stabilize tests

2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
--- a/src/AirGap/AGENTS.md
+++ b/src/AirGap/AGENTS.md
@@ -1,4 +1,4 @@
-# AirGap Module · AGENTS Charter
+# AirGap Module ?? AGENTS Charter

 ## Working Directory
 - `src/AirGap/**` (Controller, Importer, Time). Do not edit other modules without sprint note.
@@ -12,16 +12,14 @@

 ## Required Reading (treat as read before DOING)
 - `docs/README.md`, `docs/07_HIGH_LEVEL_ARCHITECTURE.md`, `docs/modules/platform/architecture-overview.md`
- `docs/modules/airgap/airgap-mode.md` (if present)
- Prep/Scaffold docs:
-  - `docs/airgap/controller-scaffold.md`
-  - `docs/airgap/prep/2025-11-20-controller-scaffold-prep.md`
-  - `docs/airgap/importer-scaffold.md`
-  - `docs/airgap/time-anchor-scaffold.md`
-  - `docs/airgap/prep/2025-11-20-staleness-drift-prep.md`
-  - `docs/airgap/sealed-startup-diagnostics.md`
-  - `docs/airgap/bundle-repositories.md`
-  - `docs/airgap/time-api.md`, `docs/airgap/time-config-sample.json`
+- `docs/modules/airgap/guides/airgap-mode.md`
+- `docs/modules/airgap/guides/bundle-repositories.md`
+- `docs/modules/airgap/guides/offline-bundle-format.md`
+- `docs/modules/airgap/guides/sealed-startup-diagnostics.md`
+- `docs/modules/airgap/guides/staleness-and-time.md`
+- `docs/modules/airgap/guides/time-api.md`
+- `docs/modules/airgap/schemas/time-config-sample.json`
+- `docs/modules/airgap/guides/advisory-implementation-roadmap.md`

 ## Working Agreements
 - Offline-first: no egress in sealed mode; fixtures use local files only.
@@ -38,6 +36,7 @@
 - API tests via WebApplicationFactory; importer tests use local fixture bundles (no downloads).

 ## Delivery Discipline
- Update sprint tracker statuses (`TODO → DOING → DONE/BLOCKED`); log decisions in Execution Log and Decisions & Risks.
- When contracts/schemas change, update docs under `docs/airgap/**` and link from sprint Decisions & Risks.
+- Update sprint tracker statuses (`TODO ??? DOING ??? DONE/BLOCKED`); log decisions in Execution Log and Decisions & Risks.
+- When contracts/schemas change, update docs under `docs/modules/airgap/**` and link from sprint Decisions & Risks.
 - If a decision is needed, mark BLOCKED in the sprint and record the decision ask; continue with other unblocked work.
+
--- a/src/AirGap/StellaOps.AirGap.Controller/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Controller/AGENTS.md
@@ -13,10 +13,10 @@ Own the sealing state machine, status APIs, and enforcement hooks that keep Stel
 ## Definition of Done
 - Deterministic tests for seal/unseal transitions and audit logging.
 - Integration tests covering RBAC, sealed-mode refusal, and policy hash validation.
- Documentation hooks updated in `/docs/airgap/` for each shipped feature.
+- Documentation hooks updated in `docs/modules/airgap/` for each shipped feature.

 ## Required Reading
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
 - `docs/modules/platform/architecture-overview.md`

 ## Working Agreement
@@ -25,3 +25,4 @@ Own the sealing state machine, status APIs, and enforcement hooks that keep Stel
 - 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
 - 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
 - 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
+
--- a/src/AirGap/StellaOps.AirGap.Controller/Auth/HeaderScopeAuthenticationHandler.cs
+++ b/src/AirGap/StellaOps.AirGap.Controller/Auth/HeaderScopeAuthenticationHandler.cs
@@ -1,9 +1,10 @@
-using System.Security.Claims;
-using System.Text.Encodings.Web;
+
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Options;
 using StellaOps.Auth.Abstractions;
+using System.Security.Claims;
+using System.Text.Encodings.Web;

 namespace StellaOps.AirGap.Controller.Auth;

--- a/src/AirGap/StellaOps.AirGap.Controller/Endpoints/AirGapEndpoints.cs
+++ b/src/AirGap/StellaOps.AirGap.Controller/Endpoints/AirGapEndpoints.cs
@@ -1,10 +1,11 @@
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Authorization;
-using StellaOps.Auth.Abstractions;
 using StellaOps.AirGap.Controller.Endpoints.Contracts;
 using StellaOps.AirGap.Controller.Services;
 using StellaOps.AirGap.Time.Models;
 using StellaOps.AirGap.Time.Services;
+using StellaOps.Auth.Abstractions;
+using System.Security.Claims;

 namespace StellaOps.AirGap.Controller.Endpoints;

--- a/src/AirGap/StellaOps.AirGap.Controller/Endpoints/Contracts/SealRequest.cs
+++ b/src/AirGap/StellaOps.AirGap.Controller/Endpoints/Contracts/SealRequest.cs
@@ -1,5 +1,6 @@
-using System.ComponentModel.DataAnnotations;
+
 using StellaOps.AirGap.Time.Models;
+using System.ComponentModel.DataAnnotations;

 namespace StellaOps.AirGap.Controller.Endpoints.Contracts;

--- a/src/AirGap/StellaOps.AirGap.Controller/Program.cs
+++ b/src/AirGap/StellaOps.AirGap.Controller/Program.cs
@@ -1,9 +1,10 @@
+
 using Microsoft.AspNetCore.Authentication;
 using StellaOps.AirGap.Controller.Auth;
 using StellaOps.AirGap.Controller.DependencyInjection;
 using StellaOps.AirGap.Controller.Endpoints;
-using StellaOps.AirGap.Time.Services;
 using StellaOps.AirGap.Time.Models;
+using StellaOps.AirGap.Time.Services;

 var builder = WebApplication.CreateBuilder(args);

--- a/src/AirGap/StellaOps.AirGap.Controller/Services/AirGapTelemetry.cs
+++ b/src/AirGap/StellaOps.AirGap.Controller/Services/AirGapTelemetry.cs
@@ -1,12 +1,13 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.AirGap.Controller.Domain;
+using StellaOps.AirGap.Controller.Options;
+using StellaOps.AirGap.Time.Models;
 using System.Collections.Concurrent;
 using System.Diagnostics;
 using System.Diagnostics.Metrics;
 using System.Threading;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.AirGap.Controller.Options;
-using StellaOps.AirGap.Controller.Domain;
-using StellaOps.AirGap.Time.Models;

 namespace StellaOps.AirGap.Controller.Services;

--- a/src/AirGap/StellaOps.AirGap.Controller/Stores/InMemoryAirGapStateStore.cs
+++ b/src/AirGap/StellaOps.AirGap.Controller/Stores/InMemoryAirGapStateStore.cs
@@ -1,5 +1,6 @@
-using System.Collections.Concurrent;
+
 using StellaOps.AirGap.Controller.Domain;
+using System.Collections.Concurrent;

 namespace StellaOps.AirGap.Controller.Stores;

--- a/src/AirGap/StellaOps.AirGap.Importer/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Importer/AGENTS.md
@@ -32,7 +32,7 @@ Deliver offline bundle verification and ingestion tooling for sealed environment
 - `IOfflineKitAuditEmitter` - Audit event emission to Authority schema

 ### Reconciliation (Sprint 0342)
- `IEvidenceReconciler` - Orchestrates 5-step algorithm per advisory §5
+- `IEvidenceReconciler` - Orchestrates 5-step algorithm per advisory ??5
 - `ArtifactIndex` - Digest-keyed, deterministically ordered artifact store
 - `IEvidenceCollector` - Collects SBOMs, attestations, VEX from evidence directory
 - `PrecedenceLattice` - VEX merge with vendor > maintainer > 3rd-party precedence
@@ -47,10 +47,10 @@ Deliver offline bundle verification and ingestion tooling for sealed environment
 - **Evidence reconciliation produces identical output for identical input.**

 ## Required Reading
- `docs/airgap/airgap-mode.md`
- `docs/airgap/advisory-implementation-roadmap.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
+- `docs/modules/airgap/guides/advisory-implementation-roadmap.md`
 - `docs/modules/platform/architecture-overview.md`
- `docs/product/advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md`
+- `docs-archived/product/advisories/2025-12-21-moat-gap-closure/14-Dec-2025 - Offline and Air-Gap Technical Reference.md`

 ## Working Agreement
 - 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
@@ -58,3 +58,4 @@ Deliver offline bundle verification and ingestion tooling for sealed environment
 - 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
 - 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
 - 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
+
--- a/src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicyLoader.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicyLoader.cs
@@ -1,3 +1,4 @@
+
 using System.Globalization;
 using System.Text.Json;
 using System.Text.Json.Nodes;
--- a/src/AirGap/StellaOps.AirGap.Importer/Quarantine/FileSystemQuarantineService.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Quarantine/FileSystemQuarantineService.cs
@@ -1,10 +1,11 @@
-using System.Globalization;
-using System.Text.Json;
-using System.Text.RegularExpressions;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Importer.Telemetry;
 using StellaOps.Determinism;
+using System.Globalization;
+using System.Text.Json;
+using System.Text.RegularExpressions;

 namespace StellaOps.AirGap.Importer.Quarantine;

--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/ArtifactIndex.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/ArtifactIndex.cs
@@ -1,6 +1,7 @@
+using StellaOps.Cryptography.Digests;
+
 namespace StellaOps.AirGap.Importer.Reconciliation;

-using StellaOps.Cryptography.Digests;

 /// <summary>
 /// Digest-keyed artifact index used by the evidence reconciliation flow.
--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/EvidenceDirectoryDiscovery.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/EvidenceDirectoryDiscovery.cs
@@ -1,3 +1,4 @@
+
 using System.Security.Cryptography;

 namespace StellaOps.AirGap.Importer.Reconciliation;
--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/EvidenceReconciler.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/EvidenceReconciler.cs
@@ -1,9 +1,10 @@
-using System.Globalization;
+
 using StellaOps.AirGap.Importer.Contracts;
 using StellaOps.AirGap.Importer.Reconciliation.Parsers;
 using StellaOps.AirGap.Importer.Reconciliation.Signing;
 using StellaOps.AirGap.Importer.Validation;
 using StellaOps.Cryptography;
+using System.Globalization;

 namespace StellaOps.AirGap.Importer.Reconciliation;

--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/AttestationCollector.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/AttestationCollector.cs
@@ -5,11 +5,12 @@
 // Integrated with DsseVerifier (Task T7)
 // =============================================================================

-using System.Security.Cryptography;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using StellaOps.AirGap.Importer.Contracts;
 using StellaOps.AirGap.Importer.Validation;
+using System.Security.Cryptography;

 namespace StellaOps.AirGap.Importer.Reconciliation.Parsers;

--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/CycloneDxParser.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/CycloneDxParser.cs
@@ -4,6 +4,7 @@
 // Part of Step 2: Evidence Collection (Task T5)
 // =============================================================================

+
 using System.Globalization;
 using System.Text.Json;
 using System.Text.Json.Nodes;
--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs
@@ -4,6 +4,7 @@
 // Part of Step 2: Evidence Collection (Task T6)
 // =============================================================================

+
 using System.Text;
 using System.Text.Json;

--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/OpenVexParser.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/OpenVexParser.cs
@@ -1,3 +1,4 @@
+
 using System.Globalization;
 using System.Text.Json;

--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/SbomCollector.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/SbomCollector.cs
@@ -4,9 +4,10 @@
 // Part of Step 2: Evidence Collection (Task T5)
 // =============================================================================

-using System.Security.Cryptography;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
+using System.Security.Cryptography;

 namespace StellaOps.AirGap.Importer.Reconciliation.Parsers;

--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/SpdxParser.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/SpdxParser.cs
@@ -4,6 +4,7 @@
 // Part of Step 2: Evidence Collection (Task T5)
 // =============================================================================

+
 using System.Globalization;
 using System.Text.Json;

--- a/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Signing/EvidenceGraphDsseSigner.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Signing/EvidenceGraphDsseSigner.cs
@@ -1,15 +1,16 @@
-using System.Text;
+
+using AttestorDsseEnvelope = StellaOps.Attestor.Envelope.DsseEnvelope;
+using AttestorDssePreAuthenticationEncoding = StellaOps.Attestor.Envelope.DssePreAuthenticationEncoding;
+using AttestorDsseSignature = StellaOps.Attestor.Envelope.DsseSignature;
+using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Digests;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.OpenSsl;
-using Org.BouncyCastle.Asn1.X9;
-using StellaOps.Cryptography;
-using AttestorDsseEnvelope = StellaOps.Attestor.Envelope.DsseEnvelope;
-using AttestorDsseSignature = StellaOps.Attestor.Envelope.DsseSignature;
-using AttestorDssePreAuthenticationEncoding = StellaOps.Attestor.Envelope.DssePreAuthenticationEncoding;
 using StellaOps.Attestor.Envelope;
+using StellaOps.Cryptography;
+using System.Text;

 namespace StellaOps.AirGap.Importer.Reconciliation.Signing;

--- a/src/AirGap/StellaOps.AirGap.Importer/Validation/ImportValidator.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Validation/ImportValidator.cs
@@ -1,10 +1,11 @@
-using System.Globalization;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.AirGap.Importer.Contracts;
 using StellaOps.AirGap.Importer.Quarantine;
 using StellaOps.AirGap.Importer.Telemetry;
 using StellaOps.AirGap.Importer.Versioning;
+using System.Globalization;
+using System.Text.Json;

 namespace StellaOps.AirGap.Importer.Validation;

--- a/src/AirGap/StellaOps.AirGap.Importer/Validation/MerkleRootCalculator.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Validation/MerkleRootCalculator.cs
@@ -1,3 +1,4 @@
+
 using System.Security.Cryptography;
 using System.Text;

--- a/src/AirGap/StellaOps.AirGap.Importer/Validation/ReferrerValidator.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Validation/ReferrerValidator.cs
@@ -1,6 +1,7 @@
+
+using Microsoft.Extensions.Logging;
 using System.Security.Cryptography;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;

 namespace StellaOps.AirGap.Importer.Validation;

--- a/src/AirGap/StellaOps.AirGap.Importer/Validation/RekorOfflineReceiptVerifier.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Validation/RekorOfflineReceiptVerifier.cs
@@ -1,11 +1,12 @@
+
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Signers;
+using Org.BouncyCastle.Security;
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Signers;
-using Org.BouncyCastle.Security;

 namespace StellaOps.AirGap.Importer.Validation;

--- a/src/AirGap/StellaOps.AirGap.Importer/Validation/RuleBundleValidator.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Validation/RuleBundleValidator.cs
@@ -5,12 +5,13 @@
 // Description: Validates rule bundles (secrets, malware, etc.) for offline import.
 // -----------------------------------------------------------------------------

-using System.Security.Cryptography;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.AirGap.Importer.Contracts;
 using StellaOps.AirGap.Importer.Telemetry;
 using StellaOps.AirGap.Importer.Versioning;
+using System.Security.Cryptography;
+using System.Text.Json;

 namespace StellaOps.AirGap.Importer.Validation;

--- a/src/AirGap/StellaOps.AirGap.Policy/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Policy/AGENTS.md
@@ -13,10 +13,10 @@ Provide the shared enforcement layer (`EgressPolicy`, job plan validators, seale
 ## Definition of Done
 - Every service imports the facade; CI fails on direct HTTP client usage.
 - Sealed-mode unit tests cover panic/remediation behavior across host types.
- Documentation updated in `docs/airgap/airgap-mode.md` and `docs/airgap/staleness-and-time.md` for adoption patterns.
+- Documentation updated in `docs/modules/airgap/guides/airgap-mode.md` and `docs/modules/airgap/guides/staleness-and-time.md` for adoption patterns.

 ## Required Reading
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
 - `docs/modules/platform/architecture-overview.md`

 ## Working Agreement
@@ -25,3 +25,4 @@ Provide the shared enforcement layer (`EgressPolicy`, job plan validators, seale
 - 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
 - 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
 - 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
+
--- a/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/AGENTS.md
@@ -7,7 +7,7 @@
 - Analyzer and code-fix tests for air-gap egress enforcement.

 ## Required Reading
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
 - `docs/modules/platform/architecture-overview.md`
 - `src/AirGap/StellaOps.AirGap.Policy/AGENTS.md`

@@ -17,3 +17,4 @@

 ## Testing Rules
 - Cover diagnostics, suppression rules, and deterministic code-fix output.
+
--- a/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers/AGENTS.md
@@ -7,7 +7,7 @@
 - Roslyn analyzer + code fix enforcing air-gap egress policy usage.

 ## Required Reading
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
 - `docs/modules/platform/architecture-overview.md`
 - `src/AirGap/StellaOps.AirGap.Policy/AGENTS.md`

@@ -17,3 +17,4 @@

 ## Testing Rules
 - Analyzer and code-fix tests must cover expected diagnostics and fix output determinism.
+
--- a/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers/HttpClientUsageAnalyzer.cs
+++ b/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers/HttpClientUsageAnalyzer.cs
@@ -1,8 +1,9 @@
-using System;
-using System.Collections.Immutable;
+
 using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.Diagnostics;
 using Microsoft.CodeAnalysis.Operations;
+using System;
+using System.Collections.Immutable;

 namespace StellaOps.AirGap.Policy.Analyzers;

--- a/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Tests/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Tests/AGENTS.md
@@ -7,7 +7,7 @@
 - Unit tests for egress policy evaluation, configuration binding, and HttpClient enforcement.

 ## Required Reading
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
 - `docs/modules/platform/architecture-overview.md`
 - `src/AirGap/StellaOps.AirGap.Policy/AGENTS.md`

@@ -17,3 +17,4 @@

 ## Testing Rules
 - Cover allowlist parsing, rule matching, and sealed/unsealed behavior.
+
--- a/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy/AGENTS.md
@@ -8,7 +8,7 @@
 - Air-gap aware HttpClient creation helpers.

 ## Required Reading
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
 - `docs/modules/platform/architecture-overview.md`
 - `src/AirGap/StellaOps.AirGap.Policy/AGENTS.md`

@@ -19,3 +19,4 @@

 ## Testing Rules
 - Cover allow/deny logic, rule matching, and configuration precedence.
+
--- a/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy/EgressPolicy.cs
+++ b/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy/EgressPolicy.cs
@@ -1,9 +1,10 @@
+
+using Microsoft.Extensions.Options;
 using System;
 using System.Globalization;
 using System.Net;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Options;

 namespace StellaOps.AirGap.Policy;

--- a/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy/EgressPolicyServiceCollectionExtensions.cs
+++ b/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy/EgressPolicyServiceCollectionExtensions.cs
@@ -1,10 +1,11 @@
-using System;
-using System.Collections.Generic;
-using System.Globalization;
+
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
+using System;
+using System.Collections.Generic;
+using System.Globalization;

 namespace StellaOps.AirGap.Policy;

--- a/src/AirGap/StellaOps.AirGap.Time/AGENTS.md
+++ b/src/AirGap/StellaOps.AirGap.Time/AGENTS.md
@@ -12,11 +12,11 @@ Manage trusted time anchors and staleness budgets for sealed environments, ensur
 ## Definition of Done
 - Test vectors for time tokens committed alongside verification code.
 - Drift calculations deterministic and configurable per tenant.
- Documentation updates for `docs/airgap/staleness-and-time.md` with examples.
+- Documentation updates for `docs/modules/airgap/guides/staleness-and-time.md` with examples.

 ## Required Reading
- `docs/airgap/airgap-mode.md`
- `docs/airgap/staleness-and-time.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
+- `docs/modules/airgap/guides/staleness-and-time.md`
 - `docs/modules/platform/architecture-overview.md`

 ## Working Agreement
@@ -25,3 +25,4 @@ Manage trusted time anchors and staleness budgets for sealed environments, ensur
 - 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
 - 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
 - 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
+
--- a/src/AirGap/StellaOps.AirGap.Time/Hooks/StartupValidationExtensions.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Hooks/StartupValidationExtensions.cs
@@ -1,3 +1,4 @@
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
--- a/src/AirGap/StellaOps.AirGap.Time/Models/SetAnchorRequest.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Models/SetAnchorRequest.cs
@@ -1,5 +1,6 @@
-using System.ComponentModel.DataAnnotations;
+
 using StellaOps.AirGap.Time.Parsing;
+using System.ComponentModel.DataAnnotations;

 namespace StellaOps.AirGap.Time.Models;

--- a/src/AirGap/StellaOps.AirGap.Time/Parsing/TimeTokenParser.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Parsing/TimeTokenParser.cs
@@ -1,5 +1,6 @@
-using System.Security.Cryptography;
+
 using StellaOps.AirGap.Time.Models;
+using System.Security.Cryptography;

 namespace StellaOps.AirGap.Time.Parsing;

--- a/src/AirGap/StellaOps.AirGap.Time/Program.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Program.cs
@@ -1,12 +1,13 @@
-using StellaOps.AirGap.Time.Hooks;
-using Microsoft.Extensions.Options;
+
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.AirGap.Time.Models;
-using StellaOps.AirGap.Time.Services;
-using StellaOps.AirGap.Time.Stores;
+using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Time.Config;
 using StellaOps.AirGap.Time.Health;
+using StellaOps.AirGap.Time.Hooks;
+using StellaOps.AirGap.Time.Models;
 using StellaOps.AirGap.Time.Parsing;
+using StellaOps.AirGap.Time.Services;
+using StellaOps.AirGap.Time.Stores;

 var builder = WebApplication.CreateBuilder(args);

--- a/src/AirGap/StellaOps.AirGap.Time/Services/Rfc3161Verifier.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Services/Rfc3161Verifier.cs
@@ -1,9 +1,10 @@
+
+using StellaOps.AirGap.Time.Models;
+using StellaOps.AirGap.Time.Parsing;
 using System.Formats.Asn1;
 using System.Security.Cryptography;
 using System.Security.Cryptography.Pkcs;
 using System.Security.Cryptography.X509Certificates;
-using StellaOps.AirGap.Time.Models;
-using StellaOps.AirGap.Time.Parsing;

 namespace StellaOps.AirGap.Time.Services;

--- a/src/AirGap/StellaOps.AirGap.Time/Services/RoughtimeVerifier.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Services/RoughtimeVerifier.cs
@@ -1,7 +1,8 @@
-using System.Buffers.Binary;
-using System.Security.Cryptography;
+
 using StellaOps.AirGap.Time.Models;
 using StellaOps.AirGap.Time.Parsing;
+using System.Buffers.Binary;
+using System.Security.Cryptography;

 namespace StellaOps.AirGap.Time.Services;

--- a/src/AirGap/StellaOps.AirGap.Time/Services/TimeAnchorLoader.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Services/TimeAnchorLoader.cs
@@ -1,6 +1,7 @@
+
+using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Time.Models;
 using StellaOps.AirGap.Time.Parsing;
-using Microsoft.Extensions.Options;

 namespace StellaOps.AirGap.Time.Services;

--- a/src/AirGap/StellaOps.AirGap.Time/Services/TimeStatusService.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Services/TimeStatusService.cs
@@ -1,7 +1,8 @@
+
 using Microsoft.Extensions.Options;
-using System.Threading;
 using StellaOps.AirGap.Time.Models;
 using StellaOps.AirGap.Time.Stores;
+using System.Threading;

 namespace StellaOps.AirGap.Time.Services;

--- a/src/AirGap/StellaOps.AirGap.Time/Services/TrustRootProvider.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Services/TrustRootProvider.cs
@@ -1,6 +1,7 @@
-using System.Text.Json;
+
 using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Time.Models;
+using System.Text.Json;

 namespace StellaOps.AirGap.Time.Services;

--- a/src/AirGap/StellaOps.AirGap.Time/Stores/InMemoryTimeAnchorStore.cs
+++ b/src/AirGap/StellaOps.AirGap.Time/Stores/InMemoryTimeAnchorStore.cs
@@ -1,5 +1,6 @@
-using System.Collections.Concurrent;
+
 using StellaOps.AirGap.Time.Models;
+using System.Collections.Concurrent;

 namespace StellaOps.AirGap.Time.Stores;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/AGENTS.md
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/AGENTS.md
@@ -17,7 +17,7 @@
 - docs/modules/platform/architecture-overview.md
 - docs/modules/airgap/architecture.md
 - src/AirGap/AGENTS.md (parent module charter)
- docs/24_OFFLINE_KIT.md
+- docs/OFFLINE_KIT.md

 ## Working Directory & Scope
 - Primary: src/AirGap/__Libraries/StellaOps.AirGap.Bundle/
@@ -26,22 +26,22 @@

 ## Key Components
 ### Models/
- `BundleManifest.cs` — Top-level bundle metadata and entry list
- `KnowledgeSnapshotManifest.cs` — Snapshot-specific manifest with digest references
+- `BundleManifest.cs` ??? Top-level bundle metadata and entry list
+- `KnowledgeSnapshotManifest.cs` ??? Snapshot-specific manifest with digest references

 ### Services/
- `BundleBuilder.cs` — Creates bundles from source data with manifest generation
- `BundleLoader.cs` — Loads and validates existing bundles
- `SnapshotBundleReader.cs` — Streaming reader for bundle contents
- `SnapshotBundleWriter.cs` — Streaming writer for bundle creation
- `SnapshotManifestSigner.cs` — DSSE signing of manifests
- `TimeAnchorService.cs` — Time anchor integration for staleness tracking
- `KnowledgeSnapshotImporter.cs` — Orchestrates snapshot import
+- `BundleBuilder.cs` ??? Creates bundles from source data with manifest generation
+- `BundleLoader.cs` ??? Loads and validates existing bundles
+- `SnapshotBundleReader.cs` ??? Streaming reader for bundle contents
+- `SnapshotBundleWriter.cs` ??? Streaming writer for bundle creation
+- `SnapshotManifestSigner.cs` ??? DSSE signing of manifests
+- `TimeAnchorService.cs` ??? Time anchor integration for staleness tracking
+- `KnowledgeSnapshotImporter.cs` ??? Orchestrates snapshot import

 ### Import Targets/
- `ConcelierAdvisoryImportTarget.cs` — Advisory data import
- `ExcititorVexImportTarget.cs` — VEX statement import
- `PolicyRegistryImportTarget.cs` — Policy bundle import
+- `ConcelierAdvisoryImportTarget.cs` ??? Advisory data import
+- `ExcititorVexImportTarget.cs` ??? VEX statement import
+- `PolicyRegistryImportTarget.cs` ??? Policy bundle import

 ### Extractors/
 - Archive extraction utilities for bundle contents
@@ -71,3 +71,4 @@
 - Observability: structured logs for bundle operations, import metrics.
 - Update sprint status in docs/implplan/SPRINT_*.md when starting/completing work.
 - Mirror decisions in sprint Decisions & Risks section.
+
--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Extractors/AdvisorySnapshotExtractor.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Extractors/AdvisorySnapshotExtractor.cs
@@ -5,10 +5,11 @@
 // Description: Extracts advisory data from Concelier for knowledge snapshot bundles.
 // -----------------------------------------------------------------------------

+
+using StellaOps.AirGap.Bundle.Services;
 using System.Globalization;
 using System.Text;
 using System.Text.Json;
-using StellaOps.AirGap.Bundle.Services;

 namespace StellaOps.AirGap.Bundle.Extractors;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Extractors/PolicySnapshotExtractor.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Extractors/PolicySnapshotExtractor.cs
@@ -5,10 +5,11 @@
 // Description: Extracts policy bundle data for knowledge snapshot bundles.
 // -----------------------------------------------------------------------------

+
+using StellaOps.AirGap.Bundle.Services;
 using System.IO.Compression;
 using System.Text;
 using System.Text.Json;
-using StellaOps.AirGap.Bundle.Services;

 namespace StellaOps.AirGap.Bundle.Extractors;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Extractors/VexSnapshotExtractor.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Extractors/VexSnapshotExtractor.cs
@@ -5,10 +5,11 @@
 // Description: Extracts VEX statement data from Excititor for knowledge snapshot bundles.
 // -----------------------------------------------------------------------------

+
+using StellaOps.AirGap.Bundle.Services;
 using System.Globalization;
 using System.Text;
 using System.Text.Json;
-using StellaOps.AirGap.Bundle.Services;

 namespace StellaOps.AirGap.Bundle.Extractors;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Serialization/BundleManifestSerializer.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Serialization/BundleManifestSerializer.cs
@@ -1,10 +1,11 @@
-using System.Security.Cryptography;
+
+using StellaOps.AirGap.Bundle.Models;
+using StellaOps.Canonical.Json;
+using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using StellaOps.AirGap.Bundle.Models;
-using StellaOps.Canonical.Json;

 namespace StellaOps.AirGap.Bundle.Serialization;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Serialization/TimestampEntryJsonConverter.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Serialization/TimestampEntryJsonConverter.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.AirGap.Bundle.Models;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using StellaOps.AirGap.Bundle.Models;

 namespace StellaOps.AirGap.Bundle.Serialization;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/BundleBuilder.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/BundleBuilder.cs
@@ -1,9 +1,10 @@
-using System.Collections.Immutable;
-using System.Security.Cryptography;
-using System.Text;
+
 using StellaOps.AirGap.Bundle.Models;
 using StellaOps.AirGap.Bundle.Serialization;
 using StellaOps.AirGap.Bundle.Validation;
+using System.Collections.Immutable;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/ConcelierAdvisoryImportTarget.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/ConcelierAdvisoryImportTarget.cs
@@ -5,14 +5,15 @@
 // Description: Adapter implementing IAdvisoryImportTarget for Concelier module.
 // -----------------------------------------------------------------------------

-using System.Collections.Immutable;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
+
 using StellaOps.AirGap.Bundle.Models;
 using StellaOps.Concelier.Core.Raw;
 using StellaOps.Concelier.RawModels;
 using StellaOps.Determinism;
+using System.Collections.Immutable;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/CrlFetcher.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/CrlFetcher.cs
@@ -1,3 +1,4 @@
+
 using System.Formats.Asn1;
 using System.Net.Http;
 using System.Security.Cryptography.X509Certificates;
--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/ExcititorVexImportTarget.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/ExcititorVexImportTarget.cs
@@ -5,15 +5,16 @@
 // Description: Adapter implementing IVexImportTarget for Excititor module.
 // -----------------------------------------------------------------------------

+
+using StellaOps.AirGap.Bundle.Models;
+using StellaOps.Determinism;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Core.Storage;
 using System.Collections.Immutable;
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using StellaOps.AirGap.Bundle.Models;
-using StellaOps.Determinism;
-using StellaOps.Excititor.Core;
-using StellaOps.Excititor.Core.Storage;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/KnowledgeSnapshotImporter.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/KnowledgeSnapshotImporter.cs
@@ -5,11 +5,12 @@
 // Description: Imports knowledge snapshot content to Concelier, Excititor, and Policy.
 // -----------------------------------------------------------------------------

-using System.IO.Compression;
-using System.Formats.Tar;
-using System.Text.Json;
+
 using StellaOps.AirGap.Bundle.Models;
 using StellaOps.Determinism;
+using System.Formats.Tar;
+using System.IO.Compression;
+using System.Text.Json;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/LocalRbacBundleExtensions.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/LocalRbacBundleExtensions.cs
@@ -5,12 +5,13 @@
 // Description: Extensions for including local RBAC policy in offline kit bundles.
 // -----------------------------------------------------------------------------

+
+using StellaOps.AirGap.Bundle.Models;
 using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.AirGap.Bundle.Models;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/OcspResponseFetcher.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/OcspResponseFetcher.cs
@@ -1,6 +1,7 @@
+
 using System.Formats.Asn1;
-using System.Security.Cryptography.X509Certificates;
 using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/PolicyRegistryImportTarget.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/PolicyRegistryImportTarget.cs
@@ -5,11 +5,12 @@
 // Description: Adapter implementing IPolicyImportTarget for Policy module.
 // -----------------------------------------------------------------------------

+
+using StellaOps.AirGap.Bundle.Models;
+using StellaOps.Determinism;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using StellaOps.AirGap.Bundle.Models;
-using StellaOps.Determinism;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotBundleReader.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotBundleReader.cs
@@ -5,13 +5,14 @@
 // Description: Reads and verifies sealed knowledge snapshot bundles.
 // -----------------------------------------------------------------------------

+
+using PolicySnapshotEntry = StellaOps.AirGap.Bundle.Models.PolicySnapshotEntry;
+using StellaOps.AirGap.Bundle.Models;
 using System.Formats.Tar;
 using System.IO.Compression;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using StellaOps.AirGap.Bundle.Models;
-using PolicySnapshotEntry = StellaOps.AirGap.Bundle.Models.PolicySnapshotEntry;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotBundleWriter.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotBundleWriter.cs
@@ -5,14 +5,15 @@
 // Description: Writes sealed knowledge snapshots to tar.gz bundles.
 // -----------------------------------------------------------------------------

+
+using PolicySnapshotEntry = StellaOps.AirGap.Bundle.Models.PolicySnapshotEntry;
+using StellaOps.AirGap.Bundle.Models;
 using System.Formats.Tar;
 using System.Globalization;
 using System.IO.Compression;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using StellaOps.AirGap.Bundle.Models;
-using PolicySnapshotEntry = StellaOps.AirGap.Bundle.Models.PolicySnapshotEntry;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotManifestSigner.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotManifestSigner.cs
@@ -5,6 +5,7 @@
 // Description: Signs snapshot manifests using DSSE format for integrity verification.
 // -----------------------------------------------------------------------------

+
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/TrustProfileLoader.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/TrustProfileLoader.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.AirGap.Bundle.Models;
 using System.Collections.Immutable;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using StellaOps.AirGap.Bundle.Models;

 namespace StellaOps.AirGap.Bundle.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/TASKS.md
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/TASKS.md
@@ -0,0 +1,8 @@
+# StellaOps.AirGap.Bundle Task Board
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/StellaOps.AirGap.Bundle.md. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Validation/BundleValidator.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Validation/BundleValidator.cs
@@ -1,8 +1,9 @@
-using System.Security.Cryptography;
-using System.Text;
+
 using StellaOps.AirGap.Bundle.Models;
 using StellaOps.AirGap.Bundle.Serialization;
 using StellaOps.AirGap.Bundle.Services;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.AirGap.Bundle.Validation;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/AGENTS.md
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/AGENTS.md
@@ -12,8 +12,8 @@
 - `docs/README.md`
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/modules/platform/architecture-overview.md`
- `docs/airgap/bundle-repositories.md`
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/bundle-repositories.md`
+- `docs/modules/airgap/guides/airgap-mode.md`

 ## Working Agreements
 - Update task status in the sprint tracker and local `TASKS.md`.
@@ -25,3 +25,4 @@
 - Use Postgres test fixtures or Testcontainers; no network.
 - Mark integration tests as Integration, not Unit.
 - Keep data ordering deterministic with explicit ORDER BY clauses.
+
--- a/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/Extensions/AirGapPersistenceExtensions.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/Extensions/AirGapPersistenceExtensions.cs
@@ -1,13 +1,14 @@
+
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
+using Npgsql;
 using StellaOps.AirGap.Controller.Stores;
 using StellaOps.AirGap.Importer.Versioning;
 using StellaOps.AirGap.Persistence.Postgres;
 using StellaOps.AirGap.Persistence.Postgres.Repositories;
 using StellaOps.Infrastructure.Postgres.Options;
-using Npgsql;

 namespace StellaOps.AirGap.Persistence.Extensions;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/Postgres/AirGapStartupMigrationHost.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/Postgres/AirGapStartupMigrationHost.cs
@@ -1,7 +1,8 @@
-using System.Reflection;
+
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using StellaOps.Infrastructure.Postgres.Migrations;
+using System.Reflection;

 namespace StellaOps.AirGap.Persistence.Postgres;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/Postgres/Repositories/PostgresAirGapStateStore.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Persistence/Postgres/Repositories/PostgresAirGapStateStore.cs
@@ -1,10 +1,11 @@
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Npgsql;
 using StellaOps.AirGap.Controller.Domain;
 using StellaOps.AirGap.Controller.Stores;
 using StellaOps.AirGap.Time.Models;
 using StellaOps.Infrastructure.Postgres.Repositories;
+using System.Text.Json;

 namespace StellaOps.AirGap.Persistence.Postgres.Repositories;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/AirGapBundleDsseSigner.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/AirGapBundleDsseSigner.cs
@@ -2,13 +2,14 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Globalization;
-using System.Security.Cryptography;
-using System.Text;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Sync.Models;
 using StellaOps.Canonical.Json;
+using System.Globalization;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.AirGap.Sync.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/AirGapBundleExporter.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/AirGapBundleExporter.cs
@@ -2,14 +2,15 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.AirGap.Sync.Models;
 using StellaOps.AirGap.Sync.Stores;
 using StellaOps.Canonical.Json;
 using StellaOps.Determinism;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;

 namespace StellaOps.AirGap.Sync.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/AirGapBundleImporter.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/AirGapBundleImporter.cs
@@ -2,13 +2,14 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.AirGap.Sync.Models;
 using StellaOps.Canonical.Json;
 using StellaOps.HybridLogicalClock;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;

 namespace StellaOps.AirGap.Sync.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/OfflineHlcManager.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Services/OfflineHlcManager.cs
@@ -2,14 +2,15 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Security.Cryptography;
-using System.Text;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.AirGap.Sync.Models;
 using StellaOps.AirGap.Sync.Stores;
 using StellaOps.Canonical.Json;
 using StellaOps.Determinism;
 using StellaOps.HybridLogicalClock;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.AirGap.Sync.Services;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Stores/FileBasedOfflineJobLogStore.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Stores/FileBasedOfflineJobLogStore.cs
@@ -2,12 +2,13 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Sync.Models;
 using StellaOps.Canonical.Json;
 using StellaOps.HybridLogicalClock;
+using System.Text.Json;

 namespace StellaOps.AirGap.Sync.Stores;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Telemetry/AirGapSyncMetrics.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Telemetry/AirGapSyncMetrics.cs
@@ -2,8 +2,9 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Diagnostics.Metrics;
+
 using StellaOps.AirGap.Sync.Models;
+using System.Diagnostics.Metrics;

 namespace StellaOps.AirGap.Sync.Telemetry;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Transport/FileBasedJobSyncTransport.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Transport/FileBasedJobSyncTransport.cs
@@ -2,13 +2,14 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Globalization;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Sync.Models;
 using StellaOps.AirGap.Sync.Services;
 using StellaOps.AirGap.Sync.Telemetry;
+using System.Globalization;
+using System.Text.Json;

 namespace StellaOps.AirGap.Sync.Transport;

--- a/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Transport/RouterJobSyncTransport.cs
+++ b/src/AirGap/__Libraries/StellaOps.AirGap.Sync/Transport/RouterJobSyncTransport.cs
@@ -2,13 +2,14 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
 // </copyright>

-using System.Text;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.AirGap.Sync.Models;
 using StellaOps.AirGap.Sync.Services;
 using StellaOps.AirGap.Sync.Telemetry;
+using System.Text;
+using System.Text.Json;

 namespace StellaOps.AirGap.Sync.Transport;

--- a/src/AirGap/Libraries/Tests/StellaOps.AirGap.Bundle.Tests/TASKS.md
+++ b/src/AirGap/Libraries/Tests/StellaOps.AirGap.Bundle.Tests/TASKS.md
@@ -0,0 +1,8 @@
+# StellaOps.AirGap.Bundle.Tests Task Board
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/AirGap/__Libraries/__Tests/StellaOps.AirGap.Bundle.Tests/StellaOps.AirGap.Bundle.Tests.md. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/AirGap/__Tests/StellaOps.AirGap.Controller.Tests/TASKS.md
+++ b/src/AirGap/__Tests/StellaOps.AirGap.Controller.Tests/TASKS.md
@@ -0,0 +1,8 @@
+# StellaOps.AirGap.Controller.Tests Task Board
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/AirGap/__Tests/StellaOps.AirGap.Controller.Tests/StellaOps.AirGap.Controller.Tests.md. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/AirGap/__Tests/StellaOps.AirGap.Importer.Tests/AGENTS.md
+++ b/src/AirGap/__Tests/StellaOps.AirGap.Importer.Tests/AGENTS.md
@@ -12,8 +12,9 @@
 - `docs/README.md`
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/modules/platform/architecture-overview.md`
- `docs/airgap/importer-scaffold.md`
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
+- `docs/modules/airgap/guides/bundle-repositories.md`
+- `docs/modules/airgap/guides/offline-bundle-format.md`

 ## Working Agreements
 - Update task status in the sprint tracker and local `TASKS.md` for this directory.
@@ -25,3 +26,4 @@
 - Use `Unit` vs `Integration` trait categories consistently.
 - Use WebApplicationFactory only when exercising HTTP endpoints.
 - Keep fixtures and golden files under this directory; no downloads.
+
--- a/src/AirGap/__Tests/StellaOps.AirGap.Persistence.Tests/AGENTS.md
+++ b/src/AirGap/__Tests/StellaOps.AirGap.Persistence.Tests/AGENTS.md
@@ -11,8 +11,8 @@
 - `docs/README.md`
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/modules/platform/architecture-overview.md`
- `docs/airgap/bundle-repositories.md`
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/bundle-repositories.md`
+- `docs/modules/airgap/guides/airgap-mode.md`

 ## Working Agreements
 - Update task status in the sprint tracker and local `TASKS.md`.
@@ -23,3 +23,4 @@
 ## Testing Rules
 - Use the AirGap Postgres fixture; no network.
 - Validate schema names, indexes, and ordering explicitly in assertions.
+
--- a/src/AirGap/__Tests/StellaOps.AirGap.Time.Tests/AGENTS.md
+++ b/src/AirGap/__Tests/StellaOps.AirGap.Time.Tests/AGENTS.md
@@ -7,8 +7,8 @@
 - Unit and integration tests for time anchors, staleness evaluation, and verification services.

 ## Required Reading
- `docs/airgap/staleness-and-time.md`
- `docs/airgap/airgap-mode.md`
+- `docs/modules/airgap/guides/staleness-and-time.md`
+- `docs/modules/airgap/guides/airgap-mode.md`
 - `docs/modules/platform/architecture-overview.md`
 - `src/AirGap/StellaOps.AirGap.Time/AGENTS.md`

@@ -20,3 +20,4 @@
 ## Testing Rules
 - Include happy-path verification tests with deterministic fixtures.
 - Exercise health checks and controller endpoints where applicable.
+