dohertj2/CBDDC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
08bfc172186b595e18dee366f45a2def505b087d
CBDDC/fixplan.md

116 lines
4.8 KiB
Markdown
Raw Blame History

# CBDDC Fix Plan
## Goal
Address all remaining issues identified in the architecture/quality audit after EntityFramework removal and persistence merge.
## Current State
- All GitHub workflows/pipelines have been removed from this repository.
- Build and tests pass locally on `CBDDC.slnx`.
- Remaining issues are architecture, warning debt, style drift, dependency deprecations, security hardening, and missing automated fitness gates.
## Issue Inventory
1. **Core framework coupling (CA-02)**
- `Core` references `Microsoft.Extensions.*` and contains DI composition extension classes.
2. **Static analysis and warning debt (BP-05)**
- Nullable warnings in persistence (`CS8618`, `CS8604`).
- `NU1510` warning in network (`System.Threading.Channels`).
3. **Formatting drift (BP-06)**
- `dotnet format --verify-no-changes` fails with widespread whitespace issues (mostly test files).
4. **Dependency deprecations (BP-07)**
- Deprecated `Microsoft.AspNetCore.Http.Abstractions` `2.2.0`.
- Legacy `xunit` `2.9.3` in test projects.
5. **Security baseline gaps (BP-08)**
- Insecure default auth token in default node config.
- `JwtOAuth2Validator` is explicitly demo/basic and does not perform signature/JWKS verification.
6. **No architecture fitness enforcement (BP-09)**
- No architecture rule tests.
- No active pipeline to enforce build/test/format/package/security checks.
## Execution Plan
### Phase 1: Stabilize and Clean Baseline
1. Fix nullable/event warnings in persistence:
- Make `ChangesApplied` nullable or initialize safely.
- Guard null snapshot values before constructing `OplogEntry`.
2. Resolve `NU1510`:
- Remove `System.Threading.Channels` if unused; otherwise document explicit need.
3. Apply formatting once repo-wide:
- Run `dotnet format CBDDC.slnx`.
- Commit mechanical formatting separately.
**Exit criteria**
- `dotnet build CBDDC.slnx` has zero warnings (or only documented, explicitly accepted warnings).
- `dotnet format CBDDC.slnx --verify-no-changes` passes.
### Phase 2: Dependency and Package Modernization
1. Replace deprecated AspNet package:
- Remove `Microsoft.AspNetCore.Http.Abstractions 2.2.0`.
- Use current ASP.NET shared framework-compatible references.
2. Upgrade tests from xUnit 2 to xUnit 3 (or pin with explicit temporary rationale).
3. Re-run package audits:
- `dotnet package list --project CBDDC.slnx --deprecated`
- `dotnet package list --project CBDDC.slnx --include-transitive --vulnerable --format json`
**Exit criteria**
- No unapproved deprecated packages.
- No known vulnerabilities.
### Phase 3: Security Hardening
1. Remove insecure token default behavior:
- Require explicit token provisioning for production paths.
- Keep development fallback only behind clear dev-only opt-in.
2. Replace `JwtOAuth2Validator` with production-grade validator:
- Signature validation (JWKS retrieval/rotation).
- Issuer/audience/lifetime validation.
- Clock skew handling and structured failure reasons.
3. Add unit and integration tests for auth failure/success paths.
**Exit criteria**
- Auth path rejects unsigned/invalid JWTs.
- No default cluster token in production defaults.
### Phase 4: Architecture Boundary Cleanup
1. Move DI composition out of `Core` into outer adapters/host packages.
2. Keep `Core` limited to domain/application contracts and logic.
3. Validate no framework namespace leakage into `Core`.
**Exit criteria**
- `Core` no longer references DI/logging framework packages except where explicitly approved.
- Architecture tests enforce the boundary.
### Phase 5: Fitness Functions and Automation Reintroduction
1. Add architecture tests:
- Rule: `Core` must not depend on `Network`, `Persistence`, `AspNet`, or host frameworks.
- Rule: layer graph must remain acyclic.
2. Reintroduce a **new** minimal CI workflow (after review/approval):
- `dotnet restore`, `dotnet build`, `dotnet test`
- `dotnet format --verify-no-changes`
- package vulnerable/deprecated checks
3. Add fail-fast quality gates on pull requests.
**Exit criteria**
- Every architecture/quality rule is automatically enforced on PRs.
## Verification Commands
Run from `/Users/dohertj2/Desktop/CBDDC`:
```bash
dotnet restore CBDDC.slnx
dotnet build CBDDC.slnx
dotnet test CBDDC.slnx
dotnet format CBDDC.slnx --verify-no-changes
dotnet package list --project CBDDC.slnx --include-transitive --vulnerable --format json
dotnet package list --project CBDDC.slnx --deprecated
```
## Suggested Order of Delivery
1. Phase 1 (stability/style baseline)
2. Phase 2 (dependencies)
3. Phase 3 (security)
4. Phase 4 (architecture cleanup)
5. Phase 5 (fitness automation)
## Notes for Review
- I split mechanical formatting from behavioral/security changes to keep diffs reviewable.
- Reintroducing CI is intentionally deferred to Phase 5 so it enforces the cleaned baseline, not current debt.
Reference in New Issue View Git Blame Copy Permalink