# CBDDC Fix Plan

## Goal
Address all remaining issues identified in the architecture/quality audit after EntityFramework removal and persistence merge.

## Current State
- All GitHub workflows/pipelines have been removed from this repository.
- Build and tests pass locally on `CBDDC.slnx`.
- Remaining issues are architecture, warning debt, style drift, dependency deprecations, security hardening, and missing automated fitness gates.

## Issue Inventory
1. **Core framework coupling (CA-02)**
   - `Core` references `Microsoft.Extensions.*` and contains DI composition extension classes.
2. **Static analysis and warning debt (BP-05)**
   - Nullable warnings in persistence (`CS8618`, `CS8604`).
   - `NU1510` warning in network (`System.Threading.Channels`).
3. **Formatting drift (BP-06)**
   - `dotnet format --verify-no-changes` fails with widespread whitespace issues (mostly test files).
4. **Dependency deprecations (BP-07)**
   - Deprecated `Microsoft.AspNetCore.Http.Abstractions` `2.2.0`.
   - Legacy `xunit` `2.9.3` in test projects.
5. **Security baseline gaps (BP-08)**
   - Insecure default auth token in default node config.
   - `JwtOAuth2Validator` is explicitly demo/basic and does not perform signature/JWKS verification.
6. **No architecture fitness enforcement (BP-09)**
   - No architecture rule tests.
   - No active pipeline to enforce build/test/format/package/security checks.

## Execution Plan

### Phase 1: Stabilize and Clean Baseline
1. Fix nullable/event warnings in persistence:
   - Make `ChangesApplied` nullable or initialize safely.
   - Guard null snapshot values before constructing `OplogEntry`.
2. Resolve `NU1510`:
   - Remove `System.Threading.Channels` if unused; otherwise document explicit need.
3. Apply formatting once repo-wide:
   - Run `dotnet format CBDDC.slnx`.
   - Commit mechanical formatting separately.

**Exit criteria**
- `dotnet build CBDDC.slnx` has zero warnings (or only documented, explicitly accepted warnings).
- `dotnet format CBDDC.slnx --verify-no-changes` passes.

### Phase 2: Dependency and Package Modernization
1. Replace deprecated AspNet package:
   - Remove `Microsoft.AspNetCore.Http.Abstractions 2.2.0`.
   - Use current ASP.NET shared framework-compatible references.
2. Upgrade tests from xUnit 2 to xUnit 3 (or pin with explicit temporary rationale).
3. Re-run package audits:
   - `dotnet package list --project CBDDC.slnx --deprecated`
   - `dotnet package list --project CBDDC.slnx --include-transitive --vulnerable --format json`

**Exit criteria**
- No unapproved deprecated packages.
- No known vulnerabilities.

### Phase 3: Security Hardening
1. Remove insecure token default behavior:
   - Require explicit token provisioning for production paths.
   - Keep development fallback only behind clear dev-only opt-in.
2. Replace `JwtOAuth2Validator` with production-grade validator:
   - Signature validation (JWKS retrieval/rotation).
   - Issuer/audience/lifetime validation.
   - Clock skew handling and structured failure reasons.
3. Add unit and integration tests for auth failure/success paths.

**Exit criteria**
- Auth path rejects unsigned/invalid JWTs.
- No default cluster token in production defaults.

### Phase 4: Architecture Boundary Cleanup
1. Move DI composition out of `Core` into outer adapters/host packages.
2. Keep `Core` limited to domain/application contracts and logic.
3. Validate no framework namespace leakage into `Core`.

**Exit criteria**
- `Core` no longer references DI/logging framework packages except where explicitly approved.
- Architecture tests enforce the boundary.

### Phase 5: Fitness Functions and Automation Reintroduction
1. Add architecture tests:
   - Rule: `Core` must not depend on `Network`, `Persistence`, `AspNet`, or host frameworks.
   - Rule: layer graph must remain acyclic.
2. Reintroduce a **new** minimal CI workflow (after review/approval):
   - `dotnet restore`, `dotnet build`, `dotnet test`
   - `dotnet format --verify-no-changes`
   - package vulnerable/deprecated checks
3. Add fail-fast quality gates on pull requests.

**Exit criteria**
- Every architecture/quality rule is automatically enforced on PRs.

## Verification Commands
Run from `/Users/dohertj2/Desktop/CBDDC`:

```bash
dotnet restore CBDDC.slnx
dotnet build CBDDC.slnx
dotnet test CBDDC.slnx
dotnet format CBDDC.slnx --verify-no-changes
dotnet package list --project CBDDC.slnx --include-transitive --vulnerable --format json
dotnet package list --project CBDDC.slnx --deprecated
```

## Suggested Order of Delivery
1. Phase 1 (stability/style baseline)
2. Phase 2 (dependencies)
3. Phase 3 (security)
4. Phase 4 (architecture cleanup)
5. Phase 5 (fitness automation)

## Notes for Review
- I split mechanical formatting from behavioral/security changes to keep diffs reviewable.
- Reintroducing CI is intentionally deferred to Phase 5 so it enforces the cleaned baseline, not current debt.