# Audit - StellaOps.Scheduler.WebService ## Project - Path: `src/Scheduler/StellaOps.Scheduler.WebService/StellaOps.Scheduler.WebService.csproj` - Module: `Scheduler` - Kind: `WebService` - SDK: `Microsoft.NET.Sdk.Web` - TargetFramework: `net10.0` - Audit date (UTC): 2026-01-30 ## Coding Standards Findings - Status: FAIL - Nullable: enable - TreatWarningsAsErrors: explicit true - Deterministic: inherited true - 100-line rule violations: 27 - Service locator usage (BuildServiceProvider/GetService): 1 - Analyzer enforcement: missing repo-wide (see summary). ### Details - 100-line files: - `src/Scheduler/StellaOps.Scheduler.WebService/Runs/RunEndpoints.cs` (690 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/GraphJobs/GraphJobService.cs` (507 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/Schedules/ScheduleEndpoints.cs` (445 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/PolicySimulations/PolicySimulationEndpointExtensions.cs` (433 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/PolicyRuns/PolicyRunService.cs` (300 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/PolicyRuns/InMemoryPolicyRunService.cs` (259 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/PolicySimulations/PolicySimulationMetricsProvider.cs` (243 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/Program.cs` (241 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/Runs/RunStreamCoordinator.cs` (225 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/PolicySimulations/PolicySimulationStreamCoordinator.cs` (198 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/PolicyRuns/PolicyRunEndpointExtensions.cs` (197 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/GraphJobs/Events/GraphJobEventPublisher.cs` (186 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/SchedulerEndpointHelpers.cs` (178 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/EventWebhooks/EventWebhookEndpointExtensions.cs` (173 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/GraphJobs/GraphJobEndpointExtensions.cs` (161 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/Schedules/InMemorySchedulerServices.cs` (157 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/VulnerabilityResolverJobs/InMemoryResolverJobService.cs` (141 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/Options/SchedulerEventsOptions.cs` (140 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/Runs/InMemoryRunRepository.cs` (136 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/PolicyRuns/PolicyRunQueryOptions.cs` (126 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/FailureSignatures/FailureSignatureEndpoints.cs` (115 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/EventWebhooks/IWebhookRequestAuthenticator.cs` (107 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/GraphJobs/Events/MessagingGraphJobEventPublisher.cs` (107 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/EventWebhooks/WebhookPayloads.cs` (106 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/GraphJobs/InMemoryGraphJobStore.cs` (104 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/GraphJobs/CartographerWebhookClient.cs` (102 lines) - `src/Scheduler/StellaOps.Scheduler.WebService/VulnerabilityResolverJobs/ResolverJobEndpointExtensions.cs` (101 lines) - Service locator matches: - `src/Scheduler/StellaOps.Scheduler.WebService/FailureSignatures/FailureSignatureEndpoints.cs`:54 var repository = serviceProvider.GetService(); ### Fix Guidance - Split files over 100 lines into smaller types or partials. - Replace service locator usage with constructor injection. ## Testing Fullness Findings - Status: FAIL - Expected layers: Unit, Integration, Security, Offline - Detected test projects: src/Scheduler/__Tests/StellaOps.Scheduler.WebService.Tests/StellaOps.Scheduler.WebService.Tests.csproj [Unit] - Missing layers: Integration, Security, Offline ### Manual checks required - Observability contract tests for WebService/Worker. - Offline execution (tests must run without network access). ### Fix Guidance - Add integration tests for cross-component flows. - Add security tests for authn/authz or input validation. - Add offline/airgap coverage with fixtures only.