# Audit - StellaOps.Registry.TokenService

## Project
- Path: `src/Registry/StellaOps.Registry.TokenService/StellaOps.Registry.TokenService.csproj`
- Module: `Registry`
- Kind: `WebService`
- SDK: `Microsoft.NET.Sdk.Web`
- TargetFramework: `net10.0`
- Audit date (UTC): 2026-01-30

## Coding Standards Findings
- Status: FAIL
- Nullable: enable
- TreatWarningsAsErrors: explicit true
- Deterministic: inherited true
- 100-line rule violations: 8
- Service locator usage (BuildServiceProvider/GetService): 0
- Analyzer enforcement: missing repo-wide (see summary).

### Details
- 100-line files:
  - `src/Registry/StellaOps.Registry.TokenService/Admin/AdminModels.cs` (401 lines)
  - `src/Registry/StellaOps.Registry.TokenService/RegistryTokenServiceOptions.cs` (321 lines)
  - `src/Registry/StellaOps.Registry.TokenService/Admin/PlanAdminEndpoints.cs` (292 lines)
  - `src/Registry/StellaOps.Registry.TokenService/Admin/PlanValidator.cs` (237 lines)
  - `src/Registry/StellaOps.Registry.TokenService/Admin/InMemoryPlanRuleStore.cs` (230 lines)
  - `src/Registry/StellaOps.Registry.TokenService/Program.cs` (199 lines)
  - `src/Registry/StellaOps.Registry.TokenService/PlanRegistry.cs` (150 lines)
  - `src/Registry/StellaOps.Registry.TokenService/RegistryTokenIssuer.cs` (133 lines)
- Service locator matches:
  - none

### Fix Guidance
- Split files over 100 lines into smaller types or partials.

## Testing Fullness Findings
- Status: FAIL
- Expected layers: Unit, Integration, Security, Offline
- Detected test projects: src/Registry/__Tests/StellaOps.Registry.TokenService.Tests/StellaOps.Registry.TokenService.Tests.csproj [Unit]
- Missing layers: Integration, Security, Offline

### Manual checks required
- Observability contract tests for WebService/Worker.
- Offline execution (tests must run without network access).

### Fix Guidance
- Add integration tests for cross-component flows.
- Add security tests for authn/authz or input validation.
- Add offline/airgap coverage with fixtures only.