Restructure solution layout by module
This commit is contained in:
master
@@ -0,0 +1,29 @@
|
||||
# StellaOps.Scanner.Analyzers.Lang.DotNet — Agent Charter
|
||||
|
||||
## Role
|
||||
Create the .NET analyzer plug-in that inspects `*.deps.json`, `runtimeconfig.json`, assemblies, and RID-specific assets to deliver accurate NuGet components with signing metadata.
|
||||
|
||||
## Scope
|
||||
- Parse dependency graphs from `*.deps.json` and merge with `runtimeconfig.json` and bundle manifests.
|
||||
- Capture assembly metadata (strong name, file version, Authenticode) and correlate with packages.
|
||||
- Handle RID-specific asset selection, self-contained apps, and crossgen/native dependency hints.
|
||||
- Package plug-in manifest, determinism fixtures, benchmarks, and Offline Kit documentation.
|
||||
|
||||
## Out of Scope
|
||||
- Policy evaluation or Signer integration (handled elsewhere).
|
||||
- Native dependency resolution outside RID mapping.
|
||||
- Windows-specific MSI/SxS analyzers (covered by native analyzer roadmap).
|
||||
|
||||
## Expectations
|
||||
- Performance target: multi-target app fixture <1.2 s, memory <250 MB.
|
||||
- Deterministic RID collapsing to reduce component duplication by ≥40 % vs naive approach.
|
||||
- Offline-first; support air-gapped strong-name/Authenticode validation using cached root store.
|
||||
- Rich telemetry (components per RID, strong-name validations) conforming to Scanner metrics.
|
||||
|
||||
## Dependencies
|
||||
- Shared language analyzer infrastructure; Worker dispatcher; optional security key store for signature verification.
|
||||
|
||||
## Testing & Artifacts
|
||||
- Fixtures for framework-dependent and self-contained apps (linux-musl, win-x64).
|
||||
- Golden outputs capturing signature metadata and RID grouping.
|
||||
- Benchmark comparing analyzer fidelity vs market competitors.
|
||||
Reference in New Issue
Block a user