semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/implplan-blocked/audits/csproj-standards/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.md
+++ b/docs/implplan-blocked/audits/csproj-standards/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.md
@@ -0,0 +1,170 @@
+# Audit - StellaOps.Scanner.WebService
+
+## Project
+- Path: `src/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj`
+- Module: `Scanner`
+- Kind: `WebService`
+- SDK: `Microsoft.NET.Sdk.Web`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 128
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaEvidenceEndpoints.cs` (831 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ReportEventDispatcher.cs` (819 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs` (777 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScanEndpoints.cs` (766 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SourcesEndpoints.cs` (758 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineAttestationVerifier.cs` (741 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/SignedSbomArchiveBuilder.cs` (727 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitImportService.cs` (686 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/RuntimeInventoryReconciler.cs` (681 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/AttestationChainVerifier.cs` (670 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/WebhookEndpoints.cs` (668 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/OrchestratorEventContracts.cs` (662 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/SbomByosUploadService.cs` (651 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Program.cs` (647 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/CounterfactualEndpoints.cs` (610 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationWebhookHandler.cs` (590 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationService.cs` (589 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/PolicyEndpoints.cs` (586 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ApprovalEndpoints.cs` (549 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptions.cs` (537 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/RuntimePolicyService.cs` (533 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs` (523 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/SecretDetectionSettingsService.cs` (497 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptionsValidator.cs` (494 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ExportEndpoints.cs` (487 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IOfflineAttestationVerifier.cs` (481 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceCompositionService.cs` (468 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs` (464 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs` (463 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/FindingRationaleService.cs` (449 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Controllers/TriageController.cs` (444 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/DeltaCompareContracts.cs` (440 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ReplayCommandService.cs` (435 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs` (421 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SliceEndpoints.cs` (386 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SecretDetectionSettingsEndpoints.cs` (373 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs` (371 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/AttestationChain.cs` (366 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/TriageStatusService.cs` (365 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs` (363 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/PolicyDtoMapper.cs` (356 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/FeedChangeRescoreJob.cs` (354 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ValidationEndpoints.cs` (346 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/OfflineKitEndpoints.cs` (341 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/SliceQueryService.cs` (336 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/LayerSbomEndpoints.cs` (336 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/RuntimeEndpoints.cs` (332 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEvidenceEndpoints.cs` (328 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/EpssEndpoints.cs` (324 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/UnknownsEndpoints.cs` (323 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/RationaleContracts.cs` (322 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/SecretDetectionConfigContracts.cs` (319 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/HumanApprovalAttestationService.cs` (316 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Replay/RecordModeService.cs` (315 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/GatingReasonService.cs` (312 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ActionablesEndpoints.cs` (309 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitManifestService.cs` (307 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityDriftEndpoints.cs` (307 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ManifestEndpoints.cs` (306 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageStatusEndpoints.cs` (301 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReportEndpoints.cs` (301 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitMetricsStore.cs` (294 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/SurfacePointerService.cs` (293 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/BaselineEndpoints.cs` (292 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityStackEndpoints.cs` (292 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaCompareEndpoints.cs` (291 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScoreReplayEndpoints.cs` (283 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Middleware/IdempotencyMiddleware.cs` (271 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/OciAttestationPublisher.cs` (270 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ReportSigner.cs` (267 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/VexGateContracts.cs` (264 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/GatingContracts.cs` (264 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/SbomExportService.cs` (264 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/LayerSbomService.cs` (262 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/RuntimeEventRateLimiter.cs` (261 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/DeltaScanRequestHandler.cs` (260 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/WitnessEndpoints.cs` (253 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/EvidenceEndpoints.cs` (253 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Options/ScannerSurfaceSecretConfigurator.cs` (246 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/HumanApprovalStatement.cs` (244 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/CallGraphEndpoints.cs` (244 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Serialization/OrchestratorEventSerializer.cs` (239 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/RuntimeEventIngestionService.cs` (234 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/CallGraphIngestionService.cs` (232 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/SbomContracts.cs` (231 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/BaselineContracts.cs` (228 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/ReachabilityContracts.cs` (225 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/ReportContracts.cs` (222 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ScoreReplayService.cs` (221 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/RuntimePolicyContracts.cs` (216 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/RichGraphAttestationService.cs` (216 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/ReplayCommandContracts.cs` (212 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/VexGateQueryService.cs` (208 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IHumanApprovalAttestationService.cs` (206 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/PolicyDecisionAttestationService.cs` (204 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/ManifestContracts.cs` (201 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/PolicyDecisionStatement.cs` (200 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/FindingEvidenceContracts.cs` (198 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/InMemoryScanCoordinator.cs` (197 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ProofSpineEndpoints.cs` (196 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/PolicyPreviewContracts.cs` (195 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/SbomIngestionService.cs` (192 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ScanFindingsSarifExportService.cs` (187 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/LinksetResolver.cs` (181 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceBundleExporter.cs` (180 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SbomEndpoints.cs` (174 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IRichGraphAttestationService.cs` (174 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ConcelierHttpLinksetQueryService.cs` (172 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/RichGraphStatement.cs` (166 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/ProofBundleEndpoints.cs` (164 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/HealthEndpoints.cs` (160 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/ProofSpineContracts.cs` (158 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IPolicyDecisionAttestationService.cs` (157 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/RedisPlatformEventPublisher.cs` (155 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ScanProgressStream.cs` (150 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/InMemoryScanManifestRepository.cs` (148 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/ILayerSbomService.cs` (146 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitContracts.cs` (143 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Controllers/VexGateController.cs` (143 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/TestManifestRepository.cs` (142 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/LayerSbomContracts.cs` (141 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Extensions/RateLimitingExtensions.cs` (127 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IVexGateQueryService.cs` (126 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageInboxEndpoints.cs` (123 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Options/ScannerStorageOptionsPostConfigurator.cs` (118 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/RuntimeEventsContracts.cs` (110 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptionsPostConfigure.cs` (110 lines)
+  - `src/Scanner/StellaOps.Scanner.WebService/Serialization/DeterministicCborSerializer.cs` (108 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: FAIL
+- Expected layers: Unit, Integration, Security, Offline, Performance
+- Detected test projects: src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/StellaOps.Scanner.WebService.Tests.csproj [Unit]
+- Missing layers: Integration, Security, Offline, Performance
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- Add integration tests for cross-component flows.
+- Add security tests for authn/authz or input validation.
+- Add offline/airgap coverage with fixtures only.
+- Add performance regression coverage for scanner/export/release paths.