# Audit - StellaOps.Zastava.Webhook

## Project
- Path: `src/Zastava/StellaOps.Zastava.Webhook/StellaOps.Zastava.Webhook.csproj`
- Module: `Zastava`
- Kind: `WebService`
- SDK: `Microsoft.NET.Sdk.Web`
- TargetFramework: `net10.0`
- Audit date (UTC): 2026-01-30

## Coding Standards Findings
- Status: FAIL
- Nullable: enable
- TreatWarningsAsErrors: explicit true
- Deterministic: inherited true
- 100-line rule violations: 8
- Service locator usage (BuildServiceProvider/GetService): 0
- Analyzer enforcement: missing repo-wide (see summary).

### Details
- 100-line files:
  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/RuntimeAdmissionPolicyService.cs` (359 lines)
  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/FacetAdmissionValidator.cs` (252 lines)
  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionResponseBuilder.cs` (226 lines)
  - `src/Zastava/StellaOps.Zastava.Webhook/Configuration/ZastavaWebhookOptions.cs` (179 lines)
  - `src/Zastava/StellaOps.Zastava.Webhook/Admission/AdmissionReviewParser.cs` (154 lines)
  - `src/Zastava/StellaOps.Zastava.Webhook/DependencyInjection/ServiceCollectionExtensions.cs` (127 lines)
  - `src/Zastava/StellaOps.Zastava.Webhook/Backend/RuntimePolicyClient.cs` (115 lines)
  - `src/Zastava/StellaOps.Zastava.Webhook/Certificates/SecretFileCertificateSource.cs` (103 lines)
- Service locator matches:
  - none

### Fix Guidance
- Split files over 100 lines into smaller types or partials.

## Testing Fullness Findings
- Status: FAIL
- Expected layers: Unit, Integration, Security, Offline
- Detected test projects: src/Zastava/__Tests/StellaOps.Zastava.Webhook.Tests/StellaOps.Zastava.Webhook.Tests.csproj [Unit]
- Missing layers: Integration, Security, Offline

### Manual checks required
- Observability contract tests for WebService/Worker.
- Offline execution (tests must run without network access).

### Fix Guidance
- Add integration tests for cross-component flows.
- Add security tests for authn/authz or input validation.
- Add offline/airgap coverage with fixtures only.