semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/implplan-blocked/audits/csproj-standards/Signals/StellaOps.Signals.RuntimeAgent/StellaOps.Signals.RuntimeAgent.md
+++ b/docs/implplan-blocked/audits/csproj-standards/Signals/StellaOps.Signals.RuntimeAgent/StellaOps.Signals.RuntimeAgent.md
@@ -0,0 +1,49 @@
+# Audit - StellaOps.Signals.RuntimeAgent
+
+## Project
+- Path: `src/Signals/StellaOps.Signals.RuntimeAgent/StellaOps.Signals.RuntimeAgent.csproj`
+- Module: `Signals`
+- Kind: `Worker`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 8
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/RuntimeAgentBase.cs` (314 lines)
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/RuntimeFactsIngestService.cs` (303 lines)
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/ClrMethodResolver.cs` (294 lines)
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/AgentRegistrationService.cs` (264 lines)
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/AgentRegistration.cs` (165 lines)
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/DotNetEventPipeAgent.cs` (155 lines)
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/RuntimeMethodEvent.cs` (131 lines)
+  - `src/Signals/StellaOps.Signals.RuntimeAgent/RuntimeAgentOptions.cs` (117 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: FAIL
+- Expected layers: Unit, Integration, E2E, Offline
+- Detected test projects: src/Signals/__Tests/StellaOps.Signals.RuntimeAgent.Tests/StellaOps.Signals.RuntimeAgent.Tests.csproj [Unit]
+- Missing layers: Integration, E2E, Offline
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- Add integration tests for cross-component flows.
+- Add E2E coverage for user-visible workflows.
+- Add offline/airgap coverage with fixtures only.
--- a/docs/implplan-blocked/audits/csproj-standards/Signals/StellaOps.Signals.Scheduler/StellaOps.Signals.Scheduler.md
+++ b/docs/implplan-blocked/audits/csproj-standards/Signals/StellaOps.Signals.Scheduler/StellaOps.Signals.Scheduler.md
@@ -0,0 +1,43 @@
+# Audit - StellaOps.Signals.Scheduler
+
+## Project
+- Path: `src/Signals/StellaOps.Signals.Scheduler/StellaOps.Signals.Scheduler.csproj`
+- Module: `Signals`
+- Kind: `Worker`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 1
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Signals/StellaOps.Signals.Scheduler/SchedulerQueueJobClient.cs` (162 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: FAIL
+- Expected layers: Unit, Integration, E2E, Offline
+- Detected test projects: none
+- Missing layers: Unit, Integration, E2E, Offline
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- Add a unit test project named `<Project>.Tests` (or document exception).
+- Add integration tests for cross-component flows.
+- Add E2E coverage for user-visible workflows.
+- Add offline/airgap coverage with fixtures only.
--- a/docs/implplan-blocked/audits/csproj-standards/Signals/StellaOps.Signals/StellaOps.Signals.md
+++ b/docs/implplan-blocked/audits/csproj-standards/Signals/StellaOps.Signals/StellaOps.Signals.md
@@ -0,0 +1,140 @@
+# Audit - StellaOps.Signals
+
+## Project
+- Path: `src/Signals/StellaOps.Signals/StellaOps.Signals.csproj`
+- Module: `Signals`
+- Kind: `WebService`
+- SDK: `Microsoft.NET.Sdk.Web`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 99
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightedScoreCalculator.cs` (1060 lines)
+  - `src/Signals/StellaOps.Signals/Program.cs` (960 lines)
+  - `src/Signals/StellaOps.Signals/Services/IFuncProofLinkingService.cs` (833 lines)
+  - `src/Signals/StellaOps.Signals/Services/RuntimeFactsIngestionService.cs` (784 lines)
+  - `src/Signals/StellaOps.Signals/Services/ReachabilityScoringService.cs` (736 lines)
+  - `src/Signals/StellaOps.Signals/Api/RuntimeAgentController.cs` (684 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightPolicy.cs` (588 lines)
+  - `src/Signals/StellaOps.Signals/Api/HotSymbolsController.cs` (562 lines)
+  - `src/Signals/StellaOps.Signals/Parsing/SimpleJsonCallgraphParser.cs` (512 lines)
+  - `src/Signals/StellaOps.Signals/Services/ISbomCorrelationService.cs` (486 lines)
+  - `src/Signals/StellaOps.Signals/UnifiedScore/Replay/ReplayModels.cs` (452 lines)
+  - `src/Signals/StellaOps.Signals/Services/CallgraphIngestionService.cs` (430 lines)
+  - `src/Signals/StellaOps.Signals/Services/SlimSymbolCache.cs` (423 lines)
+  - `src/Signals/StellaOps.Signals/Services/ISymbolCanonicalizationService.cs` (404 lines)
+  - `src/Signals/StellaOps.Signals/Services/RuntimeFactsProvenanceNormalizer.cs` (392 lines)
+  - `src/Signals/StellaOps.Signals/Parsing/CallgraphSchemaMigrator.cs` (382 lines)
+  - `src/Signals/StellaOps.Signals/Scm/Webhooks/GitLabEventMapper.cs` (378 lines)
+  - `src/Signals/StellaOps.Signals/UnifiedScore/UnifiedScoreModels.cs` (371 lines)
+  - `src/Signals/StellaOps.Signals/Services/CallgraphNormalizationService.cs` (368 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightedScoreInput.cs` (364 lines)
+  - `src/Signals/StellaOps.Signals/Scm/Webhooks/GitHubEventMapper.cs` (356 lines)
+  - `src/Signals/StellaOps.Signals/Models/HotSymbolIndex.cs` (355 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/NormalizerAggregator.cs` (350 lines)
+  - `src/Signals/StellaOps.Signals/Storage/RustFsCallgraphArtifactStore.cs` (333 lines)
+  - `src/Signals/StellaOps.Signals/Models/RuntimeUpdatedEvent.cs` (330 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/WeightManifest.cs` (318 lines)
+  - `src/Signals/StellaOps.Signals/Services/ScoreExplanationService.cs` (315 lines)
+  - `src/Signals/StellaOps.Signals/Services/UnknownsScoringService.cs` (297 lines)
+  - `src/Signals/StellaOps.Signals/Services/EdgeBundleIngestionService.cs` (277 lines)
+  - `src/Signals/StellaOps.Signals/UnifiedScore/Replay/ReplayLogBuilder.cs` (272 lines)
+  - `src/Signals/StellaOps.Signals/Models/AocProvenance.cs` (270 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/NormalizerOptions.cs` (265 lines)
+  - `src/Signals/StellaOps.Signals/Services/UnknownsRescanWorker.cs` (263 lines)
+  - `src/Signals/StellaOps.Signals/Storage/PoECasStore.cs` (259 lines)
+  - `src/Signals/StellaOps.Signals/UnifiedScore/UnifiedScoreService.cs` (258 lines)
+  - `src/Signals/StellaOps.Signals/Services/ReachabilityFactDigestCalculator.cs` (258 lines)
+  - `src/Signals/StellaOps.Signals/Scm/Webhooks/GiteaEventMapper.cs` (256 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/InMemoryReachabilityStoreRepository.cs` (250 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightPolicyOptions.cs` (245 lines)
+  - `src/Signals/StellaOps.Signals/Scm/Models/NormalizedScmEvent.cs` (238 lines)
+  - `src/Signals/StellaOps.Signals/Services/RedisEventsPublisher.cs` (232 lines)
+  - `src/Signals/StellaOps.Signals/Models/ProcSnapshotDocument.cs` (232 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/SourceTrustNormalizer.cs` (225 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/RuntimeSignalNormalizer.cs` (224 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/ReachabilityNormalizer.cs` (217 lines)
+  - `src/Signals/StellaOps.Signals/Services/ReachabilityFactEventBuilder.cs` (217 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/FileBasedWeightManifestLoader.cs` (210 lines)
+  - `src/Signals/StellaOps.Signals/Scm/ScmWebhookEndpoints.cs` (208 lines)
+  - `src/Signals/StellaOps.Signals/UnifiedScore/Replay/ReplayVerifier.cs` (195 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/InMemoryReachabilityFactRepository.cs` (194 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/MitigationNormalizer.cs` (192 lines)
+  - `src/Signals/StellaOps.Signals/Models/ScoreExplanation.cs` (192 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/BackportEvidenceNormalizer.cs` (189 lines)
+  - `src/Signals/StellaOps.Signals/Services/SchedulerRescanOrchestrator.cs` (189 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/ExploitLikelihoodNormalizer.cs` (189 lines)
+  - `src/Signals/StellaOps.Signals/Lattice/UncertaintyTier.cs` (186 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/MitigationInput.cs` (182 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/IEvidenceWeightPolicyProvider.cs` (179 lines)
+  - `src/Signals/StellaOps.Signals/Models/EdgeBundleDocument.cs` (179 lines)
+  - `src/Signals/StellaOps.Signals/Scm/Services/ScmWebhookService.cs` (172 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/InMemoryUnknownsRepository.cs` (170 lines)
+  - `src/Signals/StellaOps.Signals/Services/MessagingEventsPublisher.cs` (170 lines)
+  - `src/Signals/StellaOps.Signals/Services/CallGraphSyncService.cs` (169 lines)
+  - `src/Signals/StellaOps.Signals/Models/ReachabilityFactDocument.cs` (165 lines)
+  - `src/Signals/StellaOps.Signals/Lattice/ReachabilityLattice.cs` (164 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/InMemoryCallGraphProjectionRepository.cs` (162 lines)
+  - `src/Signals/StellaOps.Signals/Storage/FileSystemCallgraphArtifactStore.cs` (162 lines)
+  - `src/Signals/StellaOps.Signals/Services/RouterEventsPublisher.cs` (161 lines)
+  - `src/Signals/StellaOps.Signals/Storage/FileSystemRuntimeFactsArtifactStore.cs` (160 lines)
+  - `src/Signals/StellaOps.Signals/UnifiedScore/UnknownsBandMapper.cs` (159 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/IHotSymbolRepository.cs` (158 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/INormalizerAggregator.cs` (157 lines)
+  - `src/Signals/StellaOps.Signals/Models/CallgraphEdge.cs` (155 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/SourceTrustInput.cs` (154 lines)
+  - `src/Signals/StellaOps.Signals/Models/CallgraphNode.cs` (153 lines)
+  - `src/Signals/StellaOps.Signals/Options/SignalsArtifactStorageOptions.cs` (153 lines)
+  - `src/Signals/StellaOps.Signals/Scm/Services/ScmTriggerService.cs` (153 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/InMemoryCallgraphRepository.cs` (152 lines)
+  - `src/Signals/StellaOps.Signals/Models/CallgraphDocument.cs` (148 lines)
+  - `src/Signals/StellaOps.Signals/Services/UnknownsDecayService.cs` (143 lines)
+  - `src/Signals/StellaOps.Signals/Services/RuntimeFactsRetentionService.cs` (140 lines)
+  - `src/Signals/StellaOps.Signals/Services/ReachabilityUnionIngestionService.cs` (139 lines)
+  - `src/Signals/StellaOps.Signals/Models/UnknownSymbolDocument.cs` (138 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/BackportInput.cs` (136 lines)
+  - `src/Signals/StellaOps.Signals/Lattice/ReachabilityLatticeState.cs` (134 lines)
+  - `src/Signals/StellaOps.Signals/Options/SignalsEventsOptions.cs` (129 lines)
+  - `src/Signals/StellaOps.Signals/Options/ScoreExplanationWeights.cs` (128 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightedScoringExtensions.cs` (119 lines)
+  - `src/Signals/StellaOps.Signals/Options/SignalsScoringOptions.cs` (119 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/ReachabilityInput.cs` (118 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/RuntimeInput.cs` (115 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/InMemoryDeploymentRefsRepository.cs` (111 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/EvidenceNormalizersServiceCollectionExtensions.cs` (111 lines)
+  - `src/Signals/StellaOps.Signals/Services/UnknownsIngestionService.cs` (109 lines)
+  - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/ExploitInput.cs` (109 lines)
+  - `src/Signals/StellaOps.Signals/Services/UnknownsRescanMetrics.cs` (107 lines)
+  - `src/Signals/StellaOps.Signals/Options/UnknownsScoringOptions.cs` (102 lines)
+  - `src/Signals/StellaOps.Signals/Persistence/InMemoryGraphMetricsRepository.cs` (102 lines)
+  - `src/Signals/StellaOps.Signals/Options/SignalsAuthorityOptions.cs` (101 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: FAIL
+- Expected layers: Unit, Integration, Security, Offline
+- Detected test projects: src/__Tests/reachability/StellaOps.Signals.Reachability.Tests/StellaOps.Signals.Reachability.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.RuntimeAgent.Tests/StellaOps.Signals.RuntimeAgent.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.Persistence.Tests/StellaOps.Signals.Persistence.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.Ebpf.Tests/StellaOps.Signals.Ebpf.Tests.csproj [Unit], src/__Libraries/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj [Unit], src/__Libraries/__Tests/StellaOps.Signals.Contracts.Tests/StellaOps.Signals.Contracts.Tests.csproj [Unit]
+- Missing layers: Integration, Security, Offline
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- Add integration tests for cross-component flows.
+- Add security tests for authn/authz or input validation.
+- Add offline/airgap coverage with fixtures only.
--- a/docs/implplan-blocked/audits/csproj-standards/Signals/__Libraries/StellaOps.Signals.Ebpf/StellaOps.Signals.Ebpf.md
+++ b/docs/implplan-blocked/audits/csproj-standards/Signals/__Libraries/StellaOps.Signals.Ebpf/StellaOps.Signals.Ebpf.md
@@ -0,0 +1,61 @@
+# Audit - StellaOps.Signals.Ebpf
+
+## Project
+- Path: `src/Signals/__Libraries/StellaOps.Signals.Ebpf/StellaOps.Signals.Ebpf.csproj`
+- Module: `Signals`
+- Kind: `Library`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 22
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Cgroup/CgroupContainerResolver.cs` (626 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Symbols/EnhancedSymbolResolver.cs` (598 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeSignalCollector.cs` (582 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeEvidenceCollector.cs` (472 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/AirGapProbeLoader.cs` (439 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Output/RuntimeEvidenceNdjsonWriter.cs` (435 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Signing/EvidenceChunkFinalizer.cs` (429 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Parsers/EventParser.cs` (379 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Schema/RuntimeEvidence.cs` (370 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/CoreProbeLoader.cs` (358 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Schema/SyscallEvents.cs` (336 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Signing/LocalEvidenceChunkSigner.cs` (334 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Signing/AttestorEvidenceChunkSigner.cs` (326 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Schema/RuntimeCallEvent.cs` (308 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Enrichment/RuntimeEventEnricher.cs` (263 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/ServiceCollectionExtensions.cs` (189 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Enrichment/IImageDigestResolver.cs` (175 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Signing/RuntimeEvidencePredicate.cs` (159 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Cgroup/IContainerIdentityResolver.cs` (155 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/IRuntimeSignalCollector.cs` (152 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Enrichment/ISbomComponentProvider.cs` (113 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/IEbpfProbeLoader.cs` (106 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: PASS
+- Expected layers: Unit
+- Detected test projects: src/Signals/__Tests/StellaOps.Signals.Ebpf.Tests/StellaOps.Signals.Ebpf.Tests.csproj [Unit]
+- Missing layers: none
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- None.
--- a/docs/implplan-blocked/audits/csproj-standards/Signals/__Libraries/StellaOps.Signals.Persistence/StellaOps.Signals.Persistence.md
+++ b/docs/implplan-blocked/audits/csproj-standards/Signals/__Libraries/StellaOps.Signals.Persistence/StellaOps.Signals.Persistence.md
@@ -0,0 +1,47 @@
+# Audit - StellaOps.Signals.Persistence
+
+## Project
+- Path: `src/Signals/__Libraries/StellaOps.Signals.Persistence/StellaOps.Signals.Persistence.csproj`
+- Module: `Signals`
+- Kind: `Library`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 8
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresUnknownsRepository.cs` (591 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresCallGraphProjectionRepository.cs` (466 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresReachabilityStoreRepository.cs` (412 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresGraphMetricsRepository.cs` (296 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresCallGraphQueryRepository.cs` (286 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresDeploymentRefsRepository.cs` (249 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresReachabilityFactRepository.cs` (234 lines)
+  - `src/Signals/__Libraries/StellaOps.Signals.Persistence/Postgres/Repositories/PostgresCallgraphRepository.cs` (128 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: PASS
+- Expected layers: Unit
+- Detected test projects: src/Signals/__Tests/StellaOps.Signals.Persistence.Tests/StellaOps.Signals.Persistence.Tests.csproj [Unit]
+- Missing layers: none
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- None.