stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint: save features

Browse Source
This commit is contained in:
master
2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs/features/checked/aoc/aoc-roslyn-source-analyzer.md Normal file
View File

@@ -0,0 +1,45 @@
# AOC Roslyn Source Analyzer (Compile-Time Contract Enforcement)
## Module
Aoc
## Status
VERIFIED
## Description
Roslyn source analyzer that enforces ingestion contracts at compile time via diagnostics `AOC0001`, `AOC0002`, and `AOC0003`, preventing forbidden and unguarded write patterns in AOC ingestion code.
## Implementation Details
- **AOC Analyzer**: `src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/AocForbiddenFieldAnalyzer.cs` - Roslyn `DiagnosticAnalyzer` that reports:
- `AOC0001` for forbidden field writes (for example `severity`, `cvss`, `risk_score`).
- `AOC0002` for derived `effective_*` field writes.
- `AOC0003` for unguarded database write operations outside `IAocGuard.Validate(...)` scope.
- **Analyzer Tests**: `src/Aoc/__Tests/StellaOps.Aoc.Analyzers.Tests/AocForbiddenFieldAnalyzerTests.cs` - analyzer behavior tests covering positive and negative paths (diagnostics emitted and suppressed appropriately).
## E2E Test Plan
- [x] Verify `AOC0001` is reported for forbidden field writes in ingestion context
- [x] Verify `AOC0002` is reported for `effective_*` derived field writes
- [x] Verify `AOC0003` is reported for unguarded database writes
- [x] Verify diagnostics are not reported for allowed writes and non-ingestion/test assemblies
- [x] Verify analyzer participates in `dotnet build`/test execution paths used in CI
## Verification
- **Verified**: 2026-02-11
- **Method**: Tier 0 source verification + Tier 1 build/test + Tier 2d behavioral analyzer test replay
- **Build**: PASS (`src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/StellaOps.Aoc.Analyzers.csproj`)
- **Tests**: PASS (`src/Aoc/__Tests/StellaOps.Aoc.Analyzers.Tests/StellaOps.Aoc.Analyzers.Tests.csproj`: 26/26)
- **Tier 0 Evidence**: `docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-001/tier0-source-check.json`
- **Tier 1 Evidence**: `docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-001/tier1-build-check.json`
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-001/tier2-integration-check.json`
## Recheck (Run-002)
- **Rechecked**: 2026-02-11
- **Method**: Tier 0 source verification + Tier 1 build/test + strict Tier 2 command-line behavior replay
- **Build**: PASS (`src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/StellaOps.Aoc.Analyzers.csproj`)
- **Tests**: PASS (`src/Aoc/__Tests/StellaOps.Aoc.Analyzers.Tests/StellaOps.Aoc.Analyzers.Tests.csproj`: 26/26)
- **Tier 2 Behavior**:
- Positive path: `dotnet build` of a violating ingestion sample reports `AOC0001`, `AOC0002`, and `AOC0003`.
- Negative path: `dotnet build` of a compliant ingestion sample reports none of `AOC0001`/`AOC0002`/`AOC0003`.
- **Tier 0 Evidence**: `docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-002/tier0-source-check.json`
- **Tier 1 Evidence**: `docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-002/tier1-build-check.json`
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-002/tier2-integration-check.json`