- Fix PredicateSchemaValidator to use static Lazy initialization
avoiding JsonSchema.Net global registry conflicts in tests
- Add IContextPolicyGate interface for gates without MergeResult
- Rename ICveGate/IAttestationGate to avoid conflicts with IPolicyGate
- Add static Pass/Fail helper methods to GateResult record
- Unseal PolicyGateContext to allow ExtendedPolicyGateContext
- Add missing Type/Constraint properties to AuthorityScope and Principal
- Fix PolicyBundle to use ConditionDescription instead of Condition func
- Rename ExceptionResult to ExceptionCheckResult to avoid duplicate
- Rename GateResult static helper class to GateResultFactory
- Temporarily exclude 9 incomplete gate files with missing contracts
- Add AttestationContextExtensions for GetAttestation/GetVexSummary etc
All 216 Attestor.Core tests pass.
Sprint: SPRINT_20251229_049_BE_csproj_audit_maint_tests
Tasks: AUDIT-0001 through AUDIT-0147 APPLY tasks (approved decisions 1-9)
Changes:
- Set TreatWarningsAsErrors=true for all production .NET projects
- Fixed nullable warnings in Scanner.EntryTrace, Scanner.Evidence,
Scheduler.Worker, Concelier connectors, and other modules
- Injected TimeProvider/IGuidProvider for deterministic time/ID generation
- Added path traversal validation in AirGap.Bundle
- Fixed NULL handling in various cursor classes
- Third-party GostCryptography retains TreatWarningsAsErrors=false (preserves original)
- Test projects excluded per user decision (rejected decision 10)
Note: All 17 ACSC connector tests pass after snapshot fixture sync
- Implement `SbomVexOrderingDeterminismProperties` for testing component list and vulnerability metadata hash consistency.
- Create `UnicodeNormalizationDeterminismProperties` to validate NFC normalization and Unicode string handling.
- Add project file for `StellaOps.Testing.Determinism.Properties` with necessary dependencies.
- Introduce CI/CD template validation tests including YAML syntax checks and documentation content verification.
- Create validation script for CI/CD templates ensuring all required files and structures are present.
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.
