archive audit attempts

docs-archived/implplan-blocked/audits/csproj-standards/AirGap/StellaOps.AirGap.Importer/StellaOps.AirGap.Importer.md

@@ -0,0 +1,64 @@
+# Audit - StellaOps.AirGap.Importer
+
+## Project
+- Path: `src/AirGap/StellaOps.AirGap.Importer/StellaOps.AirGap.Importer.csproj`
+- Module: `AirGap`
+- Kind: `Service`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 25
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/AirGap/StellaOps.AirGap.Importer/Validation/RekorOfflineReceiptVerifier.cs` (655 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/SbomNormalizer.cs` (512 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Validation/ReferrerValidator.cs` (480 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Validation/ImportValidator.cs` (448 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/AttestationCollector.cs` (438 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Validation/RuleBundleValidator.cs` (432 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Quarantine/FileSystemQuarantineService.cs` (395 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/EvidenceReconciler.cs` (394 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/CycloneDxParser.cs` (342 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/EvidenceGraph.cs` (333 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/SpdxParser.cs` (315 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs` (300 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/JsonNormalizer.cs` (281 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/SourcePrecedenceLattice.cs` (264 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicy.cs` (213 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Validation/DsseVerifier.cs` (211 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/IAttestationParser.cs` (204 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/ISbomParser.cs` (188 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/OpenVexParser.cs` (182 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Signing/EvidenceGraphDsseSigner.cs` (182 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/SbomCollector.cs` (173 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Versioning/BundleVersion.cs` (144 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/ArtifactIndex.cs` (143 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Telemetry/OfflineKitMetrics.cs` (142 lines)
+  - `src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicyLoader.cs` (132 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: PASS
+- Expected layers: Unit
+- Detected test projects: src/AirGap/__Tests/StellaOps.AirGap.Importer.Tests/StellaOps.AirGap.Importer.Tests.csproj [Unit]
+- Missing layers: none
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- None.