fix(review): full code-review remediation — 5 High + Medium/Low across 16 modules

Remediation from the full per-module code review at 4307c381 (findings recorded separately in code-reviews/). Highs fixed: - DeploymentManager-025/SiteRuntime-031: stop broadcasting notification lists + SMTP configs (incl. credentials) to sites; site purges already-persisted rows on apply (enforces the central-only delivery design; clears plaintext SMTP creds at rest). - DataConnectionLayer-023: guard the native-alarm subscribe path against the mid-flight-unsubscribe adapter-feed leak (mirrors the DCL-021 tag-path fix). - SiteEventLogging-024: normalize From/To query bounds to UTC (the -016 fix the audit trail claimed but never committed). - KpiHistory-001: add an in-flight guard to the recorder sample tick. - ScriptAnalysis-001: harden the trust analyzer's TPA-absent fallback (resolve forbidden anchors in the minimal reference set; warn on degraded mode) — anchors added to validation references only, never the compile gate. (InboundAPI-026 left to the feat/ipsen-movein effort per owner decision.) Medium/Low: DM-026 deterministic deploy-status tiebreaker; SR-027/028/029/030 native-alarm leak/phantom-active/delete-during-redeploy fixes; AL-013/014/016; TE-024 (folder-mutation audit rows now persisted)/025; SF-025 gauge-provider clear-on-stop; ESG-025/026; SEC-023/024/025; SCA-007/008/009; plus doc/test accuracy COM-023/024, HOST-025/026, HM-024/025, NS-027/028. Full-solution build 0 warnings; ~3560 tests across 18 touched suites green.
2026-06-20 17:55:12 -04:00
parent 4307c38117
commit fd618cf1dc
52 changed files with 2239 additions and 313 deletions
@@ -3,6 +3,8 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
+using ZB.MOM.WW.ScadaBridge.AuditLog;
+using ZB.MOM.WW.ScadaBridge.AuditLog.Central;
 using ZB.MOM.WW.ScadaBridge.AuditLog.Configuration;
 using ZB.MOM.WW.ScadaBridge.AuditLog.Redaction;
 using ZB.MOM.WW.ScadaBridge.Commons.Types.Audit;
@@ -88,6 +90,55 @@ public class AuditLogOptionsBindingTests
        Assert.Equal("@token|@secret", ov.RedactSqlParamsMatching);
    }

+    [Fact]
+    public void PurgeOptions_Bind_FromDocumentedSectionAndKeys()
+    {
+        // AuditLog-013: the design doc (Component-AuditLog.md §Configuration)
+        // documents the purge tuning as the nested `AuditLog:Purge` section with
+        // keys `IntervalHours` + `ChannelPurgeBatchSize`. This test pins that the
+        // code binds from EXACTLY that shape — the section path the production
+        // code uses (ServiceCollectionExtensions.PurgeSectionName) AND the
+        // documented `ChannelPurgeBatchSize` key (mapped onto the
+        // ChannelPurgeBatchSizeConfigured backing property via
+        // [ConfigurationKeyName]). It would fail against the pre-fix code, where
+        // the binder looked for `ChannelPurgeBatchSizeConfigured` and silently
+        // ignored the documented key.
+        const string json = """
+            {
+              "AuditLog": {
+                "Purge": {
+                  "IntervalHours": 6,
+                  "ChannelPurgeBatchSize": 1000
+                }
+              }
+            }
+            """;
+
+        using var stream = new MemoryStream(Encoding.UTF8.GetBytes(json));
+        var configuration = new ConfigurationBuilder()
+            .AddJsonStream(stream)
+            .Build();
+
+        // Section path matches production (PurgeSectionName == "AuditLog:Purge").
+        Assert.Equal("AuditLog:Purge", ServiceCollectionExtensions.PurgeSectionName);
+
+        var services = new ServiceCollection();
+        services.AddOptions<AuditLogPurgeOptions>()
+            .Bind(configuration.GetSection(ServiceCollectionExtensions.PurgeSectionName));
+        using var provider = services.BuildServiceProvider();
+
+        var opts = provider.GetRequiredService<IOptions<AuditLogPurgeOptions>>().Value;
+
+        // IntervalHours bound from the nested section (not the 24 h default).
+        Assert.Equal(6, opts.IntervalHours);
+        Assert.Equal(TimeSpan.FromHours(6), opts.Interval);
+
+        // ChannelPurgeBatchSize bound via the documented key onto the backing
+        // property (not the 5000 default).
+        Assert.Equal(1000, opts.ChannelPurgeBatchSizeConfigured);
+        Assert.Equal(1000, opts.ChannelPurgeBatchSize);
+    }
+
    [Fact]
    public void Filter_Behavior_Updates_OnConfigReload()
    {