stabilize tests

2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
--- a/src/Attestor/AGENTS.md
+++ b/src/Attestor/AGENTS.md
@@ -1,4 +1,4 @@
-# Attestor Module — Agent Charter
+# Attestor Module ??? Agent Charter

 ## Mission
 Manage the attestation and proof chain infrastructure for StellaOps:
@@ -27,7 +27,7 @@ Manage the attestation and proof chain infrastructure for StellaOps:
 - `docs/modules/attestor/README.md`
 - `docs/modules/attestor/architecture.md`
 - `docs/modules/attestor/implementation_plan.md`
- `docs/product/advisories/20-Dec-2025 - Stella Ops Reference Architecture.md`
+- `docs-archived/product/advisories/2025-12-21-reference-architecture/20-Dec-2025 - Stella Ops Reference Architecture.md`
 - `docs/modules/platform/architecture-overview.md`

 ## Working Agreement
@@ -56,5 +56,6 @@ Manage the attestation and proof chain infrastructure for StellaOps:
 - Verification must work offline with bundled inclusion proofs.
 - Proof chains must be deterministic (stable ordering, canonical serialization).
 - Preserve determinism: sort outputs, normalize timestamps (UTC ISO-8601).
- Keep Offline Kit parity in mind—document air-gapped workflows for any new feature.
+- Keep Offline Kit parity in mind???document air-gapped workflows for any new feature.
 - Update runbooks/observability assets when operational characteristics change.
+
--- a/src/Attestor/StellaOps.Attestation.Tests/TASKS.md
+++ b/src/Attestor/StellaOps.Attestation.Tests/TASKS.md
@@ -8,3 +8,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
 | AUDIT-0044-M | DONE | Revalidated maintainability for StellaOps.Attestation.Tests (2026-01-06). |
 | AUDIT-0044-T | DONE | Revalidated test coverage for StellaOps.Attestation.Tests (2026-01-06). |
 | AUDIT-0044-A | DONE | Waived (test project). |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/Attestor/StellaOps.Attestation/DsseEnvelopeExtensions.cs
+++ b/src/Attestor/StellaOps.Attestation/DsseEnvelopeExtensions.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.Attestor.Envelope;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using StellaOps.Attestor.Envelope;

 namespace StellaOps.Attestation;

--- a/src/Attestor/StellaOps.Attestation/DsseHelper.cs
+++ b/src/Attestor/StellaOps.Attestation/DsseHelper.cs
@@ -1,10 +1,11 @@
+
+using StellaOps.Attestor.Envelope;
 using System;
 using System.Globalization;
 using System.Text;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Envelope;

 namespace StellaOps.Attestation;

--- a/src/Attestor/StellaOps.Attestation/DsseVerifier.cs
+++ b/src/Attestor/StellaOps.Attestation/DsseVerifier.cs
@@ -2,11 +2,12 @@
 // Copyright (c) Stella Operations. Licensed under BUSL-1.1.
 // </copyright>

+
+using Microsoft.Extensions.Logging;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;

 namespace StellaOps.Attestation;

--- a/src/Attestor/StellaOps.Attestor.Envelope/DsseEnvelopeSerializer.cs
+++ b/src/Attestor/StellaOps.Attestor.Envelope/DsseEnvelopeSerializer.cs
@@ -1,3 +1,4 @@
+
 using System;
 using System.Buffers;
 using System.Collections.Generic;
--- a/src/Attestor/StellaOps.Attestor.Envelope/EnvelopeKey.cs
+++ b/src/Attestor/StellaOps.Attestor.Envelope/EnvelopeKey.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Cryptography;
 using System;
 using System.Security.Cryptography;
-using StellaOps.Cryptography;

 namespace StellaOps.Attestor.Envelope;

--- a/src/Attestor/StellaOps.Attestor.Envelope/EnvelopeKeyIdCalculator.cs
+++ b/src/Attestor/StellaOps.Attestor.Envelope/EnvelopeKeyIdCalculator.cs
@@ -1,3 +1,4 @@
+
 using System;
 using System.Security.Cryptography;
 using System.Text;
--- a/src/Attestor/StellaOps.Attestor.Envelope/EnvelopeSignatureService.cs
+++ b/src/Attestor/StellaOps.Attestor.Envelope/EnvelopeSignatureService.cs
@@ -1,8 +1,9 @@
+
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Signers;
 using System;
 using System.Security.Cryptography;
 using System.Threading;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Signers;

 namespace StellaOps.Attestor.Envelope;

--- a/src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/DsseEnvelopeSerializerTests.cs
+++ b/src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/DsseEnvelopeSerializerTests.cs
@@ -1,10 +1,11 @@
-using System;
+
+using StellaOps.Attestor.Envelope;
+using StellaOps.TestKit;
+using System;
 using System.Text;
 using System.Text.Json;
-using StellaOps.Attestor.Envelope;
 using Xunit;

-using StellaOps.TestKit;
 namespace StellaOps.Attestor.Envelope.Tests;

 public sealed class DsseEnvelopeSerializerTests
--- a/src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/EnvelopeSignatureServiceTests.cs
+++ b/src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/EnvelopeSignatureServiceTests.cs
@@ -1,9 +1,10 @@
-using System;
-using System.Security.Cryptography;
-using System.Text;
+
 using StellaOps.Attestor.Envelope;
 using StellaOps.Cryptography;
 using StellaOps.TestKit;
+using System;
+using System.Security.Cryptography;
+using System.Text;
 using Xunit;

 namespace StellaOps.Attestor.Envelope.Tests;
--- a/src/Attestor/StellaOps.Attestor.TileProxy/Endpoints/TileEndpoints.cs
+++ b/src/Attestor/StellaOps.Attestor.TileProxy/Endpoints/TileEndpoints.cs
@@ -5,12 +5,13 @@
 // Description: Tile proxy API endpoints
 // -----------------------------------------------------------------------------

-using System.Text.Json;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Attestor.TileProxy.Services;
+using System.Text.Json;

 namespace StellaOps.Attestor.TileProxy.Endpoints;

--- a/src/Attestor/StellaOps.Attestor.TileProxy/Services/ContentAddressedTileStore.cs
+++ b/src/Attestor/StellaOps.Attestor.TileProxy/Services/ContentAddressedTileStore.cs
@@ -5,11 +5,12 @@
 // Description: Content-addressed storage for cached tiles
 // -----------------------------------------------------------------------------

+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System.Collections.Concurrent;
 using System.Security.Cryptography;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;

 namespace StellaOps.Attestor.TileProxy.Services;

--- a/src/Attestor/StellaOps.Attestor.TileProxy/Services/TileProxyService.cs
+++ b/src/Attestor/StellaOps.Attestor.TileProxy/Services/TileProxyService.cs
@@ -5,11 +5,12 @@
 // Description: Core tile proxy service with request coalescing
 // -----------------------------------------------------------------------------

+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System.Collections.Concurrent;
 using System.Net.Http.Headers;
 using System.Text.RegularExpressions;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;

 namespace StellaOps.Attestor.TileProxy.Services;

--- a/src/Attestor/StellaOps.Attestor.TileProxy/TASKS.md
+++ b/src/Attestor/StellaOps.Attestor.TileProxy/TASKS.md
@@ -0,0 +1,8 @@
+# StellaOps.Attestor.TileProxy Task Board
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Attestor/StellaOps.Attestor.TileProxy/StellaOps.Attestor.TileProxy.md. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/Attestor/StellaOps.Attestor.Types/Tools/StellaOps.Attestor.Types.Generator/Program.cs
+++ b/src/Attestor/StellaOps.Attestor.Types/Tools/StellaOps.Attestor.Types.Generator/Program.cs
@@ -1,3 +1,4 @@
+
 using System.Linq;
 using System.Text;
 using System.Text.Json;
--- a/src/Attestor/StellaOps.Attestor.Types/Tools/StellaOps.Attestor.Types.Generator/TASKS.md
+++ b/src/Attestor/StellaOps.Attestor.Types/Tools/StellaOps.Attestor.Types.Generator/TASKS.md
@@ -8,3 +8,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
 | AUDIT-0069-M | DONE | Revalidated 2026-01-06 (maintainability audit). |
 | AUDIT-0069-T | DONE | Revalidated 2026-01-06 (test coverage audit). |
 | AUDIT-0069-A | TODO | Reopened after revalidation 2026-01-06. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/Attestor/StellaOps.Attestor.Verify/AttestorVerificationEngine.cs
+++ b/src/Attestor/StellaOps.Attestor.Verify/AttestorVerificationEngine.cs
@@ -1,3 +1,11 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Attestor.Core.Options;
+using StellaOps.Attestor.Core.Storage;
+using StellaOps.Attestor.Core.Submission;
+using StellaOps.Attestor.Core.Verification;
+using StellaOps.Cryptography;
 using System.Collections.Immutable;
 using System.Formats.Asn1;
 using System.Globalization;
@@ -7,13 +15,6 @@ using System.Net;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Attestor.Core.Options;
-using StellaOps.Attestor.Core.Storage;
-using StellaOps.Attestor.Core.Submission;
-using StellaOps.Attestor.Core.Verification;
-using StellaOps.Cryptography;

 namespace StellaOps.Attestor.Verify;

--- a/src/Attestor/StellaOps.Attestor.Verify/TASKS.md
+++ b/src/Attestor/StellaOps.Attestor.Verify/TASKS.md
@@ -8,3 +8,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
 | AUDIT-0071-M | DONE | Revalidated 2026-01-06 (maintainability audit). |
 | AUDIT-0071-T | DONE | Revalidated 2026-01-06 (test coverage audit). |
 | AUDIT-0071-A | TODO | Reopened after revalidation 2026-01-06. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Bulk/BulkVerificationModels.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Bulk/BulkVerificationModels.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.Attestor.Core.Verification;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using StellaOps.Attestor.Core.Verification;

 namespace StellaOps.Attestor.Core.Bulk;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Delta/DeltaAttestationService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Delta/DeltaAttestationService.cs
@@ -5,11 +5,7 @@
 // Description: Creates DSSE-signed in-toto statements for lineage delta changes.
 // -----------------------------------------------------------------------------

-using System.Diagnostics;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Signing;
@@ -17,6 +13,11 @@ using StellaOps.Attestor.Core.Submission;
 using StellaOps.Attestor.Serialization;
 using StellaOps.Signer.Core;
 using StellaOps.Signer.Core.Predicates;
+using System.Diagnostics;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;

 namespace StellaOps.Attestor.Core.Delta;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/ArtifactDigests.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/ArtifactDigests.cs
@@ -1,5 +1,6 @@
 // Licensed under BUSL-1.1. Copyright (C) 2024-2026 StellaOps Contributors.

+
 using System.Collections.Frozen;
 using System.Collections.Immutable;
 using System.Globalization;
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/Layout/ILayoutVerifier.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/Layout/ILayoutVerifier.cs
@@ -1,7 +1,8 @@
 // Licensed under BUSL-1.1. Copyright (C) 2024-2026 StellaOps Contributors.

-using System.Collections.Immutable;
+
 using StellaOps.Attestor.Envelope;
+using System.Collections.Immutable;

 namespace StellaOps.Attestor.Core.InToto.Layout;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/Layout/LayoutVerifier.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/Layout/LayoutVerifier.cs
@@ -1,8 +1,9 @@
 // Licensed under BUSL-1.1. Copyright (C) 2024-2026 StellaOps Contributors.

+
+using Microsoft.Extensions.Logging;
 using System.Collections.Immutable;
 using System.Text.RegularExpressions;
-using Microsoft.Extensions.Logging;

 namespace StellaOps.Attestor.Core.InToto.Layout;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/LinkRecorder.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/InToto/LinkRecorder.cs
@@ -1,9 +1,10 @@
 // Licensed under BUSL-1.1. Copyright (C) 2024-2026 StellaOps Contributors.

-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Opts = Microsoft.Extensions.Options.Options;
+using System.Collections.Immutable;

 namespace StellaOps.Attestor.Core.InToto;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Layers/LayerAttestationService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Layers/LayerAttestationService.cs
@@ -5,13 +5,14 @@
 // Description: Implementation of layer-specific attestation service.
 // -----------------------------------------------------------------------------

+
+using StellaOps.Attestor.Core.Chain;
 using System.Collections.Concurrent;
 using System.Collections.Immutable;
 using System.Diagnostics;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using StellaOps.Attestor.Core.Chain;

 namespace StellaOps.Attestor.Core.Layers;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Offline/AttestorOfflineBundle.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Offline/AttestorOfflineBundle.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.Attestor.Core.Storage;
 using System;
 using System.Collections.Generic;
 using System.Text.Json.Serialization;
-using StellaOps.Attestor.Core.Storage;

 namespace StellaOps.Attestor.Core.Offline;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Options/AttestorOptions.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Options/AttestorOptions.cs
@@ -1,6 +1,7 @@
-using System.Collections.Generic;
+
 using StellaOps.Attestor.Core.Verification;
 using StellaOps.Cryptography;
+using System.Collections.Generic;

 namespace StellaOps.Attestor.Core.Options;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/PoEArtifactGenerator.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/PoEArtifactGenerator.cs
@@ -1,11 +1,12 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.

-using System.Text;
+// Models are now in the same namespace
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Serialization;
 using StellaOps.Cryptography;
-// Models are now in the same namespace
+using System.Text;

 namespace StellaOps.Attestor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/CheckpointDivergenceAlertPublisher.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/CheckpointDivergenceAlertPublisher.cs
@@ -5,14 +5,15 @@
 // Description: Integration with Notify service for checkpoint divergence alerts.
 // -----------------------------------------------------------------------------

+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System;
 using System.Collections.Immutable;
 using System.Text.Json;
 using System.Text.Json.Nodes;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;

 namespace StellaOps.Attestor.Core.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/CheckpointDivergenceDetector.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/CheckpointDivergenceDetector.cs
@@ -5,9 +5,10 @@
 // Description: Implementation of checkpoint divergence detection with metrics.
 // -----------------------------------------------------------------------------

-using System.Diagnostics.Metrics;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System.Diagnostics.Metrics;

 namespace StellaOps.Attestor.Core.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/FileSystemRekorTileCache.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/FileSystemRekorTileCache.cs
@@ -5,10 +5,11 @@
 // Description: File-based tile cache for air-gapped environments.
 // -----------------------------------------------------------------------------

-using System.Security.Cryptography;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System.Security.Cryptography;
+using System.Text.Json;

 namespace StellaOps.Attestor.Core.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/IRekorClient.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/IRekorClient.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Attestor.Core.Submission;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Submission;

 namespace StellaOps.Attestor.Core.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/RekorSyncBackgroundService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/RekorSyncBackgroundService.cs
@@ -5,11 +5,12 @@
 // Description: Background service for periodic Rekor checkpoint and tile synchronization.
 // -----------------------------------------------------------------------------

-using System.Diagnostics;
-using System.Diagnostics.Metrics;
+
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System.Diagnostics;
+using System.Diagnostics.Metrics;

 namespace StellaOps.Attestor.Core.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Resilience/CircuitBreaker.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Resilience/CircuitBreaker.cs
@@ -5,8 +5,9 @@
 // Description: Circuit breaker implementation for resilient service calls
 // -----------------------------------------------------------------------------

-using System.Collections.Concurrent;
+
 using Microsoft.Extensions.Logging;
+using System.Collections.Concurrent;

 namespace StellaOps.Attestor.Core.Resilience;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Serialization/CanonicalJsonSerializer.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Serialization/CanonicalJsonSerializer.cs
@@ -1,8 +1,9 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.

+
 using System.Collections;
-using System.Text;
 using System.Linq;
+using System.Text;
 using System.Text.Encodings.Web;
 using System.Text.Json;
 using System.Text.Json.Serialization;
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/AttestationSignRequest.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/AttestationSignRequest.cs
@@ -1,5 +1,6 @@
-using System.Collections.Generic;
+
 using StellaOps.Attestor.Core.Submission;
+using System.Collections.Generic;

 namespace StellaOps.Attestor.Core.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/AttestationSignResult.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/AttestationSignResult.cs
@@ -1,5 +1,6 @@
-using System;
+
 using StellaOps.Attestor.Core.Submission;
+using System;

 namespace StellaOps.Attestor.Core.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/DsseSigningService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/DsseSigningService.cs
@@ -1,10 +1,11 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.

+
+using Microsoft.Extensions.Logging;
+using StellaOps.Attestor.Core.Signing;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;
-using StellaOps.Attestor.Core.Signing;

 namespace StellaOps.Attestor.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/DsseVerificationReportSigner.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/DsseVerificationReportSigner.cs
@@ -1,10 +1,11 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.
-using System.Text;
+
+using EnvelopeDsseEnvelope = StellaOps.Attestor.Envelope.DsseEnvelope;
+using EnvelopeDsseSignature = StellaOps.Attestor.Envelope.DsseSignature;
 using StellaOps.Attestor.Core.Predicates;
 using StellaOps.Attestor.Envelope;
 using StellaOps.Attestor.Serialization;
-using EnvelopeDsseEnvelope = StellaOps.Attestor.Envelope.DsseEnvelope;
-using EnvelopeDsseSignature = StellaOps.Attestor.Envelope.DsseSignature;
+using System.Text;

 namespace StellaOps.Attestor.Core.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/FileKeyProvider.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/FileKeyProvider.cs
@@ -1,8 +1,9 @@
 // Copyright (c) StellaOps. Licensed under BUSL-1.1.

+
+using Microsoft.Extensions.Logging;
 using System.Security.Cryptography;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;

 namespace StellaOps.Attestor.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/IAttestationSigningService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Signing/IAttestationSigningService.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Attestor.Core.Submission;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Submission;

 namespace StellaOps.Attestor.Core.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Transparency/TransparencyStatusProvider.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Transparency/TransparencyStatusProvider.cs
@@ -4,9 +4,10 @@
 // Tracks sync times, metrics, and backend health for freshness indicators.
 // -----------------------------------------------------------------------------

-using System.Collections.Concurrent;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System.Collections.Concurrent;

 namespace StellaOps.Attestor.Core.Transparency;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Validation/PredicateSchemaValidator.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Validation/PredicateSchemaValidator.cs
@@ -1,7 +1,8 @@
-using System.Text.Json;
+
 using Json.Schema;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
+using System.Text.Json;

 namespace StellaOps.Attestor.Core.Validation;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/CheckpointSignatureVerifier.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/CheckpointSignatureVerifier.cs
@@ -1,9 +1,10 @@
+
+using Sodium;
 using System.Formats.Asn1;
 using System.Globalization;
 using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
-using Sodium;

 namespace StellaOps.Attestor.Core.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/IAttestorVerificationService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/IAttestorVerificationService.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Attestor.Core.Storage;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Storage;

 namespace StellaOps.Attestor.Core.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/RekorOfflineReceiptVerifier.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/RekorOfflineReceiptVerifier.cs
@@ -1,10 +1,11 @@
+
+using StellaOps.Attestor.Core.Rekor;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using StellaOps.Attestor.Core.Rekor;

 namespace StellaOps.Attestor.Core.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/RekorVerificationService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Verification/RekorVerificationService.cs
@@ -5,11 +5,12 @@
 // Description: Service implementation for verifying Rekor transparency log entries
 // -----------------------------------------------------------------------------

-using System.Collections.Concurrent;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Rekor;
+using System.Collections.Concurrent;

 namespace StellaOps.Attestor.Core.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Bulk/BulkVerificationWorker.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Bulk/BulkVerificationWorker.cs
@@ -1,15 +1,16 @@
+
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Attestor.Core.Bulk;
+using StellaOps.Attestor.Core.Observability;
+using StellaOps.Attestor.Core.Options;
+using StellaOps.Attestor.Core.Verification;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Attestor.Core.Bulk;
-using StellaOps.Attestor.Core.Options;
-using StellaOps.Attestor.Core.Observability;
-using StellaOps.Attestor.Core.Verification;

 namespace StellaOps.Attestor.Infrastructure.Bulk;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Bulk/InMemoryBulkVerificationJobStore.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Bulk/InMemoryBulkVerificationJobStore.cs
@@ -1,9 +1,10 @@
+
+using StellaOps.Attestor.Core.Bulk;
 using System;
 using System.Collections.Concurrent;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Bulk;

 namespace StellaOps.Attestor.Infrastructure.Bulk;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/InToto/InTotoLinkSigningService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/InToto/InTotoLinkSigningService.cs
@@ -1,12 +1,13 @@
 // Licensed under BUSL-1.1. Copyright (C) 2024-2026 StellaOps Contributors.

-using System.Text;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.InToto;
 using StellaOps.Attestor.Core.Signing;
 using StellaOps.Attestor.Core.Submission;
 using StellaOps.Attestor.Envelope;
+using System.Text;

 namespace StellaOps.Attestor.Infrastructure.InToto;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Offline/AttestorBundleService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Offline/AttestorBundleService.cs
@@ -1,15 +1,16 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Cryptography;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Offline;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Storage;
 using StellaOps.Attestor.Infrastructure.Storage;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Offline;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/HttpRekorClient.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/HttpRekorClient.cs
@@ -1,3 +1,8 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Attestor.Core.Rekor;
+using StellaOps.Attestor.Core.Submission;
+using StellaOps.Attestor.Core.Verification;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -8,10 +13,6 @@ using System.Net.Http.Json;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Attestor.Core.Rekor;
-using StellaOps.Attestor.Core.Submission;
-using StellaOps.Attestor.Core.Verification;

 namespace StellaOps.Attestor.Infrastructure.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/HttpRekorTileClient.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/HttpRekorTileClient.cs
@@ -1,3 +1,6 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Attestor.Core.Rekor;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -6,8 +9,6 @@ using System.Net.Http;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Attestor.Core.Rekor;

 namespace StellaOps.Attestor.Infrastructure.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/ResilientRekorClient.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/ResilientRekorClient.cs
@@ -5,9 +5,7 @@
 // Description: Resilient Rekor client with circuit breaker and mirror failover
 // -----------------------------------------------------------------------------

-using System;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Options;
@@ -15,6 +13,9 @@ using StellaOps.Attestor.Core.Rekor;
 using StellaOps.Attestor.Core.Resilience;
 using StellaOps.Attestor.Core.Submission;
 using StellaOps.Attestor.Core.Verification;
+using System;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/StubRekorClient.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Rekor/StubRekorClient.cs
@@ -1,12 +1,13 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Attestor.Core.Rekor;
+using StellaOps.Attestor.Core.Submission;
 using System;
 using System.Buffers.Binary;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Attestor.Core.Rekor;
-using StellaOps.Attestor.Core.Submission;

 namespace StellaOps.Attestor.Infrastructure.Rekor;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/ServiceCollectionExtensions.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/ServiceCollectionExtensions.cs
@@ -1,6 +1,6 @@
 #pragma warning disable CS0618 // FallbackCredentialsFactory is obsolete - transitioning to DefaultAWSCredentialsIdentityResolver

-using System;
+
 using Amazon.Runtime;
 using Amazon.S3;
 using Microsoft.Extensions.Caching.Memory;
@@ -8,30 +8,31 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StackExchange.Redis;
-using StellaOps.Attestor.Core.Options;
+using StellaOps.Attestor.Core.Bulk;
+using StellaOps.Attestor.Core.InToto;
+using StellaOps.Attestor.Core.InToto.Layout;
 using StellaOps.Attestor.Core.Observability;
+using StellaOps.Attestor.Core.Offline;
+using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Rekor;
+using StellaOps.Attestor.Core.Signing;
 using StellaOps.Attestor.Core.Storage;
 using StellaOps.Attestor.Core.Submission;
 using StellaOps.Attestor.Core.Transparency;
 using StellaOps.Attestor.Core.Verification;
-using StellaOps.Attestor.Core.Bulk;
-using StellaOps.Attestor.Core.Offline;
-using StellaOps.Attestor.Infrastructure.Rekor;
+using StellaOps.Attestor.Infrastructure.Bulk;
+using StellaOps.Attestor.Infrastructure.InToto;
 using StellaOps.Attestor.Infrastructure.Offline;
+using StellaOps.Attestor.Infrastructure.Rekor;
 using StellaOps.Attestor.Infrastructure.Signing;
 using StellaOps.Attestor.Infrastructure.Storage;
 using StellaOps.Attestor.Infrastructure.Submission;
 using StellaOps.Attestor.Infrastructure.Transparency;
 using StellaOps.Attestor.Infrastructure.Verification;
-using StellaOps.Attestor.Infrastructure.Bulk;
-using StellaOps.Attestor.Core.Signing;
-using StellaOps.Attestor.Core.InToto;
-using StellaOps.Attestor.Core.InToto.Layout;
-using StellaOps.Attestor.Infrastructure.InToto;
-using StellaOps.Attestor.Verify;
 using StellaOps.Attestor.TrustRepo;
+using StellaOps.Attestor.Verify;
 using StellaOps.Determinism;
+using System;

 namespace StellaOps.Attestor.Infrastructure;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Signing/AttestorSigningKeyRegistry.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Signing/AttestorSigningKeyRegistry.cs
@@ -1,8 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Security.Cryptography;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Org.BouncyCastle.Crypto.Parameters;
@@ -12,6 +8,11 @@ using StellaOps.Cryptography;
 using StellaOps.Cryptography.Kms;
 using StellaOps.Cryptography.Plugin.BouncyCastle;
 using StellaOps.Cryptography.Plugin.SmSoft;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Security.Cryptography;

 namespace StellaOps.Attestor.Infrastructure.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Signing/AttestorSigningService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Signing/AttestorSigningService.cs
@@ -1,15 +1,16 @@
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Security.Cryptography;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Attestor.Core.Audit;
 using StellaOps.Attestor.Core.Observability;
 using StellaOps.Attestor.Core.Signing;
 using StellaOps.Attestor.Core.Submission;
 using StellaOps.Cryptography;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Security.Cryptography;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Signing;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/StellaOps.Attestor.Infrastructure.csproj
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/StellaOps.Attestor.Infrastructure.csproj
@@ -16,6 +16,7 @@
    <ProjectReference Include="..\..\..\__Libraries\StellaOps.Determinism.Abstractions\StellaOps.Determinism.Abstractions.csproj" />
    <ProjectReference Include="..\..\..\Router/__Libraries/StellaOps.Messaging\StellaOps.Messaging.csproj" />
    <ProjectReference Include="..\..\__Libraries\StellaOps.Attestor.TrustRepo\StellaOps.Attestor.TrustRepo.csproj" />
+    <ProjectReference Include="..\..\__Libraries\StellaOps.Attestor.Watchlist\StellaOps.Attestor.Watchlist.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" />
@@ -27,5 +28,6 @@
    <PackageReference Include="Microsoft.Extensions.Http" />
    <PackageReference Include="StackExchange.Redis" />
    <PackageReference Include="AWSSDK.S3" />
+    <PackageReference Include="Npgsql" />
  </ItemGroup>
 </Project>
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/CachingAttestorDedupeStore.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/CachingAttestorDedupeStore.cs
@@ -1,8 +1,9 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Attestor.Core.Storage;
 using System;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Attestor.Core.Storage;

 namespace StellaOps.Attestor.Infrastructure.Storage;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/InMemoryAttestorAuditSink.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/InMemoryAttestorAuditSink.cs
@@ -1,8 +1,9 @@
+
+using StellaOps.Attestor.Core.Audit;
+using StellaOps.Attestor.Core.Storage;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Audit;
-using StellaOps.Attestor.Core.Storage;

 namespace StellaOps.Attestor.Infrastructure.Storage;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/InMemoryAttestorDedupeStore.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/InMemoryAttestorDedupeStore.cs
@@ -1,8 +1,9 @@
+
+using StellaOps.Attestor.Core.Storage;
 using System;
 using System.Collections.Concurrent;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Storage;

 namespace StellaOps.Attestor.Infrastructure.Storage;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/InMemoryAttestorEntryRepository.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/InMemoryAttestorEntryRepository.cs
@@ -1,10 +1,11 @@
+
+using StellaOps.Attestor.Core.Storage;
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Storage;

 namespace StellaOps.Attestor.Infrastructure.Storage;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/NullAttestorArchiveStore.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/NullAttestorArchiveStore.cs
@@ -1,7 +1,8 @@
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Attestor.Core.Storage;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Storage;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/RedisAttestorDedupeStore.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/RedisAttestorDedupeStore.cs
@@ -1,10 +1,11 @@
-using System;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Options;
 using StackExchange.Redis;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Storage;
+using System;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Storage;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/S3AttestorArchiveStore.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Storage/S3AttestorArchiveStore.cs
@@ -1,15 +1,16 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Text.Json;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Amazon.S3;
 using Amazon.S3.Model;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Storage;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Text.Json;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Storage;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Submission/AttestorSubmissionService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Submission/AttestorSubmissionService.cs
@@ -1,3 +1,15 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Attestor.Core.Audit;
+using StellaOps.Attestor.Core.Observability;
+using StellaOps.Attestor.Core.Options;
+using StellaOps.Attestor.Core.Rekor;
+using StellaOps.Attestor.Core.Storage;
+using StellaOps.Attestor.Core.Submission;
+using StellaOps.Attestor.Core.Transparency;
+using StellaOps.Attestor.Core.Verification;
+using StellaOps.Attestor.Infrastructure.Rekor;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -5,17 +17,6 @@ using System.Globalization;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Attestor.Core.Audit;
-using StellaOps.Attestor.Core.Options;
-using StellaOps.Attestor.Core.Observability;
-using StellaOps.Attestor.Core.Rekor;
-using StellaOps.Attestor.Core.Storage;
-using StellaOps.Attestor.Core.Submission;
-using StellaOps.Attestor.Core.Transparency;
-using StellaOps.Attestor.Core.Verification;
-using StellaOps.Attestor.Infrastructure.Rekor;

 namespace StellaOps.Attestor.Infrastructure.Submission;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Submission/DefaultDsseCanonicalizer.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Submission/DefaultDsseCanonicalizer.cs
@@ -1,9 +1,10 @@
+
+using StellaOps.Attestor.Core.Submission;
 using System;
 using System.Text.Json;
 using System.Text.Json.Nodes;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Submission;

 namespace StellaOps.Attestor.Infrastructure.Submission;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Transparency/HttpTransparencyWitnessClient.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Transparency/HttpTransparencyWitnessClient.cs
@@ -1,15 +1,16 @@
-using System;
-using System.Diagnostics;
-using System.Net.Http;
-using System.Text.Json;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Observability;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Transparency;
+using System;
+using System.Diagnostics;
+using System.Net.Http;
+using System.Text.Json;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Transparency;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Transparency/NullTransparencyWitnessClient.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Transparency/NullTransparencyWitnessClient.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Attestor.Core.Transparency;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Transparency;

 namespace StellaOps.Attestor.Infrastructure.Transparency;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/AttestorVerificationService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/AttestorVerificationService.cs
@@ -1,14 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Linq;
-using System.Security.Cryptography;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Observability;
+using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Rekor;
 using StellaOps.Attestor.Core.Storage;
 using StellaOps.Attestor.Core.Submission;
@@ -16,6 +10,13 @@ using StellaOps.Attestor.Core.Transparency;
 using StellaOps.Attestor.Core.Verification;
 using StellaOps.Attestor.Infrastructure.Rekor;
 using StellaOps.Attestor.Verify;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/CachedAttestorVerificationService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/CachedAttestorVerificationService.cs
@@ -1,13 +1,14 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Attestor.Core.Observability;
+using StellaOps.Attestor.Core.Options;
+using StellaOps.Attestor.Core.Storage;
+using StellaOps.Attestor.Core.Verification;
 using System;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Attestor.Core.Options;
-using StellaOps.Attestor.Core.Observability;
-using StellaOps.Attestor.Core.Storage;
-using StellaOps.Attestor.Core.Verification;

 namespace StellaOps.Attestor.Infrastructure.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/InMemoryAttestorVerificationCache.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/InMemoryAttestorVerificationCache.cs
@@ -1,13 +1,14 @@
-using System;
-using System.Collections.Concurrent;
-using System.Globalization;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Verification;
+using System;
+using System.Collections.Concurrent;
+using System.Globalization;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/MessagingAttestorVerificationCache.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/MessagingAttestorVerificationCache.cs
@@ -1,13 +1,14 @@
-using System;
-using System.Globalization;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Verification;
 using StellaOps.Messaging;
 using StellaOps.Messaging.Abstractions;
+using System;
+using System.Globalization;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.Infrastructure.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/NoOpAttestorVerificationCache.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Verification/NoOpAttestorVerificationCache.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Attestor.Core.Verification;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Attestor.Core.Verification;

 namespace StellaOps.Attestor.Infrastructure.Verification;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Watchlist/PostgresWatchlistRepository.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/Watchlist/PostgresWatchlistRepository.cs
@@ -5,12 +5,13 @@
 // Description: PostgreSQL implementation of watchlist repository.
 // -----------------------------------------------------------------------------

-using System.Collections.Concurrent;
+
 using Microsoft.Extensions.Logging;
 using Npgsql;
 using NpgsqlTypes;
 using StellaOps.Attestor.Watchlist.Models;
 using StellaOps.Attestor.Watchlist.Storage;
+using System.Collections.Concurrent;

 namespace StellaOps.Attestor.Infrastructure.Watchlist;

@@ -349,7 +350,7 @@ public sealed class PostgresAlertDedupRepository : IAlertDedupRepository
                    ELSE attestor.identity_alert_dedup.last_alert_at
                END
            RETURNING
-                CASE WHEN last_alert_at < @now THEN FALSE ELSE TRUE END as should_suppress,
+                CASE WHEN alert_count > 1 THEN TRUE ELSE FALSE END as should_suppress,
                alert_count,
                last_alert_at + INTERVAL '1 minute' * @dedupMinutes as window_expires
            """;
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs
@@ -1,12 +1,8 @@
-using System.Security.Authentication;
-using System.Security.Claims;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-using System.Threading.RateLimiting;
+
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Server.Kestrel.Https;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Server.Kestrel.Https;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Diagnostics.HealthChecks;
 using Microsoft.Extensions.Options;
@@ -15,7 +11,6 @@ using OpenTelemetry.Trace;
 using Serilog;
 using Serilog.Context;
 using Serilog.Events;
-using StellaOps.Auth.ServerIntegration;
 using StellaOps.Attestor.Core.Bulk;
 using StellaOps.Attestor.Core.Observability;
 using StellaOps.Attestor.Core.Options;
@@ -27,10 +22,16 @@ using StellaOps.Attestor.Infrastructure;
 using StellaOps.Attestor.Spdx3;
 using StellaOps.Attestor.Watchlist;
 using StellaOps.Attestor.WebService.Options;
+using StellaOps.Auth.ServerIntegration;
 using StellaOps.Configuration;
 using StellaOps.Cryptography.DependencyInjection;
 using StellaOps.Determinism;
 using StellaOps.Router.AspNet;
+using System.Security.Authentication;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading.RateLimiting;

 namespace StellaOps.Attestor.WebService;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AttestorWebServiceControllerFeatureProvider.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AttestorWebServiceControllerFeatureProvider.cs
@@ -1,9 +1,10 @@
-using System.Collections.Generic;
-using System.Linq;
+
 using Microsoft.AspNetCore.Mvc.ApplicationParts;
 using Microsoft.AspNetCore.Mvc.Controllers;
 using StellaOps.Attestor.WebService.Controllers;
 using StellaOps.Attestor.WebService.Options;
+using System.Collections.Generic;
+using System.Linq;

 namespace StellaOps.Attestor.WebService;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AttestorWebServiceEndpoints.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AttestorWebServiceEndpoints.cs
@@ -1,7 +1,4 @@
-using System.Globalization;
-using System.Security.Claims;
-using System.Security.Cryptography.X509Certificates;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http;
 using StellaOps.Attestor.Core.Bulk;
 using StellaOps.Attestor.Core.InToto;
@@ -13,6 +10,10 @@ using StellaOps.Attestor.Core.Submission;
 using StellaOps.Attestor.Core.Verification;
 using StellaOps.Attestor.Spdx3;
 using StellaOps.Attestor.WebService.Contracts;
+using System.Globalization;
+using System.Security.Claims;
+using System.Security.Cryptography.X509Certificates;
+using System.Text.Json;

 namespace StellaOps.Attestor.WebService;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/AttestationBundleContracts.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/AttestationBundleContracts.cs
@@ -1,9 +1,10 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
+
 using Microsoft.AspNetCore.Http;
 using StellaOps.Attestor.Core.Offline;
 using StellaOps.Attestor.Core.Storage;
+using System;
+using System.Collections.Generic;
+using System.Linq;

 namespace StellaOps.Attestor.WebService.Contracts;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/AttestationListContracts.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/AttestationListContracts.cs
@@ -1,9 +1,10 @@
-using System;
-using System.Collections.Generic;
-using System.Globalization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Primitives;
 using StellaOps.Attestor.Core.Storage;
+using System;
+using System.Collections.Generic;
+using System.Globalization;

 namespace StellaOps.Attestor.WebService.Contracts;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/AttestationSignContracts.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/AttestationSignContracts.cs
@@ -1,5 +1,6 @@
-using System.Collections.Generic;
+
 using StellaOps.Attestor.Core.Submission;
+using System.Collections.Generic;

 namespace StellaOps.Attestor.WebService.Contracts;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/BulkVerificationContracts.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/BulkVerificationContracts.cs
@@ -1,11 +1,12 @@
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.Linq;
+
 using Microsoft.AspNetCore.Http;
 using StellaOps.Attestor.Core.Bulk;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Verification;
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;

 namespace StellaOps.Attestor.WebService.Contracts;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/InTotoLinkContracts.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Contracts/InTotoLinkContracts.cs
@@ -1,7 +1,8 @@
 // Licensed under BUSL-1.1. Copyright (C) 2024-2026 StellaOps Contributors.

-using System.Text.Json.Serialization;
+
 using StellaOps.Attestor.Core.InToto;
+using System.Text.Json.Serialization;

 namespace StellaOps.Attestor.WebService.Contracts;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/AnchorsController.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/AnchorsController.cs
@@ -1,9 +1,10 @@
+
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.RateLimiting;
 using Microsoft.Extensions.Options;
-using StellaOps.Attestor.WebService.Options;
 using StellaOps.Attestor.WebService.Contracts.Anchors;
+using StellaOps.Attestor.WebService.Options;

 namespace StellaOps.Attestor.WebService.Controllers;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/ProofChainController.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/ProofChainController.cs
@@ -1,9 +1,10 @@
-using System.Collections.Immutable;
+
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.RateLimiting;
 using StellaOps.Attestor.WebService.Models;
 using StellaOps.Attestor.WebService.Services;
+using System.Collections.Immutable;

 namespace StellaOps.Attestor.WebService.Controllers;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/VerdictController.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/VerdictController.cs
@@ -1,10 +1,4 @@
-using System;
-using System.Globalization;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -15,6 +9,13 @@ using StellaOps.Attestor.Core.Signing;
 using StellaOps.Attestor.Core.Submission;
 using StellaOps.Attestor.WebService.Contracts;
 using StellaOps.Attestor.WebService.Options;
+using System;
+using System.Globalization;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Threading;
+using System.Threading.Tasks;

 namespace StellaOps.Attestor.WebService.Controllers;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Models/ChainApiModels.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Models/ChainApiModels.cs
@@ -5,9 +5,10 @@
 // Description: API response models for attestation chain queries.
 // -----------------------------------------------------------------------------

+
+using StellaOps.Attestor.Core.Chain;
 using System.Collections.Immutable;
 using System.Text.Json.Serialization;
-using StellaOps.Attestor.Core.Chain;

 namespace StellaOps.Attestor.WebService.Models;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Program.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Program.cs
@@ -1,11 +1,12 @@
+
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Options;
-using System.Text.Encodings.Web;
 using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.WebService;
 using StellaOps.Configuration;
 using StellaOps.Router.AspNet;
+using System.Text.Encodings.Web;

 const string ConfigurationSection = "attestor";

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/ChainQueryService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/ChainQueryService.cs
@@ -5,10 +5,11 @@
 // Description: Implementation of attestation chain query service.
 // -----------------------------------------------------------------------------

-using System.Collections.Immutable;
-using System.Text;
+
 using StellaOps.Attestor.Core.Chain;
 using StellaOps.Attestor.WebService.Models;
+using System.Collections.Immutable;
+using System.Text;

 namespace StellaOps.Attestor.WebService.Services;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/PredicateTypeRouter.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/PredicateTypeRouter.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Attestor.StandardPredicates;
 using System.Collections.Immutable;
 using System.Text.Json;
-using StellaOps.Attestor.StandardPredicates;

 namespace StellaOps.Attestor.WebService.Services;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/ProofChainQueryService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/ProofChainQueryService.cs
@@ -1,8 +1,9 @@
-using System.Collections.Immutable;
-using System.Globalization;
+
+using StellaOps.Attestor.Core.Storage;
 using StellaOps.Attestor.ProofChain.Graph;
 using StellaOps.Attestor.WebService.Models;
-using StellaOps.Attestor.Core.Storage;
+using System.Collections.Immutable;
+using System.Globalization;

 namespace StellaOps.Attestor.WebService.Services;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/ProofVerificationService.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Services/ProofVerificationService.cs
@@ -1,7 +1,8 @@
-using System.Collections.Immutable;
-using StellaOps.Attestor.WebService.Models;
+
 using StellaOps.Attestor.Core.Storage;
 using StellaOps.Attestor.Core.Verification;
+using StellaOps.Attestor.WebService.Models;
+using System.Collections.Immutable;

 namespace StellaOps.Attestor.WebService.Services;

--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/WatchlistEndpoints.cs
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/WatchlistEndpoints.cs
@@ -6,6 +6,7 @@
 // -----------------------------------------------------------------------------

 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
 using StellaOps.Attestor.Watchlist.Matching;
 using StellaOps.Attestor.Watchlist.Models;
 using StellaOps.Attestor.Watchlist.Storage;
--- a/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/Builder/SigstoreBundleBuilder.cs
+++ b/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/Builder/SigstoreBundleBuilder.cs
@@ -5,9 +5,10 @@
 // Description: Fluent builder for constructing Sigstore bundles
 // -----------------------------------------------------------------------------

-using System.Globalization;
+
 using StellaOps.Attestor.Bundle.Models;
 using StellaOps.Attestor.Bundle.Serialization;
+using System.Globalization;

 namespace StellaOps.Attestor.Bundle.Builder;

--- a/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/Serialization/SigstoreBundleSerializer.cs
+++ b/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/Serialization/SigstoreBundleSerializer.cs
@@ -5,9 +5,10 @@
 // Description: JSON serialization for Sigstore bundles
 // -----------------------------------------------------------------------------

+
+using StellaOps.Attestor.Bundle.Models;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using StellaOps.Attestor.Bundle.Models;

 namespace StellaOps.Attestor.Bundle.Serialization;

--- a/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/TASKS.md
+++ b/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/TASKS.md
@@ -8,3 +8,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
 | AUDIT-0045-M | DONE | Revalidated maintainability for StellaOps.Attestor.Bundle (2026-01-06). |
 | AUDIT-0045-T | DONE | Revalidated test coverage for StellaOps.Attestor.Bundle (2026-01-06). |
 | AUDIT-0045-A | TODO | Open findings from revalidation (verification time/trust roots/checkpoint validation). |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
--- a/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/Verification/SigstoreBundleVerifier.cs
+++ b/src/Attestor/__Libraries/StellaOps.Attestor.Bundle/Verification/SigstoreBundleVerifier.cs
@@ -5,14 +5,15 @@
 // Description: Offline verification of Sigstore bundles
 // -----------------------------------------------------------------------------

-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
-using System.Globalization;
+
 using Microsoft.Extensions.Logging;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Crypto.Signers;
 using StellaOps.Attestor.Bundle.Models;
+using System.Globalization;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;

 namespace StellaOps.Attestor.Bundle.Verification;

--- a/src/Attestor/__Libraries/StellaOps.Attestor.Bundling/Services/AttestationBundler.cs
+++ b/src/Attestor/__Libraries/StellaOps.Attestor.Bundling/Services/AttestationBundler.cs
@@ -5,14 +5,15 @@
 // Description: Service implementation for creating attestation bundles
 // -----------------------------------------------------------------------------

-using System.Security.Cryptography;
-using System.Text;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Attestor.Bundling.Abstractions;
 using StellaOps.Attestor.Bundling.Configuration;
 using StellaOps.Attestor.Bundling.Models;
 using StellaOps.Attestor.ProofChain.Merkle;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.Attestor.Bundling.Services;

--- a/Show More
+++ b/Show More