fix(scriptanalysis): M3.6 — full-framework analysis refs close forbidden-type-in-allowed-ns blind spot; pin Process/Stopwatch; fix stale codec test; drop dead ContainsInCode

tests/ZB.MOM.WW.ScadaBridge.ScriptAnalysis.Tests/ScriptTrustValidatorTests.cs

@@ -147,6 +147,23 @@ public class ScriptTrustValidatorTests
         Assert.NotEmpty(ScriptTrustValidator.FindViolations(code));
     }
 
+    [Fact]
+    public void Rejects_Process_QualifiedType()
+    {
+        var code = "var p = System.Diagnostics.Process.Start(\"x\");";
+        Assert.NotEmpty(ScriptTrustValidator.FindViolations(code));
+    }
+
+    [Fact]
+    public void Rejects_Process_BareIdentifier_ViaUsing()
+    {
+        // System.Diagnostics is an ALLOWED namespace (Stopwatch/Debug ok), so the
+        // using directive is not flagged; Process is a forbidden TYPE reached as a
+        // bare identifier. This pins whether FindViolations resolves it.
+        var code = "using System.Diagnostics; var p = Process.Start(\"x\");";
+        Assert.NotEmpty(ScriptTrustValidator.FindViolations(code));
+    }
+
     // ---- Clean (empty violations) -------------------------------------------
 
     [Fact]

tests/ZB.MOM.WW.ScadaBridge.SiteRuntime.Tests/Scripts/ScopeAccessorTests.cs

@@ -130,9 +130,10 @@ public class ScopeAccessorTests
     [Fact]
     public void AttributeValueCodec_Encode_IntList_ProducesJsonArray()
     {
-        // Integer list elements encode via InvariantCulture IFormattable.
+        // Integer list elements encode as native-typed JSON numbers (NJ-1):
+        // [1,2,3], not the old quoted-element form ["1","2","3"].
         var list = new List<int> { 1, 2, 3 };
         var encoded = AttributeValueCodec.Encode(list);
-        Assert.Equal("[\"1\",\"2\",\"3\"]", encoded);
+        Assert.Equal("[1,2,3]", encoded);
     }
 }

tests/ZB.MOM.WW.ScadaBridge.TemplateEngine.Tests/Validation/ScriptCompilerTests.cs

@@ -56,6 +56,31 @@ public class ScriptCompilerTests
         Assert.Contains("forbidden", result.Error, StringComparison.OrdinalIgnoreCase);
     }
 
+    [Fact]
+    public void TryCompile_ForbiddenTypeInAllowedNamespace_RejectedAsForbidden()
+    {
+        // System.Diagnostics is an ALLOWED namespace (Stopwatch/Debug ok), so the
+        // `using` directive can't be flagged; Process is a forbidden TYPE reached
+        // as a bare identifier. The validator's full-framework semantic resolution
+        // must catch it authoritatively as a forbidden API (not merely as an
+        // undefined-symbol compile error).
+        var result = _sut.TryCompile(
+            "using System.Diagnostics; var p = Process.Start(\"x\");", "Test");
+        Assert.True(result.IsFailure);
+        Assert.Contains("forbidden", result.Error, StringComparison.OrdinalIgnoreCase);
+    }
+
+    [Fact]
+    public void TryCompile_StopwatchInAllowedDiagnostics_ReturnsSuccess()
+    {
+        // The companion to the Process case: Stopwatch lives in the same allowed
+        // System.Diagnostics namespace and must NOT be flagged.
+        var result = _sut.TryCompile(
+            "using System.Diagnostics; var sw = Stopwatch.StartNew(); var e = sw.ElapsedMilliseconds;",
+            "Test");
+        Assert.True(result.IsSuccess, result.IsFailure ? result.Error : null);
+    }
+
     // --- Real-compile gate (the win over the old structural-only scan) ---
 
     [Fact]