save progress
This commit is contained in:
master
@@ -335,30 +335,30 @@ Bulk task definitions (applies to every project row below):
|
||||
| 310 | AUDIT-0104-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.ReachGraph.Persistence/StellaOps.ReachGraph.Persistence.csproj - MAINT |
|
||||
| 311 | AUDIT-0104-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.ReachGraph.Persistence/StellaOps.ReachGraph.Persistence.csproj - TEST |
|
||||
| 312 | AUDIT-0104-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.ReachGraph.Persistence/StellaOps.ReachGraph.Persistence.csproj - APPLY |
|
||||
| 313 | AUDIT-0105-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.ReachGraph/StellaOps.ReachGraph.csproj - MAINT |
|
||||
| 314 | AUDIT-0105-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.ReachGraph/StellaOps.ReachGraph.csproj - TEST |
|
||||
| 315 | AUDIT-0105-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.ReachGraph/StellaOps.ReachGraph.csproj - APPLY |
|
||||
| 316 | AUDIT-0106-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj - MAINT |
|
||||
| 317 | AUDIT-0106-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj - TEST |
|
||||
| 318 | AUDIT-0106-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj - APPLY |
|
||||
| 319 | AUDIT-0107-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Replay.Core/StellaOps.Replay.Core.csproj - MAINT |
|
||||
| 320 | AUDIT-0107-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Replay.Core/StellaOps.Replay.Core.csproj - TEST |
|
||||
| 321 | AUDIT-0107-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.Replay.Core/StellaOps.Replay.Core.csproj - APPLY |
|
||||
| 322 | AUDIT-0108-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj - MAINT |
|
||||
| 323 | AUDIT-0108-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj - TEST |
|
||||
| 324 | AUDIT-0108-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj - APPLY |
|
||||
| 325 | AUDIT-0109-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj - MAINT |
|
||||
| 326 | AUDIT-0109-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj - TEST |
|
||||
| 327 | AUDIT-0109-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj - APPLY |
|
||||
| 328 | AUDIT-0110-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Resolver/StellaOps.Resolver.csproj - MAINT |
|
||||
| 329 | AUDIT-0110-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Resolver/StellaOps.Resolver.csproj - TEST |
|
||||
| 330 | AUDIT-0110-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.Resolver/StellaOps.Resolver.csproj - APPLY |
|
||||
| 331 | AUDIT-0111-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj - MAINT |
|
||||
| 332 | AUDIT-0111-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj - TEST |
|
||||
| 333 | AUDIT-0111-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj - APPLY |
|
||||
| 334 | AUDIT-0112-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj - MAINT |
|
||||
| 335 | AUDIT-0112-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj - TEST |
|
||||
| 336 | AUDIT-0112-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj - APPLY |
|
||||
| 313 | AUDIT-0105-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.ReachGraph/StellaOps.ReachGraph.csproj - MAINT |
|
||||
| 314 | AUDIT-0105-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.ReachGraph/StellaOps.ReachGraph.csproj - TEST |
|
||||
| 315 | AUDIT-0105-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.ReachGraph/StellaOps.ReachGraph.csproj - APPLY |
|
||||
| 316 | AUDIT-0106-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj - MAINT |
|
||||
| 317 | AUDIT-0106-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj - TEST |
|
||||
| 318 | AUDIT-0106-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj - APPLY |
|
||||
| 319 | AUDIT-0107-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Replay.Core/StellaOps.Replay.Core.csproj - MAINT |
|
||||
| 320 | AUDIT-0107-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Replay.Core/StellaOps.Replay.Core.csproj - TEST |
|
||||
| 321 | AUDIT-0107-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Replay.Core/StellaOps.Replay.Core.csproj - APPLY |
|
||||
| 322 | AUDIT-0108-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj - MAINT |
|
||||
| 323 | AUDIT-0108-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj - TEST |
|
||||
| 324 | AUDIT-0108-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj - APPLY |
|
||||
| 325 | AUDIT-0109-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj - MAINT |
|
||||
| 326 | AUDIT-0109-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj - TEST |
|
||||
| 327 | AUDIT-0109-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj - APPLY |
|
||||
| 328 | AUDIT-0110-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Resolver/StellaOps.Resolver.csproj - MAINT |
|
||||
| 329 | AUDIT-0110-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Resolver/StellaOps.Resolver.csproj - TEST |
|
||||
| 330 | AUDIT-0110-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Resolver/StellaOps.Resolver.csproj - APPLY |
|
||||
| 331 | AUDIT-0111-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj - MAINT |
|
||||
| 332 | AUDIT-0111-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj - TEST |
|
||||
| 333 | AUDIT-0111-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj - APPLY |
|
||||
| 334 | AUDIT-0112-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj - MAINT |
|
||||
| 335 | AUDIT-0112-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj - TEST |
|
||||
| 336 | AUDIT-0112-A | TODO | Requires approval (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj - APPLY |
|
||||
| 337 | AUDIT-0113-M | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj - MAINT |
|
||||
| 338 | AUDIT-0113-T | TODO | Rebaseline required | Guild | src/__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj - TEST |
|
||||
| 339 | AUDIT-0113-A | TODO | Requires MAINT/TEST + approval | Guild | src/__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj - APPLY |
|
||||
@@ -2579,6 +2579,14 @@ Bulk task definitions (applies to every project row below):
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2026-01-08 | Added LEDGER-TESTS-0001 to cover Findings Ledger WebService test harness fixes; status set to DOING. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0108 (StellaOps.Replay); added AGENTS.md/TASKS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0109 (StellaOps.Resolver.Tests); added AGENTS.md/TASKS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0110 (StellaOps.Resolver); added AGENTS.md/TASKS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0111 (StellaOps.Signals.Contracts); added TASKS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0112 (StellaOps.Spdx3); added TASKS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0107 (StellaOps.Replay.Core); updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0106 (StellaOps.Replay.Core.Tests); added AGENTS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0105 (StellaOps.ReachGraph); updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0104 (StellaOps.ReachGraph.Persistence); added AGENTS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0103 (StellaOps.ReachGraph.Cache); added AGENTS.md, updated audit report and local TASKS. | Codex |
|
||||
| 2026-01-08 | Revalidated AUDIT-0102 (StellaOps.Provenance); added AGENTS.md, updated audit report and local TASKS. | Codex |
|
||||
|
||||
@@ -73,7 +73,7 @@
|
||||
## Rebaseline Restart (2026-01-08)
|
||||
- Tracker resequenced to current 850 csproj inventory; audits restart linearly from DevOps services.
|
||||
- New findings are recorded under "Findings (Rebaseline 2026-01-08 restart)" until the pass completes.
|
||||
- Revalidated AUDIT-0001 to AUDIT-0104 (SimCryptoService, SimCryptoSmoke, CryptoProLinuxApi, NuGet prime v10/v9, SDK templates, Excititor connector template, Router doc samples + tests, Determinism analyzers/tests, AuditPack tests, Auth.Security tests, Canonicalization tests, Configuration tests, Cryptography.Kms tests, OfflineVerification plugin tests, Cryptography tests, DeltaVerdict tests, Eventing tests, Evidence.Persistence tests, Evidence tests, HybridLogicalClock tests, Infrastructure.Postgres tests, Metrics tests, Microservice.AspNetCore tests, Plugin tests, Provcache tests, Provenance tests, ReachGraph tests, Replay.Core tests, Replay tests, Signals tests, Spdx3 tests, Testing.Determinism tests, Testing.Manifests tests, TestKit tests, VersionComparison tests, Audit.ReplayToken, AuditPack, Auth.Security, Canonical.Json tests, Canonical.Json, Canonicalization, Configuration, Cryptography.DependencyInjection, Cryptography.Kms, Cryptography.Plugin.BouncyCastle, Cryptography.Plugin.CryptoPro, GostCryptography third-party library/tests, Cryptography.Plugin.EIDAS.Tests, Cryptography.Plugin.EIDAS, Cryptography.Plugin.OfflineVerification, Cryptography.Plugin.OpenSslGost, Cryptography.Plugin.Pkcs11Gost, Cryptography.Plugin.PqSoft, Cryptography.Plugin.SimRemote, Cryptography.Plugin.SmRemote.Tests, Cryptography.Plugin.SmRemote, Cryptography.Plugin.SmSoft.Tests, Cryptography.Plugin.SmSoft, Cryptography.Plugin.WineCsp, Cryptography.PluginLoader.Tests, Cryptography.PluginLoader, Cryptography.Providers.OfflineVerification, Cryptography.Tests (libraries), Cryptography (library), DeltaVerdict, DependencyInjection, Determinism.Abstractions, DistroIntel, Eventing, Evidence.Bundle, Evidence.Core.Tests, Evidence.Core, Evidence.Persistence, Evidence, Facet.Tests, Facet, HybridLogicalClock Benchmarks, HybridLogicalClock Tests, HybridLogicalClock, Infrastructure.EfCore, Infrastructure.Postgres, Ingestion.Telemetry, StellaOps.Interop, IssuerDirectory.Client, StellaOps.Metrics, Orchestrator.Schemas, StellaOps.Plugin, StellaOps.Policy.Tools, PolicyAuthoritySignals.Contracts, Provcache, Provcache.Api, Provcache.Postgres, Provcache.Valkey, Provenance, ReachGraph.Cache, ReachGraph.Persistence).
|
||||
- Revalidated AUDIT-0001 to AUDIT-0112 (SimCryptoService, SimCryptoSmoke, CryptoProLinuxApi, NuGet prime v10/v9, SDK templates, Excititor connector template, Router doc samples + tests, Determinism analyzers/tests, AuditPack tests, Auth.Security tests, Canonicalization tests, Configuration tests, Cryptography.Kms tests, OfflineVerification plugin tests, Cryptography tests, DeltaVerdict tests, Eventing tests, Evidence.Persistence tests, Evidence tests, HybridLogicalClock tests, Infrastructure.Postgres tests, Metrics tests, Microservice.AspNetCore tests, Plugin tests, Provcache tests, Provenance tests, ReachGraph tests, Replay.Core tests, Replay tests, Signals tests, Spdx3 tests, Testing.Determinism tests, Testing.Manifests tests, TestKit tests, VersionComparison tests, Audit.ReplayToken, AuditPack, Auth.Security, Canonical.Json tests, Canonical.Json, Canonicalization, Configuration, Cryptography.DependencyInjection, Cryptography.Kms, Cryptography.Plugin.BouncyCastle, Cryptography.Plugin.CryptoPro, GostCryptography third-party library/tests, Cryptography.Plugin.EIDAS.Tests, Cryptography.Plugin.EIDAS, Cryptography.Plugin.OfflineVerification, Cryptography.Plugin.OpenSslGost, Cryptography.Plugin.Pkcs11Gost, Cryptography.Plugin.PqSoft, Cryptography.Plugin.SimRemote, Cryptography.Plugin.SmRemote.Tests, Cryptography.Plugin.SmRemote, Cryptography.Plugin.SmSoft.Tests, Cryptography.Plugin.SmSoft, Cryptography.Plugin.WineCsp, Cryptography.PluginLoader.Tests, Cryptography.PluginLoader, Cryptography.Providers.OfflineVerification, Cryptography.Tests (libraries), Cryptography (library), DeltaVerdict, DependencyInjection, Determinism.Abstractions, DistroIntel, Eventing, Evidence.Bundle, Evidence.Core.Tests, Evidence.Core, Evidence.Persistence, Evidence, Facet.Tests, Facet, HybridLogicalClock Benchmarks, HybridLogicalClock Tests, HybridLogicalClock, Infrastructure.EfCore, Infrastructure.Postgres, Ingestion.Telemetry, StellaOps.Interop, IssuerDirectory.Client, StellaOps.Metrics, Orchestrator.Schemas, StellaOps.Plugin, StellaOps.Policy.Tools, PolicyAuthoritySignals.Contracts, Provcache, Provcache.Api, Provcache.Postgres, Provcache.Valkey, Provenance, ReachGraph, ReachGraph.Cache, ReachGraph.Persistence, Replay.Core, Replay, Resolver.Tests, Resolver, Signals.Contracts, Spdx3).
|
||||
## Findings (Rebaseline 2026-01-08 restart)
|
||||
### devops/services/crypto/sim-crypto-service/SimCryptoService.csproj
|
||||
- MAINT: Shared ECDsa instance is reused across requests; ECDsa is not thread-safe and can race under concurrency. `devops/services/crypto/sim-crypto-service/Program.cs`
|
||||
@@ -4235,11 +4235,13 @@
|
||||
|
||||
### src/__Libraries/StellaOps.ReachGraph/StellaOps.ReachGraph.csproj
|
||||
- MAINT: DSSE PAE is implemented with little-endian length fields instead of the shared DSSE helper, which is not spec-compliant and risks signature verification interoperability. `src/__Libraries/StellaOps.ReachGraph/Signing/ReachGraphSignerService.cs`
|
||||
- MAINT/SECURITY: CreateDsseEnvelopeAsync serializes the signed graph as the DSSE payload even though signatures were computed over the unsigned graph, so DSSE verification will fail or sign the wrong bytes. `src/__Libraries/StellaOps.ReachGraph/Signing/ReachGraphSignerService.cs`
|
||||
- MAINT: Digest computation relies on a bespoke canonical serializer instead of the shared RFC 8785 canonicalizer, which can drift from platform hashing rules. `src/__Libraries/StellaOps.ReachGraph/Serialization/CanonicalReachGraphSerializer.cs` `src/__Libraries/StellaOps.ReachGraph/Hashing/ReachGraphDigestComputer.cs`
|
||||
- MAINT: Edge ordering only sorts by From/To; ties preserve input order, so duplicate edges can serialize nondeterministically. `src/__Libraries/StellaOps.ReachGraph/Serialization/CanonicalReachGraphSerializer.cs`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.ReachGraph/bin` `src/__Libraries/StellaOps.ReachGraph/obj`
|
||||
- TEST: No tests assert DSSE PAE compliance or cross-check canonical JSON against the shared canonicalizer. `src/__Libraries/__Tests/StellaOps.ReachGraph.Tests/DigestComputerTests.cs`
|
||||
- Proposed changes (pending approval): use DsseHelper for PAE, route digest inputs through the shared canonical JSON helper, add a deterministic tie-breaker for duplicate edges, and add signer/PAE tests.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
|
||||
- Proposed changes (pending approval): use DsseHelper for PAE, ensure the DSSE payload matches the signed bytes, route digest inputs through the shared canonical JSON helper, add a deterministic tie-breaker for duplicate edges, add signer/PAE tests, and remove bin/obj artifacts.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
|
||||
### src/__Libraries/StellaOps.ReachGraph.Cache/StellaOps.ReachGraph.Cache.csproj
|
||||
- MAINT: InvalidateAsync uses `server.Keys` against the first endpoint only, which performs keyspace scans and misses clustered or replica nodes. `src/__Libraries/StellaOps.ReachGraph.Cache/ReachGraphValkeyCache.cs`
|
||||
- MAINT: CancellationToken parameters are accepted but not honored; long cache operations cannot be canceled. `src/__Libraries/StellaOps.ReachGraph.Cache/ReachGraphValkeyCache.cs`
|
||||
@@ -4251,9 +4253,11 @@
|
||||
### src/__Libraries/StellaOps.ReachGraph.Persistence/StellaOps.ReachGraph.Persistence.csproj
|
||||
- MAINT: Dapper queries do not propagate CancellationToken; database operations continue after cancellation. `src/__Libraries/StellaOps.ReachGraph.Persistence/PostgresReachGraphRepository.cs`
|
||||
- QUALITY: ListByArtifactAsync and FindByCveAsync accept unbounded limits; negative or large values can exhaust resources. `src/__Libraries/StellaOps.ReachGraph.Persistence/PostgresReachGraphRepository.cs`
|
||||
- MAINT: InternalsVisibleTo references StellaOps.ReachGraph.Persistence.Tests, but no test project exists; likely stale or missing coverage. `src/__Libraries/StellaOps.ReachGraph.Persistence/StellaOps.ReachGraph.Persistence.csproj`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.ReachGraph.Persistence/bin` `src/__Libraries/StellaOps.ReachGraph.Persistence/obj`
|
||||
- TEST: No tests cover repository persistence, scope parsing, or replay logging behavior. `src/__Libraries/StellaOps.ReachGraph.Persistence/PostgresReachGraphRepository.cs`
|
||||
- Proposed changes (pending approval): pass cancellation tokens via CommandDefinition, clamp limits, and add persistence tests.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
|
||||
- Proposed changes (pending approval): pass cancellation tokens via CommandDefinition, clamp limits, align InternalsVisibleTo with actual tests or remove it, add persistence tests, and remove bin/obj artifacts.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
|
||||
### src/__Libraries/__Tests/StellaOps.ReachGraph.Tests/StellaOps.ReachGraph.Tests.csproj
|
||||
- MAINT: Test project does not enable warnings-as-errors. `src/__Libraries/__Tests/StellaOps.ReachGraph.Tests/StellaOps.ReachGraph.Tests.csproj`
|
||||
- MAINT: Tests use DateTimeOffset.UtcNow for fixtures, making output time-dependent. `src/__Libraries/__Tests/StellaOps.ReachGraph.Tests/CanonicalSerializerTests.cs`
|
||||
@@ -4306,20 +4310,23 @@
|
||||
- Disposition: revalidated 2026-01-07 (test project; apply waived)
|
||||
### src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj
|
||||
- MAINT: ReplayResult.Failed defaults ExecutedAt to DateTimeOffset.UtcNow, violating deterministic time injection. `src/__Libraries/StellaOps.Replay/Models/ReplayModels.cs`
|
||||
- MAINT: FeedSnapshotLoader and PolicySnapshotLoader build local paths from digest without validating length or allowed characters; digest[..2] throws on short input and malformed digest can escape the cache root. `src/__Libraries/StellaOps.Replay/Loaders/FeedSnapshotLoader.cs` `src/__Libraries/StellaOps.Replay/Loaders/PolicySnapshotLoader.cs`
|
||||
- SECURITY: FeedSnapshotLoader and PolicySnapshotLoader build local paths from digest without validating length or allowed characters; digest[..2] throws on short input and malformed digest can escape the cache root. `src/__Libraries/StellaOps.Replay/Loaders/FeedSnapshotLoader.cs` `src/__Libraries/StellaOps.Replay/Loaders/PolicySnapshotLoader.cs`
|
||||
- MAINT: Production library depends on test-only manifests library under src/__Tests, increasing coupling and deployment surface. `src/__Libraries/StellaOps.Replay/StellaOps.Replay.csproj`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Replay/bin` `src/__Libraries/StellaOps.Replay/obj`
|
||||
- TEST: No tests cover loader digest validation or replay failure timestamp handling. `src/__Libraries/__Tests/StellaOps.Replay.Tests/ReplayEngineTests.cs`
|
||||
- Proposed changes (pending approval): inject TimeProvider or require executedAt, validate digest format and length plus path safety, move manifest models to a non-test library, add loader failure tests.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
|
||||
- Proposed changes (pending approval): inject TimeProvider or require executedAt, validate digest format and length plus path safety, move manifest models to a non-test library, add loader validation tests, and remove bin/obj artifacts.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
|
||||
### src/__Libraries/StellaOps.Replay.Core/StellaOps.Replay.Core.csproj
|
||||
- MAINT: CanonicalJson uses UnsafeRelaxedJsonEscaping and is not the shared RFC 8785 canonicalizer; hashes and DSSE payloads can drift from platform rules. `src/__Libraries/StellaOps.Replay.Core/CanonicalJson.cs` `src/__Libraries/StellaOps.Replay.Core/ReplayManifestExtensions.cs` `src/__Libraries/StellaOps.Replay.Core/DsseEnvelope.cs`
|
||||
- MAINT: DeterminismManifestValidator parses generatedAt with DateTimeOffset.TryParse without InvariantCulture. `src/__Libraries/StellaOps.Replay.Core/Validation/DeterminismManifestValidator.cs`
|
||||
- MAINT: FeedSnapshotCoordinatorService.GenerateSnapshotId uses Guid.NewGuid; cursor parsing uses int.TryParse without InvariantCulture. `src/__Libraries/StellaOps.Replay.Core/FeedSnapshot/FeedSnapshotCoordinatorService.cs`
|
||||
- MAINT: FeedSnapshotCoordinatorService.GenerateSnapshotId uses Guid.NewGuid and a timestamp ToString without InvariantCulture; cursor parsing uses int.TryParse without InvariantCulture. `src/__Libraries/StellaOps.Replay.Core/FeedSnapshot/FeedSnapshotCoordinatorService.cs`
|
||||
- QUALITY: ListSnapshotsAsync accepts unbounded limits, allowing large in-memory lists. `src/__Libraries/StellaOps.Replay.Core/FeedSnapshot/FeedSnapshotCoordinatorService.cs`
|
||||
- QUALITY: ReplayManifestWriter uses ToDictionary on RandomSeeds without deterministic ordering, so YAML output can vary by input order. `src/__Libraries/StellaOps.Replay.Core/Manifest/ReplayManifestWriter.cs`
|
||||
- QUALITY: ReplayManifestExporter header contains non-ASCII glyphs, violating ASCII-only output guidance. `src/__Libraries/StellaOps.Replay.Core/Export/ReplayManifestExporter.cs`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Replay.Core/bin` `src/__Libraries/StellaOps.Replay.Core/obj`
|
||||
- TEST: No tests cover canonicalization against the shared RFC 8785 helper or snapshot ID determinism. `src/__Libraries/StellaOps.Replay.Core/CanonicalJson.cs` `src/__Libraries/StellaOps.Replay.Core/FeedSnapshot/FeedSnapshotCoordinatorService.cs`
|
||||
- Proposed changes (pending approval): replace CanonicalJson with shared canonicalizer, inject IGuidGenerator and invariant parsing, clamp list limits, order seeds before serialization, add tests for canonical output and snapshot IDs.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
|
||||
- Proposed changes (pending approval): replace CanonicalJson with shared canonicalizer, inject IGuidGenerator and invariant parsing, clamp list limits, order seeds before serialization, clean non-ASCII headers, add tests for canonical output and snapshot IDs, and remove bin/obj artifacts.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
|
||||
### src/__Libraries/__Tests/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj
|
||||
- MAINT: Test project does not enable warnings-as-errors. `src/__Libraries/__Tests/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj`
|
||||
- Proposed changes (optional): enable warnings-as-errors.
|
||||
@@ -4327,8 +4334,10 @@
|
||||
### src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj
|
||||
- MAINT: Tests use Guid.NewGuid and DateTimeOffset.UtcNow for temp paths and manifests, making results time-dependent. `src/__Libraries/StellaOps.Replay.Core.Tests/Export/ReplayManifestExporterTests.cs`
|
||||
- MAINT: Test project does not enable warnings-as-errors. `src/__Libraries/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj`
|
||||
- Proposed changes (optional): use deterministic IDs and timestamps plus enable warnings-as-errors.
|
||||
- Disposition: waived (test project; revalidated 2026-01-07).
|
||||
- QUALITY: DateTimeOffset.Parse uses current culture for test fixtures; use InvariantCulture to avoid locale drift. `src/__Libraries/StellaOps.Replay.Core.Tests/ReplayManifestTests.cs` `src/__Libraries/StellaOps.Replay.Core.Tests/ReplayManifestV2Tests.cs`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Replay.Core.Tests/bin` `src/__Libraries/StellaOps.Replay.Core.Tests/obj`
|
||||
- Proposed changes (optional): use deterministic IDs/timestamps, switch to InvariantCulture parsing, enable warnings-as-errors, and remove bin/obj artifacts.
|
||||
- Disposition: waived (test project; revalidated 2026-01-08).
|
||||
### src/__Tests/reachability/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj
|
||||
- MAINT: Test project does not enable warnings-as-errors. `src/__Tests/reachability/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.csproj`
|
||||
- Proposed changes (optional): enable warnings-as-errors.
|
||||
@@ -4358,12 +4367,17 @@
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
|
||||
### src/__Libraries/StellaOps.Resolver/StellaOps.Resolver.csproj
|
||||
- MAINT: DeterministicResolver.Run uses DateTimeOffset.UtcNow; should use injected TimeProvider or require explicit resolvedAt for deterministic runs. `src/__Libraries/StellaOps.Resolver/DeterministicResolver.cs`
|
||||
- Proposed changes (pending approval): inject TimeProvider and remove the DateTimeOffset.UtcNow default.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
|
||||
- MAINT: Non-ASCII glyphs appear in comments, violating ASCII-only output guidance. `src/__Libraries/StellaOps.Resolver/IDeterministicResolver.cs` `src/__Libraries/StellaOps.Resolver/NodeId.cs`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Resolver/bin` `src/__Libraries/StellaOps.Resolver/obj`
|
||||
- Proposed changes (pending approval): inject TimeProvider and remove the DateTimeOffset.UtcNow default, replace non-ASCII comments with ASCII, and remove bin/obj artifacts.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
|
||||
### src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj
|
||||
- MAINT: Test project does not enable warnings-as-errors. `src/__Libraries/StellaOps.Resolver.Tests/StellaOps.Resolver.Tests.csproj`
|
||||
- Proposed changes (optional): enable warnings-as-errors.
|
||||
- Disposition: waived (test project; revalidated 2026-01-07).
|
||||
- MAINT: Non-ASCII glyphs appear in comments and literals, violating ASCII-only output guidance. `src/__Libraries/StellaOps.Resolver.Tests/FinalDigestTests.cs` `src/__Libraries/StellaOps.Resolver.Tests/VerdictDigestTests.cs` `src/__Libraries/StellaOps.Resolver.Tests/GraphValidationTests.cs`
|
||||
- QUALITY: DateTimeOffset.Parse uses current culture for fixed timestamps; use InvariantCulture to avoid locale drift. `src/__Libraries/StellaOps.Resolver.Tests/FinalDigestTests.cs` `src/__Libraries/StellaOps.Resolver.Tests/DeterministicResolverTests.cs` `src/__Libraries/StellaOps.Resolver.Tests/RuntimePurityTests.cs`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Resolver.Tests/bin` `src/__Libraries/StellaOps.Resolver.Tests/obj`
|
||||
- Proposed changes (optional): replace non-ASCII literals/comments with ASCII or escapes, use InvariantCulture parsing, enable warnings-as-errors, and remove bin/obj artifacts.
|
||||
- Disposition: waived (test project; revalidated 2026-01-08).
|
||||
### src/Router/__Libraries/StellaOps.Router.AspNet/StellaOps.Router.AspNet.csproj
|
||||
- MAINT: InstanceId defaults to Guid.NewGuid, which violates deterministic ID generation rules. `src/Router/__Libraries/StellaOps.Router.AspNet/StellaRouterExtensions.cs`
|
||||
- QUALITY: CompositeRequestDispatcher caches endpoint keys using raw endpoint paths; NormalizePath is not applied, so trailing slashes or missing leading slashes can cause false negatives. `src/Router/__Libraries/StellaOps.Router.AspNet/CompositeRequestDispatcher.cs`
|
||||
@@ -5203,8 +5217,12 @@
|
||||
- QUALITY: Non-ASCII glyphs appear in comments and output strings. `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightPolicy.cs` `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/SourceTrustNormalizer.cs` `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/MitigationNormalizer.cs` `src/Signals/StellaOps.Signals/Services/UnknownsScoringService.cs`
|
||||
- Disposition: revalidated 2026-01-08; apply recommendations remain open.
|
||||
### src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj
|
||||
- MAINT: No material issues found on revalidation. `src/__Libraries/StellaOps.Signals.Contracts`
|
||||
- Disposition: revalidated 2026-01-08; apply remains closed.
|
||||
- MAINT: SignalEnvelope.Value uses object, which weakens type safety and can complicate cross-module serialization; prefer a typed envelope or JsonElement plus explicit type metadata. `src/__Libraries/StellaOps.Signals.Contracts/Models/SignalEnvelope.cs`
|
||||
- QUALITY: SignalType enum relies on implicit numeric values; if serialized as numbers, adding/reordering values risks breaking compatibility. `src/__Libraries/StellaOps.Signals.Contracts/Models/SignalType.cs`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Signals.Contracts/bin` `src/__Libraries/StellaOps.Signals.Contracts/obj`
|
||||
- TEST: No tests cover contract serialization, envelope creation, or enum compatibility. `src/__Libraries/StellaOps.Signals.Contracts`
|
||||
- Proposed changes (pending approval): switch to a typed envelope or JsonElement with explicit payload type metadata, define explicit enum values or enforce string enum serialization, add contract serialization tests, and remove bin/obj artifacts.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
|
||||
### src/Signals/__Libraries/StellaOps.Signals.Ebpf/StellaOps.Signals.Ebpf.csproj
|
||||
- MAINT: Runtime sessions and events use Guid.NewGuid and DateTimeOffset.UtcNow; use IGuidGenerator and TimeProvider for deterministic collection. `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeSignalCollector.cs` `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Schema/RuntimeCallEvent.cs`
|
||||
- MAINT: Probe loaders and metadata set CreatedAt/AttachedAt with DateTimeOffset.UtcNow. `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/AirGapProbeLoader.cs` `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/CoreProbeLoader.cs`
|
||||
@@ -5732,11 +5750,14 @@
|
||||
- Disposition: waived (test project; revalidated 2026-01-07).
|
||||
|
||||
### src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj
|
||||
- MAINT: CreationInfo parsing uses DateTimeOffset.TryParse with current culture and falls back to DateTimeOffset.UtcNow; use invariant round-trip parsing with TimeProvider or fail on invalid timestamps. `src/__Libraries/StellaOps.Spdx3/Spdx3Parser.cs`
|
||||
- MAINT: DateTimeOffset.TryParse uses current culture across Created/Published/Modified/Withdrawn fields; use InvariantCulture and strict round-trip parsing. `src/__Libraries/StellaOps.Spdx3/Spdx3Parser.cs`
|
||||
- MAINT: CreationInfo parsing falls back to DateTimeOffset.UtcNow when Created is invalid, which breaks determinism; inject TimeProvider or fail validation. `src/__Libraries/StellaOps.Spdx3/Spdx3Parser.cs`
|
||||
- DETERMINISM: Validator iterates HashSet/Dictionary-backed collections without ordering; validation message ordering can drift. `src/__Libraries/StellaOps.Spdx3/Validation/Spdx3Validator.cs` `src/__Libraries/StellaOps.Spdx3/Model/Spdx3Document.cs`
|
||||
- SECURITY: Context resolver allows remote contexts by default with no allowlist or size cap, enabling SSRF/DoS and breaking offline-first defaults. `src/__Libraries/StellaOps.Spdx3/JsonLd/Spdx3ContextResolver.cs`
|
||||
- SECURITY: Context resolver allows remote contexts by default with no allowlist or scheme validation, enabling SSRF/DoS and breaking offline-first defaults. `src/__Libraries/StellaOps.Spdx3/JsonLd/Spdx3ContextResolver.cs`
|
||||
- QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Spdx3/bin` `src/__Libraries/StellaOps.Spdx3/obj`
|
||||
- TEST: No coverage for local/remote context resolution, cache TTL/eviction, or created date parsing fallback. `src/__Libraries/__Tests/StellaOps.Spdx3.Tests`
|
||||
- Disposition: revalidated 2026-01-07; apply recommendations remain open.
|
||||
- Proposed changes (pending approval): use invariant date parsing with explicit failure handling and injected TimeProvider, sort/normalize validation output, default remote contexts to off with allowlist/scheme validation, add tests for context resolution and date parsing, and remove bin/obj artifacts.
|
||||
- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
|
||||
|
||||
### src/__Libraries/__Tests/StellaOps.Spdx3.Tests/StellaOps.Spdx3.Tests.csproj
|
||||
- MAINT: ModelTests uses DateTimeOffset.UtcNow for Created; nondeterministic fixtures. `src/__Libraries/__Tests/StellaOps.Spdx3.Tests/ModelTests.cs`
|
||||
|
||||
Reference in New Issue
Block a user