more audit work

src/__Libraries/__Tests/StellaOps.Cryptography.Tests/BouncyCastleErrorClassificationTests.cs

@@ -175,7 +175,6 @@ public sealed class BouncyCastleErrorClassificationTests
     #region Invalid Key Material Errors
 
     [Theory]
-    [InlineData(0)]
     [InlineData(16)]
     [InlineData(31)]
     [InlineData(33)]
@@ -203,6 +202,25 @@ public sealed class BouncyCastleErrorClassificationTests
         _output.WriteLine("  Error code mapping: CRYPTO_INVALID_KEY_MATERIAL");
     }
 
+    [Fact]
+    public void UpsertSigningKey_EmptyPrivateKey_ThrowsArgumentException()
+    {
+        // Arrange
+        var provider = new BouncyCastleEd25519CryptoProvider();
+        var keyReference = new CryptoKeyReference("test-key", provider.Name);
+
+        // Act
+        Action act = () => _ = new CryptoSigningKey(
+            keyReference,
+            SignatureAlgorithms.Ed25519,
+            Array.Empty<byte>(),
+            createdAt: DateTimeOffset.UtcNow);
+
+        // Assert
+        act.Should().Throw<ArgumentException>()
+            .WithMessage("*Private key material must be provided*");
+    }
+
     [Fact]
     public void UpsertSigningKey_InvalidPublicKeyLength_ThrowsInvalidOperationException()
     {

src/__Libraries/__Tests/StellaOps.Cryptography.Tests/TASKS.md

@@ -5,6 +5,9 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
+| AUDIT-0022-M | DONE | Revalidated 2026-01-08 (rebaseline). |
+| AUDIT-0022-T | DONE | Revalidated 2026-01-08 (rebaseline). |
+| AUDIT-0022-A | DONE | Waived (test project). |
 | AUDIT-0271-M | DONE | Revalidated 2026-01-07; open findings tracked in audit report. |
 | AUDIT-0271-T | DONE | Revalidated 2026-01-07; open findings tracked in audit report. |
 | AUDIT-0271-A | DONE | Waived (test project; revalidated 2026-01-07). |