stabilize tests

src/Scanner/AGENTS.md

@@ -1,4 +1,4 @@
-# AGENTS · Scanner Module
+# AGENTS ?? Scanner Module
 
 ## Roles
 - **Backend / Analyzer Engineer**: .NET 10 (preview) for analyzers, worker, web service, plug-ins; keep outputs deterministic.
@@ -10,16 +10,16 @@
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/modules/platform/architecture-overview.md`
 - `docs/modules/scanner/architecture.md`
-- `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md` (sections 5.5–5.9 for native/JS/PHP updates)
+- `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md` (sections 5.5???5.9 for native/JS/PHP updates)
 - `docs/modules/reach-graph/guides/purl-resolved-edges.md`
 - `docs/modules/reach-graph/guides/patch-oracles.md`
-- `docs/product/advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for Smart-Diff predicates)
-- Current sprint file (e.g., `docs/implplan/SPRINT_401_reachability_evidence_chain.md`).
+- `docs-archived/product/advisories/2025-12-21-moat-gap-closure/14-Dec-2025 - Smart-Diff Technical Reference.md` (for Smart-Diff predicates)
+- Current sprint file (e.g., `docs-archived/implplan/SPRINT_0401_0001_0001_reachability_evidence_chain.md`).
 
 ## Working Directory & Boundaries
 - Primary scope: `src/Scanner/**` (analyzers, worker, web service, plugins, __Libraries, __Tests, __Benchmarks, docs).
 - Avoid cross-module edits unless sprint explicitly permits; note any cross-module change in sprint tracker.
-- Keep fixtures minimal/deterministic; store under `src/Scanner/__Tests/Fixtures` or `__Benchmarks`.
+- Keep fixtures minimal/deterministic; store under `src/Scanner/__Tests/__Datasets` or `__Benchmarks`.
 
 ## Smart-Diff Contracts (Sprint 3500)
 
@@ -37,7 +37,7 @@ The Scanner module now includes Smart-Diff foundation primitives:
 
 ### Predicate Schema
 - URI: `stellaops.dev/predicates/smart-diff@v1`
-- Schema: `docs/schemas/stellaops-smart-diff.v1.schema.json`
+- Schema: `src/Attestor/StellaOps.Attestor.Types/schemas/stellaops-smart-diff.v1.schema.json`
 - DSSE-signed predicates for evidence chain
 
 ### Integration Points
@@ -58,7 +58,7 @@ Reachability Drift Detection tracks function-level reachability changes between
 - `ReachabilityDriftResult` - Drift analysis output (newly reachable, mitigated paths)
 - `DriftedSink` - Sink that changed reachability state with cause attribution
 - `DriftCause` - Causal explanation (guard removed, new route, code change)
-- `CompressedPath` - Compact path representation (entrypoint → key nodes → sink)
+- `CompressedPath` - Compact path representation (entrypoint ??? key nodes ??? sink)
 - `ReachabilityConfidenceTier` - Confirmed/Likely/Present/Unreachable tiers
 
 ### Predicate Schema
@@ -156,17 +156,17 @@ Layered binary reachability with attestable slices for CVE triage:
 
 ### Sprint Summary
 - **3800**: Binary call-edge enhancement (disassembly, PLT/IAT, dynamic loading)
-- **3810**: CVE→Symbol mapping and slice format
+- **3810**: CVE???Symbol mapping and slice format
 - **3820**: Slice query and replay APIs
 - **3830**: VEX integration and policy binding
 - **3840**: Runtime trace merge (eBPF/ETW)
 - **3850**: OCI storage and CLI commands
 
-See: `docs/implplan/SPRINT_3800_0000_0000_summary.md`
+See: `docs-archived/implplan/SPRINT_3800_0000_0000_summary.md`
 
 ### Libraries
 - `StellaOps.Scanner.Reachability.Slices` - Slice extraction, DSSE signing, verdict computation
-- `StellaOps.Scanner.Advisory` - CVE→symbol mapping integration with Concelier
+- `StellaOps.Scanner.Advisory` - CVE???symbol mapping integration with Concelier
 - `StellaOps.Scanner.Runtime` - eBPF/ETW runtime trace collectors
 - `StellaOps.Scanner.Storage.Oci` - OCI artifact storage for slices
 
@@ -174,7 +174,7 @@ See: `docs/implplan/SPRINT_3800_0000_0000_summary.md`
 - `ReachabilitySlice` - Minimal attestable proof unit for CVE reachability
 - `SliceQuery` - Query parameters (CVE, symbols, entrypoints, policy)
 - `SliceVerdict` - Result status (reachable/unreachable/unknown/gated)
-- `VulnSurfaceResult` - CVE→symbol mapping result with confidence
+- `VulnSurfaceResult` - CVE???symbol mapping result with confidence
 
 ### Predicate Schema
 - URI: `stellaops.dev/predicates/reachability-slice@v1`
@@ -193,8 +193,8 @@ See: `docs/implplan/SPRINT_3800_0000_0000_summary.md`
 - `stella binary verify` - Verify attestation
 
 ### Documentation
-- `docs/modules/reach-graph/guides/slice-schema.md` - Slice format specification
-- `docs/modules/reach-graph/guides/cve-symbol-mapping.md` - CVE→symbol service design
+- `docs/modules/reach-graph/schemas/slice-schema.md` - Slice format specification
+- `docs/modules/reach-graph/guides/cve-symbol-mapping.md` - CVE???symbol service design
 - `docs/modules/reach-graph/guides/replay-verification.md` - Replay workflow guide
 
 ## Engineering Rules
@@ -203,7 +203,7 @@ See: `docs/implplan/SPRINT_3800_0000_0000_summary.md`
 - Determinism: stable ordering, UTC ISO-8601 timestamps, no `DateTime.Now`/random without seed; normalize path separators.
 - Logging: structured (`ILogger` message templates); avoid secrets/paths leakage.
 - Security: no executing untrusted payloads; keep analyzers pure; include redaction guidance for runtime capture adapters.
-- Native analyzers: capture `.note.gnu.build-id` when present and thread into `SymbolID`/`code_id`; add synthetic roots for `.preinit_array/.init_array/_init`; emit purl+symbol-digest on call edges; emit Unknowns when symbol→purl or edges are unresolved.
+- Native analyzers: capture `.note.gnu.build-id` when present and thread into `SymbolID`/`code_id`; add synthetic roots for `.preinit_array/.init_array/_init`; emit purl+symbol-digest on call edges; emit Unknowns when symbol???purl or edges are unresolved.
 - Tests: keep patch-oracle fixtures deterministic (strip binaries; stable compilers); add/maintain `tests/reachability/patch-oracles/**` when touching native analyzers.
 
 ## Testing & Verification
@@ -214,6 +214,7 @@ See: `docs/implplan/SPRINT_3800_0000_0000_summary.md`
 - Smart-Diff: Run schema validation tests (`SmartDiffSchemaValidationTests`) for predicate contract changes.
 
 ## Workflow Expectations
-- Mirror task state in sprint tracker (`TODO → DOING → DONE/BLOCKED`); note blockers with the specific decision needed.
+- Mirror task state in sprint tracker (`TODO ??? DOING ??? DONE/BLOCKED`); note blockers with the specific decision needed.
 - Keep resolvers/analyzers parametric on environment data (RID, TFM, search paths); avoid host-global state.
 - When adding DI/manifest registrations, ensure restart-time and worker compatibility; update module docs if contracts change.
+

src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/AGENTS.md

@@ -1,7 +1,7 @@
 # Scanner Deno Analyzer Guild Charter
 
 ## Mission
-Deliver deterministic Deno language analyzers that normalise project inputs, reconstruct module graphs, and surface package/runtime metadata for Scanner’s inventory and usage SBOMs. The analyzers must operate offline, respect the Aggregation-Only Contract, and integrate with shared Surface libraries.
+Deliver deterministic Deno language analyzers that normalise project inputs, reconstruct module graphs, and surface package/runtime metadata for Scanner???s inventory and usage SBOMs. The analyzers must operate offline, respect the Aggregation-Only Contract, and integrate with shared Surface libraries.
 
 ## Scope
 - Normaliser, graph builder, and output emitters under `StellaOps.Scanner.Analyzers.Lang.Deno`.
@@ -15,7 +15,7 @@ Deliver deterministic Deno language analyzers that normalise project inputs, rec
 - `docs/modules/scanner/design/surface-fs.md`
 - `docs/modules/scanner/design/surface-secrets.md`
 - `docs/modules/scanner/design/surface-validation.md`
-- `docs/modules/scanner/implementation_plan.md` (language analyzer sections)
+- `docs-archived/implplan/implementation-plans/scanner-implementation-plan.md` (language analyzer sections)
 - Deno package/docs linked in sprint notes (ensure understanding of import maps, lockfiles, cache behaviour).
 
 ## Working Agreement
@@ -24,4 +24,5 @@ Deliver deterministic Deno language analyzers that normalise project inputs, rec
 3. **Deterministic processing**: no network fetches; rely on cached artifacts; stabilise ordering and timestamps.
 4. **SBOM contract**: populate component data (PURLs, versions, relationships) without deriving policy decisions.
 5. **Testing**: extend golden fixtures, determinism harness, and property tests before merging changes.
-6. **Docs & handoff**: update analyzer notes in `docs/modules/scanner/implementation_plan.md` or contribute a Deno-specific design note when behaviour changes.
+6. **Docs & handoff**: update analyzer notes in `docs-archived/implplan/implementation-plans/scanner-implementation-plan.md` or contribute a Deno-specific design note when behaviour changes.
+

src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/AGENTS.md

@@ -15,7 +15,7 @@ Build deterministic PHP analyzers that normalise composer-based projects, map de
 - `docs/modules/scanner/design/surface-fs.md`
 - `docs/modules/scanner/design/surface-secrets.md`
 - `docs/modules/scanner/design/surface-validation.md`
-- `docs/modules/scanner/implementation_plan.md` (language analyzer roadmap)
+- `docs-archived/implplan/implementation-plans/scanner-implementation-plan.md` (language analyzer roadmap)
 - Composer/autoload references noted in sprint tasks.
 
 ## Working Agreement
@@ -25,3 +25,4 @@ Build deterministic PHP analyzers that normalise composer-based projects, map de
 4. **SBOM integrity**: generate stable package identifiers, autoload edges, and bin scripts while abstaining from policy decisions.
 5. **Testing**: maintain golden fixtures, determinism harness, and regression suites; add new scenarios when behaviour shifts.
 6. **Documentation**: update implementation notes or add PHP-specific design addenda when algorithms change; notify Docs Guild if tutorials require refresh.
+

src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/AGENTS.md

@@ -15,7 +15,7 @@ Provide deterministic Ruby analyzers that interpret bundler/gemspec ecosystems,
 - `docs/modules/scanner/design/surface-fs.md`
 - `docs/modules/scanner/design/surface-secrets.md`
 - `docs/modules/scanner/design/surface-validation.md`
-- `docs/modules/scanner/implementation_plan.md` (language analyzer sections)
+- `docs-archived/implplan/implementation-plans/scanner-implementation-plan.md` (language analyzer sections)
 - Bundler/gemspec references from sprint tasks.
 
 ## Working Agreement
@@ -27,3 +27,4 @@ Provide deterministic Ruby analyzers that interpret bundler/gemspec ecosystems,
 6. **Documentation**: update analyzer notes in implementation plan or add Ruby-focused design doc when behaviour evolves; coordinate with Docs if CLI/UI guides need updates.
 
 - 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
+

src/Scanner/StellaOps.Scanner.Analyzers.Native/AGENTS.md

@@ -1,7 +1,7 @@
 # Scanner Native Analyzer Guild Charter
 
 ## Mission
-Deliver deterministic native binary analyzers that detect entrypoints, dependency edges, and loader behaviours across ELF, PE/COFF, and Mach-O formats. Outputs feed Scanner’s SBOM and runtime posture workflows and must integrate with shared Surface libraries while satisfying Aggregation-Only constraints.
+Deliver deterministic native binary analyzers that detect entrypoints, dependency edges, and loader behaviours across ELF, PE/COFF, and Mach-O formats. Outputs feed Scanner???s SBOM and runtime posture workflows and must integrate with shared Surface libraries while satisfying Aggregation-Only constraints.
 
 ## Scope
 - Format detectors, parsers, and resolver engines in `StellaOps.Scanner.Analyzers.Native`.
@@ -15,13 +15,14 @@ Deliver deterministic native binary analyzers that detect entrypoints, dependenc
 - `docs/modules/scanner/design/surface-fs.md`
 - `docs/modules/scanner/design/surface-secrets.md`
 - `docs/modules/scanner/design/surface-validation.md`
-- `docs/modules/scanner/implementation_plan.md` (native analyzer sections)
+- `docs-archived/implplan/implementation-plans/scanner-implementation-plan.md` (native analyzer sections)
 - Platform-specific loader references cited in sprint notes (e.g., ld.so, SafeDll search, dyld).
 
 ## Working Agreement
-1. **Status sync** – set task state to `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting/finishing work.
-2. **Surface usage** – run Surface.Validation, use Surface.Env for configuration, Surface.FS for cached artefacts, and Surface.Secrets for protected inputs.
-3. **Determinism** – no host filesystem lookups; rely on virtual image roots; stabilise ordering and timestamps.
-4. **AOC compliance** – emit observations/edges without severity or policy interpretation; include provenance and reason codes.
-5. **Testing** – maintain golden fixtures per platform, determinism harness, runtime capture simulations, and performance budgets.
-6. **Documentation** – update implementation plan or create dedicated design notes when algorithms change; coordinate with Docs/Signals guilds for runtime adapters.
+1. **Status sync** ??? set task state to `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting/finishing work.
+2. **Surface usage** ??? run Surface.Validation, use Surface.Env for configuration, Surface.FS for cached artefacts, and Surface.Secrets for protected inputs.
+3. **Determinism** ??? no host filesystem lookups; rely on virtual image roots; stabilise ordering and timestamps.
+4. **AOC compliance** ??? emit observations/edges without severity or policy interpretation; include provenance and reason codes.
+5. **Testing** ??? maintain golden fixtures per platform, determinism harness, runtime capture simulations, and performance budgets.
+6. **Documentation** ??? update implementation plan or create dedicated design notes when algorithms change; coordinate with Docs/Signals guilds for runtime adapters.
+

src/Scanner/StellaOps.Scanner.Analyzers.Native/ElfDynamicSectionParser.cs

@@ -1,3 +1,4 @@
+
 using System.Buffers.Binary;
 using System.Text;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/ElfHardeningExtractor.cs

@@ -1,3 +1,4 @@
+
 using System.Buffers.Binary;
 using System.Collections.Immutable;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/MachoHardeningExtractor.cs

@@ -5,6 +5,7 @@
 // Description: Extracts security hardening flags from macOS Mach-O binaries
 // -----------------------------------------------------------------------------
 
+
 using System.Buffers.Binary;
 using System.Collections.Immutable;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/PeHardeningExtractor.cs

@@ -7,6 +7,7 @@
 // Description: Extracts security hardening flags from Windows PE binaries
 // -----------------------------------------------------------------------------
 
+
 using System.Buffers.Binary;
 using System.Collections.Immutable;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/HeuristicScanner.cs

@@ -1,3 +1,4 @@
+
 using System.Buffers.Binary;
 using System.Text;
 using System.Text.RegularExpressions;

src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/OfflineBuildIdIndex.cs

@@ -1,10 +1,11 @@
-using System.Collections.Frozen;
-using System.Security.Cryptography;
-using System.Text.Json;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Replay.Core;
 using StellaOps.Scanner.ProofSpine;
+using System.Collections.Frozen;
+using System.Security.Cryptography;
+using System.Text.Json;
 
 namespace StellaOps.Scanner.Analyzers.Native.Index;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/MachOLoadCommandParser.cs

@@ -1,3 +1,4 @@
+
 using System.Buffers.Binary;
 using System.Text;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/NativeFormatDetector.cs

@@ -1,3 +1,4 @@
+
 using System;
 using System.Buffers.Binary;
 using System.IO;

src/Scanner/StellaOps.Scanner.Analyzers.Native/PeImportParser.cs

@@ -1,3 +1,4 @@
+
 using System.Buffers.Binary;
 using System.Text;
 using System.Xml;

src/Scanner/StellaOps.Scanner.Analyzers.Native/PeReader.cs

@@ -1,3 +1,4 @@
+
 using System.Buffers.Binary;
 using System.Text;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/Plugin/NativeAnalyzer.cs

@@ -1,6 +1,7 @@
+
 using Microsoft.Extensions.Logging;
-using System.Runtime.CompilerServices;
 using StellaOps.Scanner.Analyzers.Native.Observations;
+using System.Runtime.CompilerServices;
 
 namespace StellaOps.Scanner.Analyzers.Native.Plugin;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/Plugin/NativeAnalyzerPluginCatalog.cs

@@ -1,5 +1,6 @@
-using System.Reflection;
+
 using Microsoft.Extensions.Logging;
+using System.Reflection;
 
 namespace StellaOps.Scanner.Analyzers.Native.Plugin;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/Reachability/NativeReachabilityGraphBuilder.cs

@@ -1,7 +1,8 @@
+
+using StellaOps.Scanner.Analyzers.Native.Observations;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using System.Text;
-using StellaOps.Scanner.Analyzers.Native.Observations;
 
 namespace StellaOps.Scanner.Analyzers.Native.Reachability;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/RuntimeCapture/LinuxEbpfCaptureAdapter.cs

@@ -1,3 +1,5 @@
+
+using StellaOps.Determinism;
 using System.Collections.Concurrent;
 using System.Diagnostics;
 using System.Globalization;
@@ -5,7 +7,6 @@ using System.Runtime.InteropServices;
 using System.Runtime.Versioning;
 using System.Text;
 using System.Text.RegularExpressions;
-using StellaOps.Determinism;
 
 namespace StellaOps.Scanner.Analyzers.Native.RuntimeCapture;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/RuntimeCapture/MacOsDyldCaptureAdapter.cs

@@ -1,10 +1,11 @@
+
+using StellaOps.Determinism;
 using System.Collections.Concurrent;
 using System.Diagnostics;
 using System.Globalization;
 using System.Runtime.InteropServices;
 using System.Runtime.Versioning;
 using System.Text.RegularExpressions;
-using StellaOps.Determinism;
 
 namespace StellaOps.Scanner.Analyzers.Native.RuntimeCapture;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/RuntimeCapture/WindowsEtwCaptureAdapter.cs

@@ -1,3 +1,5 @@
+
+using StellaOps.Determinism;
 using System.Collections.Concurrent;
 using System.Diagnostics;
 using System.Globalization;
@@ -5,7 +7,6 @@ using System.Runtime.InteropServices;
 using System.Runtime.Versioning;
 using System.Security.Principal;
 using System.Text.RegularExpressions;
-using StellaOps.Determinism;
 
 namespace StellaOps.Scanner.Analyzers.Native.RuntimeCapture;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/Sections/ElfSectionHashExtractor.cs

@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Options;
+using StellaOps.Cryptography;
+using StellaOps.Scanner.Contracts;
 using System.Buffers.Binary;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using System.Text;
-using Microsoft.Extensions.Options;
-using StellaOps.Cryptography;
-using StellaOps.Scanner.Contracts;
 
 namespace StellaOps.Scanner.Analyzers.Native;
 

src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md

@@ -13,3 +13,4 @@ Source of truth: `docs/implplan/SPRINT_20260113_001_001_SCANNER_elf_section_hash
 | ELF-SECTION-TESTS-0001 | DONE | Add unit tests for section hashing. |
 | ELF-SECTION-FIXTURES-0001 | DONE | Add ELF fixtures with golden hashes. |
 | ELF-SECTION-DETERMINISM-0001 | DONE | Add determinism regression test. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

src/Scanner/StellaOps.Scanner.Analyzers.Plugin.Unified/AnalyzerPluginAdapter.cs

@@ -1,5 +1,3 @@
-namespace StellaOps.Scanner.Analyzers.Plugin.Unified;
-
 using StellaOps.Plugin.Abstractions;
 using StellaOps.Plugin.Abstractions.Capabilities;
 using StellaOps.Plugin.Abstractions.Context;
@@ -8,6 +6,9 @@ using StellaOps.Plugin.Abstractions.Lifecycle;
 using StellaOps.Scanner.Analyzers.Lang;
 using StellaOps.Scanner.Analyzers.Lang.Plugin;
 
+namespace StellaOps.Scanner.Analyzers.Plugin.Unified;
+
+
 /// <summary>
 /// Adapts an existing ILanguageAnalyzer to the unified IPlugin and IAnalysisCapability interfaces.
 /// This enables gradual migration of Scanner language analyzers to the unified plugin architecture.

src/Scanner/StellaOps.Scanner.Analyzers.Plugin.Unified/AnalyzerPluginAdapterFactory.cs

@@ -1,11 +1,12 @@
-namespace StellaOps.Scanner.Analyzers.Plugin.Unified;
-
 using Microsoft.Extensions.DependencyInjection;
 using StellaOps.Plugin.Abstractions;
 using StellaOps.Plugin.Abstractions.Capabilities;
 using StellaOps.Scanner.Analyzers.Lang;
 using StellaOps.Scanner.Analyzers.Lang.Plugin;
 
+namespace StellaOps.Scanner.Analyzers.Plugin.Unified;
+
+
 /// <summary>
 /// Factory for creating unified analyzer plugin adapters from existing analyzers.
 /// </summary>

src/Scanner/StellaOps.Scanner.Analyzers.Plugin.Unified/TASKS.md

@@ -0,0 +1,8 @@
+# StellaOps.Scanner.Analyzers.Plugin.Unified Task Board
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Scanner/StellaOps.Scanner.Analyzers.Plugin.Unified/StellaOps.Scanner.Analyzers.Plugin.Unified.md. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Attestation/AttestorClient.cs

@@ -1,9 +1,10 @@
+
+using StellaOps.Scanner.Sbomer.BuildXPlugin.Descriptor;
 using System;
 using System.Net.Http;
 using System.Net.Http.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Scanner.Sbomer.BuildXPlugin.Descriptor;
 
 namespace StellaOps.Scanner.Sbomer.BuildXPlugin.Attestation;
 

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Cas/LocalCasClient.cs

@@ -1,8 +1,9 @@
+
+using StellaOps.Cryptography;
 using System;
 using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Cryptography;
 
 namespace StellaOps.Scanner.Sbomer.BuildXPlugin.Cas;
 

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Descriptor/DescriptorGenerator.cs

@@ -1,3 +1,5 @@
+
+using StellaOps.Cryptography;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -5,7 +7,6 @@ using System.IO;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Cryptography;
 
 namespace StellaOps.Scanner.Sbomer.BuildXPlugin.Descriptor;
 

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Program.cs

@@ -1,13 +1,4 @@
-using System;
-using System.IO;
-using System.Linq;
-using System.Reflection;
-using System.Text.Json;
-using System.Threading;
-using System.Threading.Tasks;
-using System.Net.Http;
-using System.Net.Http.Headers;
-using System.Text.Json.Serialization;
+
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -19,6 +10,16 @@ using StellaOps.Scanner.Sbomer.BuildXPlugin.Manifest;
 using StellaOps.Scanner.Sbomer.BuildXPlugin.Surface;
 using StellaOps.Scanner.Surface.Env;
 using StellaOps.Scanner.Surface.Secrets;
+using System;
+using System.IO;
+using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Reflection;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Scanner.Sbomer.BuildXPlugin;
 

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Properties/AssemblyInfo.cs

@@ -1,5 +1,6 @@
-using System.Runtime.CompilerServices;
+
 using StellaOps.Plugin.Versioning;
+using System.Runtime.CompilerServices;
 
 [assembly: InternalsVisibleTo("StellaOps.Scanner.Sbomer.BuildXPlugin.Tests")]
 [assembly: StellaPluginVersion("1.0.0", MinimumHostVersion = "1.0.0", MaximumHostVersion = "1.99.99")]

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Surface/SurfaceCasLayout.cs

@@ -1,8 +1,9 @@
+
+using StellaOps.Cryptography;
 using System;
 using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Cryptography;
 
 namespace StellaOps.Scanner.Sbomer.BuildXPlugin.Surface;
 

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Surface/SurfaceManifestWriter.cs

@@ -1,3 +1,7 @@
+
+using StellaOps.Canonical.Json;
+using StellaOps.Cryptography;
+using StellaOps.Scanner.Surface.FS;
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
@@ -7,9 +11,6 @@ using System.Text.Json;
 using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Canonical.Json;
-using StellaOps.Cryptography;
-using StellaOps.Scanner.Surface.FS;
 
 namespace StellaOps.Scanner.Sbomer.BuildXPlugin.Surface;
 

src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md

@@ -0,0 +1,8 @@
+# StellaOps.Scanner.Sbomer.BuildXPlugin Task Board
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/StellaOps.Scanner.Sbomer.BuildXPlugin.md. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

src/Scanner/StellaOps.Scanner.WebService/Contracts/BunContracts.cs

@@ -1,5 +1,6 @@
-using System.Text.Json.Serialization;
+
 using StellaOps.Scanner.Core.Contracts;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Contracts;
 

src/Scanner/StellaOps.Scanner.WebService/Contracts/RubyContracts.cs

@@ -1,5 +1,6 @@
-using System.Text.Json.Serialization;
+
 using StellaOps.Scanner.Core.Contracts;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Contracts;
 

src/Scanner/StellaOps.Scanner.WebService/Contracts/RuntimeEventsContracts.cs

@@ -1,5 +1,6 @@
-using System.Text.Json.Serialization;
+
 using StellaOps.Zastava.Core.Contracts;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Contracts;
 

src/Scanner/StellaOps.Scanner.WebService/Contracts/SurfaceContracts.cs

@@ -1,6 +1,7 @@
+
+using StellaOps.Scanner.Surface.FS;
 using System;
 using System.Text.Json.Serialization;
-using StellaOps.Scanner.Surface.FS;
 
 namespace StellaOps.Scanner.WebService.Contracts;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ApprovalEndpoints.cs

@@ -4,9 +4,7 @@
 // Description: HTTP endpoints for human approval workflow.
 // -----------------------------------------------------------------------------
 
-using System.Security.Claims;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -16,6 +14,9 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Security.Claims;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/CallGraphEndpoints.cs

@@ -1,5 +1,4 @@
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.WebService.Constants;
@@ -8,6 +7,8 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/CounterfactualEndpoints.cs

@@ -4,13 +4,14 @@
 // Description: HTTP endpoints for policy counterfactual analysis.
 // -----------------------------------------------------------------------------
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Policy.Counterfactuals;
 using StellaOps.Scanner.WebService.Security;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaCompareEndpoints.cs

@@ -4,14 +4,15 @@
 // Description: HTTP endpoints for delta/compare view API.
 // -----------------------------------------------------------------------------
 
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Security;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaEvidenceEndpoints.cs

@@ -4,12 +4,13 @@
 // Description: HTTP endpoints for delta-specific evidence and proof bundles.
 // -----------------------------------------------------------------------------
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Security;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/EpssEndpoints.cs

@@ -5,12 +5,13 @@
 // Description: EPSS lookup API endpoints.
 // -----------------------------------------------------------------------------
 
-using System.ComponentModel.DataAnnotations;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.Core.Epss;
+using System.ComponentModel.DataAnnotations;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/EvidenceEndpoints.cs

@@ -4,8 +4,7 @@
 // Description: HTTP endpoints for unified finding evidence.
 // -----------------------------------------------------------------------------
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.WebService.Constants;
@@ -14,6 +13,8 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ExportEndpoints.cs

@@ -1,5 +1,4 @@
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -9,6 +8,8 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/HealthEndpoints.cs

@@ -1,18 +1,19 @@
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Text;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy;
+using StellaOps.Scanner.Surface.Env;
+using StellaOps.Scanner.Surface.Validation;
 using StellaOps.Scanner.WebService.Diagnostics;
 using StellaOps.Scanner.WebService.Options;
 using StellaOps.Scanner.WebService.Security;
-using StellaOps.Scanner.Surface.Env;
-using StellaOps.Scanner.Surface.Validation;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Text;
+using System.Text.Json;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/LayerSbomEndpoints.cs

@@ -1,6 +1,4 @@
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.WebService.Constants;
@@ -9,6 +7,9 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ManifestEndpoints.cs

@@ -5,8 +5,7 @@
 // Description: Endpoints for scan manifest and proof bundle retrieval
 // -----------------------------------------------------------------------------
 
-using System.Security.Cryptography;
-using System.Text;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -17,6 +16,8 @@ using StellaOps.Scanner.Storage.Repositories;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Extensions;
 using StellaOps.Scanner.WebService.Security;
+using System.Security.Cryptography;
+using System.Text;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/OfflineKitEndpoints.cs

@@ -1,6 +1,4 @@
-using System.Linq;
-using System.Security.Claims;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -11,6 +9,9 @@ using StellaOps.Scanner.WebService.Constants;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Json;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/PolicyEndpoints.cs

@@ -1,13 +1,7 @@
-using System.Collections.Generic;
-using System.Collections.Immutable;
-using System.Collections.ObjectModel;
-using System.Linq;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
+using RuntimePolicyVerdict = StellaOps.Zastava.Core.Contracts.PolicyVerdict;
 using StellaOps.Policy;
 using StellaOps.Scanner.Surface.Env;
 using StellaOps.Scanner.WebService.Constants;
@@ -16,7 +10,14 @@ using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
 using StellaOps.Zastava.Core.Contracts;
-using RuntimePolicyVerdict = StellaOps.Zastava.Core.Contracts.PolicyVerdict;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ProofSpineEndpoints.cs

@@ -1,10 +1,11 @@
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Replay.Core;
 using StellaOps.Scanner.ProofSpine;
 using StellaOps.Scanner.WebService.Contracts;
-using StellaOps.Scanner.WebService.Serialization;
 using StellaOps.Scanner.WebService.Security;
+using StellaOps.Scanner.WebService.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityDriftEndpoints.cs

@@ -1,6 +1,4 @@
-using System.Collections.Immutable;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.ReachabilityDrift;
@@ -11,6 +9,9 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Collections.Immutable;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs

@@ -1,5 +1,4 @@
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -10,6 +9,8 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityStackEndpoints.cs

@@ -1,8 +1,7 @@
 // SPDX-License-Identifier: BUSL-1.1
 // Copyright (c) StellaOps
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.Reachability.Stack;
@@ -10,6 +9,8 @@ using StellaOps.Scanner.WebService.Constants;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReportEndpoints.cs

@@ -1,9 +1,4 @@
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Logging;
@@ -13,6 +8,12 @@ using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/RuntimeEndpoints.cs

@@ -1,8 +1,4 @@
-using System.Collections.Generic;
-using System.Globalization;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -14,6 +10,11 @@ using StellaOps.Scanner.WebService.Options;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
 using StellaOps.Zastava.Core.Contracts;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/SbomEndpoints.cs

@@ -1,5 +1,4 @@
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.WebService.Constants;
@@ -8,6 +7,8 @@ using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScanEndpoints.cs

@@ -1,24 +1,25 @@
-using System.Collections.Generic;
-using System.Linq;
-using System.IO.Pipelines;
-using System.Runtime.CompilerServices;
-using System.Text.Json;
-using System.Text.Json.Serialization;
-using System.Threading.Tasks;
-using System.Text;
+
+using DomainScanProgressEvent = StellaOps.Scanner.WebService.Domain.ScanProgressEvent;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Options;
+using StellaOps.Scanner.Core.Contracts;
+using StellaOps.Scanner.EntryTrace;
 using StellaOps.Scanner.WebService.Constants;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Infrastructure;
-using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Options;
+using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
-using DomainScanProgressEvent = StellaOps.Scanner.WebService.Domain.ScanProgressEvent;
-using StellaOps.Scanner.Core.Contracts;
-using StellaOps.Scanner.EntryTrace;
+using System.Collections.Generic;
+using System.IO.Pipelines;
+using System.Linq;
+using System.Runtime.CompilerServices;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using System.Threading.Tasks;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/SliceEndpoints.cs

@@ -1,11 +1,12 @@
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.DependencyInjection;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs

@@ -1,12 +1,13 @@
-using System.Collections.Immutable;
-using System.Text;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.SmartDiff.Detection;
 using StellaOps.Scanner.SmartDiff.Output;
 using StellaOps.Scanner.Storage.Postgres;
-using StellaOps.Scanner.WebService.Services;
 using StellaOps.Scanner.WebService.Security;
+using StellaOps.Scanner.WebService.Services;
+using System.Collections.Immutable;
+using System.Text;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/SourcesEndpoints.cs

@@ -1,6 +1,4 @@
-using System.Security.Claims;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Auth.Abstractions;
@@ -12,6 +10,9 @@ using StellaOps.Scanner.WebService.Constants;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Tenancy;
+using System.Security.Claims;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/ProofBundleEndpoints.cs

@@ -4,13 +4,14 @@
 // Description: HTTP endpoints for proof bundle generation (attestations + evidence).
 // -----------------------------------------------------------------------------
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.Triage.Models;
 using StellaOps.Scanner.WebService.Security;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints.Triage;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageInboxEndpoints.cs

@@ -4,14 +4,15 @@
 // Description: HTTP endpoints for triage inbox with grouped exploit paths.
 // -----------------------------------------------------------------------------
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.Triage.Models;
 using StellaOps.Scanner.Triage.Services;
 using StellaOps.Scanner.WebService.Security;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints.Triage;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageStatusEndpoints.cs

@@ -4,13 +4,14 @@
 // Description: HTTP endpoints for triage status management.
 // -----------------------------------------------------------------------------
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Security;
 using StellaOps.Scanner.WebService.Services;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints.Triage;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ValidationEndpoints.cs

@@ -2,14 +2,15 @@
 // Copyright (c) StellaOps. Licensed under the BUSL-1.1.
 // </copyright>
 
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Options;
 using StellaOps.Scanner.Validation;
 using StellaOps.Scanner.WebService.Security;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/WebhookEndpoints.cs

@@ -1,6 +1,4 @@
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -13,6 +11,9 @@ using StellaOps.Scanner.Sources.Triggers;
 using StellaOps.Scanner.WebService.Constants;
 using StellaOps.Scanner.WebService.Infrastructure;
 using StellaOps.Scanner.WebService.Services;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Endpoints/WitnessEndpoints.cs

@@ -5,11 +5,12 @@
 // Description: API endpoints for DSSE-signed path witnesses.
 // -----------------------------------------------------------------------------
 
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.Storage.Repositories;
 using StellaOps.Scanner.WebService.Security;
+using System.Text.Json;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 

src/Scanner/StellaOps.Scanner.WebService/Extensions/ConfigurationExtensions.cs

@@ -1,6 +1,7 @@
+
+using Microsoft.Extensions.Configuration;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Configuration;
 using YamlDotNet.Serialization;
 using YamlDotNet.Serialization.NamingConventions;
 

src/Scanner/StellaOps.Scanner.WebService/Extensions/OpenApiRegistrationExtensions.cs

@@ -1,7 +1,8 @@
-using System.Linq;
-using System.Reflection;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
+using System.Linq;
+using System.Reflection;
 
 namespace StellaOps.Scanner.WebService.Extensions;
 

src/Scanner/StellaOps.Scanner.WebService/Extensions/RateLimitingExtensions.cs

@@ -5,12 +5,13 @@
 // Description: Rate limiting configuration for proof replay endpoints
 // -----------------------------------------------------------------------------
 
-using System.Threading.RateLimiting;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.RateLimiting;
 using Microsoft.Extensions.DependencyInjection;
 using StellaOps.Scanner.WebService.Security;
+using System.Threading.RateLimiting;
 
 namespace StellaOps.Scanner.WebService.Extensions;
 

src/Scanner/StellaOps.Scanner.WebService/Hosting/ScannerPluginHostFactory.cs

@@ -1,7 +1,8 @@
-using System;
-using System.IO;
+
 using StellaOps.Plugin.Hosting;
 using StellaOps.Scanner.WebService.Options;
+using System;
+using System.IO;
 
 namespace StellaOps.Scanner.WebService.Hosting;
 

src/Scanner/StellaOps.Scanner.WebService/Infrastructure/ProblemResultFactory.cs

@@ -1,9 +1,10 @@
+
+using Microsoft.AspNetCore.Http;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using Microsoft.AspNetCore.Http;
 
 namespace StellaOps.Scanner.WebService.Infrastructure;
 

src/Scanner/StellaOps.Scanner.WebService/Middleware/IdempotencyMiddleware.cs

@@ -5,16 +5,17 @@
 // Description: Middleware for POST endpoint idempotency using Content-Digest header
 // -----------------------------------------------------------------------------
 
-using System.IO;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Scanner.Storage.Entities;
 using StellaOps.Scanner.Storage.Repositories;
 using StellaOps.Scanner.WebService.Options;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
 
 namespace StellaOps.Scanner.WebService.Middleware;
 

src/Scanner/StellaOps.Scanner.WebService/Options/ScannerSurfaceSecretConfigurator.cs

@@ -1,8 +1,9 @@
-using System.Collections.Generic;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Scanner.Surface.Env;
 using StellaOps.Scanner.Surface.Secrets;
+using System.Collections.Generic;
 
 namespace StellaOps.Scanner.WebService.Options;
 

src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptions.cs

@@ -1,8 +1,9 @@
-using System;
-using System.Collections.Generic;
+
 using StellaOps.Configuration;
 using StellaOps.Router.AspNet;
 using StellaOps.Scanner.Storage;
+using System;
+using System.Collections.Generic;
 
 namespace StellaOps.Scanner.WebService.Options;
 

src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptionsValidator.cs

@@ -1,8 +1,9 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Scanner.WebService.Security;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Extensions.Logging;
-using StellaOps.Scanner.WebService.Security;
 
 namespace StellaOps.Scanner.WebService.Options;
 

src/Scanner/StellaOps.Scanner.WebService/Options/SurfaceManifestStoreOptionsConfigurator.cs

@@ -1,8 +1,9 @@
-using System;
-using System.IO;
+
 using Microsoft.Extensions.Options;
 using StellaOps.Scanner.Surface.Env;
 using StellaOps.Scanner.Surface.FS;
+using System;
+using System.IO;
 
 namespace StellaOps.Scanner.WebService.Options;
 

src/Scanner/StellaOps.Scanner.WebService/Program.cs

@@ -1,13 +1,9 @@
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Diagnostics;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Authentication;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
@@ -17,13 +13,15 @@ using StellaOps.Auth.Abstractions;
 using StellaOps.Auth.Client;
 using StellaOps.Auth.ServerIntegration;
 using StellaOps.Authority.Persistence.Postgres.Repositories;
+using StellaOps.Concelier.Core.Linksets;
 using StellaOps.Configuration;
-using StellaOps.Determinism;
-using StellaOps.Plugin.DependencyInjection;
 using StellaOps.Cryptography.DependencyInjection;
 using StellaOps.Cryptography.Plugin.BouncyCastle;
-using StellaOps.Concelier.Core.Linksets;
+using StellaOps.Determinism;
+using StellaOps.Plugin.DependencyInjection;
 using StellaOps.Policy;
+using StellaOps.Policy.Explainability;
+using StellaOps.Router.AspNet;
 using StellaOps.Scanner.Cache;
 using StellaOps.Scanner.Core;
 using StellaOps.Scanner.Core.Configuration;
@@ -31,27 +29,30 @@ using StellaOps.Scanner.Core.Contracts;
 using StellaOps.Scanner.Core.TrustAnchors;
 using StellaOps.Scanner.Emit.Composition;
 using StellaOps.Scanner.ReachabilityDrift.DependencyInjection;
+using StellaOps.Scanner.Storage;
+using StellaOps.Scanner.Storage.Extensions;
 using StellaOps.Scanner.Surface.Env;
 using StellaOps.Scanner.Surface.FS;
 using StellaOps.Scanner.Surface.Secrets;
 using StellaOps.Scanner.Surface.Validation;
 using StellaOps.Scanner.Triage;
 using StellaOps.Scanner.Triage.Entities;
-using StellaOps.Policy.Explainability;
-using StellaOps.Scanner.WebService.Diagnostics;
 using StellaOps.Scanner.WebService.Determinism;
+using StellaOps.Scanner.WebService.Diagnostics;
 using StellaOps.Scanner.WebService.Endpoints;
 using StellaOps.Scanner.WebService.Endpoints.Triage;
 using StellaOps.Scanner.WebService.Extensions;
 using StellaOps.Scanner.WebService.Hosting;
-using StellaOps.Scanner.WebService.Options;
-using StellaOps.Scanner.WebService.Services;
-using StellaOps.Scanner.WebService.Security;
-using StellaOps.Scanner.WebService.Replay;
 using StellaOps.Scanner.WebService.Middleware;
-using StellaOps.Scanner.Storage;
-using StellaOps.Scanner.Storage.Extensions;
-using StellaOps.Router.AspNet;
+using StellaOps.Scanner.WebService.Options;
+using StellaOps.Scanner.WebService.Replay;
+using StellaOps.Scanner.WebService.Security;
+using StellaOps.Scanner.WebService.Services;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -626,8 +627,8 @@ app.TryRefreshStellaRouterEndpoints(resolvedOptions.Router);
 
 await app.RunAsync().ConfigureAwait(false);
 
-// Make Program class file-scoped to prevent it from being exposed to referencing assemblies
-file sealed partial class Program;
+// Expose Program class for WebApplicationFactory-based integration tests
+public partial class Program { }
 
 internal sealed class SurfaceCacheOptionsConfigurator : IConfigureOptions<SurfaceCacheOptions>
 {

src/Scanner/StellaOps.Scanner.WebService/Replay/IRecordModeService.cs

@@ -1,9 +1,10 @@
-using System.Collections.Generic;
-using System.Threading;
-using System.Threading.Tasks;
+
 using StellaOps.Replay.Core;
 using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Services;
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Scanner.WebService.Replay;
 

src/Scanner/StellaOps.Scanner.WebService/Replay/RecordModeService.cs

@@ -1,3 +1,15 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using ReachabilityWriter = StellaOps.Scanner.Reachability.ReachabilityReplayWriter;
+using StellaOps.Cryptography;
+using StellaOps.Replay.Core;
+using StellaOps.Scanner.Core.Replay;
+using StellaOps.Scanner.Reachability;
+using StellaOps.Scanner.Storage;
+using StellaOps.Scanner.Storage.ObjectStore;
+using StellaOps.Scanner.WebService.Domain;
+using StellaOps.Scanner.WebService.Services;
 using System;
 using System.Collections.Generic;
 using System.IO;
@@ -5,17 +17,6 @@ using System.Linq;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Cryptography;
-using StellaOps.Replay.Core;
-using StellaOps.Scanner.Core.Replay;
-using StellaOps.Scanner.Reachability;
-using ReachabilityWriter = StellaOps.Scanner.Reachability.ReachabilityReplayWriter;
-using StellaOps.Scanner.Storage;
-using StellaOps.Scanner.Storage.ObjectStore;
-using StellaOps.Scanner.WebService.Domain;
-using StellaOps.Scanner.WebService.Services;
 
 namespace StellaOps.Scanner.WebService.Replay;
 

src/Scanner/StellaOps.Scanner.WebService/Security/AnonymousAuthenticationHandler.cs

@@ -1,8 +1,9 @@
-using System.Security.Claims;
-using System.Text.Encodings.Web;
+
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
 
 namespace StellaOps.Scanner.WebService.Security;
 

src/Scanner/StellaOps.Scanner.WebService/Serialization/DeterministicCborSerializer.cs

@@ -1,3 +1,4 @@
+
 using System.Collections.Generic;
 using System.Formats.Cbor;
 using System.Text;

src/Scanner/StellaOps.Scanner.WebService/Serialization/OrchestratorEventSerializer.cs

@@ -1,3 +1,6 @@
+
+using StellaOps.Canonical.Json;
+using StellaOps.Scanner.WebService.Contracts;
 using System;
 using System.Collections.Immutable;
 using System.Linq;
@@ -6,8 +9,6 @@ using System.Text.Encodings.Web;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using System.Text.Json.Serialization.Metadata;
-using StellaOps.Canonical.Json;
-using StellaOps.Scanner.WebService.Contracts;
 
 namespace StellaOps.Scanner.WebService.Serialization;
 

src/Scanner/StellaOps.Scanner.WebService/Services/AttestationChainVerifier.cs

@@ -4,6 +4,11 @@
 // Description: Verifies attestation chain integrity.
 // -----------------------------------------------------------------------------
 
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Scanner.WebService.Contracts;
+using StellaOps.Scanner.WebService.Domain;
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
@@ -14,10 +19,6 @@ using System.Text;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Scanner.WebService.Contracts;
-using StellaOps.Scanner.WebService.Domain;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/CallGraphIngestionService.cs

@@ -1,13 +1,14 @@
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
+
 using Microsoft.Extensions.Logging;
 using Npgsql;
 using NpgsqlTypes;
 using StellaOps.Scanner.Storage.Postgres;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Domain;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/ConcelierHttpLinksetQueryService.cs

@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Options;
+using StellaOps.Concelier.Core.Linksets;
+using StellaOps.Scanner.WebService.Options;
 using System.Collections.Immutable;
 using System.Net.Http.Json;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using StellaOps.Concelier.Core.Linksets;
-using StellaOps.Scanner.WebService.Options;
-using Microsoft.Extensions.Options;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/DeltaScanRequestHandler.cs

@@ -1,11 +1,12 @@
-using System.Collections.Concurrent;
-using System.Diagnostics;
-using System.Diagnostics.Metrics;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Scanner.WebService.Domain;
 using StellaOps.Scanner.WebService.Options;
 using StellaOps.Zastava.Core.Contracts;
+using System.Collections.Concurrent;
+using System.Diagnostics;
+using System.Diagnostics.Metrics;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/DeterministicScoringService.cs

@@ -1,8 +1,9 @@
+
+using StellaOps.Policy.Scoring;
 using System.Buffers.Binary;
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
-using StellaOps.Policy.Scoring;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs

@@ -2,13 +2,14 @@
 // SPDX-License-Identifier: BUSL-1.1
 // </copyright>
 
+
+
+using StellaOps.Scanner.WebService.Contracts;
 using System.IO.Compression;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
 
-using StellaOps.Scanner.WebService.Contracts;
-
 namespace StellaOps.Scanner.WebService.Services;
 
 /// <summary>

src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceCompositionService.cs

@@ -4,16 +4,17 @@
 // Description: Composes unified evidence responses from multiple sources.
 // -----------------------------------------------------------------------------
 
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Scanner.Triage.Entities;
+using StellaOps.Scanner.WebService.Contracts;
+using StellaOps.Scanner.WebService.Domain;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Scanner.WebService.Contracts;
-using StellaOps.Scanner.WebService.Domain;
-using StellaOps.Scanner.Triage.Entities;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/FeedChangeRescoreJob.cs

@@ -5,11 +5,12 @@
 // Description: Background job that detects feed changes and triggers rescoring
 // -----------------------------------------------------------------------------
 
-using System.Diagnostics;
+
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Scanner.WebService.Services;
+using System.Diagnostics;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/HumanApprovalAttestationService.cs

@@ -4,6 +4,12 @@
 // Description: Creates DSSE attestations for human approval decisions.
 // -----------------------------------------------------------------------------
 
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Determinism;
+using StellaOps.Scanner.WebService.Contracts;
+using StellaOps.Scanner.WebService.Domain;
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
@@ -13,11 +19,6 @@ using System.Text;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Determinism;
-using StellaOps.Scanner.WebService.Contracts;
-using StellaOps.Scanner.WebService.Domain;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/IAttestationChainVerifier.cs

@@ -4,10 +4,11 @@
 // Description: Interface for verifying attestation chains.
 // -----------------------------------------------------------------------------
 
-using System.Threading;
-using System.Threading.Tasks;
+
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Domain;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceCompositionService.cs

@@ -4,11 +4,12 @@
 // Description: Interface for composing unified evidence responses.
 // -----------------------------------------------------------------------------
 
-using System.Threading;
-using System.Threading.Tasks;
+
+using StellaOps.Scanner.Triage.Entities;
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Domain;
-using StellaOps.Scanner.Triage.Entities;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/IHumanApprovalAttestationService.cs

@@ -4,10 +4,11 @@
 // Description: Interface for creating human approval attestations.
 // -----------------------------------------------------------------------------
 
-using System.Threading;
-using System.Threading.Tasks;
+
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Domain;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/ILayerSbomService.cs

@@ -1,6 +1,7 @@
-using System.Collections.Immutable;
+
 using StellaOps.Scanner.Emit.Composition;
 using StellaOps.Scanner.WebService.Domain;
+using System.Collections.Immutable;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/IOciAttestationPublisher.cs

@@ -1,9 +1,10 @@
 // SPDX-License-Identifier: BUSL-1.1
 // © StellaOps Contributors. See LICENSE and NOTICE.md in the repository root.
 
+
+using StellaOps.Scanner.WebService.Contracts;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Scanner.WebService.Contracts;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/IOfflineAttestationVerifier.cs

@@ -4,9 +4,10 @@
 // Description: Interface for offline/air-gap attestation chain verification.
 // -----------------------------------------------------------------------------
 
-using System.Security.Cryptography.X509Certificates;
+
 using StellaOps.Scanner.WebService.Contracts;
 using StellaOps.Scanner.WebService.Domain;
+using System.Security.Cryptography.X509Certificates;
 
 namespace StellaOps.Scanner.WebService.Services;
 

src/Scanner/StellaOps.Scanner.WebService/Services/IPlatformEventPublisher.cs

@@ -1,6 +1,7 @@
+
+using StellaOps.Scanner.WebService.Contracts;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Scanner.WebService.Contracts;
 
 namespace StellaOps.Scanner.WebService.Services;