git.stella-ops.org/docs/implplan-blocked/audits/csproj-standards/Policy/StellaOps.Policy.Gateway/StellaOps.Policy.Gateway.md

Audit - StellaOps.Policy.Gateway

Project

• Path: src/Policy/StellaOps.Policy.Gateway/StellaOps.Policy.Gateway.csproj
• Module: Policy
• Kind: WebService
• SDK: Microsoft.NET.Sdk.Web
• TargetFramework: net10.0
• Audit date (UTC): 2026-01-30

Coding Standards Findings

• Status: FAIL
• Nullable: enable
• TreatWarningsAsErrors: explicit true
• Deterministic: inherited true
• 100-line rule violations: 24
• Service locator usage (BuildServiceProvider/GetService): 3
• Analyzer enforcement: missing repo-wide (see summary).

Details

• 100-line files:
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/GatesEndpoints.cs (1002 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/GovernanceEndpoints.cs (931 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/ExceptionApprovalEndpoints.cs (874 lines)
  • src/Policy/StellaOps.Policy.Gateway/Program.cs (664 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/ExceptionService.cs (605 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/ExceptionEndpoints.cs (559 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/ScoreGateEndpoints.cs (550 lines)
  • src/Policy/StellaOps.Policy.Gateway/Contracts/ExceptionContracts.cs (466 lines)
  • src/Policy/StellaOps.Policy.Gateway/Contracts/ScoreGateContracts.cs (445 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/RegistryWebhookEndpoints.cs (406 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/GateEndpoints.cs (400 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/DeltasEndpoints.cs (373 lines)
  • src/Policy/StellaOps.Policy.Gateway/Options/PolicyGatewayOptions.cs (323 lines)
  • src/Policy/StellaOps.Policy.Gateway/Contracts/DeltaContracts.cs (293 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/ApprovalWorkflowService.cs (275 lines)
  • src/Policy/StellaOps.Policy.Gateway/Clients/PolicyEngineClient.cs (256 lines)
  • src/Policy/StellaOps.Policy.Gateway/Contracts/GateContracts.cs (243 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/PolicyGatewayDpopProofGenerator.cs (239 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/ExceptionExpiryWorker.cs (235 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/IExceptionService.cs (234 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/ExceptionQueryService.cs (227 lines)
  • src/Policy/StellaOps.Policy.Gateway/Endpoints/ToolLatticeEndpoints.cs (209 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/InMemoryGateEvaluationQueue.cs (184 lines)
  • src/Policy/StellaOps.Policy.Gateway/Services/PolicyEngineTokenProvider.cs (123 lines)
• Service locator matches:
  • src/Policy/StellaOps.Policy.Gateway/Services/InMemoryGateEvaluationQueue.cs:147 var evaluator = scope.ServiceProvider.GetRequiredService();
  • src/Policy/StellaOps.Policy.Gateway/Program.cs:246 var egressPolicy = serviceProvider.GetService();
  • src/Policy/StellaOps.Policy.Gateway/Program.cs:598 var loggerFactory = provider.GetService();

Fix Guidance

• Split files over 100 lines into smaller types or partials.
• Replace service locator usage with constructor injection.

Testing Fullness Findings

• Status: FAIL
• Expected layers: Unit, Integration, Security, Offline
• Detected test projects: src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/StellaOps.Policy.Gateway.Tests.csproj [Unit]
• Missing layers: Integration, Security, Offline

Manual checks required

• Observability contract tests for WebService/Worker.
• Intent tagging required for regulatory modules.
• Offline execution (tests must run without network access).

Fix Guidance

• Add integration tests for cross-component flows.
• Add security tests for authn/authz or input validation.
• Add offline/airgap coverage with fixtures only.