stabilize tests

2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
--- a/src/Policy/AGENTS.md
+++ b/src/Policy/AGENTS.md
@@ -1,4 +1,4 @@
-# AGENTS · Policy Module
+# AGENTS ?? Policy Module

 > Sprint: SPRINT_3500_0002_0001 (Smart-Diff Foundation)

@@ -12,7 +12,7 @@
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/modules/platform/architecture-overview.md`
 - `docs/modules/policy/architecture.md`
- `docs/product/advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for suppression contracts)
+- `docs-archived/product/advisories/2025-12-21-moat-gap-closure/14-Dec-2025 - Smart-Diff Technical Reference.md` (for suppression contracts)
 - Current sprint file

 ## Working Directory & Boundaries
@@ -61,6 +61,7 @@ The Policy module includes suppression primitives for Smart-Diff:
 - Suppression: Add test cases for each rule type in `SuppressionRuleEvaluatorTests`.

 ## Workflow Expectations
- Mirror task state in sprint tracker (`TODO → DOING → DONE/BLOCKED`).
+- Mirror task state in sprint tracker (`TODO ??? DOING ??? DONE/BLOCKED`).
 - Note blockers with the specific decision needed.
 - When policy contracts change, update both module docs and consumer documentation.
+
--- a/src/Policy/StellaOps.Policy.Engine/Adapters/ExceptionAdapter.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Adapters/ExceptionAdapter.cs
@@ -1,11 +1,12 @@
-using System.Collections.Immutable;
-using System.Globalization;
+
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy.Engine.Evaluation;
 using StellaOps.Policy.Exceptions.Models;
 using StellaOps.Policy.Exceptions.Repositories;
+using System.Collections.Immutable;
+using System.Globalization;

 namespace StellaOps.Policy.Engine.Adapters;

--- a/src/Policy/StellaOps.Policy.Engine/Adapters/ExceptionEffectRegistry.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Adapters/ExceptionEffectRegistry.cs
@@ -1,5 +1,6 @@
-using System.Collections.Frozen;
+
 using StellaOps.Policy.Exceptions.Models;
+using System.Collections.Frozen;

 namespace StellaOps.Policy.Engine.Adapters;

--- a/src/Policy/StellaOps.Policy.Engine/AirGap/AirGapNotifications.cs
+++ b/src/Policy/StellaOps.Policy.Engine/AirGap/AirGapNotifications.cs
@@ -1,5 +1,6 @@
-using System.Globalization;
+
 using Microsoft.Extensions.Logging;
+using System.Globalization;

 namespace StellaOps.Policy.Engine.AirGap;

--- a/src/Policy/StellaOps.Policy.Engine/AirGap/PolicyPackBundleImportService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/AirGap/PolicyPackBundleImportService.cs
@@ -1,8 +1,9 @@
+
+using Microsoft.Extensions.Logging;
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;

 namespace StellaOps.Policy.Engine.AirGap;

--- a/src/Policy/StellaOps.Policy.Engine/AirGap/RiskProfileAirGapExport.cs
+++ b/src/Policy/StellaOps.Policy.Engine/AirGap/RiskProfileAirGapExport.cs
@@ -1,14 +1,15 @@
-using System.Globalization;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Cryptography;
 using StellaOps.Determinism;
 using StellaOps.Policy.RiskProfile.Export;
 using StellaOps.Policy.RiskProfile.Hashing;
 using StellaOps.Policy.RiskProfile.Models;
+using System.Globalization;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;

 namespace StellaOps.Policy.Engine.AirGap;

--- a/src/Policy/StellaOps.Policy.Engine/Attestation/HttpAttestorClient.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Attestation/HttpAttestorClient.cs
@@ -1,6 +1,7 @@
+
+using Microsoft.Extensions.Logging;
 using System.Net.Http.Json;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;

 namespace StellaOps.Policy.Engine.Attestation;

--- a/src/Policy/StellaOps.Policy.Engine/Attestation/PolicyDecisionAttestationService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Attestation/PolicyDecisionAttestationService.cs
@@ -4,6 +4,11 @@
 // Description: Service for creating signed policy decision attestations.
 // -----------------------------------------------------------------------------

+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Policy.Engine.Telemetry;
+using StellaOps.Policy.Engine.Vex;
 using System;
 using System.Diagnostics;
 using System.Security.Cryptography;
@@ -11,10 +16,6 @@ using System.Text;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Policy.Engine.Telemetry;
-using StellaOps.Policy.Engine.Vex;

 namespace StellaOps.Policy.Engine.Attestation;

--- a/src/Policy/StellaOps.Policy.Engine/Attestation/RvaVerifier.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Attestation/RvaVerifier.cs
@@ -1,10 +1,11 @@
-using System.Security.Cryptography;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Attestor.Envelope;
 using StellaOps.Canonical.Json;
 using StellaOps.Cryptography;
 using StellaOps.Policy.Snapshots;
+using System.Security.Cryptography;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.Attestation;

--- a/src/Policy/StellaOps.Policy.Engine/Attestation/VerdictAttestationService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Attestation/VerdictAttestationService.cs
@@ -1,7 +1,8 @@
-using System.Security.Cryptography;
-using System.Text;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Engine.Materialization;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.Policy.Engine.Attestation;

--- a/src/Policy/StellaOps.Policy.Engine/Attestation/VerdictEvidenceWeightedScore.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Attestation/VerdictEvidenceWeightedScore.cs
@@ -5,9 +5,10 @@
 // Description: Serializable EWS decomposition and ScoringProof for verdict attestation
 // -----------------------------------------------------------------------------

+
+using StellaOps.Signals.EvidenceWeightedScore;
 using System.Collections.Immutable;
 using System.Text.Json.Serialization;
-using StellaOps.Signals.EvidenceWeightedScore;

 namespace StellaOps.Policy.Engine.Attestation;

--- a/src/Policy/StellaOps.Policy.Engine/Attestation/VerdictPredicateBuilder.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Attestation/VerdictPredicateBuilder.cs
@@ -1,11 +1,12 @@
+
+using StellaOps.Canonical.Json;
+using StellaOps.Policy;
+using StellaOps.Policy.Engine.Materialization;
 using System.Collections.Immutable;
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using StellaOps.Canonical.Json;
-using StellaOps.Policy;
-using StellaOps.Policy.Engine.Materialization;

 namespace StellaOps.Policy.Engine.Attestation;

--- a/src/Policy/StellaOps.Policy.Engine/BatchEvaluation/BatchEvaluationModels.cs
+++ b/src/Policy/StellaOps.Policy.Engine/BatchEvaluation/BatchEvaluationModels.cs
@@ -1,11 +1,12 @@
-using System.Collections.Immutable;
-using System.Linq;
+
 using StellaOps.Policy;
 using StellaOps.Policy.Confidence.Models;
 using StellaOps.Policy.Engine.Caching;
 using StellaOps.Policy.Engine.Evaluation;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.PolicyDsl;
+using System.Collections.Immutable;
+using System.Linq;

 namespace StellaOps.Policy.Engine.BatchEvaluation;

--- a/src/Policy/StellaOps.Policy.Engine/BatchEvaluation/BatchExceptionLoader.cs
+++ b/src/Policy/StellaOps.Policy.Engine/BatchEvaluation/BatchExceptionLoader.cs
@@ -3,10 +3,11 @@
 // Licensed under the BUSL-1.1 license.
 // </copyright>

-using System.Collections.Concurrent;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Engine.Adapters;
 using StellaOps.Policy.Engine.Evaluation;
+using System.Collections.Concurrent;

 namespace StellaOps.Policy.Engine.BatchEvaluation;

--- a/src/Policy/StellaOps.Policy.Engine/BuildGate/ExceptionRecheckGate.cs
+++ b/src/Policy/StellaOps.Policy.Engine/BuildGate/ExceptionRecheckGate.cs
@@ -1,7 +1,8 @@
-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Exceptions.Models;
 using StellaOps.Policy.Exceptions.Services;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.BuildGate;

--- a/src/Policy/StellaOps.Policy.Engine/Caching/IPolicyEvaluationCache.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Caching/IPolicyEvaluationCache.cs
@@ -1,6 +1,7 @@
-using System.Collections.Immutable;
+
 using StellaOps.Policy.Confidence.Models;
 using StellaOps.Policy.Engine.Evaluation;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Caching;

--- a/src/Policy/StellaOps.Policy.Engine/Caching/InMemoryPolicyEvaluationCache.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Caching/InMemoryPolicyEvaluationCache.cs
@@ -1,8 +1,9 @@
-using System.Collections.Concurrent;
-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy.Engine.Options;
+using System.Collections.Concurrent;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Caching;

--- a/src/Policy/StellaOps.Policy.Engine/Caching/ProvcachePolicyEvaluationCache.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Caching/ProvcachePolicyEvaluationCache.cs
@@ -1,11 +1,12 @@
-using System.Collections.Immutable;
-using System.Security.Cryptography;
-using System.Text;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy.Confidence.Models;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Provcache;
+using System.Collections.Immutable;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.Policy.Engine.Caching;

--- a/src/Policy/StellaOps.Policy.Engine/Compilation/PolicyCompileMetadata.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Compilation/PolicyCompileMetadata.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.PolicyDsl;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using System.Text;
-using StellaOps.PolicyDsl;

 namespace StellaOps.Policy.Engine.Compilation;

--- a/src/Policy/StellaOps.Policy.Engine/Compilation/PolicyComplexityAnalyzer.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Compilation/PolicyComplexityAnalyzer.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.PolicyDsl;
 using System;
 using System.Collections.Immutable;
-using StellaOps.PolicyDsl;

 namespace StellaOps.Policy.Engine.Compilation;

--- a/src/Policy/StellaOps.Policy.Engine/Compilation/PolicyMetadataExtractor.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Compilation/PolicyMetadataExtractor.cs
@@ -1,8 +1,9 @@
+
+using StellaOps.PolicyDsl;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using StellaOps.PolicyDsl;

 namespace StellaOps.Policy.Engine.Compilation;

--- a/src/Policy/StellaOps.Policy.Engine/Confidence/VexTrustConfidenceFactorProvider.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Confidence/VexTrustConfidenceFactorProvider.cs
@@ -1,10 +1,11 @@
 // VexTrustConfidenceFactorProvider - Confidence factor from VEX trust data
 // Part of SPRINT_1227_0004_0003: VexTrustGate Policy Integration

-using System;
-using System.Collections.Generic;
+
 using StellaOps.Policy.Confidence.Models;
 using StellaOps.Policy.Engine.Gates;
+using System;
+using System.Collections.Generic;

 namespace StellaOps.Policy.Engine.Confidence;

--- a/src/Policy/StellaOps.Policy.Engine/Console/ConsoleAttestationReportModels.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Console/ConsoleAttestationReportModels.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Policy.Engine.Attestation;
 using System.Collections.Immutable;
 using System.Text.Json.Serialization;
-using StellaOps.Policy.Engine.Attestation;

 namespace StellaOps.Policy.Engine.ConsoleSurface;

--- a/src/Policy/StellaOps.Policy.Engine/Console/ConsoleAttestationReportService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Console/ConsoleAttestationReportService.cs
@@ -1,5 +1,6 @@
-using System.Collections.Immutable;
+
 using StellaOps.Policy.Engine.Attestation;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.ConsoleSurface;

--- a/src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.Policy.Engine.Simulation;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using System.Text;
-using StellaOps.Policy.Engine.Simulation;

 namespace StellaOps.Policy.Engine.ConsoleSurface;

--- a/src/Policy/StellaOps.Policy.Engine/ConsoleExport/ConsoleExportJobService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/ConsoleExport/ConsoleExportJobService.cs
@@ -1,10 +1,11 @@
+
+using StellaOps.Determinism;
+using StellaOps.Policy.Engine.Ledger;
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
 using System.Text.RegularExpressions;
-using StellaOps.Determinism;
-using StellaOps.Policy.Engine.Ledger;

 namespace StellaOps.Policy.Engine.ConsoleExport;

--- a/src/Policy/StellaOps.Policy.Engine/Crypto/CryptoRiskEvaluator.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Crypto/CryptoRiskEvaluator.cs
@@ -1,5 +1,6 @@
-using System.Collections.Immutable;
+
 using StellaOps.Policy.Crypto;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Crypto;

--- a/src/Policy/StellaOps.Policy.Engine/DependencyInjection/PolicyEngineServiceCollectionExtensions.cs
+++ b/src/Policy/StellaOps.Policy.Engine/DependencyInjection/PolicyEngineServiceCollectionExtensions.cs
@@ -1,6 +1,8 @@
+
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Http;
+using StackExchange.Redis;
 using StellaOps.Determinism;
 using StellaOps.Policy.Confidence.Configuration;
 using StellaOps.Policy.Confidence.Services;
@@ -23,7 +25,6 @@ using StellaOps.Policy.Licensing;
 using StellaOps.Policy.NtiaCompliance;
 using StellaOps.Policy.Unknowns.Configuration;
 using StellaOps.Policy.Unknowns.Services;
-using StackExchange.Redis;

 namespace StellaOps.Policy.Engine.DependencyInjection;

--- a/src/Policy/StellaOps.Policy.Engine/DeterminismGuard/DeterminismGuardService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/DeterminismGuard/DeterminismGuardService.cs
@@ -1,3 +1,4 @@
+
 using System.Collections.Immutable;
 using System.Diagnostics;

--- a/src/Policy/StellaOps.Policy.Engine/DeterminismGuard/GuardedPolicyEvaluator.cs
+++ b/src/Policy/StellaOps.Policy.Engine/DeterminismGuard/GuardedPolicyEvaluator.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.PolicyDsl;
 using System.Collections.Immutable;
 using System.Diagnostics;
-using StellaOps.PolicyDsl;

 namespace StellaOps.Policy.Engine.DeterminismGuard;

--- a/src/Policy/StellaOps.Policy.Engine/Domain/ExceptionMapper.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Domain/ExceptionMapper.cs
@@ -1,6 +1,7 @@
-using System.Collections.Immutable;
+
 using StellaOps.Policy.Exceptions.Models;
 using StellaOps.Policy.Exceptions.Repositories;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Domain;

--- a/src/Policy/StellaOps.Policy.Engine/Domain/PolicyBundleModels.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Domain/PolicyBundleModels.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Policy.Engine.Services;
 using System.Collections.Immutable;
 using System.Text.Json.Serialization;
-using StellaOps.Policy.Engine.Services;

 namespace StellaOps.Policy.Engine.Domain;

--- a/src/Policy/StellaOps.Policy.Engine/Domain/PolicyPackRecord.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Domain/PolicyPackRecord.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.PolicyDsl;
 using System.Collections.Concurrent;
 using System.Collections.Immutable;
-using StellaOps.PolicyDsl;

 namespace StellaOps.Policy.Engine.Domain;

--- a/src/Policy/StellaOps.Policy.Engine/EffectiveDecisionMap/RedisEffectiveDecisionMap.cs
+++ b/src/Policy/StellaOps.Policy.Engine/EffectiveDecisionMap/RedisEffectiveDecisionMap.cs
@@ -1,9 +1,10 @@
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using StackExchange.Redis;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Engine.Telemetry;
-using StackExchange.Redis;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.EffectiveDecisionMap;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/BatchEvaluationEndpoint.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/BatchEvaluationEndpoint.cs
@@ -1,10 +1,11 @@
-using System.Diagnostics;
-using System.Linq;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.BatchEvaluation;
 using StellaOps.Policy.Engine.Services;
+using System.Diagnostics;
+using System.Linq;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/CvssReceiptEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/CvssReceiptEndpoints.cs
@@ -1,13 +1,14 @@
-using System.Collections.Generic;
-using System.Collections.Immutable;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
-using StellaOps.Auth.Abstractions;
 using StellaOps.Attestor.Envelope;
+using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Scoring;
 using StellaOps.Policy.Scoring.Engine;
 using StellaOps.Policy.Scoring.Receipts;
+using System.Collections.Generic;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/DeterminizationConfigEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/DeterminizationConfigEndpoints.cs
@@ -3,12 +3,13 @@
 // Sprint: SPRINT_20260112_012_POLICY_determinization_reanalysis_config (POLICY-CONFIG-004)
 // </copyright>

-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Determinization;
+using System.Security.Claims;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/EffectivePolicyEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/EffectivePolicyEndpoints.cs
@@ -1,9 +1,10 @@
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.RiskProfile.Scope;
+using System.Security.Claims;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/OverrideEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/OverrideEndpoints.cs
@@ -1,9 +1,10 @@
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.RiskProfile.Overrides;
+using System.Security.Claims;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/PathScopeSimulationEndpoint.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/PathScopeSimulationEndpoint.cs
@@ -1,10 +1,11 @@
-using System.Text;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Policy.Engine.Options;
-using StellaOps.Policy.Engine.Streaming;
 using StellaOps.Policy.Engine.Overlay;
+using StellaOps.Policy.Engine.Streaming;
+using System.Text;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/PolicyPackEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/PolicyPackEndpoints.cs
@@ -1,10 +1,11 @@
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Determinism;
 using StellaOps.Policy.Engine.Domain;
 using StellaOps.Policy.Engine.Services;
+using System.Security.Claims;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/PolicySnapshotEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/PolicySnapshotEndpoints.cs
@@ -1,7 +1,8 @@
+
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
-using StellaOps.Policy.Engine.Snapshots;
 using StellaOps.Policy.Engine.Services;
+using StellaOps.Policy.Engine.Snapshots;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/ProfileEventEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/ProfileEventEndpoints.cs
@@ -1,9 +1,10 @@
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.Events;
 using StellaOps.Policy.Engine.Services;
+using System.Security.Claims;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/ProfileExportEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/ProfileExportEndpoints.cs
@@ -1,11 +1,12 @@
-using System.Security.Claims;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Cryptography;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.RiskProfile.Export;
+using System.Security.Claims;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileEndpoints.cs
@@ -1,11 +1,12 @@
-using System.Security.Claims;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.RiskProfile.Lifecycle;
 using StellaOps.Policy.RiskProfile.Models;
+using System.Security.Claims;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileSchemaEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileSchemaEndpoints.cs
@@ -1,8 +1,9 @@
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Net.Http.Headers;
 using StellaOps.Policy.RiskProfile.Schema;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Endpoints/ScopeAttachmentEndpoints.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Endpoints/ScopeAttachmentEndpoints.cs
@@ -1,9 +1,10 @@
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.RiskProfile.Scope;
+using System.Security.Claims;

 namespace StellaOps.Policy.Engine.Endpoints;

--- a/src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyEvaluationContext.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyEvaluationContext.cs
@@ -1,16 +1,17 @@
-using System;
-using System.Collections.Generic;
-using System.Collections.Immutable;
-using System.Linq;
+
+using StellaOps.Concelier.SbomIntegration.Models;
 using StellaOps.Policy;
 using StellaOps.Policy.Confidence.Models;
 using StellaOps.Policy.Exceptions.Models;
 using StellaOps.Policy.Licensing;
 using StellaOps.Policy.NtiaCompliance;
-using StellaOps.Concelier.SbomIntegration.Models;
 using StellaOps.Policy.Unknowns.Models;
 using StellaOps.PolicyDsl;
 using StellaOps.Signals.EvidenceWeightedScore;
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Linq;

 namespace StellaOps.Policy.Engine.Evaluation;

--- a/src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyEvaluator.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyEvaluator.cs
@@ -1,10 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Collections.Immutable;
-using System.Globalization;
-using System.Linq;
-using System.Security.Cryptography;
-using System.Text;
+
+// Alias Confidence types to avoid ambiguity with EWS types
+
+using ConfidenceReachabilityState = StellaOps.Policy.Confidence.Models.ReachabilityState;
+using ConfidenceRuntimePosture = StellaOps.Policy.Confidence.Models.RuntimePosture;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy;
 using StellaOps.Policy.Confidence.Configuration;
@@ -14,10 +12,13 @@ using StellaOps.Policy.Engine.Scoring.EvidenceWeightedScore;
 using StellaOps.Policy.Unknowns.Models;
 using StellaOps.Policy.Unknowns.Services;
 using StellaOps.PolicyDsl;
-
-// Alias Confidence types to avoid ambiguity with EWS types
-using ConfidenceReachabilityState = StellaOps.Policy.Confidence.Models.ReachabilityState;
-using ConfidenceRuntimePosture = StellaOps.Policy.Confidence.Models.RuntimePosture;
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Globalization;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;

 namespace StellaOps.Policy.Engine.Evaluation;

--- a/src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyExpressionEvaluator.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyExpressionEvaluator.cs
@@ -1,12 +1,13 @@
+
+using StellaOps.Policy.Licensing;
+using StellaOps.Policy.NtiaCompliance;
+using StellaOps.PolicyDsl;
+using StellaOps.Signals.EvidenceWeightedScore;
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Globalization;
 using System.Linq;
-using StellaOps.PolicyDsl;
-using StellaOps.Policy.Licensing;
-using StellaOps.Policy.NtiaCompliance;
-using StellaOps.Signals.EvidenceWeightedScore;

 namespace StellaOps.Policy.Engine.Evaluation;

--- a/src/Policy/StellaOps.Policy.Engine/Evaluation/VerdictSummary.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Evaluation/VerdictSummary.cs
@@ -5,8 +5,9 @@
 // Description: VerdictSummary extension for including EWS bucket and top factors
 // -----------------------------------------------------------------------------

-using System.Collections.Immutable;
+
 using StellaOps.Signals.EvidenceWeightedScore;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Evaluation;

--- a/src/Policy/StellaOps.Policy.Engine/Events/PolicyEventProcessor.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Events/PolicyEventProcessor.cs
@@ -1,10 +1,11 @@
-using System.Collections.Concurrent;
-using System.Collections.Immutable;
-using System.Diagnostics;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Engine.IncrementalOrchestrator;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Engine.Telemetry;
+using System.Collections.Concurrent;
+using System.Collections.Immutable;
+using System.Diagnostics;

 namespace StellaOps.Policy.Engine.Events;

--- a/src/Policy/StellaOps.Policy.Engine/Events/ProfileEventModels.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Events/ProfileEventModels.cs
@@ -1,5 +1,6 @@
-using System.Text.Json.Serialization;
+
 using StellaOps.Policy.RiskProfile.Lifecycle;
+using System.Text.Json.Serialization;

 namespace StellaOps.Policy.Engine.Events;

--- a/src/Policy/StellaOps.Policy.Engine/Events/ProfileEventPublisher.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Events/ProfileEventPublisher.cs
@@ -1,9 +1,10 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Policy.Engine.Telemetry;
 using System.Collections.Concurrent;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;
-using StellaOps.Policy.Engine.Telemetry;

 namespace StellaOps.Policy.Engine.Events;

--- a/src/Policy/StellaOps.Policy.Engine/ExceptionCache/MessagingExceptionEffectiveCache.cs
+++ b/src/Policy/StellaOps.Policy.Engine/ExceptionCache/MessagingExceptionEffectiveCache.cs
@@ -1,7 +1,4 @@
-using System.Collections.Immutable;
-using System.Diagnostics;
-using System.Globalization;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Messaging;
@@ -10,6 +7,10 @@ using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Engine.Telemetry;
 using StellaOps.Policy.Persistence.Postgres.Models;
 using StellaOps.Policy.Persistence.Postgres.Repositories;
+using System.Collections.Immutable;
+using System.Diagnostics;
+using System.Globalization;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.ExceptionCache;

--- a/src/Policy/StellaOps.Policy.Engine/ExceptionCache/RedisExceptionEffectiveCache.cs
+++ b/src/Policy/StellaOps.Policy.Engine/ExceptionCache/RedisExceptionEffectiveCache.cs
@@ -1,14 +1,15 @@
-using System.Collections.Immutable;
-using System.Diagnostics;
-using System.Globalization;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using StackExchange.Redis;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Engine.Telemetry;
 using StellaOps.Policy.Persistence.Postgres.Models;
 using StellaOps.Policy.Persistence.Postgres.Repositories;
-using StackExchange.Redis;
+using System.Collections.Immutable;
+using System.Diagnostics;
+using System.Globalization;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.ExceptionCache;

--- a/src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGate.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGate.cs
@@ -1,5 +1,4 @@
-using System.Collections.Immutable;
-using System.Diagnostics.Metrics;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy;
 using StellaOps.Policy.Determinization;
@@ -9,6 +8,8 @@ using StellaOps.Policy.Engine.Gates.Determinization;
 using StellaOps.Policy.Engine.Policies;
 using StellaOps.Policy.Gates;
 using StellaOps.Policy.TrustLattice;
+using System.Collections.Immutable;
+using System.Diagnostics.Metrics;

 namespace StellaOps.Policy.Engine.Gates;

--- a/src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGateMetrics.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGateMetrics.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Policy.Determinization.Models;
 using System.Diagnostics;
 using System.Diagnostics.Metrics;
-using StellaOps.Policy.Determinization.Models;

 namespace StellaOps.Policy.Engine.Gates.Determinization;

--- a/src/Policy/StellaOps.Policy.Engine/Gates/DriftGateEvaluator.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Gates/DriftGateEvaluator.cs
@@ -4,11 +4,12 @@
 // Description: Evaluates drift gates for CI/CD pipeline gating.
 // -----------------------------------------------------------------------------

-using System.Collections.Immutable;
-using System.Globalization;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Determinism;
+using System.Collections.Immutable;
+using System.Globalization;

 namespace StellaOps.Policy.Engine.Gates;

--- a/src/Policy/StellaOps.Policy.Engine/Gates/IDeterminizationGate.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Gates/IDeterminizationGate.cs
@@ -1,7 +1,8 @@
-using System.Collections.Immutable;
+
 using StellaOps.Policy;
 using StellaOps.Policy.Determinization.Models;
 using StellaOps.Policy.Gates;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Gates;

--- a/src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs
@@ -1,7 +1,8 @@
-using System.Collections.Immutable;
-using System.Globalization;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System.Collections.Immutable;
+using System.Globalization;

 namespace StellaOps.Policy.Engine.Gates;

--- a/src/Policy/StellaOps.Policy.Engine/Gates/StabilityDampingGate.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Gates/StabilityDampingGate.cs
@@ -1,9 +1,10 @@
 // Licensed to StellaOps under the BUSL-1.1 license.

-using System.Collections.Concurrent;
-using System.Globalization;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System.Collections.Concurrent;
+using System.Globalization;

 namespace StellaOps.Policy.Engine.Gates;

--- a/src/Policy/StellaOps.Policy.Engine/Gates/VexTrustGate.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Gates/VexTrustGate.cs
@@ -1,6 +1,9 @@
 // VexTrustGate - Policy gate for VEX trust verification
 // Part of SPRINT_1227_0004_0003: VexTrustGate Policy Integration

+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
@@ -8,8 +11,6 @@ using System.Linq;
 using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;

 namespace StellaOps.Policy.Engine.Gates;

--- a/src/Policy/StellaOps.Policy.Engine/IncrementalOrchestrator/IncrementalOrchestratorBackgroundService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/IncrementalOrchestrator/IncrementalOrchestratorBackgroundService.cs
@@ -1,3 +1,4 @@
+
 using System.Collections.Immutable;
 using System.Diagnostics;

--- a/src/Policy/StellaOps.Policy.Engine/Ledger/LedgerExportService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Ledger/LedgerExportService.cs
@@ -1,6 +1,7 @@
+
+using StellaOps.Policy.Engine.Orchestration;
 using System.Globalization;
 using System.Text.Json;
-using StellaOps.Policy.Engine.Orchestration;

 namespace StellaOps.Policy.Engine.Ledger;

--- a/src/Policy/StellaOps.Policy.Engine/Materialization/PolicyExplainTrace.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Materialization/PolicyExplainTrace.cs
@@ -1,7 +1,8 @@
-using System;
-using System.Collections.Immutable;
+
 using StellaOps.Policy;
 using StellaOps.Signals.EvidenceWeightedScore;
+using System;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Materialization;

--- a/src/Policy/StellaOps.Policy.Engine/MergePreview/PolicyMergePreviewService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/MergePreview/PolicyMergePreviewService.cs
@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;

 namespace StellaOps.Policy.Engine.MergePreview;

--- a/src/Policy/StellaOps.Policy.Engine/Notifications/PolicyProfileNotificationPublisher.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Notifications/PolicyProfileNotificationPublisher.cs
@@ -1,9 +1,10 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System.Diagnostics;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;

 namespace StellaOps.Policy.Engine.Notifications;

--- a/src/Policy/StellaOps.Policy.Engine/Options/PolicyEngineOptions.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Options/PolicyEngineOptions.cs
@@ -1,10 +1,11 @@
-using System.Collections.ObjectModel;
+
 using StellaOps.Auth.Abstractions;
 using StellaOps.Policy.Engine.Caching;
 using StellaOps.Policy.Engine.EffectiveDecisionMap;
 using StellaOps.Policy.Engine.ExceptionCache;
 using StellaOps.Policy.Engine.ReachabilityFacts;
 using StellaOps.Policy.Engine.Telemetry;
+using System.Collections.ObjectModel;

 namespace StellaOps.Policy.Engine.Options;

--- a/src/Policy/StellaOps.Policy.Engine/Overlay/FileOverlayStore.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Overlay/FileOverlayStore.cs
@@ -1,6 +1,7 @@
+
+using Microsoft.Extensions.Hosting;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Hosting;

 namespace StellaOps.Policy.Engine.Overlay;

--- a/src/Policy/StellaOps.Policy.Engine/Overlay/OverlayProjectionModels.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Overlay/OverlayProjectionModels.cs
@@ -1,5 +1,6 @@
-using System.Text.Json.Serialization;
+
 using StellaOps.Policy.Engine.Streaming;
+using System.Text.Json.Serialization;

 namespace StellaOps.Policy.Engine.Overlay;

--- a/src/Policy/StellaOps.Policy.Engine/Overlay/OverlayProjectionService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Overlay/OverlayProjectionService.cs
@@ -1,7 +1,8 @@
-using System.Globalization;
-using System.Text.Json;
+
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Engine.Streaming;
+using System.Globalization;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.Overlay;

--- a/src/Policy/StellaOps.Policy.Engine/Overlay/PathScopeSimulationBridgeModels.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Overlay/PathScopeSimulationBridgeModels.cs
@@ -1,5 +1,6 @@
-using System.Text.Json.Serialization;
+
 using StellaOps.Policy.Engine.Streaming;
+using System.Text.Json.Serialization;

 namespace StellaOps.Policy.Engine.Overlay;

--- a/src/Policy/StellaOps.Policy.Engine/Overlay/PathScopeSimulationBridgeService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Overlay/PathScopeSimulationBridgeService.cs
@@ -1,8 +1,9 @@
-using System.Text.Json;
-using System.Text;
-using System.Security.Cryptography;
+
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Engine.Streaming;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;

 namespace StellaOps.Policy.Engine.Overlay;

--- a/src/Policy/StellaOps.Policy.Engine/Program.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Program.cs
@@ -1,31 +1,32 @@
-using System.IO;
-using System.Threading.RateLimiting;
+
 using Microsoft.AspNetCore.RateLimiting;
 using Microsoft.Extensions.Options;
 using NetEscapades.Configuration.Yaml;
+using StellaOps.AirGap.Policy;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Auth.Client;
 using StellaOps.Auth.ServerIntegration;
 using StellaOps.Configuration;
+using StellaOps.Policy.Engine.BatchEvaluation;
+using StellaOps.Policy.Engine.Compilation;
+using StellaOps.Policy.Engine.ConsoleSurface;
+using StellaOps.Policy.Engine.DependencyInjection;
+using StellaOps.Policy.Engine.Endpoints;
 using StellaOps.Policy.Engine.Hosting;
 using StellaOps.Policy.Engine.Options;
-using StellaOps.Policy.Engine.Compilation;
-using StellaOps.Policy.Engine.Endpoints;
-using StellaOps.Policy.Engine.BatchEvaluation;
-using StellaOps.Policy.Engine.DependencyInjection;
-using StellaOps.PolicyDsl;
-using StellaOps.Policy.Engine.Services;
-using StellaOps.Policy.Engine.Workers;
-using StellaOps.Policy.Engine.Streaming;
-using StellaOps.Policy.Engine.Telemetry;
-using StellaOps.Policy.Engine.ConsoleSurface;
-using StellaOps.AirGap.Policy;
 using StellaOps.Policy.Engine.Orchestration;
 using StellaOps.Policy.Engine.ReachabilityFacts;
+using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Engine.Storage.InMemory;
+using StellaOps.Policy.Engine.Streaming;
+using StellaOps.Policy.Engine.Telemetry;
+using StellaOps.Policy.Engine.Workers;
+using StellaOps.Policy.Persistence.Postgres;
 using StellaOps.Policy.Scoring.Engine;
 using StellaOps.Policy.Scoring.Receipts;
-using StellaOps.Policy.Persistence.Postgres;
+using StellaOps.PolicyDsl;
+using System.IO;
+using System.Threading.RateLimiting;

 var builder = WebApplication.CreateBuilder(args);

--- a/src/Policy/StellaOps.Policy.Engine/ReachabilityFacts/ReachabilityFactsJoiningService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/ReachabilityFacts/ReachabilityFactsJoiningService.cs
@@ -1,6 +1,7 @@
-using System.Diagnostics;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Engine.Telemetry;
+using System.Diagnostics;

 namespace StellaOps.Policy.Engine.ReachabilityFacts;

--- a/src/Policy/StellaOps.Policy.Engine/ReachabilityFacts/ReachabilityFactsOverlayCache.cs
+++ b/src/Policy/StellaOps.Policy.Engine/ReachabilityFacts/ReachabilityFactsOverlayCache.cs
@@ -1,10 +1,11 @@
-using System.Collections.Concurrent;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Engine.Telemetry;
+using System.Collections.Concurrent;
+using System.Text.Json;
+using System.Text.Json.Serialization;

 namespace StellaOps.Policy.Engine.ReachabilityFacts;

--- a/src/Policy/StellaOps.Policy.Engine/ReachabilityFacts/ReachabilityFactsSignalsClient.cs
+++ b/src/Policy/StellaOps.Policy.Engine/ReachabilityFacts/ReachabilityFactsSignalsClient.cs
@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Policy.Engine.Telemetry;
 using System.Diagnostics;
 using System.Net;
 using System.Net.Http.Json;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Policy.Engine.Telemetry;

 namespace StellaOps.Policy.Engine.ReachabilityFacts;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/Engines/ProofAwareScoringEngine.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/Engines/ProofAwareScoringEngine.cs
@@ -5,6 +5,7 @@
 // Description: Decorator that emits proof ledger nodes during scoring
 // -----------------------------------------------------------------------------

+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Scoring;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/DualEmitVerdictEnricher.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/DualEmitVerdictEnricher.cs
@@ -5,11 +5,12 @@
 // Description: Dual-emit mode for Confidence and EWS scores in verdicts
 // -----------------------------------------------------------------------------

-using System.Diagnostics.Metrics;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy.Confidence.Models;
 using StellaOps.Signals.EvidenceWeightedScore;
+using System.Diagnostics.Metrics;

 namespace StellaOps.Policy.Engine.Scoring.EvidenceWeightedScore;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/EvidenceWeightedScoreEnricher.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/EvidenceWeightedScoreEnricher.cs
@@ -3,12 +3,13 @@
 // Sprint: SPRINT_8200_0012_0003_policy_engine_integration
 // Task: PINT-8200-004 - Implement EvidenceWeightedScoreEnricher

-using System.Collections.Concurrent;
-using System.Diagnostics;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Signals.EvidenceWeightedScore;
 using StellaOps.Signals.EvidenceWeightedScore.Normalizers;
+using System.Collections.Concurrent;
+using System.Diagnostics;

 namespace StellaOps.Policy.Engine.Scoring.EvidenceWeightedScore;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/EwsTelemetryService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/EwsTelemetryService.cs
@@ -3,9 +3,10 @@
 // Sprint: SPRINT_8200_0012_0003_policy_engine_integration
 // Task: PINT-8200-039 - Add telemetry: score calculation duration, cache hit rate

+
+using Microsoft.Extensions.Options;
 using System.Diagnostics;
 using System.Diagnostics.Metrics;
-using Microsoft.Extensions.Options;

 namespace StellaOps.Policy.Engine.Scoring.EvidenceWeightedScore;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/MigrationTelemetryService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/MigrationTelemetryService.cs
@@ -5,12 +5,13 @@
 // Description: Migration telemetry comparing Confidence vs EWS rankings
 // -----------------------------------------------------------------------------

-using System.Collections.Concurrent;
-using System.Diagnostics.Metrics;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy.Confidence.Models;
 using StellaOps.Signals.EvidenceWeightedScore;
+using System.Collections.Concurrent;
+using System.Diagnostics.Metrics;

 namespace StellaOps.Policy.Engine.Scoring.EvidenceWeightedScore;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/PolicyEvaluationContextEwsExtensions.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/PolicyEvaluationContextEwsExtensions.cs
@@ -3,22 +3,23 @@
 // Sprint: SPRINT_8200_0012_0003_policy_engine_integration
 // Task: PINT-8200-005, PINT-8200-006 - Integrate enricher into PolicyEvaluator pipeline

-using StellaOps.Signals.EvidenceWeightedScore.Normalizers;

 // Type aliases to avoid conflicts with types in StellaOps.Policy.Engine.Scoring
+
+using EwsActiveMitigation = StellaOps.Signals.EvidenceWeightedScore.ActiveMitigation;
+using EwsBackportEvidenceTier = StellaOps.Signals.EvidenceWeightedScore.BackportEvidenceTier;
+using EwsBackportInput = StellaOps.Signals.EvidenceWeightedScore.BackportInput;
+using EwsBackportStatus = StellaOps.Signals.EvidenceWeightedScore.BackportStatus;
+using EwsExploitInput = StellaOps.Signals.EvidenceWeightedScore.ExploitInput;
+using EwsIssuerType = StellaOps.Signals.EvidenceWeightedScore.IssuerType;
+using EwsKevStatus = StellaOps.Signals.EvidenceWeightedScore.KevStatus;
+using EwsMitigationInput = StellaOps.Signals.EvidenceWeightedScore.MitigationInput;
 using EwsReachabilityInput = StellaOps.Signals.EvidenceWeightedScore.ReachabilityInput;
 using EwsReachabilityState = StellaOps.Signals.EvidenceWeightedScore.ReachabilityState;
 using EwsRuntimeInput = StellaOps.Signals.EvidenceWeightedScore.RuntimeInput;
 using EwsRuntimePosture = StellaOps.Signals.EvidenceWeightedScore.RuntimePosture;
-using EwsBackportInput = StellaOps.Signals.EvidenceWeightedScore.BackportInput;
-using EwsBackportStatus = StellaOps.Signals.EvidenceWeightedScore.BackportStatus;
-using EwsBackportEvidenceTier = StellaOps.Signals.EvidenceWeightedScore.BackportEvidenceTier;
-using EwsExploitInput = StellaOps.Signals.EvidenceWeightedScore.ExploitInput;
-using EwsKevStatus = StellaOps.Signals.EvidenceWeightedScore.KevStatus;
 using EwsSourceTrustInput = StellaOps.Signals.EvidenceWeightedScore.SourceTrustInput;
-using EwsIssuerType = StellaOps.Signals.EvidenceWeightedScore.IssuerType;
-using EwsMitigationInput = StellaOps.Signals.EvidenceWeightedScore.MitigationInput;
-using EwsActiveMitigation = StellaOps.Signals.EvidenceWeightedScore.ActiveMitigation;
+using StellaOps.Signals.EvidenceWeightedScore.Normalizers;

 namespace StellaOps.Policy.Engine.Scoring.EvidenceWeightedScore;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/RiskScoringModels.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/RiskScoringModels.cs
@@ -1,5 +1,6 @@
-using System.Text.Json.Serialization;
+
 using StellaOps.Policy.Scoring;
+using System.Text.Json.Serialization;

 namespace StellaOps.Policy.Engine.Scoring;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/RiskScoringTriggerService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/RiskScoringTriggerService.cs
@@ -1,10 +1,11 @@
-using System.Collections.Concurrent;
-using System.Text;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Cryptography;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Engine.Telemetry;
 using StellaOps.Policy.RiskProfile.Hashing;
+using System.Collections.Concurrent;
+using System.Text;

 namespace StellaOps.Policy.Engine.Scoring;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/ScorePolicyService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/ScorePolicyService.cs
@@ -1,9 +1,10 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Policy.Scoring;
 using System.Collections.Concurrent;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;
-using StellaOps.Policy.Scoring;

 namespace StellaOps.Policy.Engine.Scoring;

--- a/src/Policy/StellaOps.Policy.Engine/Scoring/ScoringProfileService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Scoring/ScoringProfileService.cs
@@ -5,9 +5,10 @@
 // Description: Service for managing tenant scoring profile configurations
 // -----------------------------------------------------------------------------

-using System.Collections.Concurrent;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Scoring;
+using System.Collections.Concurrent;

 namespace StellaOps.Policy.Engine.Scoring;

--- a/src/Policy/StellaOps.Policy.Engine/Services/EffectivePolicyAuditor.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/EffectivePolicyAuditor.cs
@@ -1,6 +1,7 @@
-using System.Globalization;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.RiskProfile.Scope;
+using System.Globalization;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/EvidenceSummaryService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/EvidenceSummaryService.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.Policy.Engine.Domain;
 using System.Buffers.Binary;
 using System.Security.Cryptography;
 using System.Text;
-using StellaOps.Policy.Engine.Domain;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/ExceptionAwareEvaluationService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/ExceptionAwareEvaluationService.cs
@@ -1,8 +1,9 @@
-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Engine.Adapters;
 using StellaOps.Policy.Engine.Evaluation;
 using StellaOps.Policy.Engine.Telemetry;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/InMemoryPolicyPackRepository.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/InMemoryPolicyPackRepository.cs
@@ -1,5 +1,6 @@
-using System.Collections.Concurrent;
+
 using StellaOps.Policy.Engine.Domain;
+using System.Collections.Concurrent;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/LicenseComplianceService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/LicenseComplianceService.cs
@@ -1,9 +1,10 @@
-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy.Engine.Evaluation;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Licensing;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/PolicyActivationAuditor.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/PolicyActivationAuditor.cs
@@ -1,9 +1,10 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Engine.Domain;
 using StellaOps.Policy.Engine.Options;
+using System;
+using System.Collections.Generic;
+using System.Linq;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/PolicyActivationSettings.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/PolicyActivationSettings.cs
@@ -1,5 +1,6 @@
-using System;
+
 using StellaOps.Policy.Engine.Options;
+using System;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/PolicyBundleService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/PolicyBundleService.cs
@@ -1,7 +1,8 @@
+
+using StellaOps.Policy.Engine.Domain;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using System.Text;
-using StellaOps.Policy.Engine.Domain;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/PolicyCompilationService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/PolicyCompilationService.cs
@@ -1,6 +1,15 @@
-using System;
-using System.Collections.Immutable;
-using System.Diagnostics;
+
+using DslCompilationResult = StellaOps.PolicyDsl.PolicyCompilationResult;
+using DslCompiler = StellaOps.PolicyDsl.PolicyCompiler;
+using IrAction = StellaOps.PolicyDsl.PolicyIrAction;
+using IrAnnotateAction = StellaOps.PolicyDsl.PolicyIrAnnotateAction;
+using IrAssignmentAction = StellaOps.PolicyDsl.PolicyIrAssignmentAction;
+using IrDeferAction = StellaOps.PolicyDsl.PolicyIrDeferAction;
+using IrDocument = StellaOps.PolicyDsl.PolicyIrDocument;
+using IrEscalateAction = StellaOps.PolicyDsl.PolicyIrEscalateAction;
+using IrIgnoreAction = StellaOps.PolicyDsl.PolicyIrIgnoreAction;
+using IrRequireVexAction = StellaOps.PolicyDsl.PolicyIrRequireVexAction;
+using IrWarnAction = StellaOps.PolicyDsl.PolicyIrWarnAction;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy;
@@ -8,17 +17,9 @@ using StellaOps.Policy.Engine.Compilation;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Engine.Telemetry;
 using StellaOps.PolicyDsl;
-using DslCompiler = StellaOps.PolicyDsl.PolicyCompiler;
-using DslCompilationResult = StellaOps.PolicyDsl.PolicyCompilationResult;
-using IrDocument = StellaOps.PolicyDsl.PolicyIrDocument;
-using IrAction = StellaOps.PolicyDsl.PolicyIrAction;
-using IrAssignmentAction = StellaOps.PolicyDsl.PolicyIrAssignmentAction;
-using IrAnnotateAction = StellaOps.PolicyDsl.PolicyIrAnnotateAction;
-using IrIgnoreAction = StellaOps.PolicyDsl.PolicyIrIgnoreAction;
-using IrEscalateAction = StellaOps.PolicyDsl.PolicyIrEscalateAction;
-using IrRequireVexAction = StellaOps.PolicyDsl.PolicyIrRequireVexAction;
-using IrWarnAction = StellaOps.PolicyDsl.PolicyIrWarnAction;
-using IrDeferAction = StellaOps.PolicyDsl.PolicyIrDeferAction;
+using System;
+using System.Collections.Immutable;
+using System.Diagnostics;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/PolicyEvaluationService.PathScope.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/PolicyEvaluationService.PathScope.cs
@@ -1,3 +1,5 @@
+
+using StellaOps.Policy.Engine.Streaming;
 using System.Diagnostics;
 using System.Globalization;
 using System.Linq;
@@ -6,7 +8,6 @@ using System.Text;
 using System.Text.Json;
 using System.Text.Json.Nodes;
 using System.Text.Json.Serialization;
-using StellaOps.Policy.Engine.Streaming;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/PolicyEvaluationService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/PolicyEvaluationService.cs
@@ -1,8 +1,9 @@
-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.PolicyDsl;
 using StellaOps.Policy.Engine.Evaluation;
+using StellaOps.PolicyDsl;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Services;

--- a/src/Policy/StellaOps.Policy.Engine/Services/PolicyExplainerService.cs
+++ b/src/Policy/StellaOps.Policy.Engine/Services/PolicyExplainerService.cs
@@ -1,7 +1,8 @@
-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
 using StellaOps.Policy.Engine.Domain;
 using StellaOps.Policy.Engine.Telemetry;
+using System.Collections.Immutable;

 namespace StellaOps.Policy.Engine.Services;

--- a/Show More
+++ b/Show More