Initial import of the CBDDC codebase with docs and tests. Add a .NET-focused gitignore to keep generated artifacts out of source control.
Some checks failed
CI / verify (push) Has been cancelled
Some checks failed
CI / verify (push) Has been cancelled
This commit is contained in:
Joseph Doherty
115
fixplan.md
Normal file
115
fixplan.md
Normal file
@@ -0,0 +1,115 @@
|
||||
# CBDDC Fix Plan
|
||||
|
||||
## Goal
|
||||
Address all remaining issues identified in the architecture/quality audit after EntityFramework removal and persistence merge.
|
||||
|
||||
## Current State
|
||||
- All GitHub workflows/pipelines have been removed from this repository.
|
||||
- Build and tests pass locally on `CBDDC.slnx`.
|
||||
- Remaining issues are architecture, warning debt, style drift, dependency deprecations, security hardening, and missing automated fitness gates.
|
||||
|
||||
## Issue Inventory
|
||||
1. **Core framework coupling (CA-02)**
|
||||
- `Core` references `Microsoft.Extensions.*` and contains DI composition extension classes.
|
||||
2. **Static analysis and warning debt (BP-05)**
|
||||
- Nullable warnings in persistence (`CS8618`, `CS8604`).
|
||||
- `NU1510` warning in network (`System.Threading.Channels`).
|
||||
3. **Formatting drift (BP-06)**
|
||||
- `dotnet format --verify-no-changes` fails with widespread whitespace issues (mostly test files).
|
||||
4. **Dependency deprecations (BP-07)**
|
||||
- Deprecated `Microsoft.AspNetCore.Http.Abstractions` `2.2.0`.
|
||||
- Legacy `xunit` `2.9.3` in test projects.
|
||||
5. **Security baseline gaps (BP-08)**
|
||||
- Insecure default auth token in default node config.
|
||||
- `JwtOAuth2Validator` is explicitly demo/basic and does not perform signature/JWKS verification.
|
||||
6. **No architecture fitness enforcement (BP-09)**
|
||||
- No architecture rule tests.
|
||||
- No active pipeline to enforce build/test/format/package/security checks.
|
||||
|
||||
## Execution Plan
|
||||
|
||||
### Phase 1: Stabilize and Clean Baseline
|
||||
1. Fix nullable/event warnings in persistence:
|
||||
- Make `ChangesApplied` nullable or initialize safely.
|
||||
- Guard null snapshot values before constructing `OplogEntry`.
|
||||
2. Resolve `NU1510`:
|
||||
- Remove `System.Threading.Channels` if unused; otherwise document explicit need.
|
||||
3. Apply formatting once repo-wide:
|
||||
- Run `dotnet format CBDDC.slnx`.
|
||||
- Commit mechanical formatting separately.
|
||||
|
||||
**Exit criteria**
|
||||
- `dotnet build CBDDC.slnx` has zero warnings (or only documented, explicitly accepted warnings).
|
||||
- `dotnet format CBDDC.slnx --verify-no-changes` passes.
|
||||
|
||||
### Phase 2: Dependency and Package Modernization
|
||||
1. Replace deprecated AspNet package:
|
||||
- Remove `Microsoft.AspNetCore.Http.Abstractions 2.2.0`.
|
||||
- Use current ASP.NET shared framework-compatible references.
|
||||
2. Upgrade tests from xUnit 2 to xUnit 3 (or pin with explicit temporary rationale).
|
||||
3. Re-run package audits:
|
||||
- `dotnet package list --project CBDDC.slnx --deprecated`
|
||||
- `dotnet package list --project CBDDC.slnx --include-transitive --vulnerable --format json`
|
||||
|
||||
**Exit criteria**
|
||||
- No unapproved deprecated packages.
|
||||
- No known vulnerabilities.
|
||||
|
||||
### Phase 3: Security Hardening
|
||||
1. Remove insecure token default behavior:
|
||||
- Require explicit token provisioning for production paths.
|
||||
- Keep development fallback only behind clear dev-only opt-in.
|
||||
2. Replace `JwtOAuth2Validator` with production-grade validator:
|
||||
- Signature validation (JWKS retrieval/rotation).
|
||||
- Issuer/audience/lifetime validation.
|
||||
- Clock skew handling and structured failure reasons.
|
||||
3. Add unit and integration tests for auth failure/success paths.
|
||||
|
||||
**Exit criteria**
|
||||
- Auth path rejects unsigned/invalid JWTs.
|
||||
- No default cluster token in production defaults.
|
||||
|
||||
### Phase 4: Architecture Boundary Cleanup
|
||||
1. Move DI composition out of `Core` into outer adapters/host packages.
|
||||
2. Keep `Core` limited to domain/application contracts and logic.
|
||||
3. Validate no framework namespace leakage into `Core`.
|
||||
|
||||
**Exit criteria**
|
||||
- `Core` no longer references DI/logging framework packages except where explicitly approved.
|
||||
- Architecture tests enforce the boundary.
|
||||
|
||||
### Phase 5: Fitness Functions and Automation Reintroduction
|
||||
1. Add architecture tests:
|
||||
- Rule: `Core` must not depend on `Network`, `Persistence`, `AspNet`, or host frameworks.
|
||||
- Rule: layer graph must remain acyclic.
|
||||
2. Reintroduce a **new** minimal CI workflow (after review/approval):
|
||||
- `dotnet restore`, `dotnet build`, `dotnet test`
|
||||
- `dotnet format --verify-no-changes`
|
||||
- package vulnerable/deprecated checks
|
||||
3. Add fail-fast quality gates on pull requests.
|
||||
|
||||
**Exit criteria**
|
||||
- Every architecture/quality rule is automatically enforced on PRs.
|
||||
|
||||
## Verification Commands
|
||||
Run from `/Users/dohertj2/Desktop/CBDDC`:
|
||||
|
||||
```bash
|
||||
dotnet restore CBDDC.slnx
|
||||
dotnet build CBDDC.slnx
|
||||
dotnet test CBDDC.slnx
|
||||
dotnet format CBDDC.slnx --verify-no-changes
|
||||
dotnet package list --project CBDDC.slnx --include-transitive --vulnerable --format json
|
||||
dotnet package list --project CBDDC.slnx --deprecated
|
||||
```
|
||||
|
||||
## Suggested Order of Delivery
|
||||
1. Phase 1 (stability/style baseline)
|
||||
2. Phase 2 (dependencies)
|
||||
3. Phase 3 (security)
|
||||
4. Phase 4 (architecture cleanup)
|
||||
5. Phase 5 (fitness automation)
|
||||
|
||||
## Notes for Review
|
||||
- I split mechanical formatting from behavioral/security changes to keep diffs reviewable.
|
||||
- Reintroducing CI is intentionally deferred to Phase 5 so it enforces the cleaned baseline, not current debt.
|
||||
Reference in New Issue
Block a user