npm - @ngocsangairvds/vsaf - Versions diffs - 4.2.7 → 4.2.8 - Mend

@ngocsangairvds/vsaf 4.2.7 → 4.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/package.json +1 -1
package/skills/sdlc/_shared/sonar-viettel/quality-gate.md +74 -0
package/skills/sdlc/_shared/sonar-viettel/sonar-viettel-gate.json +33 -0
package/skills/sdlc/_shared/sonar-viettel/sonar-viettel-profile.xml +1 -0
package/skills/sdlc/hotfix-implement/SKILL.md +12 -6
package/skills/sdlc/hotfix-review/SKILL.md +2 -0
package/skills/sdlc/implement/SKILL.md +16 -20
package/skills/sdlc/review/SKILL.md +10 -37
package/skills/vds-skill/runtime/.claude/phase7-CLOSURE.md +0 -100
package/skills/vds-skill/runtime/AGENTS.md +0 -250

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ngocsangairvds/vsaf",
-  "version": "4.2.7",
+  "version": "4.2.8",
   "description": "logging step",
   "main": "packages/core/dist/index.js",
   "types": "packages/core/dist/index.d.ts",

package/skills/sdlc/_shared/sonar-viettel/quality-gate.md ADDED Viewed

@@ -0,0 +1,74 @@
+# SonarQube Standard — `sonar-viettel`
+> **Single source of truth** for the SDLC SonarQube standard. Referenced by both the
+> **code** phases (`/sdlc-implement`, `/sdlc-hotfix-implement`) and the **review** phases
+> (`/sdlc-review`, `/sdlc-hotfix-review`). Code what passes here; review re-checks the same numbers.
+>
+> Deployed location: `.claude/skills/_shared/sdlc/sonar-viettel/`
+>
+> Files in this folder:
+> - `sonar-viettel-profile.xml` — the 357-rule Java **Quality Profile** (which checks run).
+> - `sonar-viettel-gate.json` — the **Quality Gate** (pass/fail conditions), machine-importable.
+> - `quality-gate.md` — this human/agent-readable summary (transcribed verbatim from the Viettel SonarQube UI).
+A condition **FAILS** the gate when the metric crosses the operator/value shown. Ratings: A=1, B=2, C=3, D=4, E=5.
+> The two tables below are a **human-readable rendering of `sonar-viettel-gate.json`** — that JSON is the machine-importable source of truth for the gate. If they ever disagree, the JSON wins; fix the table.
+## Quality Gate — Conditions on New Code
+| Metric | Threshold (PASS) | Fails when |
+|--------|------------------|------------|
+| Issues | = 0 | > 0 |
+| Blocker Issues | = 0 | > 0 |
+| Critical Issues | = 0 | > 0 |
+| Major Issues | = 0 | > 0 |
+| Code Smells | ≤ 20 | > 20 |
+| Vulnerabilities | = 0 | > 0 |
+| Security Hotspots Reviewed | = 100% | < 100% |
+| Coverage | ≥ 0% | < 0.0% (gate effectively **disabled**; TDD still mandatory) |
+| Duplicated Lines (%) | ≤ 45% | > 45.0% |
+| Maintainability Rating | ≥ A | worse than A |
+| Reliability Rating | ≥ A | worse than A |
+| Security Rating | ≥ A | worse than A |
+## Quality Gate — Conditions on Overall Code
+| Metric | Threshold (PASS) | Fails when |
+|--------|------------------|------------|
+| Blocker Issues | = 0 | > 0 |
+| Critical Issues | = 0 | > 0 |
+| Major Issues | = 0 | > 0 |
+| Bugs | = 0 | > 0 |
+| Code Smells | ≤ 50 | > 50 |
+| Vulnerabilities | = 0 | > 0 |
+| Duplicated Lines (%) | ≤ 45% | > 45.0% |
+| Maintainability Rating | ≥ A | worse than A |
+| Reliability Rating | ≥ A | worse than A |
+| Security Rating | ≥ A | worse than A |
+## Rule Parameters
+⚠️ **The 357 rules and their parameters live authoritatively in `sonar-viettel-profile.xml`. Do NOT hard-code rule values here — they drift.** When you need the parametrised rules (param thresholds, naming regexes, credential words), derive them live from the profile:
+```bash
+node -e '
+const fs=require("fs");
+const x=fs.readFileSync("sonar-viettel-profile.xml","utf8");
+const re=/<key>(S\d+)<\/key><type>([^<]*)<\/type><priority>([^<]*)<\/priority><parameters>(.*?)<\/parameters>/g;
+let m; while((m=re.exec(x))){
+  const ps=[...m[4].matchAll(/<key>([^<]+)<\/key><value>([^<]*)<\/value>/g)].map(p=>p[1]+"="+p[2]).join(", ");
+  console.log(`${m[1]} [${m[3]}/${m[2]}]: ${ps}`);
+}'
+```
+Run from this folder (`.claude/skills/_shared/sdlc/sonar-viettel/`). It prints every rule that carries a threshold/format — e.g. `S107` (max params), `S3776` (cognitive complexity), `S110` (inheritance depth), `S1479` (switch cases), `S1192` (literal duplication), `S2068` (credential words), and the `S100/S101/S115/S116/S117` naming regexes. **The XML output is the source of truth; the rule names here are only signposts.**
+## How to Apply
+- **If the project has SonarQube:** import `sonar-viettel-profile.xml` as the Quality Profile, recreate the gate from `sonar-viettel-gate.json`, then run `sonar-scanner` and read the gate result.
+- **If the project has no SonarQube:** review the changed code manually against the tables above plus the rule parameters — scan for injection, hardcoded secrets, null dereference, resource leaks, concurrency issues, duplicated blocks, naming/SOLID violations.
+## Phase-specific overrides
+- **Hotfix (`/sdlc-hotfix-implement`, `/sdlc-hotfix-review`):** apply the **New Code** conditions on changed files only, but tighten **Code Smells (new) = 0** — a surgical 1–3 line fix has no excuse to introduce a smell.

package/skills/sdlc/_shared/sonar-viettel/sonar-viettel-gate.json ADDED Viewed

@@ -0,0 +1,33 @@
+{
+  "name": "sonar-viettel",
+  "description": "Viettel Quality Gate — transcribed verbatim from quality_gate_1.png (New Code) and quality_gate_2.png (Overall Code). A condition FAILS the gate when the metric crosses the operator/value below. Ratings: A=1, B=2, C=3, D=4, E=5.",
+  "isBuiltIn": false,
+  "conditions": {
+    "newCode": [
+      { "metric": "new_violations",                 "label": "Issues",                     "op": "GT", "error": "0" },
+      { "metric": "new_security_hotspots_reviewed",  "label": "Security Hotspots Reviewed", "op": "LT", "error": "100" },
+      { "metric": "new_coverage",                    "label": "Coverage",                   "op": "LT", "error": "0.0" },
+      { "metric": "new_duplicated_lines_density",    "label": "Duplicated Lines (%)",       "op": "GT", "error": "45.0" },
+      { "metric": "new_maintainability_rating",      "label": "Maintainability Rating",     "op": "GT", "error": "1" },
+      { "metric": "new_blocker_violations",          "label": "Blocker Issues",             "op": "GT", "error": "0" },
+      { "metric": "new_code_smells",                 "label": "Code Smells",                "op": "GT", "error": "20" },
+      { "metric": "new_critical_violations",         "label": "Critical Issues",            "op": "GT", "error": "0" },
+      { "metric": "new_major_violations",            "label": "Major Issues",               "op": "GT", "error": "0" },
+      { "metric": "new_vulnerabilities",             "label": "Vulnerabilities",            "op": "GT", "error": "0" },
+      { "metric": "new_reliability_rating",          "label": "Reliability Rating",         "op": "GT", "error": "1" },
+      { "metric": "new_security_rating",             "label": "Security Rating",            "op": "GT", "error": "1" }
+    ],
+    "overallCode": [
+      { "metric": "blocker_violations",          "label": "Blocker Issues",         "op": "GT", "error": "0" },
+      { "metric": "bugs",                        "label": "Bugs",                   "op": "GT", "error": "0" },
+      { "metric": "code_smells",                 "label": "Code Smells",            "op": "GT", "error": "50" },
+      { "metric": "critical_violations",         "label": "Critical Issues",        "op": "GT", "error": "0" },
+      { "metric": "duplicated_lines_density",    "label": "Duplicated Lines (%)",   "op": "GT", "error": "45.0" },
+      { "metric": "sqale_rating",                "label": "Maintainability Rating", "op": "GT", "error": "1" },
+      { "metric": "major_violations",            "label": "Major Issues",           "op": "GT", "error": "0" },
+      { "metric": "reliability_rating",          "label": "Reliability Rating",     "op": "GT", "error": "1" },
+      { "metric": "security_rating",             "label": "Security Rating",        "op": "GT", "error": "1" },
+      { "metric": "vulnerabilities",             "label": "Vulnerabilities",        "op": "GT", "error": "0" }
+    ]
+  }
+}

package/skills/sdlc/_shared/sonar-viettel/sonar-viettel-profile.xml ADDED Viewed

@@ -0,0 +1 @@

+ <?xml version='1.0' encoding='UTF-8'?><profile><name>sonar-viettel</name><language>java</language><rules><rule><repositoryKey>java</repositoryKey><key>S100</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[a-z][a-zA-Z0-9]*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S101</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[A-Z][a-zA-Z0-9]*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S106</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1065</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1066</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1068</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S107</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters><parameter><key>max</key><value>7</value></parameter><parameter><key>constructorMax</key><value>7</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1075</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S108</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S110</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters><parameter><key>max</key><value>5</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1104</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1110</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1111</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1113</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1116</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1117</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1118</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1119</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S112</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1121</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1123</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1124</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1125</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1126</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1128</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1130</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1133</key><type>CODE_SMELL</type><priority>INFO</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1134</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1135</key><type>CODE_SMELL</type><priority>INFO</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S114</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[A-Z][a-zA-Z0-9]*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1141</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1143</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1144</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1149</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S115</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters><parameter><key>format</key><value>^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1150</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1153</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1155</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1157</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1158</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S116</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[a-z][a-zA-Z0-9]*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1161</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1163</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1165</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1168</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S117</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[a-z][a-zA-Z0-9]*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1170</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1171</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1172</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1174</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1175</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1181</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1182</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1185</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1186</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S119</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[A-Z][0-9]?$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1190</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1191</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1192</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters><parameter><key>threshold</key><value>3</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1193</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1195</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1197</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1199</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S120</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[a-z_]+(\.[a-z_][a-z0-9_]*)*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1201</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1206</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1210</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1214</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1215</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1217</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1219</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1220</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1221</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1223</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1226</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S125</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1264</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S127</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S128</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1301</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S131</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1313</key><type>SECURITY_HOTSPOT</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1317</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1319</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S135</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1444</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1450</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1452</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1479</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters><parameter><key>maximum</key><value>30</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S1481</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1488</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1596</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1598</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1602</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1604</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1607</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1611</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1612</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1640</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1643</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1656</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1659</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1700</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1710</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1751</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1764</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1844</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1845</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1849</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1854</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1858</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1860</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1862</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1871</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1872</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1874</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1905</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1940</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1948</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1989</key><type>VULNERABILITY</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S1994</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2055</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2060</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2061</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2062</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2065</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2066</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2068</key><type>SECURITY_HOTSPOT</type><priority>BLOCKER</priority><parameters><parameter><key>credentialWords</key><value>password,passwd,pwd,passphrase,java.naming.security.credentials</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S2077</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2092</key><type>SECURITY_HOTSPOT</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2093</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2094</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2095</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2097</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2109</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2110</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2111</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2112</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2114</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2115</key><type>VULNERABILITY</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2116</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2118</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2119</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2121</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2122</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2123</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2127</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2129</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2130</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2133</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2134</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2139</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2140</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2142</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2147</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2151</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2153</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2154</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2157</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2159</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2160</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2166</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2167</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2168</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2175</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2176</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2177</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2178</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2183</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2184</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2185</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2186</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2187</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters><parameter><key>TestClassNamePattern</key><value>.*(Test|Tests|TestCase)</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S2188</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2189</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2200</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2201</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2204</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2209</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2222</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2225</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2226</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2229</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2230</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2232</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2234</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2235</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2236</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2245</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2251</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2252</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2254</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2257</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2259</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2272</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2273</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2274</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2275</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2276</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2293</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2326</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2386</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2387</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2388</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2390</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2437</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2438</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2440</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2441</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2442</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2445</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2446</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2447</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2583</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2589</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2612</key><type>SECURITY_HOTSPOT</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2629</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2637</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2638</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2639</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2674</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2675</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2676</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2677</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2681</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2689</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2692</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2695</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2696</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2699</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2718</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2737</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2755</key><type>VULNERABILITY</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2757</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2761</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2786</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2789</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2864</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2885</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2886</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2924</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2925</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2970</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S2975</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3008</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters><parameter><key>format</key><value>^[a-z][a-zA-Z0-9]*$</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S3010</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3011</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3012</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3014</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3020</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3034</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3038</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3039</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3042</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3046</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3064</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3065</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3066</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3067</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3077</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3078</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3252</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3305</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3330</key><type>SECURITY_HOTSPOT</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3346</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3358</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3398</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3400</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3415</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3416</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3436</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3457</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3516</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3518</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3551</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3599</key><type>BUG</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3626</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3631</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3655</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3740</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3751</key><type>CODE_SMELL</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3752</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3753</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3776</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters><parameter><key>Threshold</key><value>15</value></parameter></parameters></rule><rule><repositoryKey>java</repositoryKey><key>S3824</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3864</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3878</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3923</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3958</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3959</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3972</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3973</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3981</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3984</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3985</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S3986</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4032</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4034</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4042</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4065</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4087</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4143</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4144</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4165</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4201</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4274</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4275</key><type>BUG</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4276</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4347</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4348</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4349</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4351</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4423</key><type>VULNERABILITY</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4425</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4426</key><type>VULNERABILITY</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4433</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4434</key><type>SECURITY_HOTSPOT</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4449</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4454</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4488</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4502</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4507</key><type>SECURITY_HOTSPOT</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4512</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4517</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4524</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4544</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4601</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4602</key><type>BUG</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4635</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4682</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4684</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4719</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4738</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4790</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4830</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4838</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4925</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4929</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S4973</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5042</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5122</key><type>SECURITY_HOTSPOT</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5164</key><type>BUG</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5261</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5301</key><type>VULNERABILITY</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5320</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5322</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5324</key><type>SECURITY_HOTSPOT</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5344</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5361</key><type>CODE_SMELL</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5411</key><type>CODE_SMELL</type><priority>MINOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5413</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5527</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5542</key><type>VULNERABILITY</type><priority>BLOCKER</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5547</key><type>VULNERABILITY</type><priority>CRITICAL</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5679</key><type>VULNERABILITY</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S5738</key><type>CODE_SMELL</type><priority>MAJOR</priority><parameters/></rule><rule><repositoryKey>java</repositoryKey><key>S899</key><type>BUG</type><priority>MINOR</priority><parameters/></rule></rules></profile>

package/skills/sdlc/hotfix-implement/SKILL.md CHANGED Viewed

@@ -100,17 +100,23 @@ Use `/tdd` methodology — behavior-based, vertical slice:
 [HOTFIX-IMPL] [4/6] SonarQube quality check... ⏳
 ```
-Apply DURING Step 3 (not after). After the fix is complete, final sweep:
+Apply DURING Step 3 (not after). After the fix is complete, final sweep.
+> **Standard (single source of truth):** **`.claude/skills/_shared/sdlc/sonar-viettel/quality-gate.md`** — full gate, 357-rule parameters, and the importable `sonar-viettel-profile.xml` / `sonar-viettel-gate.json`. Phase 4 (`/sdlc-hotfix-review`) re-checks the same file. A hotfix applies the gate's **New Code** conditions on changed files.
 | Metric | Threshold |
 |--------|-----------|
-| New Issues | = 0 |
-| Blocker/Critical | = 0 |
+| Issues / Blocker / Critical / Major | = 0 |
+| Code Smells (new) | = 0 — stricter than the gate's ≤20 **by design**: a surgical 1–3 line fix has no excuse to add a smell, and `/sdlc-hotfix-review` rejects any new smell |
 | Vulnerabilities | = 0 |
-| Duplicated Lines (new) | ≤ 3% |
+| Security Hotspots Reviewed | = 100% |
+| Duplicated Lines (new) | ≤ 45% |
+| Maintainability / Reliability / Security Rating | ≥ A |
+**Honour the `sonar-viettel` parametrised rules in the changed code** — S107 (params), S3776 (complexity), S1192 (literals), S2068/S2077 (secrets/injection), S100/S101/S115 (naming). **Thresholds are authoritative in the profile XML** — derive them via the snippet in the shared `quality-gate.md`, do not hard-code numbers.
-- If project has SonarQube → run `sonar-scanner` incremental
-- If not → Claude self-reviews changed files against metrics above
+- If project has SonarQube → import the profile + gate from the shared folder, then run `sonar-scanner` incremental
+- If not → Claude self-reviews changed files against the shared `quality-gate.md`
 ```
 [HOTFIX-IMPL] [4/6] SonarQube quality check... ✅

package/skills/sdlc/hotfix-review/SKILL.md CHANGED Viewed

@@ -94,6 +94,8 @@ Read the reproduction test and verify:
 | Security Hotspots | 0 |
 | New code smells | 0 |
+> **Standard (single source of truth):** **`.claude/skills/_shared/sdlc/sonar-viettel/quality-gate.md`** — full gate + 357-rule parameters + importable `sonar-viettel-profile.xml` / `sonar-viettel-gate.json`. Same file Phase 3 (`/sdlc-hotfix-implement`) coded against. If SonarQube is present, scan changed files against the `sonar-viettel` profile + gate; otherwise re-check manually. `New code smells = 0` is intentionally stricter than the gate's ≤20 for surgical fixes.
 ```
 [HOTFIX-REVIEW] [4/4] Impact check + quality gate... ✅
 ```

package/skills/sdlc/implement/SKILL.md CHANGED Viewed

@@ -57,26 +57,21 @@ You are a Senior Software Engineer. Your mission: implement code following TDD
 ## SonarQube Quality Gate — Apply DURING Coding
-⚠️ **DO NOT wait for review phase.** Each subagent MUST self-check these thresholds WHILE writing code:
-| Metric | Threshold | Action |
-|--------|-----------|--------|
-| Issues | = 0 | Do not create new issues |
-| Blocker Issues | = 0 | STOP immediately if detected |
-| Critical Issues | = 0 | STOP immediately if detected |
-| Major Issues | = 0 | Fix before continuing |
-| Vulnerabilities | = 0 | Scan security for each function |
-| Security Rating | ≥ A | No hardcoded secrets, no injection |
-| Duplicated Lines | ≤ 45% | Extract common code immediately |
-| Maintainability Rating | ≥ A | SOLID, clean code, short methods |
-| Reliability Rating | ≥ A | Null-safe, resource management, error handling |
+⚠️ **DO NOT wait for review phase.** Each subagent MUST self-check the `sonar-viettel` gate WHILE writing code.
+> **Standard (single source of truth):** **`.claude/skills/_shared/sdlc/sonar-viettel/quality-gate.md`** — full New Code + Overall Code tables, the 357-rule parameters, and the importable `sonar-viettel-profile.xml` / `sonar-viettel-gate.json`. **Read it.** Phase 7 (`/sdlc-review`) re-checks the **same** file — anything that passes here must pass there. Do NOT invent stricter or looser values.
+**Hard fails to self-check (summary — see the shared doc for the full gate):**
+- New Code: Issues / Blocker / Critical / Major / Vulnerabilities = **0**; Code Smells **≤ 20**; Security Hotspots Reviewed = **100%**; Duplicated **≤ 45%**; Maintainability / Reliability / Security Rating **≥ A**.
+- Overall Code: Bugs = **0**; Code Smells **≤ 50**; same Blocker/Critical/Major/Vuln/Duplication/rating rules.
+- Honour the parametrised rules — S107 (params), S3776 (complexity), S110 (inheritance), S1479 (switch), S1192 (literals), S2068/S2077 (secrets/injection), S100/S101/S115 (naming). **Thresholds live authoritatively in the profile XML** — derive them via the snippet in the shared `quality-gate.md`, do not memorise numbers.
 **How to apply during coding:**
-- **After each function is written** → self-review: security vulnerabilities? code smells? duplication?
-- **After each class is written** → check SOLID violations, naming conventions, interface segregation
-- **Before each commit** → scan all changed files for: SQL injection, XSS, command injection, hardcoded secrets, null dereference, resource leaks, concurrency issues, duplicated blocks
-- If the project has SonarQube → run `sonar-scanner` incremental
-- If the project does NOT have SonarQube → Claude self-reviews against the metrics above
+- **After each function** → self-review: security vulnerabilities? code smells? duplication?
+- **After each class** → check SOLID violations, naming conventions, interface segregation
+- **Before each commit** → scan changed files for: SQL injection, XSS, command injection, hardcoded secrets, null dereference, resource leaks, concurrency issues, duplicated blocks
+- If the project has SonarQube → import the profile + gate from the shared folder, then run `sonar-scanner` incremental
+- If not → Claude self-reviews against the shared `quality-gate.md`
 **Goal:** Review phase should only need to RE-CHECK, not find bugs for the first time.
@@ -210,7 +205,7 @@ Use GitNexus `rename` — safe multi-file refactoring if needed.
 4. **Test suite run**: `npm test` / `mvn test` / equivalent → All tests PASS
 5. **Final SonarQube sweep**: Scan all new code one last time before exiting
-   - Confirm: Issues=0, Blocker=0, Critical=0, Major=0, Vulns=0
+   - Confirm both New Code and Overall Code conditions are green per the shared `quality-gate.md` (single source of truth)
    - If FAIL → fix immediately, this is a hard gate
 ⚠️ **DO NOT exit the phase if code does not compile.** This is a hard gate — no exceptions.
@@ -243,7 +238,8 @@ Multi-repo:
 In PHASE REPORT:
 - Done: N tasks completed, M tests written, K subagents dispatched
 - Result: all tests PASS/FAIL
-- SonarQube: Issues=0, Blocker=0, Critical=0, Major=0, Vulns=0, Duplication={N}%
+- SonarQube (New Code): {PASS/FAIL vs shared gate} — Issues={N}, Blocker={N}, Critical={N}, Major={N}, Code Smells={N}, Vulns={N}, Hotspots Reviewed={N}%, Duplication={N}%
+- SonarQube (Overall): {PASS/FAIL vs shared gate} — Bugs={N}, Code Smells={N}, Duplication={N}%, ratings={A..E}
 - Output files: `07-impl-plan.md`
 - Code changes: {list files changed}
 - Suggestions: [1] Phase 7 Review (`/sdlc-review`) [2] Save artifacts

package/skills/sdlc/review/SKILL.md CHANGED Viewed

@@ -86,48 +86,21 @@ Write to `08-review.md` §Code Review.
 **IMPORTANT:** SonarQube rules were already applied in Phase 6 (Implementation). The Review phase only RE-CHECKS — confirming that code still meets standards after all changes.
-Verify that code meets SonarQube Quality Gate thresholds:
-**Conditions on New Code (new code in the feature):**
-| Metric | Threshold |
-|--------|-----------|
-| Issues | = 0 |
-| Security Hotspots Reviewed | = 100% |
-| Coverage | ≥ 0% |
-| Duplicated Lines | ≤ 45% |
-| Maintainability Rating | ≥ A |
-| Blocker Issues | = 0 |
-| Code Smells | ≤ 20 |
-| Critical Issues | = 0 |
-| Major Issues | = 0 |
-| Vulnerabilities | = 0 |
-| Reliability Rating | ≥ A |
-| Security Rating | ≥ A |
-**Conditions on Overall Code (the entire codebase):**
-| Metric | Threshold |
-|--------|-----------|
-| Blocker Issues | = 0 |
-| Bugs | = 0 |
-| Code Smells | ≤ 50 |
-| Critical Issues | = 0 |
-| Duplicated Lines | ≤ 45% |
-| Maintainability Rating | ≥ A |
-| Major Issues | = 0 |
-| Reliability Rating | ≥ A |
-| Security Rating | ≥ A |
-| Vulnerabilities | = 0 |
+Verify that code meets the `sonar-viettel` Quality Gate.
+> **Standard (single source of truth):** **`.claude/skills/_shared/sdlc/sonar-viettel/quality-gate.md`** — the full New Code + Overall Code tables, the 357-rule parameters, and the importable `sonar-viettel-profile.xml` / `sonar-viettel-gate.json`. This is the **same** file Phase 6 (`/sdlc-implement`) coded against — review only confirms compliance, do not change the numbers.
+**Hard fails to confirm (summary — see the shared doc for the full gate):**
+- New Code: Issues / Blocker / Critical / Major / Vulnerabilities = **0**; Code Smells **≤ 20**; Security Hotspots Reviewed = **100%**; Duplicated **≤ 45%**; Maintainability / Reliability / Security Rating **≥ A**.
+- Overall Code: Bugs = **0**; Code Smells **≤ 50**; same Blocker/Critical/Major/Vuln/Duplication/rating rules.
 **How to execute:**
-- If the project has SonarQube → run `sonar-scanner` and check the report
-- If there is NO SonarQube → Claude performs a manual re-check against the metrics above:
+- If the project has SonarQube → ensure it uses the `sonar-viettel` Profile + Gate (import from the shared folder if missing), run `sonar-scanner`, and check the report
+- If there is NO SonarQube → Claude performs a manual re-check against the shared `quality-gate.md`:
   - Scan for security vulnerabilities (SQL injection, XSS, command injection, hardcoded secrets)
   - Scan for bugs (null dereference, resource leaks, concurrency issues)
   - Scan for code smells (long methods, deep nesting, duplicated blocks)
-  - Verify naming conventions, SOLID principles
-  - Check duplicated code blocks
+  - Verify naming conventions, SOLID principles, duplicated blocks
 - Write results to `08-review.md` §Quality Gate
 **Quality Gate FAIL** → classify each issue as MUST FIX / SHOULD FIX / NOTED per the triage rules below.

package/skills/vds-skill/runtime/.claude/phase7-CLOSURE.md DELETED Viewed

@@ -1,100 +0,0 @@
-# Phase 7 Lane Closure Notes
-## Lane G3 — materials_cli Triage (2026-04-19)
-**Scope**: `audit_orchestrator/tests/test_cli/test_materials_cli.py`
-**Method**: Ran 4 tests on both phase7/composition and master (450f6e3). All 4 fail identically on both branches.
-**Conclusion**: All 4 are pre-existing failures — unrelated to Phase 7 changes.
----
-### Test: test_list_materials_resolves_project_storage_key_directory
-- **Status**: pre-existing
-- **Failure**: `assert "2" in result.stdout` — attachment count displays "0" instead of "2"
-- **Root cause**: Test sets up top-level `attachments: [{"attachment_id": "a-1"}, ...]` on the mock state, but `misc_cmds.py` reads attachment count from `linked_page_resolution.attachment_total`, not the top-level `attachments` list. Test expectation-vs-implementation mismatch that predates Phase 7.
-- **Evidence**: Same `AssertionError` on master (450f6e3). `misc_cmds.py` was touched in Phase 7 (commit 13f6454, SecretStr sweep) but only changed `api_key.get_secret_value()` → `resolve_secret()` at line ~197; the `linked_page_resolution.attachment_total` read path was not modified.
-- **Action**: none (pre-existing, defer to a follow-up issue)
----
-### Test: test_extract_docs_refresh_snapshot_prefers_native_repo_identity_for_head_baseline
-- **Status**: pre-existing
-- **Failure**: Assertion on repo identity/head-baseline snapshot path
-- **Evidence**: Fails identically on master (450f6e3) with no diff in the test code vs master. `extract_cmds.py` was modified in Phase 7 (commits a4ffaba + 13f6454) to remove legacy telemetry fields and use `resolve_secret()`, but neither change touches the snapshot identity path exercised by this test.
-- **Action**: none (pre-existing, defer)
----
-### Test: test_extract_docs_no_change_fast_path_skips_repo_chunk_build_and_repo_refresh
-- **Status**: pre-existing
-- **Failure**: `exit_code == 1`, error: `"Material extraction failed: repo chunk build should be skipped"`. Stderr shows: `"error": "State API missing required function. Tried: list_retrieval_snapshots"` — the mock state in the test doesn't implement `list_retrieval_snapshots`, so the lookup fails and code falls through to chunk building, which then hits the assertion error.
-- **Evidence**: Same failure on master (450f6e3). The `list_retrieval_snapshots` call predates Phase 7; Phase 7 extract_cmds.py diff only removed telemetry fields (retry_events, p95_page_latency_ms, latency_ms, recent_retry_events).
-- **Action**: none (pre-existing, defer — test mock needs `list_retrieval_snapshots` stub)
----
-### Test: test_extract_docs_linked_page_fast_path_skips_no_change_runs
-- **Status**: pre-existing
-- **Failure**: `assert ['88710001', '1001', '2002'] == ['88710001', '1001']` — page '2002' is downloaded (cache_hit) but test expects it to be skipped by the linked-page fast path. Log shows `extract_docs_linked_page_fast_path_bypassed_no_prior_linked_pages` — fast path is bypassed because there are no prior linked pages in the corpus, so the full download runs instead of the expected no-op.
-- **Evidence**: Same `AssertionError` on master (450f6e3). Phase 7 extract_cmds.py diff is purely telemetry field removal; the linked-page fast path logic is untouched.
-- **Action**: none (pre-existing, defer — test setup needs a corpus with prior linked pages to trigger the fast path)
----
-### Summary
-- Pre-existing defers: **4**
-- Regressions fixed: **0**
-- Production code changes: **none**
-- Master evidence SHA: `450f6e387acdb86cd8651244eaa612c1fbd5db9b`
-- Verification run: `uv run --project audit_orchestrator pytest <4 tests> -q --tb=short --timeout=60` on master stash → 4 failed, 0 passed (identical failure modes)
----
-## Lane D — dispatch-status CLI Triage (2026-04-19)
-**Scope**: `audit_orchestrator/tests/test_cli/test_doctor_dispatch_status_cli.py`
-**Baseline**: All 5 tests were previously hidden by fixture setup error (AttributeError on `runtime_profiles.load_shared_env`). G1's try/except fix made them runnable, exposing 3 distinct pre-existing isolation/assertion gaps.
----
-### Test: test_dispatch_status_no_dsn_fails
-- **Status**: fixed
-- **Root cause**: `apply_runtime_profile` (called from `@app.callback()`) invokes `vds_agent_core.profiles.load_shared_env` — a reference not covered by the existing `_isolate_env` patches. This re-loaded `~/.vds/.env` and restored `VDS_AUDIT_STATE_DSN` into `os.environ` even after `monkeypatch.delenv`, causing the command to connect to a real database and return exit 0 instead of failing.
-- **Action**: Added `monkeypatch.setattr("vds_agent_core.profiles.load_shared_env", _noop_env)` to the `_isolate_env` autouse fixture. Test now exits 1 as expected.
----
-### Test: test_dispatch_status_table_output
-- **Status**: fixed
-- **Root cause**: Rich table column truncation. In an 80-char terminal (CliRunner default), "run-001" → "run-…" and "88727304" → "8872…". Test asserted `"run-0" in result.output` which doesn't match the ellipsis form.
-- **Action**: Updated assertions to `"run-" in result.output` and `"8872" in result.output` — 4-char prefixes present in both truncated and non-truncated forms.
----
-### Test: test_repair_dispatch_no_stuck_runs_json
-- **Status**: fixed
-- **Root cause**: TSK-170.13 added `store._schema_compat_result` access in `doctor_repair_dispatch` before any repair operations. `FakeStore` lacked this attribute, causing `AttributeError` → caught by `except Exception` → `Exit(1)`.
-- **Action**: Added nested `_Compat` class with `status="compliant", violations=[]` to `FakeStore`.
----
-### Test: test_repair_dispatch_force_json
-- **Status**: fixed
-- **Root cause**: Same as above — `FakeStore._schema_compat_result` missing.
-- **Action**: Same fix applied to this test's `FakeStore`.
----
-### Test: test_repair_dispatch_stale_hours_param
-- **Status**: fixed
-- **Root cause**: Same as above — `FakeStore._schema_compat_result` missing.
-- **Action**: Same fix applied to this test's `FakeStore`.
----
-### Summary
-- Fixes applied: **5** (all 5 tests now pass)
-- Pre-existing defers: **0**
-- Regressions escalated: **0**
-- Classification: All were pre-existing isolation/assertion gaps hidden by the fixture setup error that G1 resolved. No phase 7 production code changes required.
-- Verification: `13 passed in 3.34s` (all 13 tests in the file pass).

package/skills/vds-skill/runtime/AGENTS.md DELETED Viewed

@@ -1,250 +0,0 @@
-# AGENTS.md — VDS Scripts Workspace
-> Python automation workspace for VDS orchestrators and routed CLI commands.
-## Scope
-- Repository: `WHO-project/vds-scripts`
-- Primary responsibilities:
-  - `vds-cli` routed command surface
-  - audit/spec/task/progress/research/evolution orchestrators
-  - shared runtime and environment contracts
-- This file is Tier-0 operator contract (keep concise). Deep command catalogs and phase details live in docs references.
-## Repo Boundary
-This repo holds **runtime Python only** — CLI entry points, orchestrators, MCP
-servers, platform abstractions, agent-core libraries, evolution loops.
-Claude-Code-facing artifacts (skills, hook plugins, sync machinery, governance
-docs) live in `WHO-project/vds-skills/`.
-Canonical rules: `who-ecosystem-alignment` Phase 4 FR-8 (Repo purpose) and FR-9
-(Direction of dependency: skills may reference vds-scripts entry points;
-vds-scripts must build, test, and run with **zero** vds-skills artifacts
-present). FR-11 forbids `.claude/skills/<name>/` directories here. FR-12
-forbids new hook packages here (canonical hook surface is
-`vds-skills/plugins/vds-hooks-*/`).
-## Quick Start
-```bash
-cd WHO-project/vds-scripts
-# CLI router — unified entry point for all operations
-uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli --help
-uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli env status
-uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli status
-uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli doctor
-# Specialist services (all route through vds-cli)
-uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli audit --help
-uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli spec --help
-uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli evolution --help
-```
-## Unified Routing Contract
-**`vds-cli` is the single canonical entry point** for all user-facing orchestrator operations.
-- All commands route through `uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli <service> <command> [args]`.
-- `pyproject.toml [project.scripts]` are router implementation detail — not user-facing contracts.
-- Internal scripts (e.g., `vds-evolution`) are backend mechanisms invoked by the router, not directly by users.
-## Rules
-- Use `uv run --directory ~/.claude/vds-scripts --package vds_cli vds-cli ...` for worktree-safe Python execution.
-- Runtime is Postgres-first. Do not add filesystem fallback for audit state or evidence.
-- Use VDS SDK surfaces for Confluence/Bitbucket operations.
-- Keep phase history and long command narratives out of AGENTS.md.
-### Testing Rules
-- Tests must mock all external services (Confluence, Bitbucket, LLM providers, HTTP endpoints).
-- Control env vars with `monkeypatch.setenv` / `delenv`; do not read real local credentials.
-- Prefer focused tests for changed modules during development; run broad suites at merge gates.
-### Phase Numbering & Branch Naming
-Phase numbers are **per-spec local** structural labels, not monorepo-global tags. The same number can mean different things in different specs (e.g., `## Phase 219` in `vds-ai-memory` ≠ `## Phase 219` in `ecosystem-scheduling`). To prevent silent branch-namespace collisions when sessions run in parallel, new phase branches MUST use the prefix `<spec-prefix>-phase<N>`:
-- `vai-phase219` — vds-ai-memory (`vai`)
-- `eco-phase5` — ecosystem-infrastructure-evolution (`eco`)
-- `audit-phase6` — audit-orchestrator (`audit`)
-- `core-phase172` — vds-agent-core-alignment (`core`)
-Commit messages retain the narrative `phase<N>` form for readability. Existing un-prefixed branches (e.g., `phase218`, `phase219/...`) are grandfathered; the prefix rule applies prospectively. When starting a new phase, check the spec's `requirements.md` for the next free phase number within that spec, then `git branch -a | grep <spec-prefix>-phase<N>` before creating the branch — collision is now diagnosable by name.
-### Active Spec Sync
-vds-ai-memory: **1547 tests**, spec v20.22.0 (Phase 228/229/230/231 Finalized, Phase 232 Blocked — dedup never ran, max_groups=10, embed degraded)
-### Containerization Policy
-| Command Category                | Runtime                         | Examples                                                                       |
-| ------------------------------- | ------------------------------- | ------------------------------------------------------------------------------ |
-| **Host-only** (never in Docker) | Host filesystem                 | `vds-cli skills sync`, `git commit/rebase`, `vds-cli spec create`              |
-| **Host-only**                   | Host credentials/env            | `vds-cli memory store/search`, `uv run --directory ~/.claude/vds-scripts`                      |
-| **Container-eligible**          | Docker                          | `vds-cli audit workflow`, `vds-cli research search`, `vds-cli confluence sync` |
-| **Hybrid**                      | Container (read) + Host (write) | `vds-cli progress report` (read DB, write reports), `vds-cli pdf convert`      |
-`vds-skills` remains container-free. Skill sync must run on host.
-### Scheduler Architecture (Single-Scheduler Operator Note, post-2026-04-24)
-The VDS ecosystem now has **one** periodic-task scheduler: **`scheduler_orchestrator`** (DBOS-backed, in `scheduler_orchestrator/`). Celery Beat was retired by ADR-14 on 2026-04-24 (commit `a0ba4179`); audit trail at `scheduler_orchestrator/CLOSURE-v2.0.18.md` (Phase 0 of `.gpt-5.4/specs/vds-scheduler/`).
-| Concern                                  | Owner                                                                | Notes                                                                                                                                                                                                                                                                    |
-| ---------------------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| All periodic schedules (cron + interval) | `scheduler_orchestrator` (DBOS)                                      | Includes the 6 ex-Celery-Beat memory-evolution tasks (`memory.evolution.{dispatch,sweep,replay-dlq}`, `mem0.{resolve-pending-ids,repush-stalled,repush-local-only}`) plus audit drift scans, chain triggers, event-bus dispatch, and scheduled agent-step workflows      |
-| Ad-hoc Celery task dispatch              | Celery worker in `memory_orchestrator/` (worker only — beat retired) | The worker plumbing (`memory_evolution/celery_app.py` + `celery_entrypoint.py`) is intentionally retained per `scheduler_orchestrator/CLOSURE-v2.0.18.md` §Scope Clarification, for explicit `.delay()` / `.send_task()` dispatch from production code. Not a scheduler. |
-| Kill switch                              | `VDS_SCHEDULER_ENABLED=false` (default)                              | Disables `scheduler_orchestrator` completely. Celery worker dispatch is unaffected.                                                                                                                                                                                      |
-**Kill-switch rule**: `VDS_SCHEDULER_ENABLED=false` (the default in `~/.vds/.env`) keeps `scheduler_orchestrator` dormant. Set `VDS_SCHEDULER_ENABLED=true` only when the scheduler service is intentionally started; this activates 7+ DBOS schedules (6 ex-Celery memory-evolution + `evolution.auto-promote` + the autoscaler tick).
-- **Ecosystem Daily Report** (`ecosystem.daily.report`): Runs at 06:00 UTC daily on `ops-default` queue. Collects git activity, scheduler health, event bus metrics, queue depths. Writes Markdown to `reports/ecosystem/`, persists to `sched.ecosystem_report_runs`, publishes `ecosystem.daily.completed`/`.failed` events. Config: `VDS_ECOSYSTEM_DAILY__*` env vars. Spec: `.gpt-5.4/specs/ecosystem-daily-report/`.
-**What is NOT a scheduler anymore**: Celery Beat (container removed from the legacy mem0-deploy stack; the unified `docker/docker-compose.services.yml` is beat-free by design; `beat_schedule` is empty `{}`). Tests asserting Celery Beat schedule registrations were updated in v2.0.10 to assert post-retirement empty state. The legacy compose files were retired to `docker/legacy/` in P3 + P4 WP-4.0; that directory was removed in spec v2.15.12 per the no-legacy directive — recover via git history if rollback is ever needed.
-## Entry Points
-All services route through a single entry:
-```bash
-vds-cli <service> <command> [args]
-```
-**Core service families** (non-exhaustive):
-- `vds-cli audit ...` — Audit operations (repo, project, multi-project)
-- `vds-cli spec ...` — Spec lifecycle (create, validate, consolidate)
-- `vds-cli tasks ...` — Task orchestrator
-- `vds-cli progress ...` — Progress reports
-- `vds-cli research ...` — Research orchestrator
-- `vds-cli memory ...` — Memory operations
-- `vds-cli evolution ...` — Evolution loop
-- `vds-cli confluence ...` — Confluence operations
-- `vds-cli bitbucket ...` — Bitbucket operations
-- `vds-cli git ...` — Git orchestrator
-- `vds-cli jira ...` — JIRA operations
-- `vds-cli db-query ...` — Database queries
-- `vds-cli grafana ...` — Grafana operations
-- `vds-cli sonarqube ...` — SonarQube operations
-- `vds-cli lsp ...` — LSP operations
-- `vds-cli elastic ...` — Elasticsearch operations
-- `vds-cli pdf ...` — PDF generation
-- `vds-cli diagrams ...` — Diagram generation
-- `vds-cli schema ...` — Schema conversion
-- `vds-cli excel ...` — Excel operations
-- `vds-cli google-sheets ...` — Google Sheets operations
-- `vds-cli circular-dependency ...` — Circular dependency analysis
-- `vds-cli openapi ...` — OpenAPI operations
-- `vds-cli links ...` — Link validation
-- `vds-cli structure ...` — Structure validation
-- `vds-cli brd ...` — BRD coverage
-- `vds-cli intellij ...` — IntelliJ operations
-- `vds-cli metabase ...` — Metabase operations
-- `vds-cli hexagonal ...` — Hexagonal compliance
-- `vds-cli markdown ...` — Markdown operations
-- `vds-cli mcp ...` — MCP server operations
-- `vds-cli multi-agent ...` — Multi-agent operations
-- `vds-cli public-interface ...` — Public interface boundary
-- `vds-cli scheduler ...` — Ecosystem scheduler (schedule/event/chain ops); requires `VDS_SCHEDULER_ENABLED=true`
-- `vds-cli telegram ...` — Telegram bridge ops (DISABLED 2026-04-30 — aiogram pydantic conflict; restore when aiogram >=3.28.0). Bridge code present at `telegram_bridge/`, 102 tests pass offline.
-## Search & Navigation
-- Start with `rg` for exact symbols and strings.
-- Use `sg` / structural search for pattern-level code exploration.
-- For large-scope understanding, prefer graphify/gitnexus before broad file scans.
-- Phase truth and runtime baselines are maintained in docs references (below), not inline here.
-## Code
-### Critical Path Symbols
-Before changing a symbol, run impact analysis:
-- `gitnexus_impact({target: "SymbolName", direction: "upstream"})`
-Before committing, run scope detection:
-- `gitnexus_detect_changes({scope: "staged"})`
-For unknown flows, start with:
-- `gitnexus_query({query: "concept"})`
-- `gitnexus_context({name: "symbol"})`
-### GitNexus Guardrails
-- Treat HIGH/CRITICAL impact results as explicit risk gates and surface them before continuing edits.
-- Never perform symbol renames via plain find/replace; use graph-aware rename workflows.
-- Re-index intentionally after significant code changes:
-  - `npx gitnexus analyze`
-  - `npx gitnexus analyze --embeddings` (when embeddings are in use)
-## Validation Gates (last verified: 2026-05-04 (Phase 14 post-merge))
-| Package                                      | Passed     | Failed | Skipped | Gate                                                                                                                                               |
-| -------------------------------------------- | ---------- | ------ | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
-| spec_orchestrator                            | 14         | 0      | 0       | GREEN                                                                                                                                              |
-| scheduler_orchestrator                       | 1,454      | 0      | 3       | GREEN (+2 from FR-14.2 cache fix)                                                                                                                  |
-| vds_agent_core                               | 932        | 0      | 0       | GREEN (+6 from FR-14.1 + FR-14.5 forward-ref fixes)                                                                                                |
-| memory_orchestrator (Phase 225 surface)      | 8          | 0      | 0       | GREEN                                                                                                                                              |
-| multi_agent_orchestrator (Phase 225 surface) | 49         | 0      | 0       | GREEN                                                                                                                                              |
-| audit_orchestrator (profile-focused subset)  | 121        | 15     | 24      | DEGRADED — pre-existing Python 3.14 forward-ref + config_hooks bugs (FR-14.1/14.5 reduced GAP cascade, full audit suite 8,290 PASS still DEGRADED) |
-| progress_report_orchestrator                 | 452        | 1      | 0       | DEGRADED — pre-existing alembic env_py schema-name assertion                                                                                       |
-| telegram_bridge                              | 102+       | 0      | 0       | GREEN                                                                                                                                              |
-| vds_cli (ecosystem)                          | 286        | 0      | 5       | GREEN                                                                                                                                              |
-| **Phase 14 surface total**                   | **1,477+** | **0**  | **8**   | GREEN (+8 from Phase 14 fixes)                                                                                                                     |
-- Scheduler Alembic: `a1b2c3d4e5f8` (Phase 2 golden-signals columns live)
-- Memory/Progress/Audit Alembic: AT_HEAD
-- Docker: 10/10 containers healthy; worker + API same image digest
-- Live CLI smoke: 6/6 pass (spec validate, scheduler help, trigger-now, db-query, onboarding-funnel, freshness)
-- Phase 231 deploy: vds-memory:1.0.0 image **10.4 GB** (62% reduction from 27.6 GB pre-Phase-225); all 7 health layers healthy; doctor embedding fallback OLLAMA_BASE_URL → BASE_URL deployed; VDS_MEMORY_TIMEOUT_SECONDS=300 set; entrypoint.sh alembic upgrade head verified
-## Docs
-- CLI command reference: `docs/agents/reference/cli-commands.md`
-- Ecosystem report: `docs/agents/reference/ecosystem-daily-report.md`
-- Skills commands: `docs/agents/reference/skills-commands.md`
-- Infrastructure v2.15: `docs/agents/reference/infrastructure-v2.15.md`
-- CI workflows: `docs/agents/reference/ci-workflows.md`
-- Ecosystem index: `ECOSYSTEM-DOCS.md`
-- Ecosystem changelog: `ECOSYSTEM-CHANGELOG.md`
-- Environment git-helper: `docs/agents/reference/env-git-helper.md`
-- Phase archive: `docs/phases/CHANGELOG.md`
-- Script authoring contract: `scripts/README.md`
-- Worktree wrapper contract (Phase 220.V): `scripts/README.md` §Worktree Wrapper Scripts (`worktree-add.sh` / `worktree-remove.sh` are canonical for vds-scripts; bare `git worktree` is fallback only)
-- Telegram Bridge reference: `telegram_bridge/skill_content/references/README.md`
-- Root router: `../AGENTS.md`
-- Ecosystem alignment: `ECOSYSTEM_ALIGNMENT.md` (openspace hook analysis)
-- Canonical spec: `.gpt-5.4/specs/ARCHIVE/who-project-documentation-enhancement/` (ARCHIVED — Phases 177→179 + post-merge updates merged)
-### Comprehensive Docs (Phase 180)
-- Introduction: `docs/agents/explanation/who-ecosystem-introduction.md`
-- Quick Start: `docs/agents/tutorials/quick-start.md`
-- Configuration: `docs/agents/reference/configuration-reference.md`
-- Troubleshooting: `docs/agents/how-to/troubleshooting-guide.md`
-- Architecture: `docs/agents/explanation/system-architecture.md`
-- Tips & Tricks: `docs/agents/how-to/tips-and-tricks.md`
-- See all: `ECOSYSTEM-DOCS.md`
-### Symlink Handling
-- `CLAUDE.md` in this repo is a symlink → `AGENTS.md`.
-- On filesystems where `core.symlinks=false`, the validator reports:
-  `CLAUDE.md is not a symlink to AGENTS.md (ERROR)`.
-- Fix: enable Git symlinks (`git config --global core.symlinks true`) or re-clone.
-## Ngôn ngữ / Language
-- [English](./AGENTS.md)
-- [Tiếng Việt](./AGENTS.vi.md)
-## Confluence Documentation
-- [WHO-Project Ecosystem Documentation](http://confluence.digital.vn/display/TTCN24/WHO-Project+Ecosystem+Documentation)
-  ecosystem: **41 tests**, spec v2.16.0 (Phase 0/8 Finalized; v2.16.0 deploy-portability extension applied)