Tests fixes, audit progress, UI completions

src/Attestor/StellaOps.Attestation.Tests/AGENTS.md

@@ -0,0 +1,22 @@
+# Attestation Tests Charter
+
+## Working Directory
+- `src/Attestor/StellaOps.Attestation.Tests`
+
+## Scope
+- Unit tests for attestation DSSE helpers and models.
+
+## Required Reading
+- `docs/modules/attestor/README.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/implementation_plan.md`
+- `docs/modules/platform/architecture-overview.md`
+- `src/Attestor/AGENTS.md`
+
+## Working Agreements
+- Keep tests deterministic and focused on DSSE invariants.
+- Update sprint tracker and local `TASKS.md`.
+
+## Testing Rules
+- Validate PAE byte structure and payload type defaults.
+- Include error-path coverage for base64 parsing.

src/Attestor/StellaOps.Attestation.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestation Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0044-M | DONE | Maintainability audit for StellaOps.Attestation.Tests. |
+| AUDIT-0044-T | DONE | Test coverage audit for StellaOps.Attestation.Tests. |
+| AUDIT-0044-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestation/AGENTS.md

@@ -0,0 +1,21 @@
+# Attestation Library Charter
+
+## Working Directory
+- `src/Attestor/StellaOps.Attestation`
+
+## Scope
+- DSSE helpers and in-toto statement models for attestation payloads.
+
+## Required Reading
+- `docs/modules/attestor/README.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/implementation_plan.md`
+- `docs/modules/platform/architecture-overview.md`
+- `src/Attestor/AGENTS.md`
+
+## Working Agreements
+- Update sprint tracker and local `TASKS.md`.
+- Keep DSSE signing deterministic and spec-compliant.
+
+## Testing Rules
+- Cover PAE generation, payload type defaults, and base64 conversions.

src/Attestor/StellaOps.Attestation/TASKS.md

@@ -0,0 +1,10 @@
+# Attestation Library Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0043-M | DONE | Maintainability audit for StellaOps.Attestation. |
+| AUDIT-0043-T | DONE | Test coverage audit for StellaOps.Attestation. |
+| AUDIT-0043-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor.Envelope/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Envelope Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0051-M | DONE | Maintainability audit for StellaOps.Attestor.Envelope. |
+| AUDIT-0051-T | DONE | Test coverage audit for StellaOps.Attestor.Envelope. |
+| AUDIT-0051-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/AGENTS.md

@@ -0,0 +1,19 @@
+# Attestor Envelope Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: envelope serialization, signature helpers, key handling, and deterministic outputs.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep tests deterministic; avoid wall-clock time and random GUIDs unless fixed.
+- Add negative-path tests for malformed payloads, signatures, and key material.
+- Keep fuzz/property tests offline and deterministic (fixed seeds).
+
+## Testing
+- Cover signature sign/verify, key ID derivation, serialization options, compression, and detached payload metadata.

src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Envelope Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0052-M | DONE | Maintainability audit for StellaOps.Attestor.Envelope.Tests. |
+| AUDIT-0052-T | DONE | Test coverage audit for StellaOps.Attestor.Envelope.Tests. |
+| AUDIT-0052-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor.Types/Tools/StellaOps.Attestor.Types.Generator/AGENTS.md

@@ -0,0 +1,21 @@
+# Attestor Types Generator AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/StellaOps.Attestor.Types/Tools/StellaOps.Attestor.Types.Generator/`.
+- Roles: backend engineer, QA automation.
+- Focus: deterministic schema and SDK generation for Attestor payload types.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Determinism is mandatory: stable ordering, canonical outputs, UTC timestamps only.
+- Keep generator output reproducible across OSes (line endings, encoding).
+- Avoid network dependencies; generator must run offline.
+- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
+
+## Testing
+- Add or update tests under `src/Attestor/__Tests/StellaOps.Attestor.Types.Tests`.
+- Include fixtures that verify schema parity and deterministic output.

src/Attestor/StellaOps.Attestor.Types/Tools/StellaOps.Attestor.Types.Generator/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Types Generator Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0069-M | DONE | Maintainability audit for StellaOps.Attestor.Types.Generator. |
+| AUDIT-0069-T | DONE | Test coverage audit for StellaOps.Attestor.Types.Generator. |
+| AUDIT-0069-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor.Verify/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Verify Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0071-M | DONE | Maintainability audit for StellaOps.Attestor.Verify. |
+| AUDIT-0071-T | DONE | Test coverage audit for StellaOps.Attestor.Verify. |
+| AUDIT-0071-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core.Tests/AGENTS.md

@@ -0,0 +1,22 @@
+# Attestor Core Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: unit coverage for core validation, signing, verification, and offline proof paths.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/rekor-verification-design.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep tests deterministic: fixed time, fixed IDs, and deterministic fixtures.
+- Use `StellaOps.TestKit` helpers for temp directories and deterministic clocks.
+- Label integration tests clearly; avoid network access.
+
+## Testing
+- Add coverage for DSSE, submission validation, time skew, Merkle proofs, and PoE artifacts.

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Core Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0050-M | DONE | Maintainability audit for StellaOps.Attestor.Core.Tests. |
+| AUDIT-0050-T | DONE | Test coverage audit for StellaOps.Attestor.Core.Tests. |
+| AUDIT-0050-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/AGENTS.md

@@ -0,0 +1,24 @@
+# Attestor Core AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/`.
+- Roles: backend engineer, QA automation.
+- Focus: submission validation, signing, verification, delta attestations, PoE artifacts, and observability contracts.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/rekor-verification-design.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Preserve DSSE and in-toto compatibility; keep Rekor verification deterministic and offline-friendly.
+- Use stable ordering and deterministic JSON for hashes and evidence artifacts.
+- Avoid hard-coded time sources; prefer injected time providers where possible.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Add unit tests under `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core.Tests/`.
+- Use deterministic fixtures (fixed time/IDs) and clean up temp files.

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Core Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0049-M | DONE | Maintainability audit for StellaOps.Attestor.Core. |
+| AUDIT-0049-T | DONE | Test coverage audit for StellaOps.Attestor.Core. |
+| AUDIT-0049-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/AGENTS.md

@@ -0,0 +1,24 @@
+# Attestor Infrastructure AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/`.
+- Roles: backend engineer, QA automation.
+- Focus: DI wiring, Rekor/Transparency clients, submission/verification services, storage/queue implementations, offline bundle import/export, and background workers.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/rekor-verification-design.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Preserve deterministic outputs (canonical JSON, stable ordering) and offline-first behavior.
+- Avoid wall-clock time or randomness in core paths; prefer TimeProvider and deterministic IDs.
+- Keep HTTP/storage clients explicit about timeouts and cancellation.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Add unit tests under `src/Attestor/__Tests/StellaOps.Attestor.Infrastructure.Tests/`.
+- Cover submission/verification flows, Rekor/Transparency clients, repository pagination, and worker loops with deterministic fixtures.

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Infrastructure Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0055-M | DONE | Maintainability audit for StellaOps.Attestor.Infrastructure. |
+| AUDIT-0055-T | DONE | Test coverage audit for StellaOps.Attestor.Infrastructure. |
+| AUDIT-0055-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: unit, integration, and contract coverage for Attestor core, infrastructure, and web service.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/rekor-verification-design.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Determinism is mandatory: fixed timestamps, stable IDs, and deterministic ordering in tests.
+- Separate unit vs integration/perf tests with explicit categories.
+- Avoid wall-clock delays; prefer FakeTimeProvider or deterministic schedulers.
+- Keep tests offline-friendly; Testcontainers belong in Integration category only.
+- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + TestKit; prefer deterministic fixtures.
+- Contract tests must assert a stable baseline (snapshot or explicit schema checks).

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0066-M | DONE | Maintainability audit for StellaOps.Attestor.Tests. |
+| AUDIT-0066-T | DONE | Test coverage audit for StellaOps.Attestor.Tests. |
+| AUDIT-0066-A | TODO | Pending approval for changes. |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AGENTS.md

@@ -0,0 +1,24 @@
+# Attestor WebService AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/`.
+- Roles: backend engineer, QA automation.
+- Focus: HTTP API surface, auth, rate limiting, request validation, determinism, and observability for Attestor.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/rekor-verification-design.md`
+- `docs/modules/attestor/operations/observability.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Enforce auth and mTLS for all mutation endpoints; never accept anonymous callers.
+- Keep responses deterministic (stable ordering, fixed formatting, explicit UTC timestamps).
+- Prefer explicit validation and consistent ProblemDetails for errors.
+- Apply rate limiting to public endpoints.
+- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use WebApplicationFactory for endpoint tests and include auth/mtls coverage.
+- Add contract tests for request/response DTOs and error handling.

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor WebService Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0072-M | DONE | Maintainability audit for StellaOps.Attestor.WebService. |
+| AUDIT-0072-T | DONE | Test coverage audit for StellaOps.Attestor.WebService. |
+| AUDIT-0072-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.Bundle/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor Bundle Library Charter
+
+## Working Directory
+- `src/Attestor/__Libraries/StellaOps.Attestor.Bundle`
+
+## Scope
+- Sigstore bundle models, serialization, builder, and offline verification utilities.
+
+## Required Reading
+- `docs/modules/attestor/README.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- `src/Attestor/AGENTS.md`
+- `src/Attestor/__Libraries/AGENTS.md`
+
+## Working Agreements
+- Update sprint tracker and local `TASKS.md`.
+- Preserve deterministic serialization and offline verification behavior.
+- Avoid network dependencies in bundle verification.
+
+## Testing Rules
+- Cover builder validation, serialization round-trips, and verification error paths.
+- Include inclusion proof and signature verification fixtures.

src/Attestor/__Libraries/StellaOps.Attestor.Bundle/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Bundle Library Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0045-M | DONE | Maintainability audit for StellaOps.Attestor.Bundle. |
+| AUDIT-0045-T | DONE | Test coverage audit for StellaOps.Attestor.Bundle. |
+| AUDIT-0045-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.Bundling/AGENTS.md

@@ -0,0 +1,22 @@
+# Attestor Bundling Library Charter
+
+## Working Directory
+- `src/Attestor/__Libraries/StellaOps.Attestor.Bundling`
+
+## Scope
+- Attestation bundle aggregation, retention, offline kit export, and org-key signing.
+
+## Required Reading
+- `docs/modules/attestor/README.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- `src/Attestor/AGENTS.md`
+- `src/Attestor/__Libraries/AGENTS.md`
+
+## Working Agreements
+- Update sprint tracker and local `TASKS.md`.
+- Keep bundling deterministic and offline-friendly.
+- Avoid network dependencies in core bundling logic.
+
+## Testing Rules
+- Cover bundling limits, signature handling, retention policy, and offline export.

src/Attestor/__Libraries/StellaOps.Attestor.Bundling/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Bundling Library Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0047-M | DONE | Maintainability audit for StellaOps.Attestor.Bundling. |
+| AUDIT-0047-T | DONE | Test coverage audit for StellaOps.Attestor.Bundling. |
+| AUDIT-0047-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.GraphRoot/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor GraphRoot AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Libraries/StellaOps.Attestor.GraphRoot/`.
+- Roles: backend engineer, QA automation.
+- Focus: graph root attestation, Merkle root computation, DSSE envelope creation, Rekor submission.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Preserve deterministic ordering and canonical JSON outputs.
+- Keep DSSE signing and verification spec-aligned (PAE, payloadType).
+- Avoid wall-clock time in core logic; inject time providers where needed.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Add unit tests under `src/Attestor/__Libraries/__Tests/StellaOps.Attestor.GraphRoot.Tests/`.
+- Ensure tests cover sign/verify, Merkle root determinism, and Rekor submission paths.

src/Attestor/__Libraries/StellaOps.Attestor.GraphRoot/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor GraphRoot Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0053-M | DONE | Maintainability audit for StellaOps.Attestor.GraphRoot. |
+| AUDIT-0053-T | DONE | Test coverage audit for StellaOps.Attestor.GraphRoot. |
+| AUDIT-0053-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.Oci/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor OCI AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Libraries/StellaOps.Attestor.Oci/`.
+- Roles: backend engineer, QA automation.
+- Focus: OCI reference parsing, ORAS/OCI referrer workflows, attestation attach/list/fetch/remove, and registry client contracts.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Follow OCI Distribution Spec 1.1 and DSSE envelope compatibility.
+- Keep digest/manifest generation deterministic and stable.
+- Avoid wall-clock time in outputs; prefer TimeProvider for timestamps.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Add unit tests under `src/Attestor/__Tests/StellaOps.Attestor.Oci.Tests/`.
+- Cover reference parsing, attach/list/fetch/remove, annotation behavior, and deterministic digests.

src/Attestor/__Libraries/StellaOps.Attestor.Oci/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor OCI Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0056-M | DONE | Maintainability audit for StellaOps.Attestor.Oci. |
+| AUDIT-0056-T | DONE | Test coverage audit for StellaOps.Attestor.Oci. |
+| AUDIT-0056-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.Offline/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor Offline AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Libraries/StellaOps.Attestor.Offline/`.
+- Roles: backend engineer, QA automation.
+- Focus: offline verification of attestation bundles, trust root handling, and air-gap workflows.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep verification deterministic and offline-friendly; no network dependencies.
+- Avoid wall-clock time or randomness in core logic; prefer TimeProvider and stable ordering.
+- Treat DSSE, Merkle, and certificate validation as security-critical; add negative-path tests.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Add unit tests under `src/Attestor/__Tests/StellaOps.Attestor.Offline.Tests/`.
+- Use deterministic fixtures (fixed time/IDs) and avoid external resources.

src/Attestor/__Libraries/StellaOps.Attestor.Offline/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Offline Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0058-M | DONE | Maintainability audit for StellaOps.Attestor.Offline. |
+| AUDIT-0058-T | DONE | Test coverage audit for StellaOps.Attestor.Offline. |
+| AUDIT-0058-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.Persistence/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Persistence Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0060-M | DONE | Maintainability audit for StellaOps.Attestor.Persistence. |
+| AUDIT-0060-T | DONE | Test coverage audit for StellaOps.Attestor.Persistence. |
+| AUDIT-0060-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor ProofChain Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0062-M | DONE | Maintainability audit for StellaOps.Attestor.ProofChain. |
+| AUDIT-0062-T | DONE | Test coverage audit for StellaOps.Attestor.ProofChain. |
+| AUDIT-0062-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/AGENTS.md

@@ -0,0 +1,24 @@
+# StellaOps.Attestor.StandardPredicates Local Agent Charter
+
+## Scope
+- This charter applies to `src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/**`.
+
+## Primary roles
+- Backend engineer (C# / .NET 10).
+- QA automation engineer (xUnit).
+
+## Required reading (treat as read before edits)
+- `docs/modules/attestor/architecture.md`
+- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- RFC 8785 (JSON Canonicalization Scheme)
+- SPDX 3.0.1, CycloneDX 1.6/1.7, and SLSA provenance v1.0 references
+
+## Working agreements
+- Determinism is mandatory: canonical JSON, stable ordering, UTC timestamps only.
+- Avoid network access; keep parsing offline-friendly.
+- Prefer explicit validation with structured errors and stable metadata output.
+- Keep predicate parsing logic pure and side-effect free; log only for diagnostics.
+
+## Testing expectations
+- Every behavior change must be covered by tests under `src/Attestor/__Tests/StellaOps.Attestor.StandardPredicates.Tests`.
+- Include numeric canonicalization edge cases, schema validation behavior, and SBOM hash determinism checks.

src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor StandardPredicates Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0064-M | DONE | Maintainability audit for StellaOps.Attestor.StandardPredicates. |
+| AUDIT-0064-T | DONE | Test coverage audit for StellaOps.Attestor.StandardPredicates. |
+| AUDIT-0064-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict.Tests/AGENTS.md

@@ -0,0 +1,22 @@
+# Attestor TrustVerdict Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: TrustVerdict service, cache, Merkle builder, and canonicalization correctness.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- RFC 8785 (JSON Canonicalization Scheme)
+- Relevant sprint files.
+
+## Working Agreements
+- Determinism is mandatory: stable ordering and fixed timestamps in tests.
+- Separate unit vs integration/perf tests with explicit categories.
+- Avoid wall-clock time; use FakeTimeProvider or fixed timestamps.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + TestKit; prefer deterministic fixtures.
+- Cover canonicalization numeric edge cases, Merkle proof consistency, and cache expiry behavior.

src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor TrustVerdict Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0068-M | DONE | Maintainability audit for TrustVerdict tests. |
+| AUDIT-0068-T | DONE | Test coverage audit for TrustVerdict tests. |
+| AUDIT-0068-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict/AGENTS.md

@@ -0,0 +1,23 @@
+# StellaOps.Attestor.TrustVerdict Local Agent Charter
+
+## Scope
+- This charter applies to `src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict/**`.
+
+## Primary roles
+- Backend engineer (C# / .NET 10).
+- QA automation engineer (xUnit).
+
+## Required reading (treat as read before edits)
+- `docs/modules/attestor/architecture.md`
+- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- RFC 8785 (JSON Canonicalization Scheme)
+
+## Working agreements
+- Determinism is mandatory: canonical JSON, stable ordering, UTC timestamps only.
+- Evidence Merkle roots must align across service, cache, and verifier implementations.
+- Avoid network dependencies in library code paths; keep offline-friendly defaults.
+- Use explicit invariant-culture formatting for strings that affect hashes.
+
+## Testing expectations
+- Every behavior change must be covered by tests under `src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict.Tests`.
+- Include canonicalization edge cases, Merkle root consistency, and repository mapping tests.

src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor TrustVerdict Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0067-M | DONE | Maintainability audit for StellaOps.Attestor.TrustVerdict. |
+| AUDIT-0067-T | DONE | Test coverage audit for StellaOps.Attestor.TrustVerdict. |
+| AUDIT-0067-A | TODO | Pending approval for changes. |

src/Attestor/__Libraries/__Tests/StellaOps.Attestor.GraphRoot.Tests/AGENTS.md

@@ -0,0 +1,21 @@
+# Attestor GraphRoot Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Libraries/__Tests/StellaOps.Attestor.GraphRoot.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: graph root attestation, Merkle root computation, DSSE envelope signing/verification.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep tests deterministic: fixed IDs and predictable fixtures.
+- Classify integration tests accurately (Unit vs Integration).
+- Add negative-path tests for malformed inputs and signature failures.
+
+## Testing
+- Cover DSSE PAE signing, signature verification, Rekor submission behavior, and tamper detection.

src/Attestor/__Libraries/__Tests/StellaOps.Attestor.GraphRoot.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor GraphRoot Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0054-M | DONE | Maintainability audit for StellaOps.Attestor.GraphRoot.Tests. |
+| AUDIT-0054-T | DONE | Test coverage audit for StellaOps.Attestor.GraphRoot.Tests. |
+| AUDIT-0054-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.Bundle.Tests/AGENTS.md

@@ -0,0 +1,21 @@
+# Attestor Bundle Tests Charter
+
+## Working Directory
+- `src/Attestor/__Tests/StellaOps.Attestor.Bundle.Tests`
+
+## Scope
+- Unit tests for Sigstore bundle builder, serializer, and verifier.
+
+## Required Reading
+- `docs/modules/attestor/README.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- `src/Attestor/AGENTS.md`
+- `src/Attestor/__Libraries/StellaOps.Attestor.Bundle/AGENTS.md`
+
+## Working Agreements
+- Keep tests deterministic with fixed timestamps and key material.
+- Update sprint tracker and local `TASKS.md`.
+
+## Testing Rules
+- Cover signature verification, inclusion proof checks, and invalid base64 inputs.

src/Attestor/__Tests/StellaOps.Attestor.Bundle.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Bundle Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0046-M | DONE | Maintainability audit for StellaOps.Attestor.Bundle.Tests. |
+| AUDIT-0046-T | DONE | Test coverage audit for StellaOps.Attestor.Bundle.Tests. |
+| AUDIT-0046-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.Bundling.Tests/AGENTS.md

@@ -0,0 +1,21 @@
+# Attestor Bundling Tests Charter
+
+## Working Directory
+- `src/Attestor/__Tests/StellaOps.Attestor.Bundling.Tests`
+
+## Scope
+- Unit and integration tests for bundle aggregation, signing, retention, and offline export.
+
+## Required Reading
+- `docs/modules/attestor/README.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- `src/Attestor/AGENTS.md`
+- `src/Attestor/__Libraries/StellaOps.Attestor.Bundling/AGENTS.md`
+
+## Working Agreements
+- Keep tests deterministic with fixed time and key material.
+- Update sprint tracker and local `TASKS.md`.
+
+## Testing Rules
+- Exercise retention policies, signing paths, and offline kit export.

src/Attestor/__Tests/StellaOps.Attestor.Bundling.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Bundling Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0048-M | DONE | Maintainability audit for StellaOps.Attestor.Bundling.Tests. |
+| AUDIT-0048-T | DONE | Test coverage audit for StellaOps.Attestor.Bundling.Tests. |
+| AUDIT-0048-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.Oci.Tests/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor OCI Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Tests/StellaOps.Attestor.Oci.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: unit and integration tests for OCI attestation attach/list/fetch/remove and reference parsing.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep tests deterministic (fixed time/IDs) and avoid network by default.
+- Integration tests must be explicitly skipped or opt-in and document required containers.
+- Ensure tests reflect current production behavior; update when APIs change.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + Moq; keep fixtures reusable and deterministic.
+- Cover negative paths, serialization, and digest/annotation behavior.

src/Attestor/__Tests/StellaOps.Attestor.Oci.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor OCI Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0057-M | DONE | Maintainability audit for StellaOps.Attestor.Oci.Tests. |
+| AUDIT-0057-T | DONE | Test coverage audit for StellaOps.Attestor.Oci.Tests. |
+| AUDIT-0057-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.Offline.Tests/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor Offline Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Tests/StellaOps.Attestor.Offline.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: offline verification tests for bundles, DSSE structure, Merkle validation, and root stores.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep tests deterministic (fixed time/IDs) and avoid wall-clock time.
+- Avoid network calls by default; integration tests must be explicitly opt-in.
+- Ensure negative-path coverage for verification failures.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + Moq; prefer TestKit helpers for temp paths.
+- Cover signature, merkle proof, cert chain, and root-store behaviors.

src/Attestor/__Tests/StellaOps.Attestor.Offline.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Offline Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0059-M | DONE | Maintainability audit for StellaOps.Attestor.Offline.Tests. |
+| AUDIT-0059-T | DONE | Test coverage audit for StellaOps.Attestor.Offline.Tests. |
+| AUDIT-0059-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.Persistence.Tests/AGENTS.md

@@ -0,0 +1,22 @@
+# Attestor Persistence Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Tests/StellaOps.Attestor.Persistence.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: trust anchor matching, EF Core persistence behaviors, and migration validation.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/db/SPECIFICATION.md`
+- `docs/db/MIGRATION_STRATEGY.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep tests deterministic (fixed time/IDs) and avoid wall-clock time.
+- Include coverage for repository behaviors and schema defaults.
+- Perf harness updates should stay deterministic and documented.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + NSubstitute; prefer TestKit helpers for temp paths.
+- Cover trust anchor matcher specificity, active/inactive anchors, and predicate/key allowlists.

src/Attestor/__Tests/StellaOps.Attestor.Persistence.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Persistence Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0061-M | DONE | Maintainability audit for StellaOps.Attestor.Persistence.Tests. |
+| AUDIT-0061-T | DONE | Test coverage audit for StellaOps.Attestor.Persistence.Tests. |
+| AUDIT-0061-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.ProofChain.Tests/AGENTS.md

@@ -0,0 +1,22 @@
+# Attestor ProofChain Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Tests/StellaOps.Attestor.ProofChain.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: proof chain canonicalization, ID generation, Merkle proofs, schema validation, and signing.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- RFC 8785 (JSON Canonicalization Scheme)
+- Relevant sprint files.
+
+## Working Agreements
+- Determinism is mandatory: stable ordering and fixed timestamps in tests.
+- Separate unit vs integration/perf tests with explicit categories.
+- Avoid wall-clock time; use fixed timestamps in fixtures.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + TestKit; prefer deterministic data.
+- Cover canonicalization numeric edge cases, schema validation, and proof signing/verification.

src/Attestor/__Tests/StellaOps.Attestor.ProofChain.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor ProofChain Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0063-M | DONE | Maintainability audit for StellaOps.Attestor.ProofChain.Tests. |
+| AUDIT-0063-T | DONE | Test coverage audit for StellaOps.Attestor.ProofChain.Tests. |
+| AUDIT-0063-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.StandardPredicates.Tests/AGENTS.md

@@ -0,0 +1,23 @@
+# Attestor StandardPredicates Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Tests/StellaOps.Attestor.StandardPredicates.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: predicate parsers, canonicalization, metadata extraction, and SBOM hashing.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- RFC 8785 (JSON Canonicalization Scheme)
+- SPDX 3.0.1, CycloneDX 1.6/1.7, and SLSA provenance v1.0 references
+- Relevant sprint files.
+
+## Working Agreements
+- Determinism is mandatory: stable ordering and fixed timestamps in tests.
+- Separate unit vs integration/perf tests with explicit categories.
+- Avoid wall-clock time; use fixed timestamps in fixtures.
+- Update `docs/implplan/SPRINT_*.md` and the local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + TestKit; prefer deterministic data.
+- Cover canonicalization numeric edge cases, parser warnings/errors, and SBOM hash determinism.

src/Attestor/__Tests/StellaOps.Attestor.StandardPredicates.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor StandardPredicates Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0065-M | DONE | Maintainability audit for StandardPredicates tests. |
+| AUDIT-0065-T | DONE | Test coverage audit for StandardPredicates tests. |
+| AUDIT-0065-A | TODO | Pending approval for changes. |

src/Attestor/__Tests/StellaOps.Attestor.Types.Tests/AGENTS.md

@@ -0,0 +1,25 @@
+# Attestor Types Tests AGENTS
+
+## Purpose & Scope
+- Working directory: `src/Attestor/__Tests/StellaOps.Attestor.Types.Tests/`.
+- Roles: QA automation, backend engineer.
+- Focus: schema validation, sample attestation validation, canonicalization/determinism, and Rekor receipt/proof tests for Attestor Types.
+
+## Required Reading (treat as read before DOING)
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/payloads.md`
+- `docs/modules/attestor/bundle-format.md`
+- `docs/modules/attestor/rekor-verification-design.md`
+- `docs/modules/platform/architecture-overview.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Determinism is mandatory: fixed timestamps, stable IDs, and deterministic ordering in tests.
+- Separate unit vs integration/perf tests with explicit categories.
+- Avoid wall-clock time; prefer deterministic time providers or fakes.
+- Keep tests offline-friendly.
+- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + TestKit; prefer deterministic fixtures.
+- Schema/sample tests should validate against the committed schemas and enforce canonicalization rules.

src/Attestor/__Tests/StellaOps.Attestor.Types.Tests/TASKS.md

@@ -0,0 +1,10 @@
+# Attestor Types Tests Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0070-M | DONE | Maintainability audit for StellaOps.Attestor.Types.Tests. |
+| AUDIT-0070-T | DONE | Test coverage audit for StellaOps.Attestor.Types.Tests. |
+| AUDIT-0070-A | TODO | Pending approval for changes. |