archive audit attempts

2026-02-19 22:00:31 +02:00
parent c2f13fe588
commit b5829dce5c
19638 changed files with 6366 additions and 7 deletions
--- a/docs-archived/implplan-blocked/audits/csproj-standards/src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj
+++ b/docs-archived/implplan-blocked/audits/csproj-standards/src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj
@@ -0,0 +1,132 @@
+# Audit - StellaOps.Zastava.Webhook
+
+## Project
+- Path: src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj
+- Module: Zastava
+- Kind: Library
+- Audit date (UTC): 2026-01-30
+- Files scanned: 32
+- Files with issues: 30
+- File-level report: docs/implplan/audits/csproj-standards/file-audit.csv
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 8
+- Namespace violations: 30
+- Using directive violations: 0
+- Naming violations (interfaces/fields/const/async): 0
+- Service locator usage (BuildServiceProvider/GetService): 0
+- Assembly.LoadFrom usage: 0
+
+### Details
+- 100-line files:
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs (227 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewParser.cs (155 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/FacetAdmissionValidator.cs (253 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs (360 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs (116 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs (104 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Configuration/ZastavaWebhookOptions.cs (180 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs (128 lines)
+- Namespace issues:
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionEndpoint.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionRequestContext.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewModels.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewParser.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/FacetAdmissionValidator.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/ImageDigestResolver.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimePolicyCache.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Authority/AuthorityTokenProvider.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/IRuntimePolicyClient.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyException.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyRequest.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyResponse.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Certificates/CsrCertificateSource.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Certificates/IWebhookCertificateProvider.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Certificates/WebhookCertificateHealthCheck.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Configuration/ZastavaWebhookOptions.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/WebhookRuntimeOptionsPostConfigure.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Hosting/StartupValidationHostedService.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/StellaOps.Zastava.Webhook.AssemblyInfo.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/StellaOps.Zastava.Webhook.GlobalUsings.g.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/StellaOps.Zastava.Webhook.MvcApplicationPartsAssemblyInfo.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/obj/Release/net10.0/StellaOps.Zastava.Webhook.GlobalUsings.g.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Secrets/WebhookSurfaceSecrets.cs: missing namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Surface/WebhookSurfaceFsClient.cs: missing namespace
+- Using directive issues:
+  - none
+- Naming issues:
+  - none
+- Async issues:
+  - none
+- Service locator matches:
+  - none
+- Assembly.LoadFrom matches:
+  - none
+
+### Fix Guidance
+- Normalize namespaces to file-scoped StellaOps.<Area>.
+- Split files over 100 lines into smaller types or partials.
+
+## File-Level Findings
+- Status: FAIL
+- Files scanned: 32
+- Files with issues: 30
+- See docs/implplan/audits/csproj-standards/file-audit.csv for full per-file status.
+
+| File | Issues | Fix guidance |
+| --- | --- | --- |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionEndpoint.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionRequestContext.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewModels.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewParser.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/FacetAdmissionValidator.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/ImageDigestResolver.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimePolicyCache.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Authority/AuthorityTokenProvider.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Backend/IRuntimePolicyClient.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyException.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyRequest.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyResponse.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Certificates/CsrCertificateSource.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Certificates/IWebhookCertificateProvider.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Certificates/WebhookCertificateHealthCheck.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Configuration/ZastavaWebhookOptions.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs | FileLength>100; NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>;; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/WebhookRuntimeOptionsPostConfigure.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Hosting/StartupValidationHostedService.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/StellaOps.Zastava.Webhook.AssemblyInfo.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/StellaOps.Zastava.Webhook.GlobalUsings.g.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/obj/Debug/net10.0/StellaOps.Zastava.Webhook.MvcApplicationPartsAssemblyInfo.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/obj/Release/net10.0/StellaOps.Zastava.Webhook.GlobalUsings.g.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Secrets/WebhookSurfaceSecrets.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+| src/Zastava/StellaOps.Zastava.Webhook/Surface/WebhookSurfaceFsClient.cs | NamespaceMissing | Add file-scoped namespace: namespace StellaOps.<Area>; |
+
+## Testing Fullness Findings
+- Status: PASS
+- Expected layers (heuristic): Unit
+- Detected test projects: src/Zastava/__Tests/StellaOps.Zastava.Webhook.Tests/StellaOps.Zastava.Webhook.Tests.csproj [Unit]
+- Missing layers: none
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Intent tags for regulatory modules (Policy, Authority, Signer, Attestor, EvidenceLocker).
+- Offline execution (tests must run without network access).
+- Coverage matrix alignment (docs/technical/testing/TEST_COVERAGE_MATRIX.md).
+
+### Fix Guidance
+- None.
--- a/docs-archived/implplan-blocked/audits/csproj-standards/src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.md
+++ b/docs-archived/implplan-blocked/audits/csproj-standards/src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.md
@@ -0,0 +1,116 @@
+# Audit - StellaOps.Zastava.Webhook
+
+## Project
+- Path: src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj
+- Module: Zastava
+- Kind: Library
+- Audit date (UTC): 2026-01-31
+- Files scanned: 27
+- Files with issues: 17
+- File-level report: docs/implplan/audits/csproj-standards/file-audit.csv
+
+## Coding Standards Findings
+- Status: FAIL
+- Nullable: enable
+- TreatWarningsAsErrors: explicit true
+- Deterministic: inherited true
+- 100-line rule violations: 8
+- Namespace violations: 1
+- Using directive violations: 4
+- Naming violations (interfaces/fields/const/async): 18
+- Service locator usage (BuildServiceProvider/GetService): 4
+- Assembly.LoadFrom usage: 0
+
+### Details
+- 100-line files:
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs (228 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewParser.cs (155 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/FacetAdmissionValidator.cs (254 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs (361 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs (117 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs (105 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/Configuration/ZastavaWebhookOptions.cs (181 lines)
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs (129 lines)
+- Namespace issues:
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs: namespace not StellaOps.*
+- Using directive issues:
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionEndpoint.cs: using directives inside namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs: using directives inside namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs: using directives inside namespace
+  - src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs: using directives inside namespace
+- Naming issues:
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionEndpoint.cs: private field naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/ImageDigestResolver.cs: private field naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs: private field naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimePolicyCache.cs: private field naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Authority/AuthorityTokenProvider.cs: private field naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs: private field naming
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs: private field naming
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/WebhookRuntimeOptionsPostConfigure.cs: private field naming
+- Async issues:
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs: async method naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs: blocking async usage
+  - src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimePolicyCache.cs: blocking async usage
+  - src/Zastava/StellaOps.Zastava.Webhook/Authority/AuthorityTokenProvider.cs: async method naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Authority/AuthorityTokenProvider.cs: missing ConfigureAwait(false)
+  - src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs: async method naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Hosting/StartupValidationHostedService.cs: async method naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Hosting/StartupValidationHostedService.cs: missing ConfigureAwait(false)
+  - src/Zastava/StellaOps.Zastava.Webhook/Secrets/WebhookSurfaceSecrets.cs: async method naming
+  - src/Zastava/StellaOps.Zastava.Webhook/Surface/WebhookSurfaceFsClient.cs: async method naming
+- Service locator matches:
+  - src/Zastava/StellaOps.Zastava.Webhook/Program.cs:36 var certificateProvider = options.ApplicationServices?.GetRequiredService<IWebhookCertificateProvider>()
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs:50 options.TenantResolver = sp => sp.GetRequiredService<IOptions<ZastavaRuntimeOptions>>().Value.Tenant;
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs:64 services.TryAddSingleton(sp => sp.GetRequiredService<ISurfaceEnvironment>().Settings);
+  - src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs:78 var backend = provider.GetRequiredService<IOptions<ZastavaWebhookOptions>>().Value.Backend;
+- Assembly.LoadFrom matches:
+  - none
+
+### Fix Guidance
+- Align interface/field/const naming to standards.
+- Move and sort using directives (outside namespace).
+- Normalize namespaces to file-scoped StellaOps.<Area>.
+- Rename async methods and avoid blocking async calls.
+- Replace service locator usage with constructor injection.
+- Split files over 100 lines into smaller types or partials.
+
+## File-Level Findings
+- Status: FAIL
+- Files scanned: 27
+- Files with issues: 17
+- See docs/implplan/audits/csproj-standards/file-audit.csv for full per-file status.
+
+| File | Issues | Fix guidance |
+| --- | --- | --- |
+| src/Zastava/StellaOps.Zastava.Webhook/Program.cs | ServiceLocator | Remove service locator usage; use constructor injection. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionEndpoint.cs | PrivateFieldNaming; UsingInsideNamespace | Move using directives outside namespace.; Rename private fields to _camelCase. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs | FileLength>100; UsingInsideNamespace | Move using directives outside namespace.; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewParser.cs | FileLength>100 | Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/FacetAdmissionValidator.cs | FileLength>100 | Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/ImageDigestResolver.cs | PrivateFieldNaming | Rename private fields to _camelCase. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs | AsyncNaming; BlockingAsync; FileLength>100; PrivateFieldNaming | Rename async methods to end with Async.; Rename private fields to _camelCase.; Replace .Result/.Wait/GetAwaiter().GetResult() with await.; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimePolicyCache.cs | BlockingAsync; PrivateFieldNaming | Rename private fields to _camelCase.; Replace .Result/.Wait/GetAwaiter().GetResult() with await. |
+| src/Zastava/StellaOps.Zastava.Webhook/Authority/AuthorityTokenProvider.cs | AsyncNaming; ConfigureAwaitMissing; PrivateFieldNaming | Add ConfigureAwait(false) to awaited calls in library-like code.; Rename async methods to end with Async.; Rename private fields to _camelCase. |
+| src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs | AsyncNaming; FileLength>100; PrivateFieldNaming; UsingInsideNamespace | Move using directives outside namespace.; Rename async methods to end with Async.; Rename private fields to _camelCase.; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs | FileLength>100; UsingInsideNamespace | Move using directives outside namespace.; Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/Configuration/ZastavaWebhookOptions.cs | FileLength>100 | Split file to stay <= 100 lines. |
+| src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs | FileLength>100; NamespaceNotStellaOps; PrivateFieldNaming; ServiceLocator | Remove service locator usage; use constructor injection.; Rename private fields to _camelCase.; Split file to stay <= 100 lines.; Update namespace to StellaOps.<Area>. |
+| src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/WebhookRuntimeOptionsPostConfigure.cs | PrivateFieldNaming | Rename private fields to _camelCase. |
+| src/Zastava/StellaOps.Zastava.Webhook/Hosting/StartupValidationHostedService.cs | AsyncNaming; ConfigureAwaitMissing | Add ConfigureAwait(false) to awaited calls in library-like code.; Rename async methods to end with Async. |
+| src/Zastava/StellaOps.Zastava.Webhook/Secrets/WebhookSurfaceSecrets.cs | AsyncNaming | Rename async methods to end with Async. |
+| src/Zastava/StellaOps.Zastava.Webhook/Surface/WebhookSurfaceFsClient.cs | AsyncNaming | Rename async methods to end with Async. |
+
+## Testing Fullness Findings
+- Status: PASS
+- Expected layers (heuristic): Unit
+- Detected test projects: src/Zastava/__Tests/StellaOps.Zastava.Webhook.Tests/StellaOps.Zastava.Webhook.Tests.csproj [Unit]
+- Missing layers: none
+
+### Manual checks required
+- Observability contract tests for WebService/Worker.
+- Intent tags for regulatory modules (Policy, Authority, Signer, Attestor, EvidenceLocker).
+- Offline execution (tests must run without network access).
+- Coverage matrix alignment (docs/technical/testing/TEST_COVERAGE_MATRIX.md).
+
+### Fix Guidance
+- None.