="..\SharpCoreDB.Server.Protocol\SharpCoreDB.Server.Protocol.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Update="Microsoft.SourceLink.GitHub" Version="10.0.103" />
+  </ItemGroup>
+
+</Project>

src/SharpCoreDB.Server.Protocol/SharpCoreDB.Server.Protocol.csproj

@@ -0,0 +1,31 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>14.0</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    
+    <!-- Assembly info -->
+    <AssemblyName>SharpCoreDB.Server.Protocol</AssemblyName>
+    <Version>1.5.0</Version>
+    <Description>Network protocol definitions for SharpCoreDB server (gRPC, binary, HTTP)</Description>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <!-- gRPC & Protobuf (latest stable for .NET 10) -->
+    <PackageReference Include="Grpc.Core.Api" Version="2.70.0" />
+    <PackageReference Include="Grpc.Tools" Version="2.70.0" PrivateAssets="All" />
+    <PackageReference Include="Google.Protobuf" Version="3.29.3" />
+    
+    <!-- Include .proto files -->
+    <Protobuf Include="Protos\*.proto" GrpcServices="Both" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <!-- Folder for proto files -->
+    <None Remove="Protos\**\*.proto" />
+  </ItemGroup>
+
+</Project>

src/SharpCoreDB.Server/Program.cs

@@ -0,0 +1,125 @@
+// <copyright file="Program.cs" company="MPCoreDeveloper">
+// Copyright (c) 2026 MPCoreDeveloper and GitHub Copilot. All rights reserved.
+// Licensed under the MIT License.
+// </copyright>
+
+using Microsoft.AspNetCore.Server.Kestrel.Core;
+using Serilog;
+using SharpCoreDB.Server.Core;
+
+// Create and configure the host
+var builder = WebApplication.CreateBuilder(args);
+
+// Configure Serilog
+Log.Logger = new LoggerConfiguration()
+    .ReadFrom.Configuration(builder.Configuration)
+    .Enrich.FromLogContext()
+    .WriteTo.Console()
+    .WriteTo.File(
+        "logs/sharpcoredb-server-.log",
+        rollingInterval: RollingInterval.Day,
+        retainedFileCountLimit: 30)
+    .CreateLogger();
+
+builder.Host.UseSerilog();
+
+// Configure Kestrel for gRPC and HTTP
+builder.WebHost.ConfigureKestrel((context, options) =>
+{
+    var config = context.Configuration.GetSection("Server").Get<ServerConfiguration>();
+    if (config is null)
+    {
+        throw new InvalidOperationException("Server configuration is missing");
+    }
+
+    // gRPC endpoint
+    if (config.EnableGrpc)
+    {
+        options.ListenAnyIP(config.GrpcPort, listenOptions =>
+        {
+            listenOptions.Protocols = HttpProtocols.Http2;
+            
+            if (config.Security.TlsEnabled && config.Security.TlsCertificatePath is not null)
+            {
+                listenOptions.UseHttps(config.Security.TlsCertificatePath, config.Security.TlsPrivateKeyPath);
+            }
+        });
+    }
+
+    // HTTP REST API endpoint
+    if (config.EnableHttp)
+    {
+        options.ListenAnyIP(config.HttpPort, listenOptions =>
+        {
+            listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
+        });
+    }
+});
+
+// Add services
+builder.Services.AddGrpc(options =>
+{
+    options.MaxReceiveMessageSize = 100 * 1024 * 1024; // 100MB
+    options.MaxSendMessageSize = 100 * 1024 * 1024;
+});
+
+builder.Services.AddGrpcReflection();
+
+// Add server configuration
+builder.Services.Configure<ServerConfiguration>(
+    builder.Configuration.GetSection("Server"));
+
+// Add core services
+builder.Services.AddSingleton<NetworkServer>();
+
+// Add health checks
+builder.Services.AddHealthChecks();
+
+var app = builder.Build();
+
+// Map gRPC services
+// TODO: Add gRPC service implementations in Phase 1, Week 2
+// app.MapGrpcService<DatabaseServiceImpl>();
+// app.MapGrpcService<VectorSearchServiceImpl>();
+
+// Enable gRPC reflection for development
+if (app.Environment.IsDevelopment())
+{
+    app.MapGrpcReflectionService();
+}
+
+// Map health check endpoint
+app.MapHealthChecks("/health");
+
+// Map REST API endpoints (placeholder)
+app.MapGet("/", () => new
+{
+    name = "SharpCoreDB Server",
+    version = "1.5.0",
+    status = "running",
+    observability = "Serilog + HealthChecks"
+});
+
+// Start the server
+Log.Information("Starting SharpCoreDB Server v1.5.0");
+Log.Information("gRPC endpoint: {GrpcEndpoint}", $"http://localhost:{builder.Configuration["Server:GrpcPort"] ?? "5001"}");
+Log.Information("HTTP endpoint: {HttpEndpoint}", $"http://localhost:{builder.Configuration["Server:HttpPort"] ?? "8080"}");
+
+try
+{
+    // Start the network server
+    var networkServer = app.Services.GetRequiredService<NetworkServer>();
+    await networkServer.StartAsync(app.Lifetime.ApplicationStopping);
+
+    // Run the web host
+    await app.RunAsync();
+}
+catch (Exception ex)
+{
+    Log.Fatal(ex, "SharpCoreDB Server terminated unexpectedly");
+}
+finally
+{
+    Log.Information("SharpCoreDB Server shutdown complete");
+    await Log.CloseAndFlushAsync();
+}