Comprehensive Codebase Audit Report - Ultra Cross-Referenced Pass - 2026-05-24

Scope

Acceptance Criteria

Evidence Reviewed

Findings

ID Domain Severity Confidence Summary Evidence Task Mapping
F-001 Architecture High 93% Chat, maintenance, task, memory, and UI surfaces still have large files that increase review blast radius and regression risk. Source metrics for ChatServices.cs, MaintenanceAgentServices.cs, MemoryApplicationService.cs, TaskDomainService.cs, Chat.razor, PagesAndChatTests.cs. Existing: TSK-0042, TSK-0043, TSK-0044, TSK-0045, TSK-0047, TSK-0049, TSK-0050.
F-002 Chat/Agent Governance High 92% Chat Agent writes still lack separate chat write-root options; approval-submitted page changes flow through maintenance write-root validation, so safe page proposals can still be blocked by maintenance constraints. ChatOptions has AgentWritesEnabled only; BuildPageProposalChangeAsync creates page file changes; FileMaintenanceProposalStore validates via MaintenanceWritePermissionService; TSK-0016 audit comments reproduce the failure. Existing: TSK-0016, TSK-0021, TSK-0022, TSK-0019.
F-003 Task Tracker Integrity High 97% At audit time, the task tracker had duplicate key TSK-0060; follow-up resolved the collision and added task-record validation so future duplicates fail local/CI checks. Task integrity command found duplicate keys for source governance and screenshot capture; TaskDomainService.FindByIdOrKey uses FirstOrDefault over loaded items. Follow-up validation: Scripts/Test-TaskRecords.ps1 passed with 114 records and unique ids/keys. Completed: TSK-0114; related: TSK-0053, TSK-0029.
F-004 CI/Browser Regression High 96% Playwright navigation-freeze tests exist locally but are not run in GitHub Actions, so UI navigation/circuit regressions can merge without the browser gate. Scripts/Validate-Repo.ps1 -IncludeE2E, e2e/tests/navigation-freeze.spec.ts, and e2e/playwright.config.ts exist; .github/workflows/ci.yml has no Playwright job. Existing: TSK-0067, TSK-0068, TSK-0069, TSK-0070, TSK-0071.
F-005 Remote Security Hardening High 89% Local-first auth/RBAC is strong, but remote deployment safety remains partially warning-first: no HSTS, no explicit secure cookie policy, and no forwarded-header/proxy trust controls in startup. MemorySmithRequestGuardMiddleware blocks remote when AllowRemoteApi=false and API keys use fixed-time comparison; Program.cs only shows UseHttpsRedirection, not HSTS, secure cookie, or forwarded headers. Existing: TSK-0023, TSK-0037, TSK-0038, TSK-0039, TSK-0040, TSK-0041.
F-006 Source Governance Drift Medium 90% Source-read governance has partially landed in code and tests, but task/wiki surfaces lag: source read expansion and deny roots exist, while write-root separation remains deferred. VarResolver supports context expansion, unrestricted read opt-in, and deny roots; AdminSettingsService exposes source-link controls; SecurityAndSourceLinkTests cover broad reads and deny roots; project-wiki-source-link-security-boundaries.json needed refresh. Existing: TSK-0011, TSK-0022, source-read TSK-0060; new consistency task TSK-0114.
F-007 Observability Retargeting Medium 86% Observability improved after prior tasks, so some task evidence is stale: request logging and correlation headers now exist, but central exception handling, ProblemDetails correlation, admin log search, and trend views remain open. Program.cs now uses UseSerilogRequestLogging and X-Correlation-Id; repo memory records OTel v1; grep still found no UseExceptionHandler or AddProblemDetails. Existing: TSK-0105, TSK-0106, TSK-0107, TSK-0108; new: TSK-0115.
F-008 Performance Measurement Medium 84% Benchmark and search-quality tests exist, but no CI budget/regression comparison turns benchmark drift into an enforceable signal. MemorySmith.Benchmarks/SearchBenchmarks.cs, [Category("Benchmark")] tests, README benchmark commands, and no benchmark job in .github/workflows/ci.yml. New: TSK-0115; related: TSK-0108, TSK-0069.
F-009 Dependency Advisory Tracking High 91% Current restore/test emits moderate NU1902 advisories for OpenTelemetry packages with no first-class task record tracking the upgrade/acceptance gate. dotnet test MemorySmith.slnx --list-tests --verbosity quiet emitted NU1902 advisories for OpenTelemetry.Api and OpenTelemetry.Exporter.OpenTelemetryProtocol 1.15.0. New: TSK-0116; related: TSK-0113 post-implementation hardening.
F-010 Historical Docs Noise Medium 82% Older architecture/review docs still contain obsolete TODO/stub/security claims and are large enough to pollute search unless clearly classified. MemorySmith.Core/Docs/Reviews/* and MemorySmith.Core/Docs/Plans/* include old claims; README and repo instructions already warn to verify against current code. Existing: TSK-0071, TSK-0046; related risk register item R-006.

Existing Backlog Cross-Reference

Area Existing task set Audit action
Chat write governance TSK-0016, TSK-0017, TSK-0018, TSK-0019, TSK-0021, TSK-0022 Keep active; prioritize TSK-0016 and TSK-0022 before feature expansion.
Remote hardening TSK-0023, TSK-0037, TSK-0038, TSK-0039, TSK-0040, TSK-0041 Keep active; make startup/transport/proxy decisions before remote-use docs are treated as safe.
Architecture decomposition TSK-0042 through TSK-0051 Keep active; sequence after governance/CI gates to prevent refactor drift.
Task contract safety TSK-0052, TSK-0053, TSK-0054, TSK-0055, TSK-0056 Add duplicate-key and stale-task consistency guardrail via TSK-0114.
Browser/CI validation TSK-0067 through TSK-0071 Keep active; TSK-0067 is the highest-ROI CI gap.
Markdown/runtime work TSK-0075 through TSK-0090 Defer behind stabilization unless a user-facing docs route blocks delivery.
Chat retrieval quality TSK-0091 through TSK-0100 Keep active; prioritize only after write governance and browser gate.
Logging/OTel TSK-0104 through TSK-0113 Retarget stale evidence and add package advisory task TSK-0116.

Risk Register

Open Questions

Confidence