refactor(cscore): produktivreife CSCore-Integration, Version 6.1.13 und Doku-Normalisierung#118
Merged
tomtastisch merged 16 commits intomainfrom Feb 22, 2026
Merged
Conversation
…ge produktiv schalten
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Contributor
There was a problem hiding this comment.
Pull request overview
Diese PR bringt die CSCore-Migrationskette in einen produktionsreifen Zustand: ein optionaler C#-Core-Layer wird per Runtime-Bridge (fail-closed) aus dem VB-Kern genutzt, in das Single-Package integriert und durch Tests/CI-Policies sowie Doku-Normalisierung abgesichert.
Changes:
- Neues
src/FileClassifier.CSCore/Projekt (Model/Mapping/Utilities) inkl. Mapperly/PolySharp und Utility-SSOTs. - VB-Core delegiert ausgewählte Guard-/Normalize-/Policy-Entscheidungen an CSCore via
CsCoreRuntimeBridgemit Fallback. - CI/Tests/Docs: PR-Scope-Guard in
preflight, Package-backed Contract erweitert (CSCore-DLL Presence), plus breite Doku-Synchronisation (DE/EN) und Dependency/Analyzer-Zentralisierung.
Reviewed changes
Copilot reviewed 201 out of 223 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tools/tests/run-package-backed-local.sh | Lokaler Runner für package-backed Tests gegen frisch gepacktes NUPKG |
| tools/ci/policies/data/pr_scope_allowlist.txt | Allowlist für PR-Scope-Guard (preflight) |
| tools/ci/policies/data/dependency_canary.json | Dependency-Canary um CodePages ergänzt |
| tools/ci/checks/ResultSchemaValidator/packages.lock.json | Lockfile-Update für Validator-Abhängigkeiten |
| tools/ci/checks/QodanaContractValidator/packages.lock.json | Lockfile-Update für Validator-Abhängigkeiten |
| tools/ci/checks/PolicyRunner/packages.lock.json | Lockfile-Update für Validator-Abhängigkeiten |
| tools/ci/checks/CiGraphValidator/packages.lock.json | Lockfile-Update für Validator-Abhängigkeiten |
| tools/ci/bin/run.sh | preflight erweitert (PR scope guard) + nupkg-Finder geändert |
| tests/PackageBacked.Tests/PackageBackedContractTests.cs | Contract-Test für CSCore-Assembly/Types im Paket |
| tests/PackageBacked.Tests/PackageBacked.Tests.csproj | Lokales Feed als zusätzliche Restore-Quelle |
| tests/PackageBacked.Tests/NuGet.config | Lokales Pack-Feed als Source ergänzt |
| tests/FileTypeDetectionLib.Tests/packages.lock.json | Lockfile-Update (ReproducibleBuilds) |
| tests/FileTypeDetectionLib.Tests/Steps/FileTypeDetectionSteps.cs | Alias-Ergänzung (Jpg -> Jpeg) |
| tests/FileTypeDetectionLib.Tests/Property/FileMaterializerPropertyTests.cs | Property-Test für deterministische Secure-Extract-Matrix |
| src/README.md | Link auf CSCore-Modul-Index ergänzt |
| src/FileTypeDetection/README.md | CSCore-Layer dokumentiert/verlinkt |
| src/FileTypeDetection/Infrastructure/Utils/IterableUtils.vb | Delegation: Array-Clone via CSCore-Bridge |
| src/FileTypeDetection/Infrastructure/Utils/Guards/ExceptionFilterGuard.vb | Delegation: Exception-Filter via CSCore-Bridge |
| src/FileTypeDetection/Infrastructure/Utils/Guards/DestinationPathGuard.vb | Delegation: Root-Path-Check via CSCore-Bridge |
| src/FileTypeDetection/Infrastructure/Utils/Guards/ArgumentGuard.vb | Delegation: Guard-Checks via CSCore-Bridge |
| src/FileTypeDetection/Infrastructure/Utils/Guards/ArchiveGuards.vb | Delegation: Archivpfad-Normalisierung via CSCore-Bridge |
| src/FileTypeDetection/Infrastructure/Utils/EnumUtils.vb | Delegation: Enum-Wertauflistung via CSCore-Bridge |
| src/FileTypeDetection/Abstractions/Hashing/Internal/EvidenceHashingCore.vb | Delegation: HMAC-Key/Notes/Label-Policy via CSCore-Bridge |
| src/FileTypeDetection/Abstractions/Hashing/HashOptions.vb | Delegation: MaterializedFileName-Normalisierung/Coalesce via CSCore-Bridge |
| src/FileTypeDetection/Abstractions/Hashing/HashDigestSet.vb | Delegation: Digest-Normalisierung + Empty-Parts via CSCore-Bridge |
| src/FileClassifier.CSCore/Utilities/README.md | Doku: Utilities-SSOT und Bridge-Verweise |
| src/FileClassifier.CSCore/Utilities/MaterializationUtility.cs | Utility: Materialisierungsmodus-Entscheidung |
| src/FileClassifier.CSCore/Utilities/IterableUtility.cs | Utility: defensive Array-Kopie |
| src/FileClassifier.CSCore/Utilities/HashNormalizationUtility.cs | Utility: Digest/Dateiname-Normalisierung + Empty-Parts |
| src/FileClassifier.CSCore/Utilities/GuardUtility.cs | Utility: Argument-/Enum-/Length-Guards |
| src/FileClassifier.CSCore/Utilities/ExceptionFilterUtility.cs | Utility: Exception-Filter-Mengen |
| src/FileClassifier.CSCore/Utilities/EvidencePolicyUtility.cs | Utility: Label/Notes/HMAC-Key-Resolution |
| src/FileClassifier.CSCore/Utilities/EnumUtility.cs | Utility: Enum-Werte (Sortierung/Slicing) |
| src/FileClassifier.CSCore/README.md | Root-Doku: Scope/Architektur/Verifikation |
| src/FileClassifier.CSCore/Model/README.md | Doku: Model-Layer |
| src/FileClassifier.CSCore/Model/ProjectOptionsSnapshot.cs | Model: normalisierte Options-Snapshot-Struktur |
| src/FileClassifier.CSCore/Model/HashOptionsSnapshot.cs | Model: HashOptions-Snapshot |
| src/FileClassifier.CSCore/Model/DetectionSummary.cs | Model: DetectionSummary-Projektion |
| src/FileClassifier.CSCore/Model/DetectionSignal.cs | Model: DetectionSignal |
| src/FileClassifier.CSCore/Mapping/README.md | Doku: Mapping-Layer (Mapperly) |
| src/FileClassifier.CSCore/Mapping/ProjectOptionsSnapshotMapper.cs | Mapperly-Mapper: Clone-Projektionen |
| src/FileClassifier.CSCore/Mapping/FileDetectionMapper.cs | Mapperly-Mapper: Signal -> Summary |
| src/FileClassifier.CSCore/FileClassifier.CSCore.csproj | Neues CSCore-Projekt (multi-target, Mapperly/PolySharp, analyzers) |
| src/FileClassifier.App/packages.lock.json | Lockfile-Update (Analyzers/ReproducibleBuilds) |
| docs/verification/002_FLOW_BDD.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/verification/001_INDEX_TESTS.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/security/010_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/secure/001_HMAC_KEY_SETUP.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/migrations/001_HASHING_RENAME.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/guides/003_GUIDE_PORTABLE.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/governance/046_ISSUE_105_106_107_CLOSURE_DE.MD | Entfernt: alte Governance-Statusdatei |
| docs/governance/045_COMPLIANCE_STATUS_DE.MD | Entfernt: alte Governance-Statusdatei |
| docs/governance/045_CODE_QUALITY_POLICY_DE.MD | Policy erweitert: Cross-Language CSCore-Regeln |
| docs/governance/007_POLICY_BRANCH_PR_NAMING_DE.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/governance/003_POLICY_VERSIONING_SVT.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/governance/002_POLICY_NAMING_UNIFIED.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/governance/002_POLICY_LABELING.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/governance/001_POLICY_CI.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/contracts/001_CONTRACT_HASHING.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/ci/002_NUGET_TRUSTED_PUBLISHING.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/ci/001_PIPELINE_CI.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/compat/002_NETSTANDARD2_INVENTORY.MD | Doku: LANG_SWITCH + Umlaut-/Sprach-Normalisierung |
| docs/audit/compat/001_NETSTANDARD2_POLICY_SNAPSHOT.MD | Doku: LANG_SWITCH + Umlaut-/Sprach-Normalisierung |
| docs/audit/013_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/011_SECURITY_BENCHMARK.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/010_REFACTOR_BACKLOG.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/009_SUPPLY_CHAIN_BASELINE.MD | Doku: ergänzt Dependency-Strategie für netstandard2.0 |
| docs/audit/008_INCIDENT_RESPONSE_RUNBOOK.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/007_THREAT_MODEL.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/006_CODE_REVIEW_FINDINGS.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/005_CODE_ANALYSIS_METHOD.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/002_AUDIT_CONTRACT_AND_GUARDRAILS.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/000_INDEX.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/audit/000_HASHING_BASELINE.MD | Doku: Umlaut-/Sprach-Normalisierung |
| docs/1_en/verification/001_INDEX_TESTS.MD | Neu: EN-Spiegel für Verification-Index |
| docs/1_en/security/010_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD | Neu: EN-Spiegel für CodeQL-Guardrail |
| docs/1_en/secure/001_HMAC_KEY_SETUP.MD | Neu: EN-Spiegel für HMAC-Setup |
| docs/1_en/quality/001_CHECKLIST_PRODUCTION.MD | Neu: EN-Production-Checklist |
| docs/1_en/migrations/001_HASHING_RENAME.MD | Neu: EN-Spiegel für Migration |
| docs/1_en/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD | Neu: EN-Spiegel für Guide |
| docs/1_en/guides/003_GUIDE_PORTABLE.MD | Neu: EN-Spiegel für Guide |
| docs/1_en/guides/000_INDEX_GUIDES.MD | Neu: EN-Guides-Index |
| docs/1_en/governance/007_POLICY_BRANCH_PR_NAMING_DE.MD | Neu: EN-Spiegel (DE-Policy) |
| docs/1_en/governance/006_INDEX_CI_RULES.MD | Neu: EN-Index der CI-Regeln |
| docs/1_en/governance/004_POLICY_DOCUMENTATION.MD | Neu: EN-Doku-Standard |
| docs/1_en/governance/003_POLICY_VERSIONING_SVT.MD | Neu: EN-Versioning-Policy |
| docs/1_en/governance/003_INDEX_GOVERNANCE.MD | Neu: EN-Governance-Index |
| docs/1_en/governance/002_POLICY_NAMING_UNIFIED.MD | Neu: EN-Naming-Policy |
| docs/1_en/governance/002_POLICY_LABELING.MD | Neu: EN-Labeling-Policy |
| docs/1_en/governance/001_POLICY_CI.MD | Neu: EN-CI-Policy |
| docs/1_en/contracts/001_CONTRACT_HASHING.MD | Neu: EN-Hashing-Contract |
| docs/1_en/ci/002_NUGET_TRUSTED_PUBLISHING.MD | Neu: EN-NuGet-Trusted-Publishing |
| docs/1_en/audit/compat/002_NETSTANDARD2_INVENTORY.MD | Neu: EN-Spiegel für Compat-Inventar |
| docs/1_en/audit/compat/001_NETSTANDARD2_POLICY_SNAPSHOT.MD | Neu: EN-Spiegel für Compat-Policy Snapshot |
| docs/1_en/audit/012_WAVE_EXECUTION_DOD.MD | Neu: EN-Wave-DoD-Matrix |
| docs/1_en/audit/010_REFACTOR_BACKLOG.MD | Neu: EN-Refactor-Backlog |
| docs/1_en/audit/009_SUPPLY_CHAIN_BASELINE.MD | Neu: EN-Supply-Chain-Baseline |
| docs/1_en/audit/008_INCIDENT_RESPONSE_RUNBOOK.MD | Neu: EN-Incident-Runbook |
| docs/1_en/audit/006_CODE_REVIEW_FINDINGS.MD | Neu: EN-Code-Review-Findings |
| docs/1_en/audit/005_CODE_ANALYSIS_METHOD.MD | Neu: EN-Code-Analysis-Method |
| docs/1_en/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD | Neu: EN-Roadmap |
| docs/1_en/audit/002_AUDIT_CONTRACT_AND_GUARDRAILS.MD | Neu: EN-Audit-Contract |
| docs/1_en/audit/000_INDEX.MD | Neu: EN-Audit-Index |
| docs/0_de/verification/001_INDEX_TESTS.MD | Neu: DE-Spiegelstruktur unter docs/0_de |
| docs/0_de/security/010_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD | Neu: DE-Spiegelstruktur unter docs/0_de |
| docs/0_de/secure/001_HMAC_KEY_SETUP.MD | Neu: DE-Spiegelstruktur unter docs/0_de |
| docs/0_de/migrations/001_HASHING_RENAME.MD | Neu: DE-Spiegelstruktur unter docs/0_de |
| docs/0_de/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD | Neu: DE-Spiegelstruktur unter docs/0_de |
| docs/0_de/guides/003_GUIDE_PORTABLE.MD | Neu: DE-Spiegelstruktur unter docs/0_de |
| docs/0_de/guides/000_INDEX_GUIDES.MD | Neu: DE-Guides-Index |
| docs/0_de/governance/007_POLICY_BRANCH_PR_NAMING_DE.MD | Neu: DE-Spiegelstruktur unter docs/0_de |
| docs/0_de/governance/006_INDEX_CI_RULES.MD | Neu: DE-Index der CI-Regeln |
| docs/0_de/governance/003_POLICY_VERSIONING_SVT.MD | Neu: DE-Versioning-Policy unter docs/0_de |
| docs/0_de/governance/003_INDEX_GOVERNANCE.MD | Neu: DE-Governance-Index |
| docs/0_de/governance/002_POLICY_NAMING_UNIFIED.MD | Neu: DE-Naming-Policy unter docs/0_de |
| docs/0_de/governance/002_POLICY_LABELING.MD | Neu: DE-Labeling-Policy unter docs/0_de |
| docs/0_de/governance/001_POLICY_CI.MD | Neu: DE-CI-Policy unter docs/0_de |
| docs/0_de/contracts/001_CONTRACT_HASHING.MD | Neu: DE-Hashing-Contract unter docs/0_de |
| docs/0_de/ci/002_NUGET_TRUSTED_PUBLISHING.MD | Neu: DE-NuGet-Trusted-Publishing unter docs/0_de |
| docs/0_de/audit/compat/002_NETSTANDARD2_INVENTORY.MD | Neu: DE-Compat-Inventar unter docs/0_de |
| docs/0_de/audit/compat/001_NETSTANDARD2_POLICY_SNAPSHOT.MD | Neu: DE-Compat-Policy Snapshot unter docs/0_de |
| docs/0_de/audit/010_REFACTOR_BACKLOG.MD | Neu: DE-Refactor-Backlog unter docs/0_de |
| docs/0_de/audit/008_INCIDENT_RESPONSE_RUNBOOK.MD | Neu: DE-Incident-Runbook unter docs/0_de |
| docs/0_de/audit/005_CODE_ANALYSIS_METHOD.MD | Neu: DE-Code-Analyse-Methode unter docs/0_de |
| docs/0_de/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD | Neu: DE-Roadmap unter docs/0_de |
| docs/0_de/audit/002_AUDIT_CONTRACT_AND_GUARDRAILS.MD | Neu: DE-Audit-Vertrag unter docs/0_de |
| docs/0_de/audit/000_INDEX.MD | Neu: DE-Audit-Index unter docs/0_de |
| docs/001_INDEX_CORE.MD | Linktext normalisiert (Umlaute) |
| Directory.Packages.props | Zentralisierte Paketversionen (Analyzer/Mapperly/PolySharp/CodePages etc.) |
| Directory.Build.props | Analyzer-/ReproducibleBuilds-Injection + RepoVersion auf 6.1.13 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ziel & Scope
Diese PR bringt die CSCore-Migrationskette auf einen produktionsreifen, auditierbaren Stand mit klar getrennten Themenblöcken:
6.1.13,Closes #109
Closes #110
Closes #111
Closes #112
Umgesetzte Aufgaben (abhaken)
FileMaterializerum deterministische Secure-Extract-Entscheidungsmatrix erweitert, inkl. Mismatch-Guard zwischen CSCore- und lokalem Fail-Closed-Modus.CsCoreRuntimeBridgeproduktiv integriert und Utility-Delegation in zentralen VB-Pfaden aktiviert.FileTypeDetectoraufDetectionSummaryProjectionmit CSCore-Delegation für Summary/Reason/Extension-Match refaktoriert.FileTypeProjectOptions.NormalizeInPlaceauf normalisierte Konstanten-/Vektorlogik umgestellt.6.1.13konvergiert (RepoVersion/Version/PackageVersion + DE/EN-Historie/Changelog).codeqlund zentralem CI-Runner, um--no-restore-Fehlpfade fail-closed zu stabilisieren.Nachbesserungen aus Review (iterativ)
.github/workflows/codeql.yml) für den Governance-konformen Scope.qodana) vollständig erneut ausgeführt.Security- und Merge-Gates
security/code-scanning/tools: 0 offene Alerts als Merge-Voraussetzung im Preflight-Guard verifiziert.preflight,codeql,qodana) deterministisch laufen.Evidence (auditierbar)
Ausgeführt im Repo-Root:
tools/ci/bin/run.sh preflighttools/ci/bin/run.sh docs-links-fulltools/ci/bin/run.sh naming-snttools/ci/bin/run.sh versioning-svttools/ci/bin/run.sh version-convergencetools/ci/bin/run.sh buildtools/ci/bin/run.sh api-contracttools/ci/bin/run.sh packtools/ci/bin/run.sh consumer-smoketools/ci/bin/run.sh package-backed-teststools/ci/bin/run.sh security-nugettools/ci/bin/run.sh tests-bdd-coveragetools/ci/bin/run.sh qodanatools/ci/bin/run.sh summaryArtefakte:
artifacts/ci/preflight/result.jsonartifacts/ci/build/result.jsonartifacts/ci/pack/result.jsonartifacts/ci/qodana/result.jsonartifacts/ci/tests-bdd-coverage/result.jsonartifacts/ci/security-nuget/result.jsonDoD (mindestens 2 pro Punkt)
Persist_SecureExtractDecisionMatrix_IsDeterministic_ForPayloadKindsgrüntests-bdd-coverage+buildgrünCsCoreUtilityBridgeUnitTestsgrünapi-contractgrünbuild+ Unit/BDD grünpackerzeugt NUPKG inkl. CSCore-Assetsconsumer-smoke+package-backed-testsgrünsecurity-nugetohne High/Criticalnaming-snt/versioning-svtgrün6.1.13docs-links-fullgrünsync_bilingual_structure.pyParität/Switch-Checks grünbuild/codeql-Restorepfad ohne CSCore-Asset-Fehlerqodanablockierende Findings auf 0 reduziert