CQRS and Event Sourcing for .NET — with tamper-evident streams and tenant-aware encryption built in.
Stratara is the integrated CQRS, Event Sourcing, and audit stack you'd otherwise compose yourself from three or four libraries. Mediator, outbox, event store, sagas, projections, and identity — all wired together, lockstep-versioned across 22 NuGet packages for .NET 10. Opt in à la carte.
License: Stratara ships under FSL-1.1-MIT (Functional Source License 1.1 with MIT Future License). Source-available, not OSI-approved OSS — see License before adoption.
🔒 Tamper-Evident by Design — Every event stream is hash-chained. Manipulate a row directly in Postgres, and the next background-worker pass raises EventStreamCorrupted at the exact sequence number where the chain breaks. Audit-grade integrity, not a "trust the DBA" promise. (Concept · Hero Sample)
🛡️ Tenant-Aware Encryption — [EncryptData] fields are sealed with AES-GCM and an authentication tag bound to the tenant id as Associated Data. A row leaked from one tenant cannot be decrypted in another tenant's session — even with the correct master key. Destroy the key → the data is unrecoverable, including in backups (crypto-shredding makes GDPR Article 17 erasure architecturally sound). (Concept · Hero Sample)
🧩 Integrated, not Assembled — Mediator + Outbox + Event Store + Sagas + Projections + Identity, lockstep-versioned across 22 packages. One <VersionPrefix> bump moves everything together. No multi-library composition tax, no version-skew puzzles, no integration tests to prove your bus and your event store still see eye-to-eye.
Stratara is the integrated CQRS / Event Sourcing / audit stack we built for our own products — the wiring that production event-sourced apps tend to write from scratch, plus the tamper-evident and tenant-aware-encryption properties we wanted as a default, not as an enterprise-tier add-on.
We're publishing it because the .NET ecosystem deserves these primitives without the composition tax of stitching together Marten + Wolverine + MassTransit + your own crypto layer. Compliance-relevant integrity (GDPR Article 17 via crypto-shredding, SOC 2 audit-trail, HIPAA data integrity) should not be locked behind a license tier — it should be how the storage layer works by default.
The FSL-1.1-MIT license is our two-part commitment: source-available today (with a no-direct-competition clause), automatic conversion to plain MIT two years after each release. Stratara becomes true open source, version by version, on a schedule everyone can plan around. The clock has started with v3.0.20.
Full docs, conceptual overview, getting-started walkthrough, guides, samples and the auto-generated API reference live at docs.stratara.tech.
# Minimum: in-process mediator + pipeline behaviors
dotnet add package Stratara.Mediator
# Event-sourced apps with the full stack
dotnet add package Stratara.EventSourcing.EntityFrameworkCore
dotnet add package Stratara.EventSourcing.WorkerDefaults
dotnet add package Stratara.Outbox.RabbitMQHello-mediator in five lines:
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddMediator();
builder.Services.AddCommandHandlersFromAssemblyContaining<Program>();
var app = builder.Build();
await app.Services.GetRequiredService<IMediator>().HandleAsync(new MyCommand(), CancellationToken.None);Lockstep-versioned NuGet family — every package in the table below ships at the same <VersionPrefix>, bumped together (Microsoft.Extensions.* convention).
| Tier | Package | Purpose |
|---|---|---|
| A | Stratara.Abstractions |
Contract interfaces + POCO records (no implementation) |
| A | Stratara.Contracts |
Wire-level POCO contracts |
| A | Stratara.Diagnostics |
ActivitySource / Meter / log-event-ID schema |
| A | Stratara.Resilience |
Polly named pipelines |
| A | Stratara.Sessions |
Actor / Subject session model + ASP.NET middleware |
| B | Stratara.Mediator |
In-process mediator + pipeline behaviors |
| B | Stratara.Domain |
Tenant aggregate + lifecycle events |
| B | Stratara.Shared |
Umbrella re-export of A/B abstractions + source-generated logger extensions |
| B | Stratara.ServiceDefaults |
OpenTelemetry + Serilog defaults |
| C | Stratara.EventSourcing.EntityFrameworkCore |
Write / read / identity stores on PostgreSQL |
| C | Stratara.EventSourcing.Pipeline.CommandAudit |
Command-audit pipeline behavior |
| C | Stratara.Validation |
Vendor-neutral IValidator<T> + validation pipeline behavior |
| C | Stratara.EventSourcing.WorkerDefaults |
Worker-host wiring composites |
| C | Stratara.Projections |
Projection runtime |
| C | Stratara.Sagas |
Saga runtime |
| C | Stratara.Security |
Key store (KEK-wrapped versioned DEKs) + AES-GCM envelope encryption |
| C | Stratara.Outbox.RabbitMQ |
Outbox + RabbitMQ-backed IMessageBus |
| C | Stratara.Outbox.AzureServiceBus |
Outbox + Azure Service Bus-backed IMessageBus |
| C | Stratara.Infrastructure |
Cross-cutting infrastructure glue |
| C | Stratara.Identity.Core |
Channel-agnostic identity primitives |
| C | Stratara.Identity.AspNetCore |
Channel-agnostic ASP.NET Core identity wiring (sign-in manager wrapper + i18n + email-sender stub) |
| C | Stratara.ServiceDefaults.AspNetCore |
ASP.NET health checks + request OpenTelemetry |
Tier order: a Tier-N package may only reference Tier-(≤N). Tier-A has no inbound dependencies from B or C.
The fastest path is to run the samples under samples/ — each is self-contained, runs in under a second, and reads top-to-bottom in 5–20 minutes.
| Sample | What it proves |
|---|---|
Stratara.Sample.TamperProof |
Hash-chained event streams catch direct-DB tampering at the next verifier pass |
Stratara.Sample.Encryption |
Tenant-bound AAD makes cross-tenant decryption cryptographically impossible |
| # | Sample | Concept |
|---|---|---|
| 1 | Stratara.Sample.CqrsBasics |
IMediator + ICommand / IQuery + handler discovery |
| 2 | Stratara.Sample.EventSourced |
Event-sourced aggregate + read-side projection |
| 3 | Stratara.Sample.OutboxWorker |
Outbox + message bus + background worker |
| 4 | Stratara.Sample.MoneyTransferSaga |
Saga / process manager |
| 5 | Stratara.Sample.AspNetCoreApi |
HTTP minimal-API → mediator wiring |
dotnet run --project samples/Stratara.Sample.TamperProofEach sample has a step-by-step walkthrough under docs.stratara.tech/samples.
Requires the .NET 10 SDK — global.json pins the version; dotnet --version should report 10.0.x.
# Build the publish solution filter (every packable csproj + tests)
dotnet build Stratara.Publish.slnf -c Release
# Run the test suite (xUnit v3 with Microsoft Testing Platform)
dotnet testLockstep across the whole family — one <VersionPrefix> in Directory.Build.props controls every package. Tag-driven builds (v*) publish stable versions; main-branch pushes publish {VersionPrefix}-preview.{BuildId} pre-releases. SemVer applies — see CHANGELOG.md for per-release notes.
FSL-1.1-MIT — Functional Source License 1.1 with MIT Future License.
You may use Stratara for any purpose other than building a directly competing product. After two years, each released version converts to plain MIT under the FSL "Grant of Future License" clause. The full MIT future-license text is included in the LICENSE file.
Stratara's GitHub repository is a one-way mirror of an internal Azure DevOps source-of-truth, force-pushed as a single squashed commit per release. We do not currently accept pull requests — any PR opened against the mirror would be lost on the next sync.
What we welcome:
- Bug reports — open an issue with the bug template.
- Questions — open an issue with the question template (check docs.stratara.tech first).
- Security issues — see
SECURITY.md, please do not file a public issue.
Full details on the contribution model: CONTRIBUTING.md. Community standards: CODE_OF_CONDUCT.md. Getting help: SUPPORT.md.