aicukltd/AIC.Core.Messaging.Services.InMemoryv2026.3.2.1

docs d<> code .compare c

.NET 10.0

Shared .NET library for Aerospace, Intelligence, and Cyber solutions.

aicuk.ltd ↗

License

MIT

Deps

Install Size

—

Vulns

✓ 0

Published

Mar 2, 2026

Get Started

$ dotnet add package AIC.Core.Messaging.Services.InMemory

Readme

AIC Core Libraries

Transforming Industry Through Technology

AIC — Aerospace, Intelligence & Cyber — provides cutting-edge, mission-ready software components powering secure, data-driven systems for the UK defence and national security sector.

Executive Summary

This repository contains the comprehensive enterprise .NET 10 library ecosystem developed by AIC (Aerospace Intelligence Cyber) for high-assurance environments spanning Defence, Government, and critical national infrastructure.

The solution provides 50+ modular packages implementing:

Data persistence abstractions supporting Entity Framework Core, MongoDB, MongoDB Realm, and Azure Cosmos DB
Enterprise-grade security & cryptography including post-quantum algorithms, asymmetric/symmetric encryption, and certificate management
Identity & access management with multi-tenant support, RBAC, audit logging, and API key/JWT authentication
Vector search & embeddings for AI/ML workloads via MongoDB Atlas Vector Search
Advanced middleware for rate limiting, geo-IP policies, authentication flows, and quota enforcement
Comprehensive caching abstractions supporting in-memory and distributed patterns

All packages follow SOLID principles, enforce deterministic builds, include SourceLink tracing, and are published automatically via Azure DevOps CI/CD pipelines.

Core Architecture

Design Principles

Modular & Composable: Each package is independently versioned and can be consumed alone or as part of a larger stack
SOLID & DRY: Strict adherence to Single Responsibility, Open/Closed, Liskov Substitution, Interface Segregation, and Dependency Inversion principles
Async-First: Full async/await support throughout, enabling scalable server applications
Generic Abstractions: Heavy use of generic interfaces (e.g., IRepository<TEntity, TId>, IDataService<TModel>) to reduce boilerplate
High-Assurance Security: Built for air-gapped and connected environments with cryptographic integrity checks
Multi-Tenant Ready: Built-in tenant and organisation scoping, quota enforcement, and organisational audit trails

Dependency Injection Pattern

All packages provide extension methods for seamless DI registration:

services
    .AddIdentityDataServices()
    .AddCachingServices()
    .AddCryptographyServices()
    .AddDataServices();

Packages & Capabilities

1. Data Access Layer

Purpose: Unified abstractions and implementations for persistent storage across multiple database engines.

Core Abstractions

AIC.Core.Data
- IRepository<TEntity, TId> — Generic repository interface supporting create, read, update, delete, and complex queries
- IEntity, IVectorisedEntity — Base entity contracts with ID and metadata support
- IHasDisplayName, IHasId — Composable capability interfaces
- SortDirection enum for query ordering

Multi-Database Support

Entity Framework Core

AIC.Core.Data.EntityFramework
- BaseEntityFrameworkCoreRepository<TEntity, TId> — Full LINQ support with lazy loading, eager loading, and expression trees
- Supports parameterized queries, complex predicates, and navigation property includes
- Automatic change tracking and SaveChanges batching

MongoDB

AIC.Core.Data.MongoDb
- BaseMongoDbRepository<TModel> — MongoDB-native repository with BSON serialization
- Document-oriented queries with flexible schema evolution
- Index management and aggregation pipeline support
AIC.Core.Data.MongoDb.Realm
- BaseMongoDbRealmRepository<TModel> — MongoDB Realm-specific implementation for offline-first mobile scenarios
- Sync-enabled data persistence with conflict resolution
- Local realm management and real-time synchronization

Vector Search & Embeddings

AIC.Core.Data.MongoDb + Vector Extensions
- BaseVectorisedMongoDbRepository<TModel> — Advanced vector search via MongoDB Atlas Vector Search
- SearchVectorAsync() — Cosine similarity search over embeddings with configurable topK results
- SearchVectorWithScoreAsync() — Returns both documents and relevance scores
- SearchOrganisationVectorAsync() — Scoped vector search per organisation (multi-tenant aware)
- Support for AI/ML embedding fields, semantic search, and RAG (Retrieval-Augmented Generation) workloads

Azure Cosmos DB

AIC.Core.Data.CosmosDb
- BaseCosmosDbRepository<TEntity, TId> — Cosmos DB SDK integration
- Partition key aware queries for global scale
- Consistency level configuration and cross-partition query support

Generic Data Services

AIC.Core.Data.Services
- BaseDataService<TModel, TId> — Generic CRUD service wrapping repositories
- Standardised naming: GetByIdAsync(), GetAllAsync(), CreateAsync(), UpdateAsync(), DeleteByIdAsync()
- Automatic logging and error handling
- Supports batch operations and transaction coordination

Expression & Query Utilities

AIC.Core.Data.Extensions.Expressions — Expression tree utilities for composable query building
AIC.Core.Data.Models.References — Shared model references across solutions

2. Identity & Access Management

Purpose: Enterprise-grade user, organisation, tenant, and permission management with audit trails and multi-factor access control.

Core Models & Contracts

AIC.Core.Identity.Models
- IIdentityService — Primary identity contract (user provisioning, attribute management, lock/unlock operations)
- IGetUserRequest, IGetUserResponse — Request/response envelopes with organisation scoping
- API key, JWT, and user attribute models
- Comprehensive exception hierarchy: QuotaExceededException, ApiKeyInvalidException, RateLimitExceededException, etc.

User & Vault Management

AIC.Core.Identity.Data.Services
- IIdentityService + IdentityService — Full user lifecycle (create, retrieve, update, lock, unlock, provision)
- IVaultService + VaultService — Secure credential storage, key derivation, and secrets management
- IUserService + UserService — User-specific operations with organisational scoping
- IAuditService + AuditService — Comprehensive audit logging for all identity operations

Multi-Tenancy & RBAC

AIC.Core.Identity.Data.Services
- BaseRbacDataService<TModel, TId> — Role-Based Access Control base service with resource-level permissions
- BaseRbacTenantDataService — Tenant-specific RBAC (all operations scoped to tenant)
- BaseRbacTenantOrganisationDataService — Organisation-wide RBAC with cross-tenant boundaries

Subscriptions Management

AIC.Core.Identity.Subscriptions.Models — Subscription domain models
AIC.Core.Identity.Subscriptions.Models.MongoDb — MongoDB-specific subscription persistence
AIC.Core.Identity.Subscriptions.Services — Subscription lifecycle and entitlement logic
AIC.Core.Identity.Subscriptions.Models.References — Reference data for subscription types

Multi-Tenant Organization Hierarchy

AIC.Core.Identity.Tenants.Models — Tenant domain models
AIC.Core.Identity.Tenants.Models.MongoDb — MongoDB tenant persistence
AIC.Core.Identity.Tenants.Models.References — Reference data and lookup tables

Audit & Compliance

AIC.Core.Identity.Data.Services
- AuditService — Tracks all identity operations with user IDs, timestamps, actions, and results
- Organisational audit trail segregation
- Immutable audit log append-only design

Extension Methods

AIC.Core.Identity.Extensions — Helper methods for identity operations, token generation, and claim extraction

3. Authentication & Authorization

JWT (JSON Web Tokens)

AIC.Core.Identity.Data.Services.Jwt
- IAccessTokenService + JwtAccessTokenService — Issues short-lived access tokens
- IRefreshTokenService + JwtRefreshTokenService — Manages token refresh flows
- IJwtKeyMaterialService + RsaJwtKeyMaterialService — RSA-based key material provisioning
- ISigningCredentialsProvisionService + RsaSigningCredentialsProvisionService — Signing credential management
AIC.Core.Identity.Extensions.Jwt
- JwtAuthServiceCollectionExtensions — DI registration for JWT authentication
- JwtAuthenticationServiceCollectionExtensions — Full JWT pipeline configuration
- Bearer token validation, claim extraction, and policy enforcement

API Key Management

JWT access tokens embed ApiKeyMetadata as claims
- Rate limit quotas per API key (requests per time window)
- Geo-IP restrictions (CIDR-based IP matching)
- Signature and expiration validation
- Extensible metadata for custom policies

Authentication Middleware

AIC.Core.Identity.Data.Services.Middleware
- AuthenticationServiceContextMiddleware — Extracts and validates auth tokens, populates user context
- TokenValidationErrorMiddleware — Handles JWT validation failures with detailed error responses
- Claims extraction and principal construction

Authorization & Audit Middleware

AuthorizationAuditMiddleware — Logs all authenticated requests with action, resource, outcome, and timing
Multi-tenant scoping ensures audit logs are segregated

Geo-IP & Network Policies

IpGeoPolicyMiddleware — Validates IP address geolocation against API key restrictions
IGeoResolver + DefaultGeoResolver — Geolocation lookup (extensible for custom providers)
IIpMatcher + CidrIpMatcher — CIDR block matching for IP validation

Rate Limiting

QuotaMiddleware — Enforces per-user and per-API-key rate limits
Partitioned rate limiters with configurable windows and permit counts
RateLimitExceededException for backpressure signaling

Web API Extensions

AIC.Core.Identity.Extensions.WebApi
- WebApiExtensions — Comprehensive ASP.NET Core integration
- Problem Details mapping for standardised error responses
- Rate limiting configuration with API key metadata integration
- Middleware registration helpers
- Service discovery and dependency injection orchestration

Controllers

AIC.Core.Identity.Data.Controllers.Authentication
- AuthenticationController — RESTful endpoints for login, token refresh, logout

4. Security & Cryptography

Purpose: Enterprise cryptographic primitives supporting post-quantum algorithms, certificate management, and secure key operations.

Core Abstractions

AIC.Core.Security.Cryptography
- IAsymmetricCryptographyProvider<TAlgorithm> — RSA, ECDSA, post-quantum algorithm abstraction
- ISymmetricCryptographyProvider<TAlgorithm> — AES and other symmetric cipher abstraction
- IHashProvider — Cryptographic hash function abstraction (SHA-256, SHA-3, BLAKE2, etc.)
- ICryptographicAsyncStream — Stream-based encryption/decryption for large payloads

Asymmetric Cryptography

RSA Support

AIC.Core.Security.Cryptography.Asymmetric.RSA
- Full RSA-2048, RSA-3072, RSA-4096 support
- Signing, verification, encryption, decryption
- PKCS#1 v1.5 and OAEP padding modes

Post-Quantum Algorithms

AIC.Core.Security.Cryptography.Asymmetric.Quantum
AIC.Core.Security.Cryptography.Asymmetric.Quantum.BouncyCastle
- CRYSTALS-Kyber (key encapsulation) — quantum-resistant key exchange
- CRYSTALS-Dilithium (signatures) — quantum-resistant digital signatures
- ML-KEM, ML-DSA standards support
- Hybrid classical+quantum signing for transition strategies

X.509 Certificates

AIC.Core.Security.Cryptography.Asymmetric.Certificates
- Certificate generation, parsing, validation
- Distinguished name handling, extension management
- Self-signed and CA-signed certificate chains
AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum
AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum.BouncyCastle
- Post-quantum certificate generation and validation
- Quantum algorithm OIDs and ASN.1 encoding
- Future-proof PKI infrastructure support

Symmetric Cryptography

AES Support

AIC.Core.Security.Cryptography.Symmetric.AES
- AES-128, AES-192, AES-256 support
- CBC, CTR, GCM modes
- Single-round and double-round (nested) encryption for additional security
- BouncyCastle implementations as alternative to .NET native

Hashing & Message Digests

AIC.Core.Security.Cryptography.Hashing
- SHA-256, SHA-512 support
- Extensible for SHA-3, BLAKE2, etc.
AIC.Core.Security.Cryptography.Hashing.BouncyCastle
- BouncyCastle-backed hashing for FIPS compliance or air-gapped environments
- Deterministic hash output for reproducible builds

Extension Methods & Utilities

AIC.Core.Security.Cryptography.Asymmetric.Extensions — Helper methods for key generation, encoding, format conversion
AIC.Core.Security.Cryptography.Hashing.Extensions — Hash computation shortcuts and verification helpers

5. Caching

Purpose: Flexible caching abstractions supporting in-memory and distributed cache implementations.

Core Abstractions

AIC.Core.Caching
- ICache — Generic cache interface with Get, Set, Remove, Clear operations
- ITypedCache<T> — Strongly-typed cache for specific model types
- TTL (time-to-live) support with automatic expiration
- Cache statistics and monitoring

Implementations

In-Memory

AIC.Core.Caching.InMemory
- InMemoryCache — .NET MemoryCache wrapper
- Process-local caching suitable for single-instance deployments
- Fast, low-latency access with eviction policies

Microsoft Memory Cache Adapter

AIC.Core.Caching.MicrosoftMemoryCache
- Wrapper around Microsoft.Extensions.Caching.Memory.IMemoryCache
- Integrates with standard .NET Core DI
- Sliding expiration and absolute expiration support

Cache Extensions & Utilities

AIC.Core.Caching Extensions
- CacheExtensions — Convenience methods for cache-aside pattern, lazy loading, bulk operations
- Async-friendly cache access patterns
- Typed cache helpers

6. Logging & Observability

Core Logging

AIC.Core.Logging
- Abstraction over Microsoft.Extensions.Logging
- Structured logging with context propagation

Serilog Integration

AIC.Core.Logging.Serilog
- SerilogLoggingPolicyMiddleware — Middleware for structured request/response logging
- Event enrichment with request context, user IDs, tenant IDs
- Sink configuration for console, file, Azure Monitor, Seq

Extension Methods

AIC.Core.Logging.Extensions — Helper methods for common logging patterns

7. Utilities & Extensions

AIC.Core.Extensions — General-purpose extension methods for strings, collections, reflection, and domain operations

Advanced Features

Multi-Tenant Architecture

Every data service includes built-in organisational and tenant scoping:

public class TenantDataService : BaseRbacTenantDataService<Model>
{
    public async Task GetAsync(Guid tenantId)
    {
        // Automatically scoped to tenantId; cross-tenant access rejected
        return await GetByIdAsync(modelId);
    }
}

Quota & Rate Limiting

API keys carry quota metadata:

Rate limiting: Requests per time window (1-minute, 5-minute windows, custom)
Enforcement: Partitioned rate limiters by API key or user
Rejection handling: Returns HTTP 429 (Too Many Requests) with retry-after headers

// Automatically enforced by middleware
services.AddRateLimiter(options => { /* configured per API key */ });

Audit Logging

Every identity operation is logged:

User performing action
Resource affected
Action type (create, update, delete, etc.)
Timestamp and duration
Success/failure status
IP address and user agent

Vector Search & AI Integration

MongoDB Atlas vector search enables semantic queries:

var results = await repository.SearchVectorAsync(embeddingVector, topK: 10);
var withScores = await repository.SearchVectorWithScoreAsync(embeddingVector);

Suitable for:

Semantic search over document collections
Recommendation engines
RAG (Retrieval-Augmented Generation) pipelines
Anomaly detection

Organisational Catch-All Quotas

TargetType.Any quotas act as wildcards:

// This quota applies to all request types
var catchAllQuota = quotas.Where(q => q.TargetType == TargetType.Any || q.TargetType == targetType);

Enables org-level policies with user-level overrides.

Security Posture

High-Assurance Design

Built for air-gapped and connected environments
No external dependencies for core cryptography
BouncyCastle alternative implementations for FIPS-140 compliance
Deterministic, reproducible builds with embedded SourceLink

Cryptographic Agility

Support for both classical (RSA, AES, SHA-256) and post-quantum algorithms
Hybrid signing strategies for gradual transition
Algorithm OID flexibility for future standardization

Secrets Management

VaultService for secure credential storage
Key derivation with salted hashing
Audit-logged credential operations
No plaintext secrets in logs

Network & Access Control

Geo-IP restriction enforcement via CIDR blocks
Rate limiting with per-user/per-key quotas
API key metadata tainting (can't be used elsewhere without permission)
Organisational boundary enforcement

Getting Started

Installation

Each package is available via NuGet with the AIC.Core.* prefix:

# Identity & Access
dotnet add package AIC.Core.Identity.Data.Services
dotnet add package AIC.Core.Identity.Extensions.Jwt
dotnet add package AIC.Core.Identity.Extensions.WebApi

# Data Persistence
dotnet add package AIC.Core.Data.Services
dotnet add package AIC.Core.Data.MongoDb
dotnet add package AIC.Core.Data.EntityFramework

# Security & Cryptography
dotnet add package AIC.Core.Security.Cryptography.Asymmetric.RSA
dotnet add package AIC.Core.Security.Cryptography.Asymmetric.Quantum.BouncyCastle
dotnet add package AIC.Core.Security.Cryptography.Symmetric.AES

# Caching
dotnet add package AIC.Core.Caching.MicrosoftMemoryCache

# Logging
dotnet add package AIC.Core.Logging.Serilog

Complete Startup Example

using AIC.Core.Identity.Extensions;
using AIC.Core.Identity.Extensions.Jwt;
using AIC.Core.Identity.Extensions.WebApi;
using AIC.Core.Data.Services;
using AIC.Core.Caching;
using Microsoft.Extensions.DependencyInjection;

// Build service collection
var services = new ServiceCollection();

// Register all AIC services
services
    .AddIdentityDataServices()
    .AddIdentityJwtServices(Configuration)
    .RegisterWebApiDependencies(Configuration)
    .AddDataServices()
    .AddCachingServices()
    .AddLoggingServices();

var provider = services.BuildServiceProvider();

// Use services
var identityService = provider.GetRequiredService<IIdentityService>();
var userResponse = await identityService.GetUserAsync(getUserRequest);

var userService = provider.GetRequiredService<IUserService>();
var user = await userService.GetByIdAsync(userId);

var cache = provider.GetRequiredService<ICache>();
await cache.SetAsync("key", "value", TimeSpan.FromMinutes(5));

Building Locally

# Restore dependencies
dotnet restore

# Build the solution
dotnet build -c Release

# Run all tests
dotnet test

# Generate NuGet packages locally
dotnet pack -c Release

Build output:

DLL assemblies: bin/Release/net10.0/
Symbol packages: artifacts/packages/*.snupkg
NuGet packages: artifacts/packages/*.nupkg

Typical Project Structure

MyApplication/
├── MyApplication.Web/              # ASP.NET Core / Blazor app
│   ├── Program.cs                  # DI & middleware registration
│   └── Controllers/                # API controllers
├── MyApplication.Services/         # Business logic layer
│   ├── UserService.cs             # Orchestrates identity operations
│   └── DataService.cs             # Data access wrapper
└── MyApplication.Models/          # Domain models
    ├── User.cs
    └── Tenant.cs

// Program.cs registration
services
    .AddIdentityDataServices()
    .AddIdentityExtensions()
    .AddDataServices()
    .AddCachingServices();

app.UseWebApi();  // Registers middleware pipeline

Architecture Patterns

Repository Pattern

All data access flows through IRepository<TEntity, TId>:

public interface IRepository<TEntity, in TId> where TEntity : class where TId : struct
{
    Task<TEntity> GetModelAsync(TId id);
    Task<IEnumerable<TEntity>> GetModelsAsync();
    Task<TEntity> CreateOrUpdateAsync(TEntity entity);
    Task<bool> DeleteAsync(TId id);
}

Implementations:

BaseEntityFrameworkCoreRepository — EF Core with LINQ support
BaseMongoDbRepository — MongoDB with document queries
BaseCosmosDbRepository — Cosmos DB with partition-aware queries
BaseVectorisedMongoDbRepository — Vector search extension

Service Layer

Generic BaseDataService<TModel, TId> wraps repositories:

public class BaseDataService<TModel, TId> where TModel : class where TId : struct
{
    public async ValueTask<TModel> GetByIdAsync(TId id) { /* delegates to repository */ }
    public async ValueTask<IEnumerable<TModel>> GetAllAsync(Expression<Func<TModel, bool>>? predicate = null) { }
    public async ValueTask<TModel> CreateAsync(TModel model) { }
    public async ValueTask<TModel> UpdateAsync(TModel model) { }
    public async ValueTask<bool> DeleteByIdAsync(TId id) { }
}

Provides:

Consistent method naming (Get*Async, Create*Async, Delete*Async)
Automatic logging and error handling
Scoped lifetime for security

RBAC (Role-Based Access Control)

BaseRbacDataService<TModel, TId> enforces permissions:

public class BaseRbacDataService<TModel, TId> : BaseDataService<TModel, TId>
{
    // All operations respect user roles and resource permissions
    public async Task<TModel> GetByIdAsync(TId id) 
    { 
        var model = await base.GetByIdAsync(id);
        // Check user has read permission on model
        await authorizationService.AuthorizeAsync(user, model, "Read");
        return model;
    }
}

Middleware Pipeline

Authentication and authorization are applied via middleware:

→ AuthenticationServiceContextMiddleware       (Extract JWT, populate HttpContext.User)
→ AuthorizationAuditMiddleware                (Log authenticated action)
→ IpGeoPolicyMiddleware                       (Validate geo restrictions)
→ QuotaMiddleware                             (Rate limiting)
→ TokenValidationErrorMiddleware              (Error mapping)
→ Application Logic (Controllers, Services)

Testing

The solution includes comprehensive test suites:

Test Projects:

AIC.Core.Data.MongoDb.Tests — Repository and query tests
AIC.Core.Data.CosmosDb.Tests — Cosmos DB integration tests
AIC.Core.Security.Cryptography.*.Tests — Cryptography algorithm tests
AIC.Core.Identity.Data.Services.Middleware.Tests — Middleware pipeline tests
AIC.Core.Identity.Data.Services.Jwt.Tests — JWT token tests

Test Framework: xUnit (with Fluent Assertions, Moq, NUnit conventions)

Coverage:

Unit tests for cryptographic operations
Integration tests for database operations
Middleware pipeline tests
Rate limiting and quota tests
RBAC permission enforcement tests

Build & Packaging

Versioning Strategy

Versions follow CalVer (Calendar Versioning):

Format: YYYY.MM.DD.patch
Example: 2025.11.20.3 (November 20, 2025, patch 3)
Automatically injected by Azure DevOps build pipeline

Deterministic Builds

<!-- Directory.Build.props -->
<Deterministic>true</Deterministic>
<PublishRepositoryUrl>true</PublishRepositoryUrl>
<EmbedUntrackedSources>true</EmbedUntrackedSources>

Ensures:

Reproducible binaries across machines
SourceLink integration for source-level debugging
Build timestamp consistency
No environment-dependent artifacts

NuGet Packaging

Each project auto-generates NuGet packages:

Package: .nupkg (DLL + dependencies)
Symbols: .snupkg (debugging support)
Metadata: Embedded README, license, release notes
Registry: Published to AIC NuGet Feed

Local Packing

dotnet pack -c Release
# Outputs to ./artifacts/packages/

Repository Structure

src/
├── Data/                                    # Data layer abstractions & implementations
│   ├── AIC.Core.Data/                      # Core interfaces (IRepository, IEntity)
│   ├── AIC.Core.Data.Services/             # Generic CRUD services
│   ├── AIC.Core.Data.EntityFramework/      # EF Core repository
│   ├── AIC.Core.Data.MongoDb/              # MongoDB repository
│   ├── AIC.Core.Data.MongoDb.Realm/        # MongoDB Realm offline support
│   ├── AIC.Core.Data.CosmosDb/             # Azure Cosmos DB repository
│   ├── AIC.Core.Data.Models.References/    # Shared model references
│   └── AIC.Core.Data.Extensions.Expressions/ # Expression tree utilities
│
├── Caching/                                 # Caching abstractions & implementations
│   ├── AIC.Core.Caching/                   # Core cache interfaces
│   ├── AIC.Core.Caching.InMemory/          # In-memory implementation
│   └── AIC.Core.Caching.MicrosoftMemoryCache/ # MS.Extensions.Caching adapter
│
├── Security/                                # Cryptography & security
│   └── Cryptography/
│       ├── AIC.Core.Security.Cryptography/ # Core crypto abstractions
│       ├── AIC.Core.Security.Cryptography.Streams/ # Stream-based encryption
│       ├── Asymmetric/
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric/ # RSA, ECDSA abstractions
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.RSA/ # RSA implementation
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.Extensions/ # RSA helpers
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.Quantum/ # Post-quantum base
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.Quantum.BouncyCastle/ # PQ implementations
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.NBitcoin/ # Bitcoin crypto support
│       │   ├── Certificates/
│       │   │   ├── AIC.Core.Security.Cryptography.Asymmetric.Certificates/ # X.509 support
│       │   │   ├── AIC.Core.Security.Cryptography.Asymmetric.Certificates.Models/
│       │   │   ├── AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum/ # PQ certificates
│       │   │   └── AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum.BouncyCastle/
│       ├── Symmetric/
│       │   ├── AIC.Core.Security.Cryptography.Symmetric/ # Symmetric abstractions
│       │   └── AIC.Core.Security.Cryptography.Symmetric.AES/ # AES implementation
│       ├── Hashing/
│       │   ├── AIC.Core.Security.Cryptography.Hashing/ # Hash abstractions
│       │   ├── AIC.Core.Security.Cryptography.Hashing.BouncyCastle/ # BC implementations
│       │   └── AIC.Core.Security.Cryptography.Hashing.Extensions/ # Hash helpers
│       └── FIDO2/
│           └── AIC.Core.Security.Cryptography.Fido2/ # WebAuthn/FIDO2 support
│
├── Identity/                                # Identity & access management
│   ├── AIC.Core.Identity.Models/ # Core identity domain models & exceptions
│   ├── AIC.Core.Identity.Models.Jwt/ # JWT models (AccessToken, RefreshToken, etc.)
│   ├── AIC.Core.Identity.Models.MongoDb/ # MongoDB-persisted identity models
│   ├── AIC.Core.Identity.Data/ # Identity repositories
│   ├── AIC.Core.Identity.Data.Services/ # Identity business logic (User, Vault, Audit)
│   ├── AIC.Core.Identity.Data.Services.Jwt/ # JWT token generation & validation
│   ├── AIC.Core.Identity.Data.Services.Middleware/ # Auth middleware (context, audit, geo-ip, quota)
│   ├── AIC.Core.Identity.Data.Controllers.Authentication/ # REST controllers
│   ├── AIC.Core.Identity.Extensions/ # Identity extension methods
│   ├── AIC.Core.Identity.Extensions.Jwt/ # JWT DI extensions
│   ├── AIC.Core.Identity.Extensions.WebApi/ # WebApi integration
│   ├── AIC.Core.Identity.Services.Web/ # Web-specific services (GeoResolver, IpMatcher)
│   ├── AIC.Core.Identity.Extensions.Web/ # Web extension methods
│   ├── Subscriptions/
│   │   ├── AIC.Core.Identity.Subscriptions.Models/
│   │   ├── AIC.Core.Identity.Subscriptions.Models.MongoDb/
│   │   ├── AIC.Core.Identity.Subscriptions.Models.References/
│   │   └── AIC.Core.Identity.Subscriptions.Services/
│   └── Tenants/
│       ├── AIC.Core.Identity.Tenants.Models/
│       ├── AIC.Core.Identity.Tenants.Models.MongoDb/
│       └── AIC.Core.Identity.Tenants.Models.References/
│
├── Logging/                                 # Logging & observability
│   ├── AIC.Core.Logging/                   # Core logging abstractions
│   ├── AIC.Core.Logging.Extensions/        # Logging extension methods
│   └── AIC.Core.Logging.Serilog/           # Serilog structured logging
│
├── Extensions/                              # Utilities & extensions
│   └── AIC.Core.Extensions/                # General-purpose extension methods
│
└── Encoding/                                # Future: Text encoding & compression utilities

Repository Metadata

Organization: AIC (Aerospace, Intelligence & Cyber)
Company: AIC Professional Services UK Ltd
Website: https://aicuk.ltd
Repository: https://dev.azure.com/aicukltd/AIC.Core/_git/AIC.Core
License: MIT
Language: en-GB
Framework: .NET 10
Authors: Secure Engineering Team (led by Oliver Christie)
Build Pipeline: Azure DevOps CI/CD

Contributing

This repository is managed internally by AIC.
External contributions are not currently accepted.
For collaboration opportunities, contact the AIC engineering team via https://aicuk.ltd#contact.

Security

Responsible Disclosure

All packages are produced within a clean cloud build environment with:

Reproducible, deterministic builds
SourceLink source-level tracing
Cryptographic signature verification
Audit logging of all build operations

Vulnerability Reporting

Security vulnerabilities can be reported privately through official AIC channels only. Do not disclose security issues in public GitHub issues or discussions.

Design Principles for High-Assurance

Air-gapped ready: Supports offline environments with no external service dependencies
FIPS-140 compliance: BouncyCastle implementations available for strict COTS environments
Post-quantum safe: Quantum-resistant algorithms available alongside classical ones
Zero-trust architecture: All operations require authentication, authorization, and audit logging
Defence & National Security focus: Built for systems handling classified and sensitive data

License

Licensed under the MIT License.
See the LICENSE file for full terms.

All rights reserved. This software and its associated artefacts are proprietary to AIC. No part of this material may be used, reproduced, or distributed without explicit written authorisation from AIC.

Roadmap & Future Expansion

Planned Capabilities

Encoding utilities — Base32, Base64url, Protobuf support
GraphQL API generator — Automatic API surface generation
Multi-language SDKs — TypeScript/JavaScript, Python, Go clients
Kubernetes operators — Managed deployment and scaling
OpenTelemetry integration — Distributed tracing and metrics
Additional crypto algorithms — EdDSA, ChaCha20-Poly1305
Hardware security module (HSM) support — PKCS#11 integration
Event sourcing — Audit-log-as-database patterns

Support & Documentation

Azure DevOps Wiki: Project Documentation
NuGet Package Feed: AIC Packages
Issue Tracking: Azure DevOps Boards
Release Notes: See CHANGELOG.md in each package

Last Updated: January 2026
Framework Version: .NET 10
Status: Production Ready

Total Downloads

67.7K

Compatibility

.NET 10.0

Versions

2026.3.2.1Latest

Mar 2, 2026

Other versions (349)

2026.2.27.1Feb 27, 2026

2026.2.16.2Feb 16, 2026

2026.2.16.1Feb 16, 2026

2026.2.12.2Feb 12, 2026

2026.2.12.1Feb 12, 2026

2026.2.11.4Feb 11, 2026

2026.2.11.3Feb 11, 2026

2026.2.11.2Feb 11, 2026

2026.2.11.1Feb 11, 2026

2026.2.10.1Feb 10, 2026

2026.2.9.1Feb 9, 2026

2026.2.8.2Feb 8, 2026

2026.2.8.1Feb 8, 2026

2026.2.7.2Feb 7, 2026

2026.2.7.1Feb 7, 2026

2026.2.6.1Feb 6, 2026

2026.2.5.1Feb 5, 2026

2026.2.4.5Feb 4, 2026

2026.2.4.4Feb 4, 2026

2026.2.4.3Feb 4, 2026

2026.2.4.2Feb 4, 2026

2026.2.4.1Feb 4, 2026

2026.2.3.1Feb 3, 2026

2026.2.2.2Feb 2, 2026

2026.2.2.1Feb 2, 2026

2026.1.28.1Jan 28, 2026

2026.1.24.1Jan 24, 2026

2026.1.23.3Jan 23, 2026

2026.1.23.2Jan 23, 2026

2026.1.23.1Jan 23, 2026

2026.1.22.7Jan 22, 2026

2026.1.22.6Jan 22, 2026

2026.1.22.5Jan 22, 2026

2026.1.22.4Jan 22, 2026

2026.1.22.3Jan 22, 2026

2026.1.22.2Jan 22, 2026

2026.1.22.1Jan 22, 2026

2026.1.21.3Jan 21, 2026

2026.1.21.2Jan 21, 2026

2026.1.21.1Jan 21, 2026

2026.1.20.1Jan 20, 2026

2026.1.19.4Jan 19, 2026

2026.1.19.3Jan 19, 2026

2026.1.19.2Jan 19, 2026

2026.1.19.1Jan 19, 2026

2026.1.16.3Jan 16, 2026

2026.1.16.2Jan 16, 2026

2026.1.16.1Jan 16, 2026

2026.1.15.3Jan 15, 2026

2026.1.15.2Jan 15, 2026

2026.1.15.1Jan 15, 2026

2026.1.14.2Jan 14, 2026

2026.1.14.1Jan 14, 2026

2026.1.13.2Jan 13, 2026

2026.1.13.1Jan 13, 2026

2026.1.11.5Jan 11, 2026

2026.1.11.4Jan 11, 2026

2026.1.11.3Jan 11, 2026

2026.1.11.2Jan 11, 2026

2026.1.11.1Jan 11, 2026

2026.1.10.1Jan 10, 2026

2026.1.6.2Jan 6, 2026

2026.1.6.1Jan 6, 2026

2026.1.5.3Jan 5, 2026

2026.1.5.2Jan 5, 2026

2026.1.5.1Jan 5, 2026

2026.1.3.2Jan 3, 2026

2026.1.3.1Jan 3, 2026

2026.1.2.2Jan 2, 2026

2026.1.2.1Jan 2, 2026

2026.1.1.1Jan 1, 2026

2025.12.31.3Dec 31, 2025

2025.12.31.2Dec 31, 2025

2025.12.31.1Dec 31, 2025

2025.12.29.1Dec 29, 2025

2025.12.28.1Dec 28, 2025

2025.12.25.1Dec 25, 2025

2025.12.22.9Dec 22, 2025

2025.12.22.8Dec 22, 2025

2025.12.22.7Dec 22, 2025

2025.12.22.6Dec 22, 2025

2025.12.22.4Dec 22, 2025

2025.12.22.3Dec 22, 2025

2025.12.22.2Dec 22, 2025

2025.12.22.1Dec 22, 2025

2025.12.21.2Dec 21, 2025

2025.12.21.1Dec 21, 2025

2025.12.12.6Dec 12, 2025

2025.12.12.5Dec 12, 2025

2025.12.12.4Dec 12, 2025

2025.12.12.3Dec 12, 2025

2025.12.12.2Dec 12, 2025

2025.12.12.1Dec 12, 2025

2025.12.11.1Dec 11, 2025

2025.12.10.1Dec 10, 2025

2025.12.8.2Dec 8, 2025

2025.12.8.1Dec 8, 2025

2025.12.7.1Dec 7, 2025

2025.12.5.3Dec 5, 2025

2025.12.5.2Dec 5, 2025

2025.12.5.1Dec 5, 2025

2025.12.2.2Dec 2, 2025

2025.12.2.1Dec 2, 2025

2025.12.1.1Dec 1, 2025

2025.11.30.8Nov 30, 2025

2025.11.30.7Nov 30, 2025

2025.11.30.6Nov 30, 2025

2025.11.30.5Nov 30, 2025

2025.11.30.4Nov 30, 2025

2025.11.30.3Nov 30, 2025

2025.11.30.2Nov 30, 2025

2025.11.30.1Nov 30, 2025

2025.11.29.3Nov 29, 2025

2025.11.29.2Nov 29, 2025

2025.11.29.1Nov 29, 2025

2025.11.28.3Nov 28, 2025

2025.11.28.2Nov 28, 2025

2025.11.28.1Nov 28, 2025

2025.11.27.1Nov 27, 2025

2025.11.26.3Nov 26, 2025

2025.11.26.2Nov 26, 2025

2025.11.26.1Nov 26, 2025

2025.11.25.1Nov 25, 2025

2025.11.24.1Nov 24, 2025

2025.11.23.3Nov 23, 2025

2025.11.23.2Nov 23, 2025

2025.11.23.1Nov 23, 2025

2025.11.22.2Nov 22, 2025

2025.11.22.1Nov 22, 2025

2025.11.21.5Nov 21, 2025

2025.11.21.4Nov 21, 2025

2025.11.21.3Nov 21, 2025

2025.11.21.2Nov 21, 2025

2025.11.21.1Nov 21, 2025

2025.11.20.6Nov 20, 2025

2025.11.20.5Nov 20, 2025

2025.11.20.4Nov 20, 2025

2025.11.20.2Nov 20, 2025

2025.11.20.1Nov 20, 2025

2025.11.19.5Nov 19, 2025

2025.11.19.4Nov 19, 2025

2025.11.19.3Nov 19, 2025

2025.11.19.2Nov 19, 2025

2025.11.19.1Nov 19, 2025

2025.11.17.1Nov 17, 2025

2025.11.16.5Nov 16, 2025

2025.11.16.4Nov 16, 2025

2025.11.16.3Nov 16, 2025

2025.11.16.2Nov 16, 2025

2025.11.16.1Nov 16, 2025

2025.11.15.4Nov 15, 2025

2025.11.15.3Nov 15, 2025

2025.11.15.2Nov 15, 2025

2025.11.15.1Nov 15, 2025

2025.11.14.6Nov 14, 2025

2025.11.14.5Nov 14, 2025

2025.11.14.4Nov 14, 2025

2025.11.14.3Nov 14, 2025

2025.11.14.2Nov 14, 2025

2025.11.14.1Nov 14, 2025

2025.11.13.1Nov 13, 2025

2025.11.12.3Nov 12, 2025

2025.11.11.1Nov 11, 2025

2025.11.9.3Nov 9, 2025

2025.11.9.2Nov 9, 2025

2025.11.9.1Nov 9, 2025

2025.11.8.1Nov 8, 2025

2025.11.7.4Nov 7, 2025

2025.11.7.3Nov 7, 2025

2025.11.7.2Nov 7, 2025

2025.11.7.1Nov 7, 2025

2025.11.6.1Nov 6, 2025

2025.11.5.2Nov 5, 2025

2025.11.5.1Nov 5, 2025

2025.11.4.11Nov 4, 2025

2025.11.4.10Nov 4, 2025

2025.11.4.9Nov 4, 2025

2025.11.4.8Nov 4, 2025

2025.11.4.7Nov 4, 2025

2025.11.4.6Nov 4, 2025

2025.11.4.5Nov 4, 2025

2025.11.4.4Nov 4, 2025

2025.11.4.3Nov 4, 2025

2025.11.4.2Nov 4, 2025

2025.11.4.1Nov 4, 2025

2025.11.3.5Nov 3, 2025

2025.11.3.4Nov 3, 2025

2025.11.3.3Nov 3, 2025

2025.11.3.2Nov 3, 2025

2025.11.3.1Nov 3, 2025

2025.11.2.3Nov 2, 2025

2025.11.2.2Nov 2, 2025

2025.11.2.1Nov 2, 2025

2025.11.1.3Nov 1, 2025

2025.11.1.2Nov 1, 2025

2025.11.1.1Nov 1, 2025

2025.10.31.5Oct 31, 2025

2025.10.31.4Oct 31, 2025

2025.10.31.3Oct 31, 2025

2025.10.31.2Oct 31, 2025

2025.10.31.1Oct 31, 2025

2025.10.30.3Oct 30, 2025

2025.10.30.2Oct 30, 2025

2025.10.30.1Oct 30, 2025

2025.10.29.4Oct 29, 2025

2025.10.29.3Oct 29, 2025

2025.10.29.2Oct 29, 2025

2025.10.29.1Oct 29, 2025

2025.10.28.6Oct 28, 2025

2025.10.28.5Oct 28, 2025

2025.10.28.4Oct 28, 2025

2025.10.28.3Oct 28, 2025

2025.10.28.2Oct 28, 2025

2025.10.28.1Oct 28, 2025

2025.10.27.2Oct 27, 2025

2025.10.27.1Oct 27, 2025

2025.10.26.3Oct 26, 2025

2025.10.26.2Oct 26, 2025

2025.10.26.1Oct 26, 2025

2025.10.25.5Oct 25, 2025

2025.10.25.4Oct 25, 2025

2025.10.25.3Oct 25, 2025

2025.10.25.2Oct 25, 2025

2025.10.25.1Oct 25, 2025

2025.10.24.6Oct 24, 2025

2025.10.24.5Oct 24, 2025

2025.10.24.4Oct 24, 2025

2025.10.24.3Oct 24, 2025

2025.10.24.2Oct 24, 2025

2025.10.24.1Oct 24, 2025

2025.10.23.11Oct 23, 2025

2025.10.23.10Oct 23, 2025

2025.10.23.9Oct 23, 2025

2025.10.23.8Oct 23, 2025

2025.10.23.7Oct 23, 2025

2025.10.23.6Oct 23, 2025

2025.10.23.5Oct 23, 2025

2025.10.23.4Oct 23, 2025

2025.10.23.3Oct 23, 2025

2025.10.23.2Oct 23, 2025

2025.10.23.1Oct 23, 2025

2025.10.22.4Oct 22, 2025

2025.10.22.3Oct 22, 2025

2025.10.22.2Oct 22, 2025

2025.10.22.1Oct 22, 2025

2025.10.21.4Oct 21, 2025

2025.10.20.2Oct 20, 2025

2025.10.20.1Oct 20, 2025

2025.10.19.6Oct 19, 2025

2025.10.19.5Oct 19, 2025

2025.10.19.4Oct 19, 2025

2025.10.19.3Oct 19, 2025

2025.10.19.2Oct 19, 2025

2025.10.19.1Oct 19, 2025

2025.10.18.5Oct 18, 2025

2025.10.18.4Oct 18, 2025

2025.10.18.3Oct 18, 2025

2025.10.18.2Oct 18, 2025

2025.10.18.1Oct 18, 2025

2025.10.17.1Oct 17, 2025

2025.10.16.3Oct 16, 2025

2025.10.16.2Oct 16, 2025

2025.10.16.1Oct 16, 2025

2025.10.15.4Oct 15, 2025

2025.10.15.3Oct 15, 2025

2025.10.15.2Oct 15, 2025

2025.10.15.1Oct 15, 2025

2025.10.14.1Oct 14, 2025

2025.10.8.1Oct 8, 2025

2025.10.4.6Oct 4, 2025

2025.10.4.5Oct 4, 2025

2025.10.4.4Oct 4, 2025

2025.10.4.3Oct 4, 2025

2025.10.4.2Oct 4, 2025

2025.10.4.1Oct 4, 2025

2025.10.3.12Oct 3, 2025

2025.10.3.11Oct 3, 2025

2025.10.3.10Oct 3, 2025

2025.10.3.9Oct 3, 2025

2025.10.3.8Oct 3, 2025

2025.10.3.7Oct 3, 2025

2025.10.3.6Oct 3, 2025

2025.10.3.5Oct 3, 2025

2025.10.3.4Oct 3, 2025

2025.10.3.3Oct 3, 2025

2025.10.3.2Oct 3, 2025

2025.10.3.1Oct 3, 2025

2025.9.14.1Sep 14, 2025

2025.9.11.3Sep 11, 2025

2025.8.29.5Aug 29, 2025

2025.8.29.4Aug 29, 2025

2025.8.29.3Aug 29, 2025

2025.8.29.2Aug 29, 2025

2025.8.29.1Aug 29, 2025

2025.8.14.1Aug 14, 2025

2025.6.20.3Jun 20, 2025

2025.6.20.2Jun 20, 2025

2025.6.20.1Jun 20, 2025

2025.6.18.1Jun 18, 2025

2025.6.17.2Jun 17, 2025

2025.6.17.1Jun 17, 2025

2025.6.16.4Jun 16, 2025

2025.6.16.3Jun 16, 2025

2025.6.16.2Jun 16, 2025

2025.6.16.1Jun 16, 2025

2025.6.15.3Jun 15, 2025

2025.6.15.2Jun 15, 2025

2025.6.15.1Jun 15, 2025

2025.6.14.1Jun 14, 2025

2025.6.12.1Jun 12, 2025

2025.6.5.1Jun 5, 2025

2025.6.4.3Jun 4, 2025

2025.6.4.2Jun 4, 2025

2025.6.4.1Jun 4, 2025

2025.4.26.1Apr 26, 2025

2025.4.23.7Apr 23, 2025

2025.4.23.6Apr 23, 2025

2025.4.23.5Apr 23, 2025

2025.4.23.4Apr 23, 2025

2025.4.23.3Apr 23, 2025

2025.4.23.2Apr 23, 2025

2025.4.23.1Apr 23, 2025

2025.4.21.3Apr 21, 2025

2025.4.21.2Apr 21, 2025

2025.4.21.1Apr 21, 2025

2025.4.11.2Apr 11, 2025

2024.9.10.2Sep 10, 2024

2024.9.10.1Sep 10, 2024

2024.9.4.3Sep 4, 2024

2024.9.4.2Sep 4, 2024

2024.9.4.1Sep 4, 2024

2024.9.1.4Sep 1, 2024

2024.9.1.2Sep 1, 2024

2024.8.31.4Aug 31, 2024

2024.8.31.3Aug 31, 2024

2024.8.31.2Aug 31, 2024

2024.8.31.1Aug 31, 2024

2024.8.29.1Aug 29, 2024

2024.8.28.2Aug 28, 2024

2024.8.28.1Aug 28, 2024

2024.8.21.2Aug 21, 2024

2024.8.21.1Aug 21, 2024

2024.8.20.3Aug 20, 2024

2024.8.20.2Aug 20, 2024

2024.2.22.1Feb 22, 2024

2024.2.20.1Feb 20, 2024

2024.2.18.5Feb 18, 2024

0.0.3Apr 19, 2025

0.0.2Apr 11, 2025

AIC Core Libraries

Transforming Industry Through Technology

AIC — Aerospace, Intelligence & Cyber — provides cutting-edge, mission-ready software components powering secure, data-driven systems for the UK defence and national security sector.

Executive Summary

The solution provides 50+ modular packages implementing:

Data persistence abstractions supporting Entity Framework Core, MongoDB, MongoDB Realm, and Azure Cosmos DB
Enterprise-grade security & cryptography including post-quantum algorithms, asymmetric/symmetric encryption, and certificate management
Identity & access management with multi-tenant support, RBAC, audit logging, and API key/JWT authentication
Vector search & embeddings for AI/ML workloads via MongoDB Atlas Vector Search
Advanced middleware for rate limiting, geo-IP policies, authentication flows, and quota enforcement
Comprehensive caching abstractions supporting in-memory and distributed patterns

All packages follow SOLID principles, enforce deterministic builds, include SourceLink tracing, and are published automatically via Azure DevOps CI/CD pipelines.

Core Architecture

Design Principles

Modular & Composable: Each package is independently versioned and can be consumed alone or as part of a larger stack
SOLID & DRY: Strict adherence to Single Responsibility, Open/Closed, Liskov Substitution, Interface Segregation, and Dependency Inversion principles
Async-First: Full async/await support throughout, enabling scalable server applications
Generic Abstractions: Heavy use of generic interfaces (e.g., IRepository<TEntity, TId>, IDataService<TModel>) to reduce boilerplate
High-Assurance Security: Built for air-gapped and connected environments with cryptographic integrity checks
Multi-Tenant Ready: Built-in tenant and organisation scoping, quota enforcement, and organisational audit trails

Dependency Injection Pattern

All packages provide extension methods for seamless DI registration:

services
    .AddIdentityDataServices()
    .AddCachingServices()
    .AddCryptographyServices()
    .AddDataServices();

Packages & Capabilities

1. Data Access Layer

Purpose: Unified abstractions and implementations for persistent storage across multiple database engines.

Core Abstractions

AIC.Core.Data
- IRepository<TEntity, TId> — Generic repository interface supporting create, read, update, delete, and complex queries
- IEntity, IVectorisedEntity — Base entity contracts with ID and metadata support
- IHasDisplayName, IHasId — Composable capability interfaces
- SortDirection enum for query ordering

Multi-Database Support

Entity Framework Core

AIC.Core.Data.EntityFramework
- BaseEntityFrameworkCoreRepository<TEntity, TId> — Full LINQ support with lazy loading, eager loading, and expression trees
- Supports parameterized queries, complex predicates, and navigation property includes
- Automatic change tracking and SaveChanges batching

MongoDB

AIC.Core.Data.MongoDb
- BaseMongoDbRepository<TModel> — MongoDB-native repository with BSON serialization
- Document-oriented queries with flexible schema evolution
- Index management and aggregation pipeline support
AIC.Core.Data.MongoDb.Realm
- BaseMongoDbRealmRepository<TModel> — MongoDB Realm-specific implementation for offline-first mobile scenarios
- Sync-enabled data persistence with conflict resolution
- Local realm management and real-time synchronization

Vector Search & Embeddings

AIC.Core.Data.MongoDb + Vector Extensions
- BaseVectorisedMongoDbRepository<TModel> — Advanced vector search via MongoDB Atlas Vector Search
- SearchVectorAsync() — Cosine similarity search over embeddings with configurable topK results
- SearchVectorWithScoreAsync() — Returns both documents and relevance scores
- SearchOrganisationVectorAsync() — Scoped vector search per organisation (multi-tenant aware)
- Support for AI/ML embedding fields, semantic search, and RAG (Retrieval-Augmented Generation) workloads

Azure Cosmos DB

AIC.Core.Data.CosmosDb
- BaseCosmosDbRepository<TEntity, TId> — Cosmos DB SDK integration
- Partition key aware queries for global scale
- Consistency level configuration and cross-partition query support

Generic Data Services

AIC.Core.Data.Services
- BaseDataService<TModel, TId> — Generic CRUD service wrapping repositories
- Standardised naming: GetByIdAsync(), GetAllAsync(), CreateAsync(), UpdateAsync(), DeleteByIdAsync()
- Automatic logging and error handling
- Supports batch operations and transaction coordination

Expression & Query Utilities

AIC.Core.Data.Extensions.Expressions — Expression tree utilities for composable query building
AIC.Core.Data.Models.References — Shared model references across solutions

2. Identity & Access Management

Purpose: Enterprise-grade user, organisation, tenant, and permission management with audit trails and multi-factor access control.

Core Models & Contracts

AIC.Core.Identity.Models
- IIdentityService — Primary identity contract (user provisioning, attribute management, lock/unlock operations)
- IGetUserRequest, IGetUserResponse — Request/response envelopes with organisation scoping
- API key, JWT, and user attribute models
- Comprehensive exception hierarchy: QuotaExceededException, ApiKeyInvalidException, RateLimitExceededException, etc.

User & Vault Management

AIC.Core.Identity.Data.Services
- IIdentityService + IdentityService — Full user lifecycle (create, retrieve, update, lock, unlock, provision)
- IVaultService + VaultService — Secure credential storage, key derivation, and secrets management
- IUserService + UserService — User-specific operations with organisational scoping
- IAuditService + AuditService — Comprehensive audit logging for all identity operations

Multi-Tenancy & RBAC

AIC.Core.Identity.Data.Services
- BaseRbacDataService<TModel, TId> — Role-Based Access Control base service with resource-level permissions
- BaseRbacTenantDataService — Tenant-specific RBAC (all operations scoped to tenant)
- BaseRbacTenantOrganisationDataService — Organisation-wide RBAC with cross-tenant boundaries

Subscriptions Management

AIC.Core.Identity.Subscriptions.Models — Subscription domain models
AIC.Core.Identity.Subscriptions.Models.MongoDb — MongoDB-specific subscription persistence
AIC.Core.Identity.Subscriptions.Services — Subscription lifecycle and entitlement logic
AIC.Core.Identity.Subscriptions.Models.References — Reference data for subscription types

Multi-Tenant Organization Hierarchy

AIC.Core.Identity.Tenants.Models — Tenant domain models
AIC.Core.Identity.Tenants.Models.MongoDb — MongoDB tenant persistence
AIC.Core.Identity.Tenants.Models.References — Reference data and lookup tables

Audit & Compliance

AIC.Core.Identity.Data.Services
- AuditService — Tracks all identity operations with user IDs, timestamps, actions, and results
- Organisational audit trail segregation
- Immutable audit log append-only design

Extension Methods

AIC.Core.Identity.Extensions — Helper methods for identity operations, token generation, and claim extraction

3. Authentication & Authorization

JWT (JSON Web Tokens)

AIC.Core.Identity.Data.Services.Jwt
- IAccessTokenService + JwtAccessTokenService — Issues short-lived access tokens
- IRefreshTokenService + JwtRefreshTokenService — Manages token refresh flows
- IJwtKeyMaterialService + RsaJwtKeyMaterialService — RSA-based key material provisioning
- ISigningCredentialsProvisionService + RsaSigningCredentialsProvisionService — Signing credential management
AIC.Core.Identity.Extensions.Jwt
- JwtAuthServiceCollectionExtensions — DI registration for JWT authentication
- JwtAuthenticationServiceCollectionExtensions — Full JWT pipeline configuration
- Bearer token validation, claim extraction, and policy enforcement

API Key Management

JWT access tokens embed ApiKeyMetadata as claims
- Rate limit quotas per API key (requests per time window)
- Geo-IP restrictions (CIDR-based IP matching)
- Signature and expiration validation
- Extensible metadata for custom policies

Authentication Middleware

AIC.Core.Identity.Data.Services.Middleware
- AuthenticationServiceContextMiddleware — Extracts and validates auth tokens, populates user context
- TokenValidationErrorMiddleware — Handles JWT validation failures with detailed error responses
- Claims extraction and principal construction

Authorization & Audit Middleware

AuthorizationAuditMiddleware — Logs all authenticated requests with action, resource, outcome, and timing
Multi-tenant scoping ensures audit logs are segregated

Geo-IP & Network Policies

IpGeoPolicyMiddleware — Validates IP address geolocation against API key restrictions
IGeoResolver + DefaultGeoResolver — Geolocation lookup (extensible for custom providers)
IIpMatcher + CidrIpMatcher — CIDR block matching for IP validation

Rate Limiting

QuotaMiddleware — Enforces per-user and per-API-key rate limits
Partitioned rate limiters with configurable windows and permit counts
RateLimitExceededException for backpressure signaling

Web API Extensions

AIC.Core.Identity.Extensions.WebApi
- WebApiExtensions — Comprehensive ASP.NET Core integration
- Problem Details mapping for standardised error responses
- Rate limiting configuration with API key metadata integration
- Middleware registration helpers
- Service discovery and dependency injection orchestration

Controllers

AIC.Core.Identity.Data.Controllers.Authentication
- AuthenticationController — RESTful endpoints for login, token refresh, logout

4. Security & Cryptography

Purpose: Enterprise cryptographic primitives supporting post-quantum algorithms, certificate management, and secure key operations.

Core Abstractions

AIC.Core.Security.Cryptography
- IAsymmetricCryptographyProvider<TAlgorithm> — RSA, ECDSA, post-quantum algorithm abstraction
- ISymmetricCryptographyProvider<TAlgorithm> — AES and other symmetric cipher abstraction
- IHashProvider — Cryptographic hash function abstraction (SHA-256, SHA-3, BLAKE2, etc.)
- ICryptographicAsyncStream — Stream-based encryption/decryption for large payloads

Asymmetric Cryptography

RSA Support

AIC.Core.Security.Cryptography.Asymmetric.RSA
- Full RSA-2048, RSA-3072, RSA-4096 support
- Signing, verification, encryption, decryption
- PKCS#1 v1.5 and OAEP padding modes

Post-Quantum Algorithms

AIC.Core.Security.Cryptography.Asymmetric.Quantum
AIC.Core.Security.Cryptography.Asymmetric.Quantum.BouncyCastle
- CRYSTALS-Kyber (key encapsulation) — quantum-resistant key exchange
- CRYSTALS-Dilithium (signatures) — quantum-resistant digital signatures
- ML-KEM, ML-DSA standards support
- Hybrid classical+quantum signing for transition strategies

X.509 Certificates

AIC.Core.Security.Cryptography.Asymmetric.Certificates
- Certificate generation, parsing, validation
- Distinguished name handling, extension management
- Self-signed and CA-signed certificate chains
AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum
AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum.BouncyCastle
- Post-quantum certificate generation and validation
- Quantum algorithm OIDs and ASN.1 encoding
- Future-proof PKI infrastructure support

Symmetric Cryptography

AES Support

AIC.Core.Security.Cryptography.Symmetric.AES
- AES-128, AES-192, AES-256 support
- CBC, CTR, GCM modes
- Single-round and double-round (nested) encryption for additional security
- BouncyCastle implementations as alternative to .NET native

Hashing & Message Digests

AIC.Core.Security.Cryptography.Hashing
- SHA-256, SHA-512 support
- Extensible for SHA-3, BLAKE2, etc.
AIC.Core.Security.Cryptography.Hashing.BouncyCastle
- BouncyCastle-backed hashing for FIPS compliance or air-gapped environments
- Deterministic hash output for reproducible builds

Extension Methods & Utilities

AIC.Core.Security.Cryptography.Asymmetric.Extensions — Helper methods for key generation, encoding, format conversion
AIC.Core.Security.Cryptography.Hashing.Extensions — Hash computation shortcuts and verification helpers

5. Caching

Purpose: Flexible caching abstractions supporting in-memory and distributed cache implementations.

Core Abstractions

AIC.Core.Caching
- ICache — Generic cache interface with Get, Set, Remove, Clear operations
- ITypedCache<T> — Strongly-typed cache for specific model types
- TTL (time-to-live) support with automatic expiration
- Cache statistics and monitoring

Implementations

In-Memory

AIC.Core.Caching.InMemory
- InMemoryCache — .NET MemoryCache wrapper
- Process-local caching suitable for single-instance deployments
- Fast, low-latency access with eviction policies

Microsoft Memory Cache Adapter

AIC.Core.Caching.MicrosoftMemoryCache
- Wrapper around Microsoft.Extensions.Caching.Memory.IMemoryCache
- Integrates with standard .NET Core DI
- Sliding expiration and absolute expiration support

Cache Extensions & Utilities

AIC.Core.Caching Extensions
- CacheExtensions — Convenience methods for cache-aside pattern, lazy loading, bulk operations
- Async-friendly cache access patterns
- Typed cache helpers

6. Logging & Observability

Core Logging

AIC.Core.Logging
- Abstraction over Microsoft.Extensions.Logging
- Structured logging with context propagation

Serilog Integration

AIC.Core.Logging.Serilog
- SerilogLoggingPolicyMiddleware — Middleware for structured request/response logging
- Event enrichment with request context, user IDs, tenant IDs
- Sink configuration for console, file, Azure Monitor, Seq

Extension Methods

AIC.Core.Logging.Extensions — Helper methods for common logging patterns

7. Utilities & Extensions

AIC.Core.Extensions — General-purpose extension methods for strings, collections, reflection, and domain operations

Advanced Features

Multi-Tenant Architecture

Every data service includes built-in organisational and tenant scoping:

public class TenantDataService : BaseRbacTenantDataService<Model>
{
    public async Task GetAsync(Guid tenantId)
    {
        // Automatically scoped to tenantId; cross-tenant access rejected
        return await GetByIdAsync(modelId);
    }
}

Quota & Rate Limiting

API keys carry quota metadata:

Rate limiting: Requests per time window (1-minute, 5-minute windows, custom)
Enforcement: Partitioned rate limiters by API key or user
Rejection handling: Returns HTTP 429 (Too Many Requests) with retry-after headers

// Automatically enforced by middleware
services.AddRateLimiter(options => { /* configured per API key */ });

Audit Logging

Every identity operation is logged:

User performing action
Resource affected
Action type (create, update, delete, etc.)
Timestamp and duration
Success/failure status
IP address and user agent

Vector Search & AI Integration

MongoDB Atlas vector search enables semantic queries:

var results = await repository.SearchVectorAsync(embeddingVector, topK: 10);
var withScores = await repository.SearchVectorWithScoreAsync(embeddingVector);

Suitable for:

Semantic search over document collections
Recommendation engines
RAG (Retrieval-Augmented Generation) pipelines
Anomaly detection

Organisational Catch-All Quotas

TargetType.Any quotas act as wildcards:

// This quota applies to all request types
var catchAllQuota = quotas.Where(q => q.TargetType == TargetType.Any || q.TargetType == targetType);

Enables org-level policies with user-level overrides.

Security Posture

High-Assurance Design

Built for air-gapped and connected environments
No external dependencies for core cryptography
BouncyCastle alternative implementations for FIPS-140 compliance
Deterministic, reproducible builds with embedded SourceLink

Cryptographic Agility

Support for both classical (RSA, AES, SHA-256) and post-quantum algorithms
Hybrid signing strategies for gradual transition
Algorithm OID flexibility for future standardization

Secrets Management

VaultService for secure credential storage
Key derivation with salted hashing
Audit-logged credential operations
No plaintext secrets in logs

Network & Access Control

Geo-IP restriction enforcement via CIDR blocks
Rate limiting with per-user/per-key quotas
API key metadata tainting (can't be used elsewhere without permission)
Organisational boundary enforcement

Getting Started

Installation

Each package is available via NuGet with the AIC.Core.* prefix:

# Identity & Access
dotnet add package AIC.Core.Identity.Data.Services
dotnet add package AIC.Core.Identity.Extensions.Jwt
dotnet add package AIC.Core.Identity.Extensions.WebApi

# Data Persistence
dotnet add package AIC.Core.Data.Services
dotnet add package AIC.Core.Data.MongoDb
dotnet add package AIC.Core.Data.EntityFramework

# Security & Cryptography
dotnet add package AIC.Core.Security.Cryptography.Asymmetric.RSA
dotnet add package AIC.Core.Security.Cryptography.Asymmetric.Quantum.BouncyCastle
dotnet add package AIC.Core.Security.Cryptography.Symmetric.AES

# Caching
dotnet add package AIC.Core.Caching.MicrosoftMemoryCache

# Logging
dotnet add package AIC.Core.Logging.Serilog

Complete Startup Example

using AIC.Core.Identity.Extensions;
using AIC.Core.Identity.Extensions.Jwt;
using AIC.Core.Identity.Extensions.WebApi;
using AIC.Core.Data.Services;
using AIC.Core.Caching;
using Microsoft.Extensions.DependencyInjection;

// Build service collection
var services = new ServiceCollection();

// Register all AIC services
services
    .AddIdentityDataServices()
    .AddIdentityJwtServices(Configuration)
    .RegisterWebApiDependencies(Configuration)
    .AddDataServices()
    .AddCachingServices()
    .AddLoggingServices();

var provider = services.BuildServiceProvider();

// Use services
var identityService = provider.GetRequiredService<IIdentityService>();
var userResponse = await identityService.GetUserAsync(getUserRequest);

var userService = provider.GetRequiredService<IUserService>();
var user = await userService.GetByIdAsync(userId);

var cache = provider.GetRequiredService<ICache>();
await cache.SetAsync("key", "value", TimeSpan.FromMinutes(5));

Building Locally

# Restore dependencies
dotnet restore

# Build the solution
dotnet build -c Release

# Run all tests
dotnet test

# Generate NuGet packages locally
dotnet pack -c Release

Build output:

DLL assemblies: bin/Release/net10.0/
Symbol packages: artifacts/packages/*.snupkg
NuGet packages: artifacts/packages/*.nupkg

Typical Project Structure

MyApplication/
├── MyApplication.Web/              # ASP.NET Core / Blazor app
│   ├── Program.cs                  # DI & middleware registration
│   └── Controllers/                # API controllers
├── MyApplication.Services/         # Business logic layer
│   ├── UserService.cs             # Orchestrates identity operations
│   └── DataService.cs             # Data access wrapper
└── MyApplication.Models/          # Domain models
    ├── User.cs
    └── Tenant.cs

// Program.cs registration
services
    .AddIdentityDataServices()
    .AddIdentityExtensions()
    .AddDataServices()
    .AddCachingServices();

app.UseWebApi();  // Registers middleware pipeline

Architecture Patterns

Repository Pattern

All data access flows through IRepository<TEntity, TId>:

public interface IRepository<TEntity, in TId> where TEntity : class where TId : struct
{
    Task<TEntity> GetModelAsync(TId id);
    Task<IEnumerable<TEntity>> GetModelsAsync();
    Task<TEntity> CreateOrUpdateAsync(TEntity entity);
    Task<bool> DeleteAsync(TId id);
}

Implementations:

BaseEntityFrameworkCoreRepository — EF Core with LINQ support
BaseMongoDbRepository — MongoDB with document queries
BaseCosmosDbRepository — Cosmos DB with partition-aware queries
BaseVectorisedMongoDbRepository — Vector search extension

Service Layer

Generic BaseDataService<TModel, TId> wraps repositories:

public class BaseDataService<TModel, TId> where TModel : class where TId : struct
{
    public async ValueTask<TModel> GetByIdAsync(TId id) { /* delegates to repository */ }
    public async ValueTask<IEnumerable<TModel>> GetAllAsync(Expression<Func<TModel, bool>>? predicate = null) { }
    public async ValueTask<TModel> CreateAsync(TModel model) { }
    public async ValueTask<TModel> UpdateAsync(TModel model) { }
    public async ValueTask<bool> DeleteByIdAsync(TId id) { }
}

Provides:

Consistent method naming (Get*Async, Create*Async, Delete*Async)
Automatic logging and error handling
Scoped lifetime for security

RBAC (Role-Based Access Control)

BaseRbacDataService<TModel, TId> enforces permissions:

public class BaseRbacDataService<TModel, TId> : BaseDataService<TModel, TId>
{
    // All operations respect user roles and resource permissions
    public async Task<TModel> GetByIdAsync(TId id) 
    { 
        var model = await base.GetByIdAsync(id);
        // Check user has read permission on model
        await authorizationService.AuthorizeAsync(user, model, "Read");
        return model;
    }
}

Middleware Pipeline

Authentication and authorization are applied via middleware:

→ AuthenticationServiceContextMiddleware       (Extract JWT, populate HttpContext.User)
→ AuthorizationAuditMiddleware                (Log authenticated action)
→ IpGeoPolicyMiddleware                       (Validate geo restrictions)
→ QuotaMiddleware                             (Rate limiting)
→ TokenValidationErrorMiddleware              (Error mapping)
→ Application Logic (Controllers, Services)

Testing

The solution includes comprehensive test suites:

Test Projects:

AIC.Core.Data.MongoDb.Tests — Repository and query tests
AIC.Core.Data.CosmosDb.Tests — Cosmos DB integration tests
AIC.Core.Security.Cryptography.*.Tests — Cryptography algorithm tests
AIC.Core.Identity.Data.Services.Middleware.Tests — Middleware pipeline tests
AIC.Core.Identity.Data.Services.Jwt.Tests — JWT token tests

Test Framework: xUnit (with Fluent Assertions, Moq, NUnit conventions)

Coverage:

Unit tests for cryptographic operations
Integration tests for database operations
Middleware pipeline tests
Rate limiting and quota tests
RBAC permission enforcement tests

Build & Packaging

Versioning Strategy

Versions follow CalVer (Calendar Versioning):

Format: YYYY.MM.DD.patch
Example: 2025.11.20.3 (November 20, 2025, patch 3)
Automatically injected by Azure DevOps build pipeline

Deterministic Builds

<!-- Directory.Build.props -->
<Deterministic>true</Deterministic>
<PublishRepositoryUrl>true</PublishRepositoryUrl>
<EmbedUntrackedSources>true</EmbedUntrackedSources>

Ensures:

Reproducible binaries across machines
SourceLink integration for source-level debugging
Build timestamp consistency
No environment-dependent artifacts

NuGet Packaging

Each project auto-generates NuGet packages:

Package: .nupkg (DLL + dependencies)
Symbols: .snupkg (debugging support)
Metadata: Embedded README, license, release notes
Registry: Published to AIC NuGet Feed

Local Packing

dotnet pack -c Release
# Outputs to ./artifacts/packages/

Repository Structure

src/
├── Data/                                    # Data layer abstractions & implementations
│   ├── AIC.Core.Data/                      # Core interfaces (IRepository, IEntity)
│   ├── AIC.Core.Data.Services/             # Generic CRUD services
│   ├── AIC.Core.Data.EntityFramework/      # EF Core repository
│   ├── AIC.Core.Data.MongoDb/              # MongoDB repository
│   ├── AIC.Core.Data.MongoDb.Realm/        # MongoDB Realm offline support
│   ├── AIC.Core.Data.CosmosDb/             # Azure Cosmos DB repository
│   ├── AIC.Core.Data.Models.References/    # Shared model references
│   └── AIC.Core.Data.Extensions.Expressions/ # Expression tree utilities
│
├── Caching/                                 # Caching abstractions & implementations
│   ├── AIC.Core.Caching/                   # Core cache interfaces
│   ├── AIC.Core.Caching.InMemory/          # In-memory implementation
│   └── AIC.Core.Caching.MicrosoftMemoryCache/ # MS.Extensions.Caching adapter
│
├── Security/                                # Cryptography & security
│   └── Cryptography/
│       ├── AIC.Core.Security.Cryptography/ # Core crypto abstractions
│       ├── AIC.Core.Security.Cryptography.Streams/ # Stream-based encryption
│       ├── Asymmetric/
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric/ # RSA, ECDSA abstractions
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.RSA/ # RSA implementation
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.Extensions/ # RSA helpers
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.Quantum/ # Post-quantum base
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.Quantum.BouncyCastle/ # PQ implementations
│       │   ├── AIC.Core.Security.Cryptography.Asymmetric.NBitcoin/ # Bitcoin crypto support
│       │   ├── Certificates/
│       │   │   ├── AIC.Core.Security.Cryptography.Asymmetric.Certificates/ # X.509 support
│       │   │   ├── AIC.Core.Security.Cryptography.Asymmetric.Certificates.Models/
│       │   │   ├── AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum/ # PQ certificates
│       │   │   └── AIC.Core.Security.Cryptography.Asymmetric.Certificates.Quantum.BouncyCastle/
│       ├── Symmetric/
│       │   ├── AIC.Core.Security.Cryptography.Symmetric/ # Symmetric abstractions
│       │   └── AIC.Core.Security.Cryptography.Symmetric.AES/ # AES implementation
│       ├── Hashing/
│       │   ├── AIC.Core.Security.Cryptography.Hashing/ # Hash abstractions
│       │   ├── AIC.Core.Security.Cryptography.Hashing.BouncyCastle/ # BC implementations
│       │   └── AIC.Core.Security.Cryptography.Hashing.Extensions/ # Hash helpers
│       └── FIDO2/
│           └── AIC.Core.Security.Cryptography.Fido2/ # WebAuthn/FIDO2 support
│
├── Identity/                                # Identity & access management
│   ├── AIC.Core.Identity.Models/ # Core identity domain models & exceptions
│   ├── AIC.Core.Identity.Models.Jwt/ # JWT models (AccessToken, RefreshToken, etc.)
│   ├── AIC.Core.Identity.Models.MongoDb/ # MongoDB-persisted identity models
│   ├── AIC.Core.Identity.Data/ # Identity repositories
│   ├── AIC.Core.Identity.Data.Services/ # Identity business logic (User, Vault, Audit)
│   ├── AIC.Core.Identity.Data.Services.Jwt/ # JWT token generation & validation
│   ├── AIC.Core.Identity.Data.Services.Middleware/ # Auth middleware (context, audit, geo-ip, quota)
│   ├── AIC.Core.Identity.Data.Controllers.Authentication/ # REST controllers
│   ├── AIC.Core.Identity.Extensions/ # Identity extension methods
│   ├── AIC.Core.Identity.Extensions.Jwt/ # JWT DI extensions
│   ├── AIC.Core.Identity.Extensions.WebApi/ # WebApi integration
│   ├── AIC.Core.Identity.Services.Web/ # Web-specific services (GeoResolver, IpMatcher)
│   ├── AIC.Core.Identity.Extensions.Web/ # Web extension methods
│   ├── Subscriptions/
│   │   ├── AIC.Core.Identity.Subscriptions.Models/
│   │   ├── AIC.Core.Identity.Subscriptions.Models.MongoDb/
│   │   ├── AIC.Core.Identity.Subscriptions.Models.References/
│   │   └── AIC.Core.Identity.Subscriptions.Services/
│   └── Tenants/
│       ├── AIC.Core.Identity.Tenants.Models/
│       ├── AIC.Core.Identity.Tenants.Models.MongoDb/
│       └── AIC.Core.Identity.Tenants.Models.References/
│
├── Logging/                                 # Logging & observability
│   ├── AIC.Core.Logging/                   # Core logging abstractions
│   ├── AIC.Core.Logging.Extensions/        # Logging extension methods
│   └── AIC.Core.Logging.Serilog/           # Serilog structured logging
│
├── Extensions/                              # Utilities & extensions
│   └── AIC.Core.Extensions/                # General-purpose extension methods
│
└── Encoding/                                # Future: Text encoding & compression utilities

Repository Metadata

Organization: AIC (Aerospace, Intelligence & Cyber)
Company: AIC Professional Services UK Ltd
Website: https://aicuk.ltd
Repository: https://dev.azure.com/aicukltd/AIC.Core/_git/AIC.Core
License: MIT
Language: en-GB
Framework: .NET 10
Authors: Secure Engineering Team (led by Oliver Christie)
Build Pipeline: Azure DevOps CI/CD

Contributing

This repository is managed internally by AIC.
External contributions are not currently accepted.
For collaboration opportunities, contact the AIC engineering team via https://aicuk.ltd#contact.

Security

Responsible Disclosure

All packages are produced within a clean cloud build environment with:

Reproducible, deterministic builds
SourceLink source-level tracing
Cryptographic signature verification
Audit logging of all build operations

Vulnerability Reporting

Security vulnerabilities can be reported privately through official AIC channels only. Do not disclose security issues in public GitHub issues or discussions.

Design Principles for High-Assurance

Air-gapped ready: Supports offline environments with no external service dependencies
FIPS-140 compliance: BouncyCastle implementations available for strict COTS environments
Post-quantum safe: Quantum-resistant algorithms available alongside classical ones
Zero-trust architecture: All operations require authentication, authorization, and audit logging
Defence & National Security focus: Built for systems handling classified and sensitive data

License

Licensed under the MIT License.
See the LICENSE file for full terms.

Roadmap & Future Expansion

Planned Capabilities

Encoding utilities — Base32, Base64url, Protobuf support
GraphQL API generator — Automatic API surface generation
Multi-language SDKs — TypeScript/JavaScript, Python, Go clients
Kubernetes operators — Managed deployment and scaling
OpenTelemetry integration — Distributed tracing and metrics
Additional crypto algorithms — EdDSA, ChaCha20-Poly1305
Hardware security module (HSM) support — PKCS#11 integration
Event sourcing — Audit-log-as-database patterns

Support & Documentation

Azure DevOps Wiki: Project Documentation
NuGet Package Feed: AIC Packages
Issue Tracking: Azure DevOps Boards
Release Notes: See CHANGELOG.md in each package

Last Updated: January 2026
Framework Version: .NET 10
Status: Production Ready