archive audit attempts

docs-archived/implplan-blocked/audits/csproj-standards/Zastava/StellaOps.Zastava.Agent/StellaOps.Zastava.Agent.md

@@ -0,0 +1,48 @@
+# Audit - StellaOps.Zastava.Agent
+
+## Project
+- Path: `src/Zastava/StellaOps.Zastava.Agent/StellaOps.Zastava.Agent.csproj`
+- Module: `Zastava`
+- Kind: `Service`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 9
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Zastava/StellaOps.Zastava.Agent/Worker/DockerEventHostedService.cs` (353 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Worker/RuntimeEventBuffer.cs` (304 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Docker/DockerSocketClient.cs` (296 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Worker/HealthCheckHostedService.cs` (276 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Docker/DockerEventModels.cs` (213 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Worker/RuntimeEventDispatchService.cs` (211 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Configuration/ZastavaAgentOptions.cs` (208 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Backend/RuntimeEventsClient.cs` (130 lines)
+  - `src/Zastava/StellaOps.Zastava.Agent/Worker/AgentServiceCollectionExtensions.cs` (112 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: FAIL
+- Expected layers: Unit
+- Detected test projects: none
+- Missing layers: Unit
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- Add a unit test project named `<Project>.Tests` (or document exception).

docs-archived/implplan-blocked/audits/csproj-standards/Zastava/StellaOps.Zastava.Observer/StellaOps.Zastava.Observer.md

@@ -0,0 +1,64 @@
+# Audit - StellaOps.Zastava.Observer
+
+## Project
+- Path: `src/Zastava/StellaOps.Zastava.Observer/StellaOps.Zastava.Observer.csproj`
+- Module: `Zastava`
+- Kind: `Service`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 25
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/RuntimeProcessCollector.cs` (525 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/ProcSnapshot/PhpAutoloadCollector.cs` (513 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/ProcSnapshot/DotNetAssemblyCollector.cs` (495 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Probes/EbpfProbeManager.cs` (462 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/ProcSnapshot/JavaClasspathCollector.cs` (418 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/DockerWindowsRuntimeClient.cs` (401 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/RuntimeFactsBuilder.cs` (357 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/RuntimeEventBuffer.cs` (301 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/ElfBuildIdReader.cs` (287 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Posture/RuntimePostureEvaluator.cs` (284 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Worker/RuntimeEventDispatchService.cs` (269 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Configuration/ZastavaObserverOptions.cs` (255 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Cri/CriRuntimeClient.cs` (254 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Backend/RuntimeEventsClient.cs` (242 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Worker/ContainerLifecycleHostedService.cs` (202 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/DependencyInjection/ObserverServiceCollectionExtensions.cs` (183 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Posture/RuntimePostureCache.cs` (180 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/WindowsLibraryHashCollector.cs` (179 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Worker/RuntimeEventFactory.cs` (154 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Runtime/ProcSnapshot/ProcSnapshotCollector.cs` (145 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Worker/ContainerRuntimePoller.cs` (139 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/ContainerStateTracker.cs` (134 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/Backend/RuntimePolicyClient.cs` (128 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/IWindowsContainerRuntimeClient.cs` (114 lines)
+  - `src/Zastava/StellaOps.Zastava.Observer/ContainerRuntime/Windows/WindowsContainerInfo.cs` (104 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: PASS
+- Expected layers: Unit
+- Detected test projects: src/Zastava/__Tests/StellaOps.Zastava.Observer.Tests/StellaOps.Zastava.Observer.Tests.csproj [Unit]
+- Missing layers: none
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- None.

docs-archived/implplan-blocked/audits/csproj-standards/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.md

@@ -0,0 +1,49 @@
+# Audit - StellaOps.Zastava.Webhook
+
+## Project
+- Path: `src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj`
+- Module: `Zastava`
+- Kind: `WebService`
+- SDK: `Microsoft.NET.Sdk.Web`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 8
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs` (359 lines)
+  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/FacetAdmissionValidator.cs` (252 lines)
+  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs` (226 lines)
+  - `src/Zastava/StellaOps.Zastava.Webhook/Configuration/ZastavaWebhookOptions.cs` (179 lines)
+  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewParser.cs` (154 lines)
+  - `src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs` (127 lines)
+  - `src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs` (115 lines)
+  - `src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs` (103 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: FAIL
+- Expected layers: Unit, Integration, Security, Offline
+- Detected test projects: src/Zastava/__Tests/StellaOps.Zastava.Webhook.Tests/StellaOps.Zastava.Webhook.Tests.csproj [Unit]
+- Missing layers: Integration, Security, Offline
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- Add integration tests for cross-component flows.
+- Add security tests for authn/authz or input validation.
+- Add offline/airgap coverage with fixtures only.

docs-archived/implplan-blocked/audits/csproj-standards/Zastava/__Libraries/StellaOps.Zastava.Core/StellaOps.Zastava.Core.md

@@ -0,0 +1,48 @@
+# Audit - StellaOps.Zastava.Core
+
+## Project
+- Path: `src/Zastava/__Libraries/StellaOps.Zastava.Core/StellaOps.Zastava.Core.csproj`
+- Module: `Zastava`
+- Kind: `Library`
+- SDK: `Microsoft.NET.Sdk`
+- TargetFramework: `net10.0`
+- Audit date (UTC): 2026-01-30
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 9
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Analyzer enforcement: missing repo-wide (see summary).
+
+### Details
+- 100-line files:
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Security/ZastavaAuthorityTokenProvider.cs` (314 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Verdicts/VerdictObserverContracts.cs` (245 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Contracts/RuntimeEvent.cs` (188 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Validation/SurfaceCacheValidator.cs` (185 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Contracts/ZastavaContractVersions.cs` (173 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Configuration/ZastavaRuntimeOptions.cs` (149 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Http/OfflineStrictModeHandler.cs` (147 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/Serialization/ZastavaCanonicalJsonSerializer.cs` (119 lines)
+  - `src/Zastava/__Libraries/StellaOps.Zastava.Core/DependencyInjection/ZastavaServiceCollectionExtensions.cs` (118 lines)
+- Service locator matches:
+  - none
+
+### Fix Guidance
+- Split files over 100 lines into smaller types or partials.
+
+## Testing Fullness Findings
+- Status: PASS
+- Expected layers: Unit
+- Detected test projects: src/Zastava/__Tests/StellaOps.Zastava.Core.Tests/StellaOps.Zastava.Core.Tests.csproj [Unit]
+- Missing layers: none
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Offline execution (tests must run without network access).
+
+### Fix Guidance
+- None.