audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories

src/AdvisoryAI/StellaOps.AdvisoryAI/Remediation/AiRemediationPlanner.cs

@@ -1,3 +1,4 @@
+using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
@@ -88,7 +89,7 @@ public sealed class AiRemediationPlanner : IRemediationPlanner
             NotReadyReason = notReadyReason,
             ConfidenceScore = inferenceResult.Confidence,
             ModelId = inferenceResult.ModelId,
-            GeneratedAt = _timeProvider.GetUtcNow().ToString("O"),
+            GeneratedAt = _timeProvider.GetUtcNow().ToString("O", CultureInfo.InvariantCulture),
             InputHashes = inputHashes,
             EvidenceRefs = new List<string> { versionResult.CurrentVersion, versionResult.RecommendedVersion }
         };

src/AdvisoryAI/StellaOps.AdvisoryAI/Remediation/AzureDevOpsPullRequestGenerator.cs

@@ -1,3 +1,5 @@
+using System.Globalization;
+
 namespace StellaOps.AdvisoryAI.Remediation;
 
 /// <summary>
@@ -7,42 +9,56 @@ namespace StellaOps.AdvisoryAI.Remediation;
 /// </summary>
 public sealed class AzureDevOpsPullRequestGenerator : IPullRequestGenerator
 {
+    private readonly TimeProvider _timeProvider;
+    private readonly Func<Guid> _guidFactory;
+    private readonly Func<int, int, int> _randomFactory;
+
+    public AzureDevOpsPullRequestGenerator(
+        TimeProvider? timeProvider = null,
+        Func<Guid>? guidFactory = null,
+        Func<int, int, int>? randomFactory = null)
+    {
+        _timeProvider = timeProvider ?? TimeProvider.System;
+        _guidFactory = guidFactory ?? Guid.NewGuid;
+        _randomFactory = randomFactory ?? Random.Shared.Next;
+    }
+
     public string ScmType => "azure-devops";
 
     public Task<PullRequestResult> CreatePullRequestAsync(
         RemediationPlan plan,
         CancellationToken cancellationToken = default)
     {
+        var nowStr = _timeProvider.GetUtcNow().ToString("O", CultureInfo.InvariantCulture);
         if (!plan.PrReady)
         {
             return Task.FromResult(new PullRequestResult
             {
-                PrId = $"ado-pr-{Guid.NewGuid():N}",
+                PrId = $"ado-pr-{_guidFactory():N}",
                 PrNumber = 0,
                 Url = string.Empty,
                 BranchName = string.Empty,
                 Status = PullRequestStatus.Failed,
                 StatusMessage = plan.NotReadyReason ?? "Plan is not PR-ready",
-                CreatedAt = DateTime.UtcNow.ToString("O"),
-                UpdatedAt = DateTime.UtcNow.ToString("O")
+                CreatedAt = nowStr,
+                UpdatedAt = nowStr
             });
         }
 
-        var branchName = GenerateBranchName(plan);
-        var prId = $"ado-pr-{Guid.NewGuid():N}";
-        var now = DateTime.UtcNow.ToString("O");
+        var branchName = GenerateBranchName(plan, _timeProvider);
+        var prId = $"ado-pr-{_guidFactory():N}";
 
         // In a real implementation, this would use Azure DevOps REST API
         return Task.FromResult(new PullRequestResult
         {
             PrId = prId,
-            PrNumber = new Random().Next(1000, 9999),
+            PrNumber = _randomFactory(1000, 9999),
             Url = $"https://dev.azure.com/{ExtractOrgProject(plan.Request.RepositoryUrl)}/_git/{ExtractRepoName(plan.Request.RepositoryUrl)}/pullrequest/{prId}",
             BranchName = branchName,
             Status = PullRequestStatus.Creating,
             StatusMessage = "Pull request is being created",
-            CreatedAt = now,
-            UpdatedAt = now
+            CreatedAt = nowStr,
+            UpdatedAt = nowStr
         });
     }
 
@@ -50,7 +66,7 @@ public sealed class AzureDevOpsPullRequestGenerator : IPullRequestGenerator
         string prId,
         CancellationToken cancellationToken = default)
     {
-        var now = DateTime.UtcNow.ToString("O");
+        var now = _timeProvider.GetUtcNow().ToString("O", CultureInfo.InvariantCulture);
         return Task.FromResult(new PullRequestResult
         {
             PrId = prId,
@@ -80,10 +96,10 @@ public sealed class AzureDevOpsPullRequestGenerator : IPullRequestGenerator
         return Task.CompletedTask;
     }
 
-    private static string GenerateBranchName(RemediationPlan plan)
+    private static string GenerateBranchName(RemediationPlan plan, TimeProvider timeProvider)
     {
         var vulnId = plan.Request.VulnerabilityId.Replace(":", "-").ToLowerInvariant();
-        var timestamp = DateTime.UtcNow.ToString("yyyyMMdd");
+        var timestamp = timeProvider.GetUtcNow().ToString("yyyyMMdd", CultureInfo.InvariantCulture);
         return $"stellaops/fix-{vulnId}-{timestamp}";
     }
 

src/AdvisoryAI/StellaOps.AdvisoryAI/Remediation/GitHubPullRequestGenerator.cs

@@ -1,3 +1,5 @@
+using System.Globalization;
+
 namespace StellaOps.AdvisoryAI.Remediation;
 
 /// <summary>
@@ -9,11 +11,19 @@ public sealed class GitHubPullRequestGenerator : IPullRequestGenerator
 {
     private readonly IRemediationPlanStore _planStore;
     private readonly TimeProvider _timeProvider;
+    private readonly Func<Guid> _guidFactory;
+    private readonly Func<int, int, int> _randomFactory;
 
-    public GitHubPullRequestGenerator(IRemediationPlanStore planStore, TimeProvider? timeProvider = null)
+    public GitHubPullRequestGenerator(
+        IRemediationPlanStore planStore,
+        TimeProvider? timeProvider = null,
+        Func<Guid>? guidFactory = null,
+        Func<int, int, int>? randomFactory = null)
     {
         _planStore = planStore;
         _timeProvider = timeProvider ?? TimeProvider.System;
+        _guidFactory = guidFactory ?? Guid.NewGuid;
+        _randomFactory = randomFactory ?? Random.Shared.Next;
     }
 
     public string ScmType => "github";
@@ -22,19 +32,20 @@ public sealed class GitHubPullRequestGenerator : IPullRequestGenerator
         RemediationPlan plan,
         CancellationToken cancellationToken = default)
     {
+        var nowStr = _timeProvider.GetUtcNow().ToString("O", CultureInfo.InvariantCulture);
         // Validate plan is PR-ready
         if (!plan.PrReady)
         {
             return new PullRequestResult
             {
-                PrId = $"pr-{Guid.NewGuid():N}",
+                PrId = $"pr-{_guidFactory():N}",
                 PrNumber = 0,
                 Url = string.Empty,
                 BranchName = string.Empty,
                 Status = PullRequestStatus.Failed,
                 StatusMessage = plan.NotReadyReason ?? "Plan is not PR-ready",
-                CreatedAt = _timeProvider.GetUtcNow().ToString("O"),
-                UpdatedAt = _timeProvider.GetUtcNow().ToString("O")
+                CreatedAt = nowStr,
+                UpdatedAt = nowStr
             };
         }
 
@@ -47,19 +58,18 @@ public sealed class GitHubPullRequestGenerator : IPullRequestGenerator
         // 3. Commit changes
         // 4. Create PR via GitHub API
 
-        var prId = $"gh-pr-{Guid.NewGuid():N}";
-        var now = _timeProvider.GetUtcNow().ToString("O");
+        var prId = $"gh-pr-{_guidFactory():N}";
 
         return new PullRequestResult
         {
             PrId = prId,
-            PrNumber = new Random().Next(1000, 9999), // Placeholder
+            PrNumber = _randomFactory(1000, 9999), // Placeholder
             Url = $"https://github.com/{ExtractOwnerRepo(plan.Request.RepositoryUrl)}/pull/{prId}",
             BranchName = branchName,
             Status = PullRequestStatus.Creating,
             StatusMessage = "Pull request is being created",
-            CreatedAt = now,
-            UpdatedAt = now
+            CreatedAt = nowStr,
+            UpdatedAt = nowStr
         };
     }
 
@@ -68,7 +78,7 @@ public sealed class GitHubPullRequestGenerator : IPullRequestGenerator
         CancellationToken cancellationToken = default)
     {
         // In a real implementation, this would query GitHub API
-        var now = _timeProvider.GetUtcNow().ToString("O");
+        var now = _timeProvider.GetUtcNow().ToString("O", CultureInfo.InvariantCulture);
 
         return Task.FromResult(new PullRequestResult
         {
@@ -104,7 +114,7 @@ public sealed class GitHubPullRequestGenerator : IPullRequestGenerator
     private string GenerateBranchName(RemediationPlan plan)
     {
         var vulnId = plan.Request.VulnerabilityId.Replace(":", "-").ToLowerInvariant();
-        var timestamp = _timeProvider.GetUtcNow().ToString("yyyyMMdd");
+        var timestamp = _timeProvider.GetUtcNow().ToString("yyyyMMdd", CultureInfo.InvariantCulture);
         return $"stellaops/fix-{vulnId}-{timestamp}";
     }
 

src/AdvisoryAI/StellaOps.AdvisoryAI/Remediation/GitLabMergeRequestGenerator.cs

@@ -1,3 +1,5 @@
+using System.Globalization;
+
 namespace StellaOps.AdvisoryAI.Remediation;
 
 /// <summary>
@@ -8,10 +10,17 @@ namespace StellaOps.AdvisoryAI.Remediation;
 public sealed class GitLabMergeRequestGenerator : IPullRequestGenerator
 {
     private readonly TimeProvider _timeProvider;
+    private readonly Func<Guid> _guidFactory;
+    private readonly Func<int, int, int> _randomFactory;
 
-    public GitLabMergeRequestGenerator(TimeProvider? timeProvider = null)
+    public GitLabMergeRequestGenerator(
+        TimeProvider? timeProvider = null,
+        Func<Guid>? guidFactory = null,
+        Func<int, int, int>? randomFactory = null)
     {
         _timeProvider = timeProvider ?? TimeProvider.System;
+        _guidFactory = guidFactory ?? Guid.NewGuid;
+        _randomFactory = randomFactory ?? Random.Shared.Next;
     }
 
     public string ScmType => "gitlab";
@@ -20,36 +29,36 @@ public sealed class GitLabMergeRequestGenerator : IPullRequestGenerator
         RemediationPlan plan,
         CancellationToken cancellationToken = default)
     {
+        var nowStr = _timeProvider.GetUtcNow().ToString("O", CultureInfo.InvariantCulture);
         if (!plan.PrReady)
         {
             return Task.FromResult(new PullRequestResult
             {
-                PrId = $"mr-{Guid.NewGuid():N}",
+                PrId = $"mr-{_guidFactory():N}",
                 PrNumber = 0,
                 Url = string.Empty,
                 BranchName = string.Empty,
                 Status = PullRequestStatus.Failed,
                 StatusMessage = plan.NotReadyReason ?? "Plan is not MR-ready",
-                CreatedAt = _timeProvider.GetUtcNow().ToString("O"),
-                UpdatedAt = _timeProvider.GetUtcNow().ToString("O")
+                CreatedAt = nowStr,
+                UpdatedAt = nowStr
             });
         }
 
         var branchName = GenerateBranchName(plan);
-        var mrId = $"gl-mr-{Guid.NewGuid():N}";
-        var now = _timeProvider.GetUtcNow().ToString("O");
+        var mrId = $"gl-mr-{_guidFactory():N}";
 
         // In a real implementation, this would use GitLab API
         return Task.FromResult(new PullRequestResult
         {
             PrId = mrId,
-            PrNumber = new Random().Next(1000, 9999),
+            PrNumber = _randomFactory(1000, 9999),
             Url = $"https://gitlab.com/{ExtractProjectPath(plan.Request.RepositoryUrl)}/-/merge_requests/{mrId}",
             BranchName = branchName,
             Status = PullRequestStatus.Creating,
             StatusMessage = "Merge request is being created",
-            CreatedAt = now,
-            UpdatedAt = now
+            CreatedAt = nowStr,
+            UpdatedAt = nowStr
         });
     }
 
@@ -57,7 +66,7 @@ public sealed class GitLabMergeRequestGenerator : IPullRequestGenerator
         string prId,
         CancellationToken cancellationToken = default)
     {
-        var now = _timeProvider.GetUtcNow().ToString("O");
+        var now = _timeProvider.GetUtcNow().ToString("O", CultureInfo.InvariantCulture);
         return Task.FromResult(new PullRequestResult
         {
             PrId = prId,
@@ -90,7 +99,7 @@ public sealed class GitLabMergeRequestGenerator : IPullRequestGenerator
     private string GenerateBranchName(RemediationPlan plan)
     {
         var vulnId = plan.Request.VulnerabilityId.Replace(":", "-").ToLowerInvariant();
-        var timestamp = _timeProvider.GetUtcNow().ToString("yyyyMMdd");
+        var timestamp = _timeProvider.GetUtcNow().ToString("yyyyMMdd", CultureInfo.InvariantCulture);
         return $"stellaops/fix-{vulnId}-{timestamp}";
     }