# AI Code Guard (Secrets Scanning + Attribution Check + License Hygiene)

## Module
Integrations

## Status
VERIFIED

## Description
AI Code Guard has policy signal binding and annotation services. Evidence provider interfaces and annotation contracts exist. The advisory's proposed `stella guard run` CLI and full YAML-driven pipeline checks are partially represented through policy signal binding rather than a standalone CLI tool.

## What's Implemented
- **AI Code Guard annotation contracts**: `src/Integrations/__Libraries/StellaOps.Integrations.Contracts/AiCodeGuardAnnotationContracts.cs` -- annotation DTOs for AI code guard findings
- **AI Code Guard annotation service**: `src/Integrations/__Libraries/StellaOps.Integrations.Services/AiCodeGuard/AiCodeGuardAnnotationService.cs` -- annotation generation service
- **Tests**: `src/Integrations/__Libraries/__Tests/StellaOps.Integrations.Services.Tests/AiCodeGuard/AiCodeGuardAnnotationServiceTests.cs`
- Policy signal binding exists in `src/Policy/` for AI code guard policy evaluation
- Source: Feature matrix scan

## What's Missing
- `stella guard run` CLI command for standalone execution
- YAML-driven pipeline check configuration
- Full secrets scanning engine (currently annotation-only)
- Attribution check automation
- License hygiene scanning and enforcement

## Implementation Plan
- Add CLI command wrapping AI Code Guard annotation service
- Implement YAML-driven check configuration loader
- Build secrets scanning and attribution check engines
- Integrate license hygiene with SBOM/licensing data

## Related Documentation
- Source: See feature catalog