git.stella-ops.org/docs/implplan-blocked/audits/csproj-standards/VexLens/StellaOps.VexLens/StellaOps.VexLens.md

Audit - StellaOps.VexLens

Project

• Path: src/VexLens/StellaOps.VexLens/StellaOps.VexLens.csproj
• Module: VexLens
• Kind: Service
• SDK: Microsoft.NET.Sdk
• TargetFramework: net10.0
• Audit date (UTC): 2026-01-30

Coding Standards Findings

• Status: FAIL
• Nullable: enable
• TreatWarningsAsErrors: explicit true
• Deterministic: inherited true
• 100-line rule violations: 92
• Service locator usage (BuildServiceProvider/GetService): 2
• Analyzer enforcement: missing repo-wide (see summary).

Details

• 100-line files:
  • src/VexLens/StellaOps.VexLens/Consensus/VexConsensusEngine.cs (1295 lines)
  • src/VexLens/StellaOps.VexLens/Api/IVexLensApiService.cs (775 lines)
  • src/VexLens/StellaOps.VexLens/Api/TrustScorecardApiModels.cs (696 lines)
  • src/VexLens/StellaOps.VexLens/Normalization/CsafVexNormalizer.cs (693 lines)
  • src/VexLens/StellaOps.VexLens/Normalization/CycloneDxVexNormalizer.cs (640 lines)
  • src/VexLens/StellaOps.VexLens/Export/IConsensusExportService.cs (589 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/TrustDecayCalculator.cs (582 lines)
  • src/VexLens/StellaOps.VexLens/Api/IConsensusRationaleService.cs (565 lines)
  • src/VexLens/StellaOps.VexLens/Storage/PostgresConsensusProjectionStoreProxy.cs (558 lines)
  • src/VexLens/StellaOps.VexLens/Conditions/ConditionEvaluator.cs (546 lines)
  • src/VexLens/StellaOps.VexLens/Proof/VexProofBuilder.cs (545 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Proof/VexProofBuilderTests.cs (544 lines)
  • src/VexLens/StellaOps.VexLens/Testing/VexLensTestHarness.cs (538 lines)
  • src/VexLens/StellaOps.VexLens/Integration/PolicyEngineIntegration.cs (522 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Normalization/VexLensNormalizer.cs (517 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/SourceTrustScoreCalculator.cs (514 lines)
  • src/VexLens/StellaOps.VexLens/Normalization/OpenVexNormalizer.cs (498 lines)
  • src/VexLens/StellaOps.VexLens/Orchestration/IConsensusJobService.cs (483 lines)
  • src/VexLens/StellaOps.VexLens/NoiseGate/NoiseGateService.cs (482 lines)
  • src/VexLens/StellaOps.VexLens/Caching/IConsensusRationaleCache.cs (480 lines)
  • src/VexLens/StellaOps.VexLens/Api/ConsensusRationaleModels.cs (477 lines)
  • src/VexLens/StellaOps.VexLens/Proof/VexProof.cs (475 lines)
  • src/VexLens/StellaOps.VexLens/Observability/VexLensMetrics.cs (452 lines)
  • src/VexLens/StellaOps.VexLens/Trust/TrustWeightEngine.cs (445 lines)
  • src/VexLens/StellaOps.VexLens/Storage/InMemoryConsensusProjectionStore.cs (438 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/ITrustDecayService.cs (435 lines)
  • src/VexLens/StellaOps.VexLens/Orchestration/OrchestratorLedgerEventEmitter.cs (434 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Core.Tests/Normalization/VexLensNormalizerTests.cs (427 lines)
  • src/VexLens/StellaOps.VexLens/Verification/SignatureVerifier.cs (424 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Signature/SignatureVerifier.cs (423 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/ISourceTrustScoreCalculator.cs (421 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Consensus/VexConsensusEngine.cs (400 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Models/NormalizedVexDocument.cs (399 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Propagation/PropagationRuleEngineTests.cs (373 lines)
  • src/VexLens/StellaOps.VexLens/Extensions/VexLensServiceCollectionExtensions.cs (372 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Conditions/ConditionEvaluatorTests.cs (361 lines)
  • src/VexLens/StellaOps.VexLens/Delta/DeltaReportBuilder.cs (347 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/IProvenanceChainValidator.cs (347 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/ProvenanceChainValidator.cs (341 lines)
  • src/VexLens/StellaOps.VexLens/Mapping/CpeParser.cs (331 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/ProductMapping/ProductMapper.cs (327 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Regression/VexLensRegressionTests.cs (327 lines)
  • src/VexLens/StellaOps.VexLens/Api/ConsensusApiModels.cs (321 lines)
  • src/VexLens/StellaOps.VexLens/Services/VexDeltaComputeService.cs (319 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/GoldenCorpus/GoldenCorpusTestRunner.cs (317 lines)
  • src/VexLens/StellaOps.VexLens/Verification/InMemoryIssuerDirectory.cs (316 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Core.Tests/ProductMapping/ProductMapperTests.cs (315 lines)
  • src/VexLens/StellaOps.VexLens/Consensus/IVexConsensusEngine.cs (314 lines)
  • src/VexLens/StellaOps.VexLens/NoiseGate/INoiseGate.cs (310 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/VexSourceTrustScore.cs (310 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Trust/PatchVerificationTrustProvider.cs (308 lines)
  • src/VexLens/StellaOps.VexLens/Storage/DualWriteConsensusProjectionStore.cs (307 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Trust/TrustWeightEngine.cs (306 lines)
  • src/VexLens/StellaOps.VexLens/Mapping/ProductMapper.cs (301 lines)
  • src/VexLens/StellaOps.VexLens/Trust/SourceTrust/TrustDecayService.cs (298 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Proof/VexProofShuffleDeterminismTests.cs (296 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/E2E/VexLensPipelineDeterminismTests.cs (294 lines)
  • src/VexLens/StellaOps.VexLens/Integration/VexSignalEmitter.cs (292 lines)
  • src/VexLens/StellaOps.VexLens/Integration/IPolicyEngineIntegration.cs (291 lines)
  • src/VexLens/StellaOps.VexLens/Options/VexLensOptions.cs (280 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/GoldenCorpus/GoldenCorpusTests.cs (279 lines)
  • src/VexLens/StellaOps.VexLens/Propagation/PropagationRuleEngine.cs (265 lines)
  • src/VexLens/StellaOps.VexLens/Mapping/ProductIdentityMatcher.cs (259 lines)
  • src/VexLens/StellaOps.VexLens/Mapping/PurlParser.cs (253 lines)
  • src/VexLens/StellaOps.VexLens/Proof/VexProofSerializer.cs (248 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Signature/ISignatureVerifier.cs (238 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Trust/ITrustWeightEngine.cs (237 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/GoldenCorpus/GoldenCorpusLoader.cs (224 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/GoldenCorpus/GoldenCorpusModels.cs (214 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/ProductMapping/PurlParser.cs (212 lines)
  • src/VexLens/StellaOps.VexLens/Storage/IConsensusProjectionStore.cs (210 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Signature/InMemoryIssuerDirectory.cs (210 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/ProductMapping/CpeParser.cs (207 lines)
  • src/VexLens/StellaOps.VexLens/Verification/IIssuerDirectory.cs (206 lines)
  • src/VexLens/StellaOps.VexLens/Api/NoiseGatingApiModels.cs (205 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Consensus/IVexConsensusEngine.cs (188 lines)
  • src/VexLens/StellaOps.VexLens/Models/NormalizedVexModels.cs (186 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Core.Tests/ProductMapping/CpeParserTests.cs (184 lines)
  • src/VexLens/StellaOps.VexLens/Delta/DeltaReport.cs (183 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/Signature/IIssuerDirectory.cs (182 lines)
  • src/VexLens/StellaOps.VexLens/StellaOps.VexLens.Core/ProductMapping/IProductMapper.cs (182 lines)
  • src/VexLens/StellaOps.VexLens/Verification/ISignatureVerifier.cs (182 lines)
  • src/VexLens/StellaOps.VexLens/Propagation/IPropagationRuleEngine.cs (172 lines)
  • src/VexLens/StellaOps.VexLens/Mapping/IProductMapper.cs (169 lines)
  • src/VexLens/StellaOps.VexLens/Normalization/IVexNormalizer.cs (164 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Storage/DualWriteConsensusProjectionStoreTests.cs (160 lines)
  • src/VexLens/StellaOps.VexLens/Trust/ITrustWeightEngine.cs (152 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Core.Tests/ProductMapping/PurlParserTests.cs (143 lines)
  • src/VexLens/StellaOps.VexLens/Mapping/VexDeltaMapper.cs (143 lines)
  • src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/Caching/ConsensusRationaleCacheTests.cs (138 lines)
  • src/VexLens/StellaOps.VexLens/NoiseGate/NoiseGateOptions.cs (122 lines)
  • src/VexLens/StellaOps.VexLens/Orchestration/ConsensusJobTypes.cs (119 lines)
• Service locator matches:
  • src/VexLens/StellaOps.VexLens/Extensions/VexLensServiceCollectionExtensions.cs:87 var guidProvider = sp.GetService() ?? SystemGuidProvider.Instance;
  • src/VexLens/StellaOps.VexLens/Extensions/VexLensServiceCollectionExtensions.cs:252 var emitter = sp.GetService();

Fix Guidance

• Split files over 100 lines into smaller types or partials.
• Replace service locator usage with constructor injection.

Testing Fullness Findings

• Status: PASS
• Expected layers: Unit
• Detected test projects: src/VexLens/__Tests/StellaOps.VexLens.Tests/StellaOps.VexLens.Tests.csproj [Unit], src/VexLens/__Libraries/__Tests/StellaOps.VexLens.Spdx3.Tests/StellaOps.VexLens.Spdx3.Tests.csproj [Unit], src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Tests/StellaOps.VexLens.Tests.csproj [Unit], src/VexLens/StellaOps.VexLens/__Tests/StellaOps.VexLens.Core.Tests/StellaOps.VexLens.Core.Tests.csproj [Unit]
• Missing layers: none

Manual checks required

• Observability contract tests for WebService/Worker.
• Offline execution (tests must run without network access).

Fix Guidance

• None.