Joseph Doherty
26ba1c7215
All six libraries reviewed at commit 5f75cd4 against their components/ specs,
following code-reviews/REVIEW-PROCESS.md. 35 findings (0 Critical, 1 High,
9 Medium, 25 Low); none block adoption.
- Auth 0/0/3/3 (security core sound; startup-validation + key-verify contract gaps)
- Telemetry 0/1/2/5 (HIGH Telemetry-001: redactor 'remove' is a no-op -> secrets reach sinks)
- Health 0/0/2/4 (Akka checks throw instead of Degraded when cluster not yet up)
- Theme 0/0/1/5 (undocumented Bootstrap-collapse JS dep; token/CSS hygiene)
- Audit 0/0/1/4 (composite re-throws OCE vs never-throw writer contract)
- Configuration 0/0/0/4 (DI idempotency, port-parse strictness, packaging)
Cross-cutting: XML docs authored but GenerateDocumentationFile unset -> docs
not shipped in any nupkg (Auth/Health/Telemetry/Configuration/Audit).
README.md regenerated from the per-library findings; regen-readme.py --check passes.
Code Reviews
Comprehensive, per-library code reviews of the ZB.MOM.WW.* shared libraries hosted
in this repo. Each library (one self-contained .slnx at the repo root) has its own
folder containing a findings.md. This README is the aggregated index — the single
place to see all outstanding work.
Generated by
regen-readme.pyfrom the per-libraryfindings.mdfiles. Do not edit by hand — edit the findings files and re-run the script.
How it works
- Reviews are performed one library at a time against a fixed checklist.
- Each library is reviewed against its normalized component spec under
components/. - Every finding is recorded in the library's
findings.mdwith a severity and status. - Findings are never deleted — they are closed by changing their status, keeping a full audit trail.
- This README aggregates every pending finding (
Open/In Progress) across all libraries.
See REVIEW-PROCESS.md for the full procedure: the review checklist, severity definitions, finding format, the library → component-spec mapping, and how to mark items resolved.
Layout
code-reviews/
├── README.md # this file — process overview + pending findings
├── REVIEW-PROCESS.md # how to perform a review and track findings
├── regen-readme.py # regenerates this README from the findings files
├── _template/findings.md # copy-this template for a library review
└── <Library>/findings.md # one folder per ZB.MOM.WW.* shared library
Summary
6 of 6 libraries reviewed. 35 pending findings across all libraries.
| Severity | Open findings |
|---|---|
| Critical | 0 |
| High | 1 |
| Medium | 9 |
| Low | 25 |
| Total | 35 |
Library Status
| Library | Last reviewed | Commit | Open (C/H/M/L) | Open | Total |
|---|---|---|---|---|---|
| Audit | 2026-06-01 | 5f75cd4 |
0/0/1/4 | 5 | 5 |
| Auth | 2026-06-01 | 5f75cd4 |
0/0/3/3 | 6 | 6 |
| Configuration | 2026-06-01 | 5f75cd4 |
0/0/0/4 | 4 | 4 |
| Health | 2026-06-01 | 5f75cd4 |
0/0/2/4 | 6 | 6 |
| Telemetry | 2026-06-01 | 5f75cd4 |
0/1/2/5 | 8 | 8 |
| Theme | 2026-06-01 | 5f75cd4 |
0/0/1/5 | 6 | 6 |
Pending Findings
Every Open / In Progress finding across all libraries, highest severity first.
Resolved findings drop off this list but remain recorded in their library's
findings.md (see REVIEW-PROCESS.md §4–§5). Full detail —
description, location, recommendation — lives in the library's findings.md.
Critical (0)
None open.
High (1)
| ID | Library | Title |
|---|---|---|
| Telemetry-001 | Telemetry | RedactionEnricher ignores property removal, leaving secrets in the event |
Medium (9)
| ID | Library | Title |
|---|---|---|
| Audit-001 | Audit | CompositeAuditWriter re-throws OperationCanceledException to the caller, contradicting the "must not throw" writer contract |
| Auth-001 | Auth | LDAP options validator is registered but never runs at startup |
| Auth-002 | Auth | A failed MarkUsedAsync write turns a valid API key into a thrown exception |
| Auth-003 | Auth | Corrupt scopes/constraints column throws JsonException through the verifier |
| Health-001 | Health | Akka health checks throw (instead of returning Degraded) when cluster state is inaccessible |
| Health-002 | Health | GrpcDependencyHealthCheck lets non-RpcException/non-OperationCanceledException errors escape |
| Telemetry-002 | Telemetry | Redactor cannot inspect or scrub destructured/structured property values |
| Telemetry-003 | Telemetry | No tests for redactor removal or structured-value redaction |
| Theme-001 | Theme | Mobile hamburger toggle silently depends on Bootstrap collapse JS |
Low (25)
| ID | Library | Title |
|---|---|---|
| Audit-002 | Audit | TruncatingAuditRedactor over-redaction is partial: the catch path scrubs only DetailsJson, leaving Target unredacted |
| Audit-003 | Audit | TruncatingAuditRedactorOptions is a mutable class, not the immutable "options record" the contract describes |
| Audit-004 | Audit | XML documentation is authored but not emitted, so IntelliSense docs do not ship to consumers |
| Audit-005 | Audit | Missing edge-case tests for the redactor never-throw/over-redact contract and composite null/empty handling |
| Auth-004 | Auth | README misstates the hashing algorithm and the AspNetCore public surface |
| Auth-005 | Auth | CreateKeyAsync persists KeyPrefix as prefix_keyId, inconsistent with the read path |
| Auth-006 | Auth | LDAP connection ignores allowInsecure and offers no TLS certificate-validation hook |
| Configuration-001 | Configuration | AddValidatedOptions uses AddSingleton, so a double call registers (and runs) the validator twice |
| Configuration-002 | Configuration | Checks.PortValue quotes the raw value on a parse failure but not on a range failure |
| Configuration-003 | Configuration | Port parsing accepts leading sign and surrounding whitespace and is culture-sensitive |
| Configuration-004 | Configuration | XML documentation and README are not packaged into the nupkg |
| Health-003 | Health | Null description is omitted from the JSON body instead of emitted as null |
| Health-004 | Health | XML docs recommend the active tag for ready-tier probes, contradicting the spec |
| Health-005 | Health | MapZbHealth returns only the readiness builder, silently dropping conventions for the active/live tiers |
| Health-006 | Health | XML documentation is not emitted into the packed nupkgs |
| Telemetry-004 | Telemetry | service.instance.id Resource attribute is undocumented in spec and contract |
| Telemetry-005 | Telemetry | Two hand-maintained Resource-attribute builders can silently drift |
| Telemetry-006 | Telemetry | Malformed OtlpEndpoint throws UriFormatException late, with no context |
| Telemetry-007 | Telemetry | Redaction snapshot allocates a dictionary on every log event |
| Telemetry-008 | Telemetry | MapZbMetrics XML doc claims it is "only valid when Exporter = Prometheus" — stale |
| Theme-002 | Theme | .chip-idle foreground diverges from the documented token pairing |
| Theme-003 | Theme | Hardcoded hex values in CSS contradict the "no hardcoded hex" rule |
| Theme-004 | Theme | NavRailItem emits a .rail-ico span that no stylesheet defines |
| Theme-005 | Theme | Orphan and unstyled nav CSS classes in layout.css |
| Theme-006 | Theme | Public component/parameter surface lacks XML documentation |