# Audit - StellaOps.Policy.RiskProfile

## Project
- Path: `src/Policy/StellaOps.Policy.RiskProfile/StellaOps.Policy.RiskProfile.csproj`
- Module: `Policy`
- Kind: `Service`
- SDK: `Microsoft.NET.Sdk`
- TargetFramework: `net10.0`
- Audit date (UTC): 2026-01-30

## Coding Standards Findings
- Status: FAIL
- Nullable: enable
- TreatWarningsAsErrors: explicit true
- Deterministic: inherited true
- 100-line rule violations: 13
- Service locator usage (BuildServiceProvider/GetService): 0
- Analyzer enforcement: missing repo-wide (see summary).

### Details
- 100-line files:
  - `src/Policy/StellaOps.Policy.RiskProfile/Overrides/OverrideService.cs` (570 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Lifecycle/RiskProfileLifecycleService.cs` (523 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Scope/EffectivePolicyService.cs` (446 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Export/ProfileExportService.cs` (359 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Canonicalization/RiskProfileCanonicalizer.cs` (346 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Scope/ScopeAttachmentService.cs` (339 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Overrides/OverrideModels.cs` (266 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Merge/RiskProfileMergeService.cs` (241 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Hashing/RiskProfileHasher.cs` (218 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Models/RiskProfileModel.cs` (213 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Scope/ScopeAttachmentModels.cs` (187 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Lifecycle/RiskProfileLifecycle.cs` (139 lines)
  - `src/Policy/StellaOps.Policy.RiskProfile/Export/ProfileExportModels.cs` (115 lines)
- Service locator matches:
  - none

### Fix Guidance
- Split files over 100 lines into smaller types or partials.

## Testing Fullness Findings
- Status: PASS
- Expected layers: Unit
- Detected test projects: src/Policy/__Tests/StellaOps.Policy.RiskProfile.Tests/StellaOps.Policy.RiskProfile.Tests.csproj [Unit]
- Missing layers: none

### Manual checks required
- Observability contract tests for WebService/Worker.
- Intent tagging required for regulatory modules.
- Offline execution (tests must run without network access).

### Fix Guidance
- None.