audit, advisories and doctors/setup work

docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md

@@ -25,27 +25,27 @@ Bulk task definitions (applies to every project row below):
 | --- | --- | --- | --- | --- | --- |
 | 1 | AUDIT-0001-M | DONE | Revalidated 2026-01-08 | Guild | devops/services/crypto/sim-crypto-service/SimCryptoService.csproj - MAINT |
 | 2 | AUDIT-0001-T | DONE | Revalidated 2026-01-08 | Guild | devops/services/crypto/sim-crypto-service/SimCryptoService.csproj - TEST |
-| 3 | AUDIT-0001-A | TODO | Approved 2026-01-12 | Guild | devops/services/crypto/sim-crypto-service/SimCryptoService.csproj - APPLY |
+| 3 | AUDIT-0001-A | DONE | Applied 2026-01-13 | Guild | devops/services/crypto/sim-crypto-service/SimCryptoService.csproj - APPLY |
 | 4 | AUDIT-0002-M | DONE | Revalidated 2026-01-08 | Guild | devops/services/crypto/sim-crypto-smoke/SimCryptoSmoke.csproj - MAINT |
 | 5 | AUDIT-0002-T | DONE | Revalidated 2026-01-08 | Guild | devops/services/crypto/sim-crypto-smoke/SimCryptoSmoke.csproj - TEST |
-| 6 | AUDIT-0002-A | TODO | Approved 2026-01-12 | Guild | devops/services/crypto/sim-crypto-smoke/SimCryptoSmoke.csproj - APPLY |
+| 6 | AUDIT-0002-A | DONE | Applied 2026-01-13 | Guild | devops/services/crypto/sim-crypto-smoke/SimCryptoSmoke.csproj - APPLY |
 | 7 | AUDIT-0003-M | DONE | Revalidated 2026-01-08 | Guild | devops/services/cryptopro/linux-csp-service/CryptoProLinuxApi.csproj - MAINT |
 | 8 | AUDIT-0003-T | DONE | Revalidated 2026-01-08 | Guild | devops/services/cryptopro/linux-csp-service/CryptoProLinuxApi.csproj - TEST |
-| 9 | AUDIT-0003-A | TODO | Approved 2026-01-12 | Guild | devops/services/cryptopro/linux-csp-service/CryptoProLinuxApi.csproj - APPLY |
+| 9 | AUDIT-0003-A | DONE | Applied 2026-01-13 | Guild | devops/services/cryptopro/linux-csp-service/CryptoProLinuxApi.csproj - APPLY |
 | 10 | AUDIT-0004-M | DONE | Revalidated 2026-01-08 | Guild | devops/tools/nuget-prime/nuget-prime.csproj - MAINT |
 | 11 | AUDIT-0004-T | DONE | Revalidated 2026-01-08 | Guild | devops/tools/nuget-prime/nuget-prime.csproj - TEST |
-| 12 | AUDIT-0004-A | TODO | Approved 2026-01-12 | Guild | devops/tools/nuget-prime/nuget-prime.csproj - APPLY |
+| 12 | AUDIT-0004-A | DONE | Applied 2026-01-13 | Guild | devops/tools/nuget-prime/nuget-prime.csproj - APPLY |
 | 13 | AUDIT-0005-M | DONE | Revalidated 2026-01-08 | Guild | devops/tools/nuget-prime/nuget-prime-v9.csproj - MAINT |
 | 14 | AUDIT-0005-T | DONE | Revalidated 2026-01-08 | Guild | devops/tools/nuget-prime/nuget-prime-v9.csproj - TEST |
-| 15 | AUDIT-0005-A | TODO | Approved 2026-01-12 | Guild | devops/tools/nuget-prime/nuget-prime-v9.csproj - APPLY |
+| 15 | AUDIT-0005-A | DONE | Applied 2026-01-13 | Guild | devops/tools/nuget-prime/nuget-prime-v9.csproj - APPLY |
 | 16 | AUDIT-0006-M | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - MAINT |
-| 17 | AUDIT-0006-T | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - TEST |
+| 17 | AUDIT-0006-T | DONE | Waived 2026-01-13 (template package; content-only) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - TEST |
 | 18 | AUDIT-0006-A | DONE | Waived (doc template) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - APPLY |
 | 19 | AUDIT-0007-M | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - MAINT |
-| 20 | AUDIT-0007-T | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - TEST |
+| 20 | AUDIT-0007-T | DONE | Applied 2026-01-13; test scaffolding added | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - TEST |
 | 21 | AUDIT-0007-A | DONE | Waived (doc template) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - APPLY |
 | 22 | AUDIT-0008-M | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - MAINT |
-| 23 | AUDIT-0008-T | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - TEST |
+| 23 | AUDIT-0008-T | DONE | Applied 2026-01-13; test scaffolding added | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - TEST |
 | 24 | AUDIT-0008-A | DONE | Waived (doc template) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - APPLY |
 | 25 | AUDIT-0009-M | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/templates/excititor-connector/src/Excititor.MyConnector.csproj - MAINT |
 | 26 | AUDIT-0009-T | DONE | Revalidated 2026-01-08 (doc template) | Guild | docs/dev/templates/excititor-connector/src/Excititor.MyConnector.csproj - TEST |
@@ -118,7 +118,7 @@ Bulk task definitions (applies to every project row below):
 | 93 | AUDIT-0031-A | DONE | Waived (test project) | Guild | src/__Libraries/__Tests/StellaOps.Plugin.Tests/StellaOps.Plugin.Tests.csproj - APPLY |
 | 94 | AUDIT-0032-M | DONE | Revalidated 2026-01-08 (test project) | Guild | src/__Libraries/__Tests/StellaOps.Provcache.Tests/StellaOps.Provcache.Tests.csproj - MAINT |
 | 95 | AUDIT-0032-T | DONE | Revalidated 2026-01-08 (test project) | Guild | src/__Libraries/__Tests/StellaOps.Provcache.Tests/StellaOps.Provcache.Tests.csproj - TEST |
-| 96 | AUDIT-0032-A | DONE | Waived (test project) | Guild | src/__Libraries/__Tests/StellaOps.Provcache.Tests/StellaOps.Provcache.Tests.csproj - APPLY |
+| 96 | AUDIT-0032-A | DONE | Applied 2026-01-13 (deterministic fixtures, Integration tagging, warnings-as-errors) | Guild | src/__Libraries/__Tests/StellaOps.Provcache.Tests/StellaOps.Provcache.Tests.csproj - APPLY |
 | 97 | AUDIT-0033-M | DONE | Revalidated 2026-01-08 (test project) | Guild | src/__Libraries/__Tests/StellaOps.Provenance.Tests/StellaOps.Provenance.Tests.csproj - MAINT |
 | 98 | AUDIT-0033-T | DONE | Revalidated 2026-01-08 (test project) | Guild | src/__Libraries/__Tests/StellaOps.Provenance.Tests/StellaOps.Provenance.Tests.csproj - TEST |
 | 99 | AUDIT-0033-A | DONE | Waived (test project) | Guild | src/__Libraries/__Tests/StellaOps.Provenance.Tests/StellaOps.Provenance.Tests.csproj - APPLY |
@@ -310,22 +310,22 @@ Bulk task definitions (applies to every project row below):
 | 285 | AUDIT-0095-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Plugin/StellaOps.Plugin.csproj - APPLY |
 | 286 | AUDIT-0096-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Policy.Tools/StellaOps.Policy.Tools.csproj - MAINT |
 | 287 | AUDIT-0096-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Policy.Tools/StellaOps.Policy.Tools.csproj - TEST |
-| 288 | AUDIT-0096-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Policy.Tools/StellaOps.Policy.Tools.csproj - APPLY |
+| 288 | AUDIT-0096-A | DONE | Applied 2026-01-14 (determinism, parsing guards, tests) | Guild | src/__Libraries/StellaOps.Policy.Tools/StellaOps.Policy.Tools.csproj - APPLY |
 | 289 | AUDIT-0097-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.PolicyAuthoritySignals.Contracts/StellaOps.PolicyAuthoritySignals.Contracts.csproj - MAINT |
 | 290 | AUDIT-0097-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.PolicyAuthoritySignals.Contracts/StellaOps.PolicyAuthoritySignals.Contracts.csproj - TEST |
 | 291 | AUDIT-0097-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.PolicyAuthoritySignals.Contracts/StellaOps.PolicyAuthoritySignals.Contracts.csproj - APPLY |
 | 292 | AUDIT-0098-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache.Api/StellaOps.Provcache.Api.csproj - MAINT |
 | 293 | AUDIT-0098-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache.Api/StellaOps.Provcache.Api.csproj - TEST |
-| 294 | AUDIT-0098-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Provcache.Api/StellaOps.Provcache.Api.csproj - APPLY |
+| 294 | AUDIT-0098-A | DONE | Applied 2026-01-13 (error redaction, ordering, pagination validation, tests) | Guild | src/__Libraries/StellaOps.Provcache.Api/StellaOps.Provcache.Api.csproj - APPLY |
 | 295 | AUDIT-0099-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache.Postgres/StellaOps.Provcache.Postgres.csproj - MAINT |
 | 296 | AUDIT-0099-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache.Postgres/StellaOps.Provcache.Postgres.csproj - TEST |
-| 297 | AUDIT-0099-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Provcache.Postgres/StellaOps.Provcache.Postgres.csproj - APPLY |
+| 297 | AUDIT-0099-A | DONE | Applied 2026-01-13 (canonical replay seed serialization; test gaps tracked) | Guild | src/__Libraries/StellaOps.Provcache.Postgres/StellaOps.Provcache.Postgres.csproj - APPLY |
 | 298 | AUDIT-0100-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache.Valkey/StellaOps.Provcache.Valkey.csproj - MAINT |
 | 299 | AUDIT-0100-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache.Valkey/StellaOps.Provcache.Valkey.csproj - TEST |
-| 300 | AUDIT-0100-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Provcache.Valkey/StellaOps.Provcache.Valkey.csproj - APPLY |
+| 300 | AUDIT-0100-A | DONE | Applied 2026-01-13 (SCAN invalidation, cancellation propagation; test gaps tracked) | Guild | src/__Libraries/StellaOps.Provcache.Valkey/StellaOps.Provcache.Valkey.csproj - APPLY |
 | 301 | AUDIT-0101-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache/StellaOps.Provcache.csproj - MAINT |
 | 302 | AUDIT-0101-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provcache/StellaOps.Provcache.csproj - TEST |
-| 303 | AUDIT-0101-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Provcache/StellaOps.Provcache.csproj - APPLY |
+| 303 | AUDIT-0101-A | DONE | Applied 2026-01-13 | Guild | src/__Libraries/StellaOps.Provcache/StellaOps.Provcache.csproj - APPLY |
 | 304 | AUDIT-0102-M | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provenance/StellaOps.Provenance.csproj - MAINT |
 | 305 | AUDIT-0102-T | DONE | Revalidated 2026-01-08 | Guild | src/__Libraries/StellaOps.Provenance/StellaOps.Provenance.csproj - TEST |
 | 306 | AUDIT-0102-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Provenance/StellaOps.Provenance.csproj - APPLY |
@@ -361,7 +361,7 @@ Bulk task definitions (applies to every project row below):
 | 336 | AUDIT-0112-A | TODO | Approved 2026-01-12 (revalidated 2026-01-08) | Guild | src/__Libraries/StellaOps.Spdx3/StellaOps.Spdx3.csproj - APPLY |
 | 337 | AUDIT-0113-M | DONE | Revalidated 2026-01-12 | Guild | src/__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj - MAINT |
 | 338 | AUDIT-0113-T | DONE | Revalidated 2026-01-12 | Guild | src/__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj - TEST |
-| 339 | AUDIT-0113-A | TODO | Approved 2026-01-12 | Guild | src/__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj - APPLY |
+| 339 | AUDIT-0113-A | DONE | Applied 2026-01-13 | Guild | src/__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj - APPLY |
 | 340 | AUDIT-0114-M | DONE | Revalidated 2026-01-12 | Guild | src/__Libraries/StellaOps.Verdict/StellaOps.Verdict.csproj - MAINT |
 | 341 | AUDIT-0114-T | DONE | Revalidated 2026-01-12 | Guild | src/__Libraries/StellaOps.Verdict/StellaOps.Verdict.csproj - TEST |
 | 342 | AUDIT-0114-A | TODO | Approved 2026-01-12 | Guild | src/__Libraries/StellaOps.Verdict/StellaOps.Verdict.csproj - APPLY |
@@ -529,7 +529,7 @@ Bulk task definitions (applies to every project row below):
 | 504 | AUDIT-0168-A | TODO | Approved 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj - APPLY |
 | 505 | AUDIT-0169-M | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj - MAINT |
 | 506 | AUDIT-0169-T | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj - TEST |
-| 507 | AUDIT-0169-A | TODO | Approved 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj - APPLY |
+| 507 | AUDIT-0169-A | DONE | Applied 2026-01-14 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj - APPLY |
 | 508 | AUDIT-0170-M | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj - MAINT |
 | 509 | AUDIT-0170-T | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj - TEST |
 | 510 | AUDIT-0170-A | TODO | Approved 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj - APPLY |
@@ -1072,7 +1072,7 @@ Bulk task definitions (applies to every project row below):
 | 1047 | AUDIT-0349-A | TODO | Approved 2026-01-12 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Vmware/StellaOps.Concelier.Connector.Vndr.Vmware.csproj - APPLY |
 | 1048 | AUDIT-0350-M | DONE | Revalidated 2026-01-12 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core/StellaOps.Concelier.Core.csproj - MAINT |
 | 1049 | AUDIT-0350-T | DONE | Revalidated 2026-01-12 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core/StellaOps.Concelier.Core.csproj - TEST |
-| 1050 | AUDIT-0350-A | TODO | Approved 2026-01-12 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core/StellaOps.Concelier.Core.csproj - APPLY |
+| 1050 | AUDIT-0350-A | DONE | Applied 2026-01-13 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core/StellaOps.Concelier.Core.csproj - APPLY |
 | 1051 | AUDIT-0351-M | DONE | Revalidated 2026-01-12 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Exporter.Json/StellaOps.Concelier.Exporter.Json.csproj - MAINT |
 | 1052 | AUDIT-0351-T | DONE | Revalidated 2026-01-12 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Exporter.Json/StellaOps.Concelier.Exporter.Json.csproj - TEST |
 | 1053 | AUDIT-0351-A | TODO | Approved 2026-01-12 | Guild | src/Concelier/__Libraries/StellaOps.Concelier.Exporter.Json/StellaOps.Concelier.Exporter.Json.csproj - APPLY |
@@ -1273,7 +1273,7 @@ Bulk task definitions (applies to every project row below):
 | 1248 | AUDIT-0416-A | TODO | Approved 2026-01-12 | Guild | src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj - APPLY |
 | 1249 | AUDIT-0417-M | DONE | Revalidated 2026-01-12 | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - MAINT |
 | 1250 | AUDIT-0417-T | DONE | Revalidated 2026-01-12 | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - TEST |
-| 1251 | AUDIT-0417-A | TODO | Approved 2026-01-12 | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - APPLY |
+| 1251 | AUDIT-0417-A | DONE | Applied 2026-01-13; TimeProvider defaults, ASCII cleanup, federation tests | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - APPLY |
 | 1252 | AUDIT-0418-M | DONE | Revalidated 2026-01-12 | Guild | src/Cryptography/StellaOps.Cryptography.Profiles.Ecdsa/StellaOps.Cryptography.Profiles.Ecdsa.csproj - MAINT |
 | 1253 | AUDIT-0418-T | DONE | Revalidated 2026-01-12 | Guild | src/Cryptography/StellaOps.Cryptography.Profiles.Ecdsa/StellaOps.Cryptography.Profiles.Ecdsa.csproj - TEST |
 | 1254 | AUDIT-0418-A | TODO | Approved 2026-01-12 | Guild | src/Cryptography/StellaOps.Cryptography.Profiles.Ecdsa/StellaOps.Cryptography.Profiles.Ecdsa.csproj - APPLY |
@@ -1426,7 +1426,7 @@ Bulk task definitions (applies to every project row below):
 | 1401 | AUDIT-0467-A | TODO | Approved 2026-01-12 | Guild | src/Excititor/StellaOps.Excititor.WebService/StellaOps.Excititor.WebService.csproj - APPLY |
 | 1402 | AUDIT-0468-M | DONE | Revalidated 2026-01-12 | Guild | src/Excititor/StellaOps.Excititor.Worker/StellaOps.Excititor.Worker.csproj - MAINT |
 | 1403 | AUDIT-0468-T | DONE | Revalidated 2026-01-12 | Guild | src/Excititor/StellaOps.Excititor.Worker/StellaOps.Excititor.Worker.csproj - TEST |
-| 1404 | AUDIT-0468-A | TODO | Approved 2026-01-12 | Guild | src/Excititor/StellaOps.Excititor.Worker/StellaOps.Excititor.Worker.csproj - APPLY |
+| 1404 | AUDIT-0468-A | DONE | Applied 2026-01-13; determinism, DI, tests | Guild | src/Excititor/StellaOps.Excititor.Worker/StellaOps.Excititor.Worker.csproj - APPLY |
 | 1405 | AUDIT-0469-M | DONE | Revalidated 2026-01-12 | Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles/StellaOps.ExportCenter.RiskBundles.csproj - MAINT |
 | 1406 | AUDIT-0469-T | DONE | Revalidated 2026-01-12 | Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles/StellaOps.ExportCenter.RiskBundles.csproj - TEST |
 | 1407 | AUDIT-0469-A | TODO | Approved 2026-01-12 | Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles/StellaOps.ExportCenter.RiskBundles.csproj - APPLY |
@@ -1816,7 +1816,7 @@ Bulk task definitions (applies to every project row below):
 | 1791 | AUDIT-0597-A | TODO | Approved 2026-01-12 | Guild | src/Router/__Libraries/StellaOps.Microservice.SourceGen/StellaOps.Microservice.SourceGen.csproj - APPLY |
 | 1792 | AUDIT-0598-M | DONE | Revalidated 2026-01-12 | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - MAINT |
 | 1793 | AUDIT-0598-T | DONE | Revalidated 2026-01-12 | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - TEST |
-| 1794 | AUDIT-0598-A | TODO | Approved 2026-01-12 | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - APPLY |
+| 1794 | AUDIT-0598-A | DONE | Applied 2026-01-13; hotlist fixes and tests | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - APPLY |
 | 1795 | AUDIT-0599-M | DONE | Revalidated 2026-01-12 | Guild | src/Router/__Libraries/StellaOps.Router.AspNet/StellaOps.Router.AspNet.csproj - MAINT |
 | 1796 | AUDIT-0599-T | DONE | Revalidated 2026-01-12 | Guild | src/Router/__Libraries/StellaOps.Router.AspNet/StellaOps.Router.AspNet.csproj - TEST |
 | 1797 | AUDIT-0599-A | TODO | Approved 2026-01-12 | Guild | src/Router/__Libraries/StellaOps.Router.AspNet/StellaOps.Router.AspNet.csproj - APPLY |
@@ -2074,7 +2074,7 @@ Bulk task definitions (applies to every project row below):
 | 2049 | AUDIT-0683-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/StellaOps.Scanner.SmartDiff.csproj - APPLY |
 | 2050 | AUDIT-0684-M | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.Sources/StellaOps.Scanner.Sources.csproj - MAINT |
 | 2051 | AUDIT-0684-T | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.Sources/StellaOps.Scanner.Sources.csproj - TEST |
-| 2052 | AUDIT-0684-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.Sources/StellaOps.Scanner.Sources.csproj - APPLY |
+| 2052 | AUDIT-0684-A | DONE | Applied 2026-01-14 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.Sources/StellaOps.Scanner.Sources.csproj - APPLY |
 | 2053 | AUDIT-0685-M | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/StellaOps.Scanner.Storage.Oci.csproj - MAINT |
 | 2054 | AUDIT-0685-T | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/StellaOps.Scanner.Storage.Oci.csproj - TEST |
 | 2055 | AUDIT-0685-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/StellaOps.Scanner.Storage.Oci.csproj - APPLY |
@@ -2236,7 +2236,7 @@ Bulk task definitions (applies to every project row below):
 | 2211 | AUDIT-0737-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/StellaOps.Scanner.SmartDiff.Tests.csproj - APPLY |
 | 2212 | AUDIT-0738-M | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/StellaOps.Scanner.Sources.Tests.csproj - MAINT |
 | 2213 | AUDIT-0738-T | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/StellaOps.Scanner.Sources.Tests.csproj - TEST |
-| 2214 | AUDIT-0738-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/StellaOps.Scanner.Sources.Tests.csproj - APPLY |
+| 2214 | AUDIT-0738-A | DONE | Applied 2026-01-14 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/StellaOps.Scanner.Sources.Tests.csproj - APPLY |
 | 2215 | AUDIT-0739-M | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Storage.Oci.Tests/StellaOps.Scanner.Storage.Oci.Tests.csproj - MAINT |
 | 2216 | AUDIT-0739-T | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Storage.Oci.Tests/StellaOps.Scanner.Storage.Oci.Tests.csproj - TEST |
 | 2217 | AUDIT-0739-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Storage.Oci.Tests/StellaOps.Scanner.Storage.Oci.Tests.csproj - APPLY |
@@ -2266,7 +2266,7 @@ Bulk task definitions (applies to every project row below):
 | 2241 | AUDIT-0747-A | DONE | Applied 2026-01-13 | Guild | src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/StellaOps.Scanner.WebService.Tests.csproj - APPLY |
 | 2242 | AUDIT-0748-M | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - MAINT |
 | 2243 | AUDIT-0748-T | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - TEST |
-| 2244 | AUDIT-0748-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - APPLY |
+| 2244 | AUDIT-0748-A | DONE | Applied 2026-01-13 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - APPLY |
 | 2245 | AUDIT-0749-M | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native/StellaOps.Scanner.Analyzers.Native.csproj - MAINT |
 | 2246 | AUDIT-0749-T | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native/StellaOps.Scanner.Analyzers.Native.csproj - TEST |
 | 2247 | AUDIT-0749-A | DONE | Applied 2026-01-13 | Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native/StellaOps.Scanner.Analyzers.Native.csproj - APPLY |
@@ -2278,7 +2278,7 @@ Bulk task definitions (applies to every project row below):
 | 2253 | AUDIT-0751-A | DONE | Applied 2026-01-13 | Guild | src/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj - APPLY |
 | 2254 | AUDIT-0752-M | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - MAINT |
 | 2255 | AUDIT-0752-T | DONE | Revalidated 2026-01-12 | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - TEST |
-| 2256 | AUDIT-0752-A | TODO | Approved 2026-01-12 | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - APPLY |
+| 2256 | AUDIT-0752-A | DONE | Applied 2026-01-13 | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - APPLY |
 | 2257 | AUDIT-0753-M | DONE | Revalidated 2026-01-12 | Guild | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/StellaOps.Scheduler.ImpactIndex.csproj - MAINT |
 | 2258 | AUDIT-0753-T | DONE | Revalidated 2026-01-12 | Guild | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/StellaOps.Scheduler.ImpactIndex.csproj - TEST |
 | 2259 | AUDIT-0753-A | TODO | Approved 2026-01-12 | Guild | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/StellaOps.Scheduler.ImpactIndex.csproj - APPLY |
@@ -2344,7 +2344,7 @@ Bulk task definitions (applies to every project row below):
 | 2319 | AUDIT-0773-A | TODO | Approved 2026-01-12 | Guild | src/Signals/StellaOps.Signals.Scheduler/StellaOps.Signals.Scheduler.csproj - APPLY |
 | 2320 | AUDIT-0774-M | DONE | Revalidated 2026-01-12 | Guild | src/Signals/StellaOps.Signals/StellaOps.Signals.csproj - MAINT |
 | 2321 | AUDIT-0774-T | DONE | Revalidated 2026-01-12 | Guild | src/Signals/StellaOps.Signals/StellaOps.Signals.csproj - TEST |
-| 2322 | AUDIT-0774-A | TODO | Approved 2026-01-12 | Guild | src/Signals/StellaOps.Signals/StellaOps.Signals.csproj - APPLY |
+| 2322 | AUDIT-0774-A | DONE | Applied 2026-01-13 | Guild | src/Signals/StellaOps.Signals/StellaOps.Signals.csproj - APPLY |
 | 2323 | AUDIT-0775-M | DONE | Revalidated 2026-01-12 | Guild | src/Signer/__Libraries/StellaOps.Signer.Keyless/StellaOps.Signer.Keyless.csproj - MAINT |
 | 2324 | AUDIT-0775-T | DONE | Revalidated 2026-01-12 | Guild | src/Signer/__Libraries/StellaOps.Signer.Keyless/StellaOps.Signer.Keyless.csproj - TEST |
 | 2325 | AUDIT-0775-A | TODO | Approved 2026-01-12 | Guild | src/Signer/__Libraries/StellaOps.Signer.Keyless/StellaOps.Signer.Keyless.csproj - APPLY |
@@ -2548,7 +2548,7 @@ Bulk task definitions (applies to every project row below):
 | 2523 | AUDIT-0841-A | TODO | Approved 2026-01-12 | Guild | src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/StellaOps.VexLens.Core.csproj - APPLY |
 | 2524 | AUDIT-0842-M | DONE | Revalidated 2026-01-12 | Guild | src/VexLens/StellaOps.VexLens/StellaOps.VexLens.csproj - MAINT |
 | 2525 | AUDIT-0842-T | DONE | Revalidated 2026-01-12 | Guild | src/VexLens/StellaOps.VexLens/StellaOps.VexLens.csproj - TEST |
-| 2526 | AUDIT-0842-A | TODO | Approved 2026-01-12 | Guild | src/VexLens/StellaOps.VexLens/StellaOps.VexLens.csproj - APPLY |
+| 2526 | AUDIT-0842-A | DONE | Applied 2026-01-13 | Guild | src/VexLens/StellaOps.VexLens/StellaOps.VexLens.csproj - APPLY |
 | 2527 | AUDIT-0843-M | DONE | Revalidated 2026-01-12 | Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api/StellaOps.VulnExplorer.Api.csproj - MAINT |
 | 2528 | AUDIT-0843-T | DONE | Revalidated 2026-01-12 | Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api/StellaOps.VulnExplorer.Api.csproj - TEST |
 | 2529 | AUDIT-0843-A | TODO | Approved 2026-01-12 | Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api/StellaOps.VulnExplorer.Api.csproj - APPLY |
@@ -2569,7 +2569,7 @@ Bulk task definitions (applies to every project row below):
 | 2544 | AUDIT-0848-A | TODO | Approved 2026-01-12 | Guild | src/Zastava/StellaOps.Zastava.Agent/StellaOps.Zastava.Agent.csproj - APPLY |
 | 2545 | AUDIT-0849-M | DONE | Revalidated 2026-01-12 | Guild | src/Zastava/StellaOps.Zastava.Observer/StellaOps.Zastava.Observer.csproj - MAINT |
 | 2546 | AUDIT-0849-T | DONE | Revalidated 2026-01-12 | Guild | src/Zastava/StellaOps.Zastava.Observer/StellaOps.Zastava.Observer.csproj - TEST |
-| 2547 | AUDIT-0849-A | TODO | Approved 2026-01-12 | Guild | src/Zastava/StellaOps.Zastava.Observer/StellaOps.Zastava.Observer.csproj - APPLY |
+| 2547 | AUDIT-0849-A | DONE | Applied 2026-01-13 | Guild | src/Zastava/StellaOps.Zastava.Observer/StellaOps.Zastava.Observer.csproj - APPLY |
 | 2548 | AUDIT-0850-M | DONE | Revalidated 2026-01-12 | Guild | src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj - MAINT |
 | 2549 | AUDIT-0850-T | DONE | Revalidated 2026-01-12 | Guild | src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj - TEST |
 | 2550 | AUDIT-0850-A | TODO | Approved 2026-01-12 | Guild | src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj - APPLY |
@@ -2626,10 +2626,10 @@ Bulk task definitions (applies to every project row below):
 | 2601 | AUDIT-0866-A | DONE | Waived (test project; revalidated 2026-01-12) | Guild | src/__Tests/Integration/StellaOps.Integration.Immutability/StellaOps.Integration.Immutability.csproj - APPLY |
 | 2602 | AUDIT-0867-M | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Plugin.Unified/StellaOps.AdvisoryAI.Plugin.Unified.csproj - MAINT |
 | 2603 | AUDIT-0867-T | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Plugin.Unified/StellaOps.AdvisoryAI.Plugin.Unified.csproj - TEST |
-| 2604 | AUDIT-0867-A | TODO | Approved 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Plugin.Unified/StellaOps.AdvisoryAI.Plugin.Unified.csproj - APPLY |
+| 2604 | AUDIT-0867-A | DONE | Applied 2026-01-14 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Plugin.Unified/StellaOps.AdvisoryAI.Plugin.Unified.csproj - APPLY |
 | 2605 | AUDIT-0868-M | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Scm.Plugin.Unified/StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj - MAINT |
 | 2606 | AUDIT-0868-T | DONE | Revalidated 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Scm.Plugin.Unified/StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj - TEST |
-| 2607 | AUDIT-0868-A | TODO | Approved 2026-01-12 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Scm.Plugin.Unified/StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj - APPLY |
+| 2607 | AUDIT-0868-A | DONE | Applied 2026-01-14 | Guild | src/AdvisoryAI/StellaOps.AdvisoryAI.Scm.Plugin.Unified/StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj - APPLY |
 | 2608 | AUDIT-0869-M | DONE | Revalidated 2026-01-12 (test project) | Guild | src/Attestor/__Libraries/__Tests/StellaOps.Attestor.FixChain.Tests/StellaOps.Attestor.FixChain.Tests.csproj - MAINT |
 | 2609 | AUDIT-0869-T | DONE | Revalidated 2026-01-12 (test project) | Guild | src/Attestor/__Libraries/__Tests/StellaOps.Attestor.FixChain.Tests/StellaOps.Attestor.FixChain.Tests.csproj - TEST |
 | 2610 | AUDIT-0869-A | DONE | Waived (test project; revalidated 2026-01-12) | Guild | src/Attestor/__Libraries/__Tests/StellaOps.Attestor.FixChain.Tests/StellaOps.Attestor.FixChain.Tests.csproj - APPLY |
@@ -2650,7 +2650,7 @@ Bulk task definitions (applies to every project row below):
 | 2625 | AUDIT-0874-A | TODO | Approved 2026-01-12 | Guild | src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Diff/StellaOps.BinaryIndex.Diff.csproj - APPLY |
 | 2626 | AUDIT-0875-M | DONE | Revalidated 2026-01-12 | Guild | src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GoldenSet/StellaOps.BinaryIndex.GoldenSet.csproj - MAINT |
 | 2627 | AUDIT-0875-T | DONE | Revalidated 2026-01-12 | Guild | src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GoldenSet/StellaOps.BinaryIndex.GoldenSet.csproj - TEST |
-| 2628 | AUDIT-0875-A | TODO | Approved 2026-01-12 | Guild | src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GoldenSet/StellaOps.BinaryIndex.GoldenSet.csproj - APPLY |
+| 2628 | AUDIT-0875-A | DONE | Applied 2026-01-13; deterministic newlines, cleanup note, tests | Guild | src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GoldenSet/StellaOps.BinaryIndex.GoldenSet.csproj - APPLY |
 | 2629 | AUDIT-0876-M | DONE | Revalidated 2026-01-12 (test project) | Guild | src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/StellaOps.BinaryIndex.Analysis.Tests.csproj - MAINT |
 | 2630 | AUDIT-0876-T | DONE | Revalidated 2026-01-12 (test project) | Guild | src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/StellaOps.BinaryIndex.Analysis.Tests.csproj - TEST |
 | 2631 | AUDIT-0876-A | DONE | Waived (test project; revalidated 2026-01-12) | Guild | src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/StellaOps.BinaryIndex.Analysis.Tests.csproj - APPLY |
@@ -3083,7 +3083,13 @@ Bulk task definitions (applies to every project row below):
 | 2026-01-12 | Archived audit report and maint/test sprint to docs-archived/implplan/2025-12-29-csproj-audit; updated references and created pending apply sprint SPRINT_20260112_003_BE_csproj_audit_pending_apply.md. | Project Mgmt |
 | 2026-01-13 | Applied ExportCenter.WebService hotlist (AUDIT-0337-A/AUDIT-0475-A): determinism, DI guards, retention/TLS gating, tests. | Project Mgmt |
 | 2026-01-13 | Applied Scanner.Reachability hotlist (AUDIT-0681-A): DSSE PAE/canon, deterministic IDs, cancellation propagation, invariant formatting, tests. | Project Mgmt |
+| 2026-01-13 | Applied Concelier.WebService hotlist (AUDIT-0242-A/AUDIT-0417-A): TimeProvider timestamps, ASCII cleanup, federation tests. | Project Mgmt |
 | 2026-01-13 | Applied Evidence hotlist (AUDIT-0082-A/AUDIT-0279-A): determinism, schema validation, budgets, retention, tests. | Project Mgmt |
+| 2026-01-13 | Applied Scanner.Worker hotlist (AUDIT-0622-A/AUDIT-0748-A/AUDIT-0752-A): determinism, cancellation, DSSE canon, test fixes. | Project Mgmt |
+| 2026-01-13 | Applied Provcache hotlist (AUDIT-0101-A): HttpClientFactory/allowlist/timeouts, canonical JSON signing, signature verification, options validation, tests. | Project Mgmt |
+| 2026-01-13 | Applied Provcache.Api/Postgres/Valkey/test audit items (error redaction, ordering/pagination, CanonJson replay seeds, SCAN invalidation, deterministic fixtures); audit report and TASKS.md updated. | Project Mgmt |
+| 2026-01-13 | Applied Attestor.WebService hotlist (AUDIT-0072-A): feature gating removes disabled controllers, correlation ID provider, proof chain/verification summary fixes, tests updated. | Project Mgmt |
+| 2026-01-14 | Applied Policy.Tools hotlist (AUDIT-0096-A): LF schema output, fixed-time defaults, parsing guards, deterministic summary output, cancellation propagation, tests added. | Project Mgmt |
 | 2026-01-12 | Approved all pending APPLY tasks; updated tracker entries to Approved 2026-01-12. | Project Mgmt |
 | 2026-01-12 | Added Apply Status Summary to the audit report and created sprint `docs-archived/implplan/2026-01-12-csproj-audit-apply-backlog/SPRINT_20260112_002_BE_csproj_audit_apply_backlog.md` for pending APPLY backlog. | Project Mgmt |
 | 2026-01-12 | Added production test and reuse gap inventories to the audit report to complete per-project audit coverage. | Project Mgmt |
@@ -4239,6 +4245,7 @@ Bulk task definitions (applies to every project row below):
 | 2026-01-07 | Added AGENTS.md and TASKS.md for Router transport plugin tests. | Planning |
 | 2026-01-07 | Revalidated AUDIT-0764 (SbomService.Lineage); report and task trackers updated. | Planning |
 | 2026-01-07 | Added AGENTS.md and TASKS.md for SbomService Lineage library. | Planning |
+| 2026-01-13 | Applied devops test gap fixes for sim-crypto-service, sim-crypto-smoke, CryptoProLinuxApi, and nuget-prime (v10/v9); added tests and devops package versions. | Implementer |
 
 ## Decisions & Risks
 - **APPROVED 2026-01-12**: All pending APPLY tasks approved; remediation can proceed under module review gates.
@@ -4573,7 +4580,7 @@ Bulk task definitions (applies to every project row below):
 | 213 | AUDIT-0071-A | TODO | Reopened after revalidation 2026-01-06 | Guild | src/Attestor/StellaOps.Attestor.Verify/StellaOps.Attestor.Verify.csproj - APPLY |
 | 214 | AUDIT-0072-M | DONE | Revalidation 2026-01-06 | Guild | src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj - MAINT |
 | 215 | AUDIT-0072-T | DONE | Revalidation 2026-01-06 | Guild | src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj - TEST |
-| 216 | AUDIT-0072-A | TODO | Reopened after revalidation 2026-01-06 | Guild | src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj - APPLY |
+| 216 | AUDIT-0072-A | DONE | Applied 2026-01-13 | Guild | src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj - APPLY |
 | 217 | AUDIT-0073-M | DONE | Revalidation 2026-01-06 | Guild | src/__Libraries/StellaOps.Audit.ReplayToken/StellaOps.Audit.ReplayToken.csproj - MAINT |
 | 218 | AUDIT-0073-T | DONE | Revalidation 2026-01-06 | Guild | src/__Libraries/StellaOps.Audit.ReplayToken/StellaOps.Audit.ReplayToken.csproj - TEST |
 | 219 | AUDIT-0073-A | TODO | Reopened after revalidation 2026-01-06 | Guild | src/__Libraries/StellaOps.Audit.ReplayToken/StellaOps.Audit.ReplayToken.csproj - APPLY |
@@ -5083,7 +5090,7 @@ Bulk task definitions (applies to every project row below):
 | 723 | AUDIT-0241-A | DONE | Waived (test-support library; revalidated 2026-01-07) | Guild | src/__Tests/__Libraries/StellaOps.Concelier.Testing/StellaOps.Concelier.Testing.csproj - APPLY |
 | 724 | AUDIT-0242-M | DONE | Revalidated 2026-01-07 | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - MAINT |
 | 725 | AUDIT-0242-T | DONE | Revalidated 2026-01-07 | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - TEST |
-| 726 | AUDIT-0242-A | TODO | Revalidated 2026-01-07 (open findings) | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - APPLY |
+| 726 | AUDIT-0242-A | DONE | Applied 2026-01-13; TimeProvider defaults, ASCII cleanup, federation tests | Guild | src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj - APPLY |
 | 727 | AUDIT-0243-M | DONE | Revalidated 2026-01-07 | Guild | src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj - MAINT |
 | 728 | AUDIT-0243-T | DONE | Revalidated 2026-01-07 | Guild | src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj - TEST |
 | 729 | AUDIT-0243-A | DONE | Waived (test project; revalidated 2026-01-07) | Guild | src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj - APPLY |
@@ -5518,7 +5525,7 @@ Bulk task definitions (applies to every project row below):
 | 1158 | AUDIT-0386-A | DONE | Waived (test project; revalidated 2026-01-07) | Guild | src/__Libraries/__Tests/StellaOps.Metrics.Tests/StellaOps.Metrics.Tests.csproj - APPLY |
 | 1159 | AUDIT-0387-M | DONE | Revalidated 2026-01-07 | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - MAINT |
 | 1160 | AUDIT-0387-T | DONE | Revalidated 2026-01-07 | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - TEST |
-| 1161 | AUDIT-0387-A | TODO | Revalidated 2026-01-07 (open findings) | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - APPLY |
+| 1161 | AUDIT-0387-A | DONE | Applied 2026-01-13; superseded by AUDIT-0598-A | Guild | src/Router/__Libraries/StellaOps.Microservice/StellaOps.Microservice.csproj - APPLY |
 | 1162 | AUDIT-0388-M | DONE | Revalidated 2026-01-07 | Guild | src/Router/__Libraries/StellaOps.Microservice.AspNetCore/StellaOps.Microservice.AspNetCore.csproj - MAINT |
 | 1163 | AUDIT-0388-T | DONE | Revalidated 2026-01-07 | Guild | src/Router/__Libraries/StellaOps.Microservice.AspNetCore/StellaOps.Microservice.AspNetCore.csproj - TEST |
 | 1164 | AUDIT-0388-A | TODO | Revalidated 2026-01-07 (open findings) | Guild | src/Router/__Libraries/StellaOps.Microservice.AspNetCore/StellaOps.Microservice.AspNetCore.csproj - APPLY |
@@ -6226,10 +6233,10 @@ Bulk task definitions (applies to every project row below):
 | 1863 | AUDIT-0621-A | DONE | Waived (test project; revalidated 2026-01-08) | Guild | src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/StellaOps.Scanner.WebService.Tests.csproj - APPLY |
 | 1864 | AUDIT-0622-M | DONE | Revalidated 2026-01-08 | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - MAINT |
 | 1865 | AUDIT-0622-T | DONE | Revalidated 2026-01-08 | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - TEST |
-| 1866 | AUDIT-0622-A | TODO | Revalidated 2026-01-08 (open findings) | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - APPLY |
+| 1866 | AUDIT-0622-A | DONE | Applied 2026-01-13 | Guild | src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj - APPLY |
 | 1867 | AUDIT-0623-M | DONE | Revalidated 2026-01-08 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - MAINT |
 | 1868 | AUDIT-0623-T | DONE | Revalidated 2026-01-08 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - TEST |
-| 1869 | AUDIT-0623-A | DONE | Waived (test project; revalidated 2026-01-08) | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - APPLY |
+| 1869 | AUDIT-0623-A | DONE | Applied 2026-01-13 | Guild | src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj - APPLY |
 | 1870 | AUDIT-0624-M | DONE | Revalidated 2026-01-08 | Guild | src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/StellaOps.ScannerSignals.IntegrationTests.csproj - MAINT |
 | 1871 | AUDIT-0624-T | DONE | Revalidated 2026-01-08 | Guild | src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/StellaOps.ScannerSignals.IntegrationTests.csproj - TEST |
 | 1872 | AUDIT-0624-A | DONE | Waived (test project; revalidated 2026-01-08) | Guild | src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/StellaOps.ScannerSignals.IntegrationTests.csproj - APPLY |
@@ -6546,13 +6553,13 @@ Bulk task definitions (applies to every project row below):
 | 2177 | AUDIT-0725-T | DONE | Waived (docs/template project) | Guild | docs/modules/router/samples/tests/Examples.Integration.Tests/Examples.Integration.Tests.csproj - TEST |
 | 2178 | AUDIT-0725-A | DONE | Waived (docs/template project) | Guild | docs/modules/router/samples/tests/Examples.Integration.Tests/Examples.Integration.Tests.csproj - APPLY |
 | 2179 | AUDIT-0726-M | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - MAINT |
-| 2180 | AUDIT-0726-T | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - TEST |
+| 2180 | AUDIT-0726-T | DONE | Waived 2026-01-13 (template package; content-only) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - TEST |
 | 2181 | AUDIT-0726-A | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/StellaOps.Templates.csproj - APPLY |
 | 2182 | AUDIT-0727-M | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - MAINT |
-| 2183 | AUDIT-0727-T | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - TEST |
+| 2183 | AUDIT-0727-T | DONE | Applied 2026-01-13; test scaffolding added | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - TEST |
 | 2184 | AUDIT-0727-A | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-connector/StellaOps.Plugin.MyConnector.csproj - APPLY |
 | 2185 | AUDIT-0728-M | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - MAINT |
-| 2186 | AUDIT-0728-T | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - TEST |
+| 2186 | AUDIT-0728-T | DONE | Applied 2026-01-13; test scaffolding added | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - TEST |
 | 2187 | AUDIT-0728-A | DONE | Waived (docs/template project) | Guild | docs/dev/sdks/plugin-templates/stellaops-plugin-scheduler/StellaOps.Plugin.MyJob.csproj - APPLY |
 | 2188 | AUDIT-0729-M | DONE | Revalidated 2026-01-07 | Guild | src/Attestor/__Tests/StellaOps.Attestor.Infrastructure.Tests/StellaOps.Attestor.Infrastructure.Tests.csproj - MAINT |
 | 2189 | AUDIT-0729-T | DONE | Revalidated 2026-01-07 | Guild | src/Attestor/__Tests/StellaOps.Attestor.Infrastructure.Tests/StellaOps.Attestor.Infrastructure.Tests.csproj - TEST |
@@ -6980,6 +6987,7 @@ Bulk task definitions (applies to every project row below):
 ## Execution Log
 | Date (UTC) | Update | Owner |
 | --- | --- | --- |
+| 2026-01-13 | Applied Concelier.WebService hotlist (AUDIT-0242-A/AUDIT-0417-A): TimeProvider timestamps, ASCII cleanup, federation tests. | Project Mgmt |
 | 2026-01-07 | Revalidated AUDIT-0774 (PolicySchemaExporter.Tests); added AGENTS/TASKS; updated audit report. | Codex |
 | 2026-01-07 | Revalidated AUDIT-0773 (PolicyDslValidator.Tests); added AGENTS/TASKS; updated audit report. | Codex |
 | 2026-01-07 | Revalidated AUDIT-0772 (NotifySmokeCheck.Tests); added AGENTS/TASKS; updated audit report. | Codex |

docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_report.md

@@ -570,7 +570,8 @@
 - MAINT: AdvisoryTaskWorker uses Random.Shared for jitter in retry backoff; violates determinism rules and makes retries nondeterministic. `src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/Services/AdvisoryTaskWorker.cs`
 - TEST: No tests for worker behavior (cache miss handling, retry loop, cancellation). `src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/Services/AdvisoryTaskWorker.cs`
 - Applied changes (prior): added plan-cache aliasing on cache miss, added bounded backoff with jitter, and improved cancellation handling.
-- Disposition: revalidated 2026-01-06; apply recommendations remain open.
+- Applied changes (2026-01-14): replaced Random.Shared jitter with injected IAdvisoryJitterSource and added worker tests for cache hit/miss handling.
+- Disposition: applied 2026-01-14; apply recommendations closed.       
 ### src/AirGap/__Libraries/StellaOps.AirGap.Bundle/StellaOps.AirGap.Bundle.csproj
 - MAINT: BundleManifestSerializer uses UnsafeRelaxedJsonEscaping and camelCase before canonicalization; canonical outputs should use the shared RFC 8785 serializer without relaxed escaping. `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Serialization/BundleManifestSerializer.cs`
 - SECURITY: SnapshotManifestSigner hand-rolls DSSE PAE and formats lengths with culture-sensitive ToString; use the shared DsseHelper and invariant formatting to avoid spec drift. `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotManifestSigner.cs`
@@ -916,7 +917,8 @@
 - MAINT: Feature-gated controllers (AnchorsController, ProofsController, VerifyController) still expose routes but return 501 Not Implemented, leaving dead endpoints in the surface area. `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/AnchorsController.cs` `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/ProofsController.cs` `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/VerifyController.cs`
 - MAINT: Correlation ID middleware generates Guid.NewGuid directly instead of using an injected IGuidGenerator, reducing determinism and testability. `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs`
 - MAINT: VerdictController formats CreatedAt via ToString("O") without CultureInfo.InvariantCulture, which violates invariant formatting guidance for deterministic outputs. `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/VerdictController.cs`
-- Disposition: revalidated 2026-01-06 (apply reopened).
+- Applied changes: removed disabled controller routes via feature provider, standardized proof chain error responses on ProblemDetails, injected IGuidProvider for correlation IDs, resolved subject type/signature summaries, and updated tests for feature gating and verification summaries.
+- Disposition: applied 2026-01-13.
 ### src/__Libraries/StellaOps.Audit.ReplayToken/StellaOps.Audit.ReplayToken.csproj
 - MAINT: ReplayToken.IsExpired/GetTimeToExpiration default to DateTimeOffset.UtcNow instead of a provided time source, violating deterministic time injection guidance. `src/__Libraries/StellaOps.Audit.ReplayToken/ReplayToken.cs`
 - MAINT: ReplayToken.Canonical and ReplayToken.Parse format/parse Unix seconds using the current culture (string interpolation + long.TryParse without InvariantCulture), risking locale-dependent or non-ASCII token strings. `src/__Libraries/StellaOps.Audit.ReplayToken/ReplayToken.cs`
@@ -1995,7 +1997,7 @@
 - MAINT: Non-ASCII characters in comments violate ASCII-only guidance. src/Concelier/__Libraries/StellaOps.Concelier.Core/Events/AdvisoryDsseMetadataResolver.cs, src/Concelier/__Libraries/StellaOps.Concelier.Core/Linksets/AdvisoryLinksetUpdatedEvent.cs
 - TEST: Coverage exists for canonical merge decisions, canonical advisory service/cache behavior, job scheduler/coordinator flows, linkset determinism/normalization, observation query/aggregation, event log replay, noise prior service, and unknown state ledger.
 - TEST: Missing tests for deterministic ordering of credits/references/affected packages and consideredSources in CanonicalMerger output, replay cursor culture invariance, AdvisoryObservationUpdatedEvent relationship ordering, AdvisoryLinksetUpdatedEvent conflict ordering/ConflictsChanged behavior and provenance ordering, LinksetCorrelation conflict value stability, VendorRiskSignalExtractor KEV date parsing, AdvisoryLinksetQueryService cursor roundtrip/invalid formats, BundleCatalogService cursor parsing/sourceId ordering, and AdvisoryFieldChangeEmitter score formatting.
-- Disposition: revalidated 2026-01-06 (open findings)
+- Disposition: applied 2026-01-13; apply recommendations closed.
 ### src/Concelier/__Tests/StellaOps.Concelier.Core.Tests/StellaOps.Concelier.Core.Tests.csproj
 - MAINT: IsTestProject is not set; discovery relies on defaults rather than explicit test metadata.
 - MAINT: Test project lacks explicit Microsoft.NET.Test.Sdk/xunit runner references; discovery depends on shared props/packages.
@@ -2284,8 +2286,8 @@
 - MAINT: Non-ASCII box-drawing characters and an en dash appear in comments and OpenAPI metadata, violating ASCII-only output rules. `src/Concelier/StellaOps.Concelier.WebService/Diagnostics/ErrorCodes.cs` `src/Concelier/StellaOps.Concelier.WebService/Results/ConcelierProblemResultFactory.cs` `src/Concelier/StellaOps.Concelier.WebService/openapi/concelier-lnm.yaml`
 - TEST: Coverage exists in StellaOps.Concelier.WebService.Tests for health/readiness, options post-configure, canonical advisories, interest scoring, orchestrator/timeline endpoints, observations, cache/linkset, mirror exports, telemetry, and plugin loading.
 - TEST: Missing tests for federation endpoints (export/import/validate/preview/status/sites) and the FederationDisabled path.
-- Proposed changes (pending approval): thread TimeProvider through endpoint timestamp defaults; replace TimeProvider.System usage with injected provider; remove non-ASCII comment glyphs; add federation endpoint tests for enabled/disabled flows.
-- Disposition: revalidated 2026-01-07 (open findings)
+- Applied changes (2026-01-13): thread TimeProvider through endpoint timestamp defaults and guard mapping; remove non-ASCII comment glyphs; add federation endpoint tests for enabled/disabled flows.
+- Disposition: applied 2026-01-13; apply recommendations closed.
 ### src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj
 - MAINT: IsTestProject is not set and explicit Microsoft.NET.Test.Sdk/xUnit references are absent; discovery relies on centralized props. `src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj`
 - MAINT: RunAnalyzers and CollectCoverage are disabled; analyzer and coverage feedback are reduced. `src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj`
@@ -2976,7 +2978,7 @@
 - TEST: Coverage exists for append-only linkset store, observation store, provider store, attestation store, timeline event store, and migration/idempotency/determinism checks.
 - TEST: Missing tests for VEX delta repository CRUD/ordering, VEX statement repository CRUD/precedence, raw document canonicalization/inline vs blob paths, connector state serialization, and append-only checkpoint store behavior.
 - Proposed changes (pending approval): require explicit ID/timestamp inputs (or inject providers); validate tenant consistency in batch inserts; normalize created_at to DateTimeOffset UTC; make timeline event attribute JSON deterministic with logged parse failures; add tests for deltas/raw store/connector state/checkpoint store and statement ordering.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
+- Disposition: applied 2026-01-13.
 ### src/Excititor/__Tests/StellaOps.Excititor.Persistence.Tests/StellaOps.Excititor.Persistence.Tests.csproj
 - MAINT: TreatWarningsAsErrors is not set in the project file; warning discipline is relaxed.
 - MAINT: Multiple tests use Guid.NewGuid/Random.Shared/DateTimeOffset.UtcNow in fixtures (VexQueryDeterminismTests, VexStatementIdempotencyTests, PostgresVexAttestationStoreTests, PostgresVexObservationStoreTests, PostgresVexTimelineEventStoreTests), reducing deterministic replay.
@@ -3016,17 +3018,14 @@
 - TEST: Missing tests for ingest run/resume/reconcile endpoints, mirror endpoints, VEX raw endpoints, observation projection/list endpoints, linkset list endpoints, evidence chunk service/endpoint, status/resolve/risk feed endpoints, observability endpoints, and OpenAPI contract snapshots.
 - Disposition: waived (test project; revalidated 2026-01-07).
 ### src/Excititor/StellaOps.Excititor.Worker/StellaOps.Excititor.Worker.csproj
-- MAINT: Program registers in-memory provider/claim stores after AddExcititorPersistence, which overrides any persistent implementations and can mask configuration errors (`src/Excititor/StellaOps.Excititor.Worker/Program.cs`).
-- MAINT: Program hardcodes plugin catalog fallback paths, but no metrics or health output for missing plugin directories (`src/Excititor/StellaOps.Excititor.Worker/Program.cs`).
-- MAINT: WorkerSignatureVerifier parses timestamp metadata with DateTimeOffset.TryParse without invariant culture; parsing is locale-sensitive and can accept ambiguous inputs (`src/Excititor/StellaOps.Excititor.Worker/Signature/WorkerSignatureVerifier.cs`).
-- MAINT: WorkerSignatureVerifier falls back to _timeProvider.GetUtcNow when signedAt metadata is missing; signature metadata becomes nondeterministic (`src/Excititor/StellaOps.Excititor.Worker/Signature/WorkerSignatureVerifier.cs`).
-- MAINT: VexWorkerOrchestratorClient fallback job context uses Guid.NewGuid; local job IDs vary run-to-run and make deterministic replay harder (`src/Excititor/StellaOps.Excititor.Worker/Orchestration/VexWorkerOrchestratorClient.cs`).
-- MAINT: VexWorkerOrchestratorClient.ParseCheckpoint uses DateTimeOffset.TryParse with default culture; prefer invariant/roundtrip handling for stable parsing (`src/Excititor/StellaOps.Excititor.Worker/Orchestration/VexWorkerOrchestratorClient.cs`).
-- MAINT: DefaultVexProviderRunner uses RandomNumberGenerator jitter for backoff; NextEligibleRun becomes nondeterministic and harder to test (`src/Excititor/StellaOps.Excititor.Worker/Scheduling/DefaultVexProviderRunner.cs`).
-- TEST: Coverage exists for worker options validation, tenant authority validation/client factory, worker signature verification, retry policy, orchestrator client behavior, provider runner behavior, end-to-end ingest jobs, and OTel correlation.
-- TEST: Missing tests for consensus refresh scheduler (VexConsensusRefreshService), hosted service scheduling behavior, plugin catalog fallback path handling, and signature metadata culture parsing edge cases.
-- Proposed changes (pending approval): register in-memory stores via TryAdd or guard with config; emit health/telemetry for missing plugin directories; parse timestamps with invariant culture; require explicit signature timestamps or use document timestamps; inject a deterministic run-id provider for local jobs; inject jitter provider for backoff; add tests for consensus refresh, hosted service scheduling, plugin loading fallback, and timestamp parsing.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
+- MAINT: Program uses TryAdd for in-memory provider/claim stores to avoid overriding persistence (`src/Excititor/StellaOps.Excititor.Worker/Program.cs`).
+- MAINT: Plugin catalog loader emits diagnostics for missing plugin directories and fallback usage (`src/Excititor/StellaOps.Excititor.Worker/Plugins/VexWorkerPluginCatalogDiagnostics.cs` `src/Excititor/StellaOps.Excititor.Worker/Plugins/VexWorkerPluginCatalogLoader.cs`).
+- MAINT: WorkerSignatureVerifier parses timestamp metadata with invariant culture and falls back to document timestamps when missing (`src/Excititor/StellaOps.Excititor.Worker/Signature/WorkerSignatureVerifier.cs`).
+- MAINT: VexWorkerOrchestratorClient uses injected GUID generation for local job IDs (`src/Excititor/StellaOps.Excititor.Worker/Orchestration/VexWorkerOrchestratorClient.cs`).
+- MAINT: VexWorkerOrchestratorClient.ParseCheckpoint uses invariant culture for roundtrip parsing (`src/Excititor/StellaOps.Excititor.Worker/Orchestration/VexWorkerOrchestratorClient.cs`).
+- MAINT: DefaultVexProviderRunner uses deterministic backoff jitter keyed by connector ID (`src/Excititor/StellaOps.Excititor.Worker/Scheduling/DefaultVexProviderRunner.cs`).
+- TEST: Coverage exists for worker options validation, tenant authority validation/client factory, worker signature verification, retry policy, orchestrator client behavior, provider runner behavior, end-to-end ingest jobs, OTel correlation, consensus refresh scheduling, hosted service scheduling behavior, plugin catalog fallback handling, and signature metadata culture parsing.
+- Disposition: applied 2026-01-13; apply recommendations closed.
 ### src/Excititor/__Tests/StellaOps.Excititor.Worker.Tests/StellaOps.Excititor.Worker.Tests.csproj
 - MAINT: TreatWarningsAsErrors is not set in the project file; warning discipline is relaxed.
 - MAINT: Multiple tests use Guid.NewGuid/DateTimeOffset.UtcNow for job context, document timestamps, or database names (DefaultVexProviderRunnerIntegrationTests.cs, EndToEndIngestJobTests.cs, VexWorkerOrchestratorClientTests.cs, WorkerSignatureVerifierTests.cs), reducing deterministic replay.
@@ -3331,7 +3330,7 @@
 - QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Infrastructure.EfCore/bin` `src/__Libraries/StellaOps.Infrastructure.EfCore/obj`
 - TEST: No tests for tenant session configuration, schema wiring, or tenant accessors. `src/__Libraries/StellaOps.Infrastructure.EfCore/Extensions/DbContextServiceExtensions.cs` `src/__Libraries/StellaOps.Infrastructure.EfCore/Interceptors/TenantConnectionInterceptor.cs` `src/__Libraries/StellaOps.Infrastructure.EfCore/Tenancy/AsyncLocalTenantContextAccessor.cs`
 - Proposed changes (pending approval): gate EnableDetailedErrors behind environment/options; validate schema names (or quote identifiers) before building search_path; use a sync-safe session configuration path (or avoid blocking on async) and propagate cancellation; refactor shared DbContext configuration into a single helper; add tests for tenant session setup, interceptor behavior, and AsyncLocal scope behavior in a new infrastructure test project.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
+- Disposition: applied 2026-01-13 (bin/obj cleanup still pending).
 ### src/__Libraries/StellaOps.Infrastructure.Postgres/StellaOps.Infrastructure.Postgres.csproj
 - MAINT: PostgresOptions are configured without validation or ValidateOnStart; required ConnectionString and option bounds are not enforced. `src/__Libraries/StellaOps.Infrastructure.Postgres/ServiceCollectionExtensions.cs` `src/__Libraries/StellaOps.Infrastructure.Postgres/Options/PostgresOptions.cs`
 - MAINT: ConnectionIdleLifetimeSeconds is never applied to the Npgsql connection string, so configured values are ignored. `src/__Libraries/StellaOps.Infrastructure.Postgres/Connections/DataSourceBase.cs` `src/__Libraries/StellaOps.Infrastructure.Postgres/Options/PostgresOptions.cs`
@@ -4176,8 +4175,8 @@
 - MAINT/SECURITY: MinimalProofExporter and ProvcacheOciAttestationBuilder serialize signed payloads with JsonSerializer options instead of RFC 8785 canonical JSON, risking signature drift across implementations. `src/__Libraries/StellaOps.Provcache/Export/MinimalProofExporter.cs` `src/__Libraries/StellaOps.Provcache/Oci/ProvcacheOciAttestationBuilder.cs`
 - QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Provcache/bin` `src/__Libraries/StellaOps.Provcache/obj`
 - TEST: No tests cover HTTP fetcher allowlists/timeouts, canonicalized bundle/attestation signing, or signature verification failure paths. `src/__Libraries/__Tests/StellaOps.Provcache.Tests/LazyFetchTests.cs` `src/__Libraries/__Tests/StellaOps.Provcache.Tests/MinimalProofExporterTests.cs`
-- Proposed changes (pending approval): use IHttpClientFactory with timeouts/allowlists, inject ID/time providers into event factories, propagate cancellation for shutdown drains, enforce invariant formatting and ValidateOnStart for options, switch signing/attestation payloads to RFC 8785 canonical JSON, implement real signature verification, add coverage for lazy fetcher safeguards and bundle signing failures, and remove bin/obj artifacts.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
+- Applied changes (2026-01-13): switched HttpChunkFetcher to IHttpClientFactory with allowlist/scheme/timeout enforcement, injected TimeProvider/IGuidProvider for events, propagated shutdown cancellation, enforced invariant formatting and ValidateOnStart, moved bundle/attestation signing to CanonJson with real HMAC verification, and added tests for lazy fetcher guards/signature failure paths.
+- Disposition: apply completed 2026-01-13.
 ### src/__Libraries/StellaOps.Provcache.Api/StellaOps.Provcache.Api.csproj
 - SECURITY: Endpoint error handlers return ex.Message to callers, leaking internal details. `src/__Libraries/StellaOps.Provcache.Api/ProvcacheEndpointExtensions.cs`
 - MAINT: Proof verification computes Merkle roots from unsorted chunk lists, so ordering can invalidate proofs or hide corruption; sort by ChunkIndex before hashing. `src/__Libraries/StellaOps.Provcache.Api/ProvcacheEndpointExtensions.cs`
@@ -4185,31 +4184,31 @@
 - QUALITY: Input manifest builds placeholder hashes using fixed VeriKey slicing without length checks; short or malformed VeriKeys can throw. `src/__Libraries/StellaOps.Provcache.Api/ProvcacheEndpointExtensions.cs`
 - QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Provcache.Api/bin` `src/__Libraries/StellaOps.Provcache.Api/obj`
 - TEST: No tests cover out-of-order chunk lists, error detail redaction, or manifest hash placeholder behavior. `src/__Libraries/__Tests/StellaOps.Provcache.Tests/EvidenceApiTests.cs`
-- Proposed changes (pending approval): sanitize exception details, enforce chunk ordering, validate offsets, and add tests for ordering and error responses.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
+- Applied changes (2026-01-13): redacted error details, enforced chunk ordering and pagination validation, guarded placeholder hashes, and added tests for ordering/placeholder/error redaction.
+- Disposition: apply completed 2026-01-13.
 ### src/__Libraries/StellaOps.Provcache.Postgres/StellaOps.Provcache.Postgres.csproj
 - MAINT: PostgresProvcacheRepository serializes replay seeds with JsonNamingPolicy.CamelCase, which can diverge from canonical JSON expectations for hashes. `src/__Libraries/StellaOps.Provcache.Postgres/PostgresProvcacheRepository.cs`
 - MAINT: Evidence chunk manifest generation uses TimeProvider.System when no provider is supplied, making manifests nondeterministic in tests. `src/__Libraries/StellaOps.Provcache.Postgres/PostgresEvidenceChunkRepository.cs`
 - QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Provcache.Postgres/bin` `src/__Libraries/StellaOps.Provcache.Postgres/obj`
 - TEST: No tests cover Postgres repository behavior or DbContext mappings (provcache items, evidence chunks, revocations). `src/__Libraries/StellaOps.Provcache.Postgres/PostgresProvcacheRepository.cs` `src/__Libraries/StellaOps.Provcache.Postgres/PostgresEvidenceChunkRepository.cs` `src/__Libraries/StellaOps.Provcache.Postgres/ProvcacheDbContext.cs`
-- Proposed changes (pending approval): use canonical JSON serializer for stored replay seeds, inject deterministic TimeProvider in tests, and add repository/DbContext mapping tests.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
-- Proposed changes (pending approval): add repository/DbContext tests with deterministic fixtures and ordering checks.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
+- Applied changes (2026-01-13): replay seed serialization now uses CanonJson for deterministic hashes.
+- Remaining changes: inject deterministic TimeProvider in Postgres evidence tests and add repository/DbContext mapping coverage (tracked under AUDIT-TESTGAP-CORELIB-0001).
+- Disposition: apply completed 2026-01-13; remaining test gaps tracked.
 ### src/__Libraries/__Tests/StellaOps.Provcache.Tests/StellaOps.Provcache.Tests.csproj
 - MAINT: Test project does not enable warnings-as-errors. `src/__Libraries/__Tests/StellaOps.Provcache.Tests/StellaOps.Provcache.Tests.csproj`
 - MAINT: Tests use Random.Shared, Guid.NewGuid, and DateTimeOffset.UtcNow for fixtures and assertions, making results nondeterministic. `src/__Libraries/__Tests/StellaOps.Provcache.Tests/EvidenceChunkerTests.cs` `src/__Libraries/__Tests/StellaOps.Provcache.Tests/EvidenceApiTests.cs` `src/__Libraries/__Tests/StellaOps.Provcache.Tests/StorageIntegrationTests.cs`
 - MAINT: Tests create temp directories with Guid.NewGuid without deterministic cleanup. `src/__Libraries/__Tests/StellaOps.Provcache.Tests/LazyFetchTests.cs`
-- Proposed changes (optional): enable warnings-as-errors, use deterministic seeds/timestamps, and centralize temp path helpers.
-- Disposition: waived (test project; revalidated 2026-01-07).
+- Applied changes (2026-01-13): enabled warnings-as-errors, tagged API/storage tests as Integration, replaced nondeterministic fixtures with FixedTimeProvider/DeterministicRandom, and centralized deterministic temp path helpers.
+- Disposition: apply completed 2026-01-13 (test project).
 
 ### src/__Libraries/StellaOps.Provcache.Valkey/StellaOps.Provcache.Valkey.csproj
 - MAINT: InvalidateByPattern uses `server.Keys`, which performs a full keyspace scan and can block or time out on large caches; it also targets only the first endpoint, which is unsafe for clustered or replica setups. `src/__Libraries/StellaOps.Provcache.Valkey/ValkeyProvcacheStore.cs`
 - MAINT: CancellationToken parameters are accepted but not honored by Redis calls, so long-running operations cannot be canceled. `src/__Libraries/StellaOps.Provcache.Valkey/ValkeyProvcacheStore.cs`
 - QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Provcache.Valkey/bin` `src/__Libraries/StellaOps.Provcache.Valkey/obj`
 - TEST: No tests cover valkey read/write behavior, sliding expiration, or invalidation flows. `src/__Libraries/StellaOps.Provcache.Valkey/ValkeyProvcacheStore.cs`
-- Proposed changes (pending approval): replace KEYS with SCAN/paged invalidation and endpoint selection, add timeouts or cancellation strategy, and add valkey store tests.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-08; apply recommendations remain open).
+- Applied changes (2026-01-13): replaced KEYS with SCAN-based invalidation across endpoints and propagated cancellation through Valkey operations.
+- Remaining changes: add valkey store tests (tracked under AUDIT-TESTGAP-CORELIB-0001).
+- Disposition: apply completed 2026-01-13; remaining test gaps tracked.
 ### src/__Libraries/StellaOps.Provenance/StellaOps.Provenance.csproj
 - MAINT: ProjectReference to StellaOps.Concelier.Models is unused in the library, increasing coupling without usage. `src/__Libraries/StellaOps.Provenance/StellaOps.Provenance.csproj`
 - MAINT: ProvenanceJsonParser parses numeric fields with long.TryParse without invariant culture, so locale-specific digits or separators can break parsing. `src/__Libraries/StellaOps.Provenance/ProvenanceJsonParser.cs`
@@ -4825,7 +4824,7 @@
 - QUALITY: Confidence mapping is duplicated with different thresholds; filtering can diverge from emitted confidence. `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs` `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Evidence/SecretLeakEvidence.cs`
 - QUALITY: Custom glob matching for include/exclude patterns is partial and OS-sensitive; patterns like `**/node_modules/**` and file patterns can mis-match. `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs` `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Rules/SecretRule.cs`
 - TEST: No coverage for SecretsAnalyzerHost startup/verification paths, AnalyzeAsync file traversal/exclusions/size limits, or analysis-store integration. `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzerHost.cs` `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs`
-- Disposition: revalidated 2026-01-07; apply recommendations remain open.
+- Disposition: applied 2026-01-13; TimeProvider retry-after, explicit timestamps, ASCII truncation, HttpClient injection, and tests updated.
 ### src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Secrets.Tests/StellaOps.Scanner.Analyzers.Secrets.Tests.csproj
 - MAINT: Tests use Guid.NewGuid for temp directories and DateTimeOffset.UtcNow for ruleset timestamps, making runs nondeterministic. `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Secrets.Tests/RulesetLoaderTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Secrets.Tests/Bundles/BundleBuilderTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Secrets.Tests/Bundles/BundleVerifierTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Secrets.Tests/Bundles/BundleSignerTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Secrets.Tests/SecretRulesetTests.cs`
 - TEST: No tests exercise SecretsAnalyzerHost startup/verification behavior or AnalyzeAsync file enumeration/exclusion handling. `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzerHost.cs` `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs`
@@ -5034,7 +5033,7 @@
 - QUALITY: Docker reference parsing drops registry ports and can mis-handle `registry:5000/repo` by treating the port as a tag; BuildFullReference uses Uri.Host so ports are lost. `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Docker/DockerSourceHandler.cs`
 - QUALITY: GitConnectionTester returns success for SSH configurations without validating connectivity, yielding false positives. `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/GitConnectionTester.cs`
 - TEST: Coverage is limited to config validation and domain models; handlers, connection testers, trigger dispatch/scheduling, and persistence are untested. `src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/Configuration/SourceConfigValidatorTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/Domain/SbomSourceTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/Domain/SbomSourceRunTests.cs`
-- Disposition: revalidated 2026-01-07; apply recommendations remain open.
+- Disposition: applied 2026-01-13; HttpClientFactory fixtures, TimeProvider request timestamps, ASCII comments, deterministic random, Task.Run removal, sync-over-async removal, tests added.
 ### src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/StellaOps.Scanner.Sources.Tests.csproj
 - MAINT: TreatWarningsAsErrors is not set for the test project. `src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/StellaOps.Scanner.Sources.Tests.csproj`
 - MAINT: Tests use Guid.NewGuid and DateTimeOffset.Parse without InvariantCulture, making runs nondeterministic. `src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/Domain/SbomSourceRunTests.cs`
@@ -5144,12 +5143,12 @@
 - MAINT: DeterministicRandomProvider falls back to Random.Shared when no seed is configured. `src/Scanner/StellaOps.Scanner.Worker/Determinism/DeterministicRandomProvider.cs`
 - QUALITY: Non-ASCII glyphs appear in strings/comments. `src/Scanner/StellaOps.Scanner.Worker/Determinism/Calculators/PolicyFidelityCalculator.cs` `src/Scanner/StellaOps.Scanner.Worker/Orchestration/PoEOrchestrator.cs` `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryFindingMapper.cs` `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryLookupStageExecutor.cs`
 - TEST: Coverage review continues in AUDIT-0623 (Scanner.Worker.Tests).
-- Disposition: revalidated 2026-01-08; apply recommendations remain open.
+- Disposition: applied 2026-01-13; apply recommendations closed.
 ### src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj
 - MAINT: TreatWarningsAsErrors is not set in the test project. `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj`
 - MAINT: Tests use Guid.NewGuid, DateTimeOffset.UtcNow, Random.Shared, TimeProvider.System, and CancellationToken.None; nondeterministic. `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/CompositeScanAnalyzerDispatcherTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/EntryTraceExecutionServiceTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/PoE/PoEGenerationStageExecutorTests.cs`
 - QUALITY: Non-ASCII glyphs appear in comments and expected strings. `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/Integration/WorkerEndToEndJobTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/Determinism/PolicyFidelityCalculatorTests.cs`
-- Disposition: waived (test project; revalidated 2026-01-08).
+- Disposition: applied 2026-01-13; determinism fixes and warnings set.
 ### src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/StellaOps.ScannerSignals.IntegrationTests.csproj
 - MAINT: TreatWarningsAsErrors is not set in the test project. `src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/StellaOps.ScannerSignals.IntegrationTests.csproj`
 - MAINT: Tests use CancellationToken.None; cancellation handling is not exercised. `src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/ScannerToSignalsReachabilityTests.cs`
@@ -5227,7 +5226,7 @@
 - QUALITY: ReachabilityFactDigestCalculator hashes JsonSerializerDefaults.Web output instead of canonical JSON; use the shared canonical serializer for digest inputs. `src/Signals/StellaOps.Signals/Services/ReachabilityFactDigestCalculator.cs`
 - QUALITY: RuntimeSignalNormalizer uses DateTimeOffset.UtcNow for recency and emits non-ASCII glyphs in explanations; use TimeProvider and ASCII-only output. `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/RuntimeSignalNormalizer.cs`
 - QUALITY: Non-ASCII glyphs appear in comments and output strings. `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightPolicy.cs` `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/SourceTrustNormalizer.cs` `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/MitigationNormalizer.cs` `src/Signals/StellaOps.Signals/Services/UnknownsScoringService.cs`
-- Disposition: revalidated 2026-01-08; apply recommendations remain open.
+- Disposition: applied 2026-01-13; apply recommendations closed.
 ### src/__Libraries/StellaOps.Signals.Contracts/StellaOps.Signals.Contracts.csproj
 - MAINT: SignalEnvelope.Value uses object, which weakens type safety and can complicate cross-module serialization; prefer a typed envelope or JsonElement plus explicit type metadata. `src/__Libraries/StellaOps.Signals.Contracts/Models/SignalEnvelope.cs`
 - QUALITY: SignalType enum relies on implicit numeric values; if serialized as numbers, adding/reordering values risks breaking compatibility. `src/__Libraries/StellaOps.Signals.Contracts/Models/SignalType.cs`
@@ -5820,7 +5819,7 @@
 - QUALITY: PostgresConsensusProjectionStoreProxy reads timestamptz with GetDateTime instead of GetFieldValue<DateTimeOffset>, losing offset accuracy. `src/VexLens/StellaOps.VexLens/Storage/PostgresConsensusProjectionStoreProxy.cs`
 - TEST: Coverage exists for determinism/pipeline, proof builder, propagation, and golden corpus regression runs, but no tests cover rationale caching, dual-write discrepancy handling, or Postgres proxy mappings. `src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/E2E/VexLensPipelineDeterminismTests.cs` `src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Proof/VexProofBuilderTests.cs` `src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/GoldenCorpus/GoldenCorpusTests.cs`
 - Proposed changes (pending approval): inject TimeProvider/IGuidProvider into rationale + test harnesses, use InvariantCulture parsing, honor cancellation in dual-write checks, and switch timestamptz reads to DateTimeOffset.
-- Disposition: pending implementation (non-test project; revalidated 2026-01-07; apply recommendations remain open).
+- Disposition: applied 2026-01-13; apply recommendations closed.
 ### src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/StellaOps.VexLens.Core.csproj
 - SECURITY: SignatureVerifier does not verify signatures cryptographically; it validates structure and returns Valid=true for DSSE/JWS/Ed25519/ECDSA. `src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Signature/SignatureVerifier.cs`
 - MAINT: DSSE PAE is reimplemented locally (with culture-dependent length formatting) instead of using the shared DSSE helper. `src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Signature/SignatureVerifier.cs`
@@ -5914,7 +5913,8 @@
 - MAINT: CLI apps invoke command handlers with CancellationToken.None, preventing cancellation from propagating. `src/__Libraries/StellaOps.Policy.Tools/PolicyDslValidatorApp.cs` `src/__Libraries/StellaOps.Policy.Tools/PolicySchemaExporterApp.cs` `src/__Libraries/StellaOps.Policy.Tools/PolicySimulationSmokeApp.cs`
 - QUALITY: Build artifacts are checked in under bin/obj. `src/__Libraries/StellaOps.Policy.Tools/bin` `src/__Libraries/StellaOps.Policy.Tools/obj`
 - TEST: Existing tool tests do not cover schema output line endings or invalid severity/status parsing. `src/Tools/__Tests/PolicySchemaExporter.Tests` `src/Tools/__Tests/PolicySimulationSmoke.Tests`
-- Disposition: revalidated 2026-01-08; apply recommendations remain open.
+- Applied changes: schema export now appends LF, simulation defaults to fixed time with deterministic summary output ordering, severity/status parsing reports scenario-specific failures, CLI apps propagate cancellation, and new Policy.Tools tests cover line endings, parsing failures, and summary ordering. Bin/obj entries are not tracked in git.
+- Disposition: applied 2026-01-14.
 ### src/__Libraries/__Tests/StellaOps.Auth.Security.Tests/StellaOps.Auth.Security.Tests.csproj
 - MAINT: TreatWarningsAsErrors is not set in the test project. `src/__Libraries/__Tests/StellaOps.Auth.Security.Tests/StellaOps.Auth.Security.Tests.csproj`
 - MAINT: Tests generate random keys and JWT IDs via ECDsa.Create and Guid.NewGuid, making runs nondeterministic. `src/__Libraries/__Tests/StellaOps.Auth.Security.Tests/DpopProofValidatorTests.cs`
@@ -6163,7 +6163,7 @@
 
 ### src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GoldenSet/StellaOps.BinaryIndex.GoldenSet.csproj
 - QUALITY: Environment.NewLine introduces OS-specific output; prefer \\n. `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GoldenSet/Authoring/GoldenSetReviewService.cs`
-- Disposition: revalidated 2026-01-12; apply recommendations remain open.
+- Disposition: applied 2026-01-13.
 
 ### src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/StellaOps.BinaryIndex.Analysis.Tests.csproj
 - MAINT: Uses DateTime.UtcNow/DateTimeOffset.UtcNow/Guid.NewGuid/Random.Shared; inject TimeProvider/IGuidProvider and deterministic random sources. `src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/Integration/GoldenSetAnalysisPipelineIntegrationTests.cs`
@@ -7858,18 +7858,20 @@
 - QUALITY: No quality patterns detected in automated scan.
 
 ### src/AdvisoryAI/StellaOps.AdvisoryAI.Plugin.Unified/StellaOps.AdvisoryAI.Plugin.Unified.csproj
-- TEST: No test project ProjectReference found; coverage gap likely.
+- TEST: Covered by 1 test project(s): `src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj`.
 - MAINT: No maintainability issues detected in automated scan.
 - SECURITY: No high-risk patterns detected in automated scan.
 - REUSE: No internal ProjectReference usage found; verify intended packaging or consolidation.
 - QUALITY: No quality patterns detected in automated scan.
+- Applied changes (2026-01-14): added adapter and factory coverage in AdvisoryAI.Tests.
 
 ### src/AdvisoryAI/StellaOps.AdvisoryAI.Scm.Plugin.Unified/StellaOps.AdvisoryAI.Scm.Plugin.Unified.csproj
-- TEST: No test project ProjectReference found; coverage gap likely.
+- TEST: Covered by 1 test project(s): `src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj`.
 - MAINT: No maintainability issues detected in automated scan.
 - SECURITY: No high-risk patterns detected in automated scan.
 - REUSE: No internal ProjectReference usage found; verify intended packaging or consolidation.
 - QUALITY: No quality patterns detected in automated scan.
+- Applied changes (2026-01-14): added connector adapter and factory coverage in AdvisoryAI.Tests.
 
 ### src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/StellaOps.AdvisoryAI.WebService.csproj
 - TEST: Covered by 1 test project(s): `src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj`.
@@ -7879,11 +7881,12 @@
 - QUALITY: No quality patterns detected in automated scan.
 
 ### src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/StellaOps.AdvisoryAI.Worker.csproj
-- TEST: No test project ProjectReference found; coverage gap likely.
-- MAINT: Non-deterministic time or random usage; inject TimeProvider/IGuidProvider and deterministic random sources. `src/AdvisoryAI/StellaOps.AdvisoryAI.Worker/Services/AdvisoryTaskWorker.cs`
+- TEST: Covered by 1 test project(s): `src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj`.
+- MAINT: Resolved - jitter source injected for retry backoff; Random.Shared removed from AdvisoryTaskWorker.
 - SECURITY: No high-risk patterns detected in automated scan.
 - REUSE: No internal ProjectReference usage found; verify intended packaging or consolidation.
 - QUALITY: No quality patterns detected in automated scan.
+- Applied changes (2026-01-14): added worker cache hit/miss tests with deterministic jitter source.
 
 ### src/AdvisoryAI/StellaOps.AdvisoryAI/StellaOps.AdvisoryAI.csproj
 - TEST: Covered by 1 test project(s): `src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj`.
@@ -9811,8 +9814,6 @@
 
 ### src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj
 - TEST: Covered by 1 test project(s): `src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj`.
-- MAINT: Non-deterministic time or random usage; inject TimeProvider/IGuidProvider and deterministic random sources. `src/Concelier/StellaOps.Concelier.WebService/Program.cs` `src/Concelier/StellaOps.Concelier.WebService/Extensions/InterestScoreEndpointExtensions.cs` `src/Concelier/StellaOps.Concelier.WebService/Extensions/FederationEndpointExtensions.cs`
-- MAINT: CancellationToken.None used; propagate cancellation. `src/Concelier/StellaOps.Concelier.WebService/Program.cs`
 - MAINT: Sync-over-async detected (.Result/.Wait/GetResult); use await. `src/Concelier/StellaOps.Concelier.WebService/Services/MessagingAdvisoryChunkCache.cs` `src/Concelier/StellaOps.Concelier.WebService/Services/AdvisoryAiTelemetry.cs` `src/Concelier/StellaOps.Concelier.WebService/Program.cs`
 - SECURITY: No high-risk patterns detected in automated scan.
 - REUSE: No production references; referenced by 1 non-production project(s): `src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj`.
@@ -10269,10 +10270,7 @@
 
 ### src/Excititor/StellaOps.Excititor.Worker/StellaOps.Excititor.Worker.csproj
 - TEST: Covered by 1 test project(s): `src/Excititor/__Tests/StellaOps.Excititor.Worker.Tests/StellaOps.Excititor.Worker.Tests.csproj`.
-- MAINT: Non-deterministic time or random usage; inject TimeProvider/IGuidProvider and deterministic random sources. `src/Excititor/StellaOps.Excititor.Worker/Orchestration/VexWorkerOrchestratorClient.cs`
-- MAINT: CancellationToken.None used; propagate cancellation. `src/Excititor/StellaOps.Excititor.Worker/Scheduling/DefaultVexProviderRunner.cs`
-- MAINT: Direct HttpClient construction; use IHttpClientFactory. `src/Excititor/StellaOps.Excititor.Worker/Auth/TenantAuthorityClientFactory.cs`
-- MAINT: Sync-over-async detected (.Result/.Wait/GetResult); use await. `src/Excititor/StellaOps.Excititor.Worker/Signature/WorkerSignatureVerifier.cs`
+- MAINT: No maintainability issues detected in automated scan.
 - SECURITY: No high-risk patterns detected in automated scan.
 - REUSE: No production references; referenced by 1 non-production project(s): `src/Excititor/__Tests/StellaOps.Excititor.Worker.Tests/StellaOps.Excititor.Worker.Tests.csproj`.
 - QUALITY: Warnings disabled via pragma; document and minimize. `src/Excititor/StellaOps.Excititor.Worker/Scheduling/VexConsensusRefreshService.cs`
@@ -12922,10 +12920,10 @@
 
 ### src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj
 - TEST: test project.
-- MAINT: Non-deterministic time or random usage; inject TimeProvider/IGuidProvider and deterministic random sources. `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/WorkerBasicScanScenarioTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/VexGateStageExecutorTests.cs` `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/SurfaceManifestStoreOptionsConfiguratorTests.cs`
+- MAINT: No maintainability issues detected in automated scan.
 - SECURITY: No high-risk patterns detected in automated scan.
 - REUSE: Not applicable (non-production project).
-- QUALITY: Environment.NewLine used; prefer \n for deterministic output. `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/WorkerBasicScanScenarioTests.cs`
+- QUALITY: No quality patterns detected in automated scan.
 
 ### src/Scanner/StellaOps.Scanner.Analyzers.Native/StellaOps.Scanner.Analyzers.Native.csproj
 - TEST: Covered by 1 test project(s): `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Native.Tests/StellaOps.Scanner.Analyzers.Native.Tests.csproj`.
@@ -12965,13 +12963,10 @@
 
 ### src/Scanner/StellaOps.Scanner.Worker/StellaOps.Scanner.Worker.csproj
 - TEST: Covered by 2 test project(s): `src/Scanner/__Tests/StellaOps.Scanner.Integration.Tests/StellaOps.Scanner.Integration.Tests.csproj` `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj`.
-- MAINT: Non-deterministic time or random usage; inject TimeProvider/IGuidProvider and deterministic random sources. `src/Scanner/StellaOps.Scanner.Worker/Determinism/DeterministicRandomProvider.cs`
-- MAINT: CancellationToken.None used; propagate cancellation. `src/Scanner/StellaOps.Scanner.Worker/Processing/Surface/SurfaceManifestStageExecutor.cs` `src/Scanner/StellaOps.Scanner.Worker/Processing/Surface/HmacDsseEnvelopeSigner.cs` `src/Scanner/StellaOps.Scanner.Worker/Hosting/ScannerWorkerHostedService.cs`
-- MAINT: Sync-over-async detected (.Result/.Wait/GetResult); use await. `src/Scanner/StellaOps.Scanner.Worker/Options/ScannerStorageSurfaceSecretConfigurator.cs` `src/Scanner/StellaOps.Scanner.Worker/Processing/Surface/SurfaceManifestStageExecutor.cs` `src/Scanner/StellaOps.Scanner.Worker/Processing/CompositeScanAnalyzerDispatcher.cs`
-- MAINT: Task.Run usage; ensure not used to offload request-path work. `src/Scanner/StellaOps.Scanner.Worker/Processing/NativeBinaryDiscovery.cs` `src/Scanner/StellaOps.Scanner.Worker/Processing/NativeAnalyzerExecutor.cs`
+- MAINT: No maintainability issues detected in automated scan.
 - SECURITY: No high-risk patterns detected in automated scan.
 - REUSE: No production references; referenced by 2 non-production project(s): `src/Scanner/__Tests/StellaOps.Scanner.Integration.Tests/StellaOps.Scanner.Integration.Tests.csproj` `src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj`.
-- QUALITY: TODO/FIXME/HACK markers present; track cleanup. `src/Scanner/StellaOps.Scanner.Worker/Processing/PoE/PoEGenerationStageExecutor.cs`
+- QUALITY: No quality patterns detected in automated scan.
 
 ### src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/StellaOps.Scheduler.ImpactIndex.csproj
 - TEST: Covered by 1 test project(s): `src/Scheduler/__Tests/StellaOps.Scheduler.ImpactIndex.Tests/StellaOps.Scheduler.ImpactIndex.Tests.csproj`.