git.stella-ops.org/docs/implplan-blocked/audits/csproj-standards/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.md

Audit - StellaOps.Concelier.WebService

Project

• Path: src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj
• Module: Concelier
• Kind: WebService
• SDK: Microsoft.NET.Sdk.Web
• TargetFramework: net10.0
• Audit date (UTC): 2026-01-30

Coding Standards Findings

• Status: FAIL
• Nullable: enable
• TreatWarningsAsErrors: explicit true
• Deterministic: inherited true
• 100-line rule violations: 30
• Service locator usage (BuildServiceProvider/GetService): 6
• Analyzer enforcement: missing repo-wide (see summary).

Details

• 100-line files:
  • src/Concelier/StellaOps.Concelier.WebService/Program.cs (4617 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Results/ConcelierProblemResultFactory.cs (565 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/CanonicalAdvisoryEndpointExtensions.cs (516 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/FederationEndpointExtensions.cs (467 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/FeedSnapshotEndpointExtensions.cs (444 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Services/AdvisoryChunkBuilder.cs (425 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/SbomEndpointExtensions.cs (414 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Services/OpenApiDiscoveryDocumentProvider.cs (400 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Options/ConcelierOptionsValidator.cs (369 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Options/ConcelierOptions.cs (349 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/MirrorRateLimitingExtensions.cs (343 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/InterestScoreEndpointExtensions.cs (314 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/AirGapEndpointExtensions.cs (280 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/AdvisoryRawRequestMapper.cs (244 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/TelemetryExtensions.cs (223 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Contracts/AirGapMetadataContracts.cs (217 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/MirrorEndpointExtensions.cs (209 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Services/MirrorFileLocator.cs (184 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Diagnostics/ErrorCodes.cs (169 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Options/AirGapOptions.cs (158 lines)
  • src/Concelier/StellaOps.Concelier.WebService/AirGap/AirgapBundleBuilder.cs (155 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Deprecation/DeprecationHeaders.cs (148 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Services/AdvisoryAiTelemetry.cs (143 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Contracts/AdvisoryRawContracts.cs (141 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/JobRegistrationExtensions.cs (137 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Contracts/ErrorEnvelopeContracts.cs (133 lines)
  • src/Concelier/StellaOps.Concelier.WebService/AirGap/AirgapBundleValidator.cs (129 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Filters/JobAuthorizationAuditFilter.cs (122 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Services/AdvisoryChunkCache.cs (112 lines)
  • src/Concelier/StellaOps.Concelier.WebService/Services/IncidentFileStore.cs (106 lines)
• Service locator matches:
  • src/Concelier/StellaOps.Concelier.WebService/Program.cs:133 using var tempProvider = builder.Services.BuildServiceProvider();
  • src/Concelier/StellaOps.Concelier.WebService/Program.cs:135 concelierOptions = tempProvider.GetService<IOptions>()?.Value ?? new ConcelierOptions
  • src/Concelier/StellaOps.Concelier.WebService/Program.cs:517 var cacheLookup = sp.GetService() as IAdvisoryLinksetLookup;
  • src/Concelier/StellaOps.Concelier.WebService/Program.cs:518 var cacheSink = sp.GetService() as IAdvisoryLinksetSink;
  • src/Concelier/StellaOps.Concelier.WebService/Program.cs:4540 var dataSource = app.Services.GetService();
  • src/Concelier/StellaOps.Concelier.WebService/Extensions/MirrorRateLimitingExtensions.cs:85 var config = app.ApplicationServices.GetService();

Fix Guidance

• Split files over 100 lines into smaller types or partials.
• Replace service locator usage with constructor injection.

Testing Fullness Findings

• Status: FAIL
• Expected layers: Unit, Integration, Security, Offline
• Detected test projects: src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj [Unit]
• Missing layers: Integration, Security, Offline

Manual checks required

• Observability contract tests for WebService/Worker.
• Offline execution (tests must run without network access).

Fix Guidance

• Add integration tests for cross-component flows.
• Add security tests for authn/authz or input validation.
• Add offline/airgap coverage with fixtures only.