stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6
git.stella-ops.org/docs/features/checked/aoc/aoc-roslyn-source-analyzer.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

3.0 KiB
Raw Blame History

AOC Roslyn Source Analyzer (Compile-Time Contract Enforcement)

Module

Aoc

Status

VERIFIED

Description

Roslyn source analyzer that enforces ingestion contracts at compile time via diagnostics AOC0001, AOC0002, and AOC0003, preventing forbidden and unguarded write patterns in AOC ingestion code.

Implementation Details

  • AOC Analyzer: src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/AocForbiddenFieldAnalyzer.cs - Roslyn DiagnosticAnalyzer that reports:
    • AOC0001 for forbidden field writes (for example severity, cvss, risk_score).
    • AOC0002 for derived effective_* field writes.
    • AOC0003 for unguarded database write operations outside IAocGuard.Validate(...) scope.
  • Analyzer Tests: src/Aoc/__Tests/StellaOps.Aoc.Analyzers.Tests/AocForbiddenFieldAnalyzerTests.cs - analyzer behavior tests covering positive and negative paths (diagnostics emitted and suppressed appropriately).

E2E Test Plan

  • Verify AOC0001 is reported for forbidden field writes in ingestion context
  • Verify AOC0002 is reported for effective_* derived field writes
  • Verify AOC0003 is reported for unguarded database writes
  • Verify diagnostics are not reported for allowed writes and non-ingestion/test assemblies
  • Verify analyzer participates in dotnet build/test execution paths used in CI

Verification

  • Verified: 2026-02-11
  • Method: Tier 0 source verification + Tier 1 build/test + Tier 2d behavioral analyzer test replay
  • Build: PASS (src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/StellaOps.Aoc.Analyzers.csproj)
  • Tests: PASS (src/Aoc/__Tests/StellaOps.Aoc.Analyzers.Tests/StellaOps.Aoc.Analyzers.Tests.csproj: 26/26)
  • Tier 0 Evidence: docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-001/tier0-source-check.json
  • Tier 1 Evidence: docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-001/tier1-build-check.json
  • Tier 2 Evidence: docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-001/tier2-integration-check.json

Recheck (Run-002)

  • Rechecked: 2026-02-11
  • Method: Tier 0 source verification + Tier 1 build/test + strict Tier 2 command-line behavior replay
  • Build: PASS (src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/StellaOps.Aoc.Analyzers.csproj)
  • Tests: PASS (src/Aoc/__Tests/StellaOps.Aoc.Analyzers.Tests/StellaOps.Aoc.Analyzers.Tests.csproj: 26/26)
  • Tier 2 Behavior:
  • Positive path: dotnet build of a violating ingestion sample reports AOC0001, AOC0002, and AOC0003.
  • Negative path: dotnet build of a compliant ingestion sample reports none of AOC0001/AOC0002/AOC0003.
  • Tier 0 Evidence: docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-002/tier0-source-check.json
  • Tier 1 Evidence: docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-002/tier1-build-check.json
  • Tier 2 Evidence: docs/qa/feature-checks/runs/aoc/aoc-roslyn-source-analyzer/run-002/tier2-integration-check.json