# Audit - StellaOps.Signals ## Project - Path: `src/Signals/StellaOps.Signals/StellaOps.Signals.csproj` - Module: `Signals` - Kind: `WebService` - SDK: `Microsoft.NET.Sdk.Web` - TargetFramework: `net10.0` - Audit date (UTC): 2026-01-30 ## Coding Standards Findings - Status: FAIL - Nullable: enable - TreatWarningsAsErrors: explicit true - Deterministic: inherited true - 100-line rule violations: 99 - Service locator usage (BuildServiceProvider/GetService): 0 - Analyzer enforcement: missing repo-wide (see summary). ### Details - 100-line files: - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightedScoreCalculator.cs` (1060 lines) - `src/Signals/StellaOps.Signals/Program.cs` (960 lines) - `src/Signals/StellaOps.Signals/Services/IFuncProofLinkingService.cs` (833 lines) - `src/Signals/StellaOps.Signals/Services/RuntimeFactsIngestionService.cs` (784 lines) - `src/Signals/StellaOps.Signals/Services/ReachabilityScoringService.cs` (736 lines) - `src/Signals/StellaOps.Signals/Api/RuntimeAgentController.cs` (684 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightPolicy.cs` (588 lines) - `src/Signals/StellaOps.Signals/Api/HotSymbolsController.cs` (562 lines) - `src/Signals/StellaOps.Signals/Parsing/SimpleJsonCallgraphParser.cs` (512 lines) - `src/Signals/StellaOps.Signals/Services/ISbomCorrelationService.cs` (486 lines) - `src/Signals/StellaOps.Signals/UnifiedScore/Replay/ReplayModels.cs` (452 lines) - `src/Signals/StellaOps.Signals/Services/CallgraphIngestionService.cs` (430 lines) - `src/Signals/StellaOps.Signals/Services/SlimSymbolCache.cs` (423 lines) - `src/Signals/StellaOps.Signals/Services/ISymbolCanonicalizationService.cs` (404 lines) - `src/Signals/StellaOps.Signals/Services/RuntimeFactsProvenanceNormalizer.cs` (392 lines) - `src/Signals/StellaOps.Signals/Parsing/CallgraphSchemaMigrator.cs` (382 lines) - `src/Signals/StellaOps.Signals/Scm/Webhooks/GitLabEventMapper.cs` (378 lines) - `src/Signals/StellaOps.Signals/UnifiedScore/UnifiedScoreModels.cs` (371 lines) - `src/Signals/StellaOps.Signals/Services/CallgraphNormalizationService.cs` (368 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightedScoreInput.cs` (364 lines) - `src/Signals/StellaOps.Signals/Scm/Webhooks/GitHubEventMapper.cs` (356 lines) - `src/Signals/StellaOps.Signals/Models/HotSymbolIndex.cs` (355 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/NormalizerAggregator.cs` (350 lines) - `src/Signals/StellaOps.Signals/Storage/RustFsCallgraphArtifactStore.cs` (333 lines) - `src/Signals/StellaOps.Signals/Models/RuntimeUpdatedEvent.cs` (330 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/WeightManifest.cs` (318 lines) - `src/Signals/StellaOps.Signals/Services/ScoreExplanationService.cs` (315 lines) - `src/Signals/StellaOps.Signals/Services/UnknownsScoringService.cs` (297 lines) - `src/Signals/StellaOps.Signals/Services/EdgeBundleIngestionService.cs` (277 lines) - `src/Signals/StellaOps.Signals/UnifiedScore/Replay/ReplayLogBuilder.cs` (272 lines) - `src/Signals/StellaOps.Signals/Models/AocProvenance.cs` (270 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/NormalizerOptions.cs` (265 lines) - `src/Signals/StellaOps.Signals/Services/UnknownsRescanWorker.cs` (263 lines) - `src/Signals/StellaOps.Signals/Storage/PoECasStore.cs` (259 lines) - `src/Signals/StellaOps.Signals/UnifiedScore/UnifiedScoreService.cs` (258 lines) - `src/Signals/StellaOps.Signals/Services/ReachabilityFactDigestCalculator.cs` (258 lines) - `src/Signals/StellaOps.Signals/Scm/Webhooks/GiteaEventMapper.cs` (256 lines) - `src/Signals/StellaOps.Signals/Persistence/InMemoryReachabilityStoreRepository.cs` (250 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightPolicyOptions.cs` (245 lines) - `src/Signals/StellaOps.Signals/Scm/Models/NormalizedScmEvent.cs` (238 lines) - `src/Signals/StellaOps.Signals/Services/RedisEventsPublisher.cs` (232 lines) - `src/Signals/StellaOps.Signals/Models/ProcSnapshotDocument.cs` (232 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/SourceTrustNormalizer.cs` (225 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/RuntimeSignalNormalizer.cs` (224 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/ReachabilityNormalizer.cs` (217 lines) - `src/Signals/StellaOps.Signals/Services/ReachabilityFactEventBuilder.cs` (217 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/FileBasedWeightManifestLoader.cs` (210 lines) - `src/Signals/StellaOps.Signals/Scm/ScmWebhookEndpoints.cs` (208 lines) - `src/Signals/StellaOps.Signals/UnifiedScore/Replay/ReplayVerifier.cs` (195 lines) - `src/Signals/StellaOps.Signals/Persistence/InMemoryReachabilityFactRepository.cs` (194 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/MitigationNormalizer.cs` (192 lines) - `src/Signals/StellaOps.Signals/Models/ScoreExplanation.cs` (192 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/BackportEvidenceNormalizer.cs` (189 lines) - `src/Signals/StellaOps.Signals/Services/SchedulerRescanOrchestrator.cs` (189 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/ExploitLikelihoodNormalizer.cs` (189 lines) - `src/Signals/StellaOps.Signals/Lattice/UncertaintyTier.cs` (186 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/MitigationInput.cs` (182 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/IEvidenceWeightPolicyProvider.cs` (179 lines) - `src/Signals/StellaOps.Signals/Models/EdgeBundleDocument.cs` (179 lines) - `src/Signals/StellaOps.Signals/Scm/Services/ScmWebhookService.cs` (172 lines) - `src/Signals/StellaOps.Signals/Persistence/InMemoryUnknownsRepository.cs` (170 lines) - `src/Signals/StellaOps.Signals/Services/MessagingEventsPublisher.cs` (170 lines) - `src/Signals/StellaOps.Signals/Services/CallGraphSyncService.cs` (169 lines) - `src/Signals/StellaOps.Signals/Models/ReachabilityFactDocument.cs` (165 lines) - `src/Signals/StellaOps.Signals/Lattice/ReachabilityLattice.cs` (164 lines) - `src/Signals/StellaOps.Signals/Persistence/InMemoryCallGraphProjectionRepository.cs` (162 lines) - `src/Signals/StellaOps.Signals/Storage/FileSystemCallgraphArtifactStore.cs` (162 lines) - `src/Signals/StellaOps.Signals/Services/RouterEventsPublisher.cs` (161 lines) - `src/Signals/StellaOps.Signals/Storage/FileSystemRuntimeFactsArtifactStore.cs` (160 lines) - `src/Signals/StellaOps.Signals/UnifiedScore/UnknownsBandMapper.cs` (159 lines) - `src/Signals/StellaOps.Signals/Persistence/IHotSymbolRepository.cs` (158 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/INormalizerAggregator.cs` (157 lines) - `src/Signals/StellaOps.Signals/Models/CallgraphEdge.cs` (155 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/SourceTrustInput.cs` (154 lines) - `src/Signals/StellaOps.Signals/Models/CallgraphNode.cs` (153 lines) - `src/Signals/StellaOps.Signals/Options/SignalsArtifactStorageOptions.cs` (153 lines) - `src/Signals/StellaOps.Signals/Scm/Services/ScmTriggerService.cs` (153 lines) - `src/Signals/StellaOps.Signals/Persistence/InMemoryCallgraphRepository.cs` (152 lines) - `src/Signals/StellaOps.Signals/Models/CallgraphDocument.cs` (148 lines) - `src/Signals/StellaOps.Signals/Services/UnknownsDecayService.cs` (143 lines) - `src/Signals/StellaOps.Signals/Services/RuntimeFactsRetentionService.cs` (140 lines) - `src/Signals/StellaOps.Signals/Services/ReachabilityUnionIngestionService.cs` (139 lines) - `src/Signals/StellaOps.Signals/Models/UnknownSymbolDocument.cs` (138 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/BackportInput.cs` (136 lines) - `src/Signals/StellaOps.Signals/Lattice/ReachabilityLatticeState.cs` (134 lines) - `src/Signals/StellaOps.Signals/Options/SignalsEventsOptions.cs` (129 lines) - `src/Signals/StellaOps.Signals/Options/ScoreExplanationWeights.cs` (128 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/EvidenceWeightedScoringExtensions.cs` (119 lines) - `src/Signals/StellaOps.Signals/Options/SignalsScoringOptions.cs` (119 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/ReachabilityInput.cs` (118 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/RuntimeInput.cs` (115 lines) - `src/Signals/StellaOps.Signals/Persistence/InMemoryDeploymentRefsRepository.cs` (111 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/Normalizers/EvidenceNormalizersServiceCollectionExtensions.cs` (111 lines) - `src/Signals/StellaOps.Signals/Services/UnknownsIngestionService.cs` (109 lines) - `src/Signals/StellaOps.Signals/EvidenceWeightedScore/ExploitInput.cs` (109 lines) - `src/Signals/StellaOps.Signals/Services/UnknownsRescanMetrics.cs` (107 lines) - `src/Signals/StellaOps.Signals/Options/UnknownsScoringOptions.cs` (102 lines) - `src/Signals/StellaOps.Signals/Persistence/InMemoryGraphMetricsRepository.cs` (102 lines) - `src/Signals/StellaOps.Signals/Options/SignalsAuthorityOptions.cs` (101 lines) - Service locator matches: - none ### Fix Guidance - Split files over 100 lines into smaller types or partials. ## Testing Fullness Findings - Status: FAIL - Expected layers: Unit, Integration, Security, Offline - Detected test projects: src/__Tests/reachability/StellaOps.Signals.Reachability.Tests/StellaOps.Signals.Reachability.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.RuntimeAgent.Tests/StellaOps.Signals.RuntimeAgent.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.Persistence.Tests/StellaOps.Signals.Persistence.Tests.csproj [Unit], src/Signals/__Tests/StellaOps.Signals.Ebpf.Tests/StellaOps.Signals.Ebpf.Tests.csproj [Unit], src/__Libraries/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj [Unit], src/__Libraries/__Tests/StellaOps.Signals.Contracts.Tests/StellaOps.Signals.Contracts.Tests.csproj [Unit] - Missing layers: Integration, Security, Offline ### Manual checks required - Observability contract tests for WebService/Worker. - Offline execution (tests must run without network access). ### Fix Guidance - Add integration tests for cross-component flows. - Add security tests for authn/authz or input validation. - Add offline/airgap coverage with fixtures only.