-
Notifications
You must be signed in to change notification settings - Fork 16
MANIFEST
Brian Lehnen edited this page Apr 8, 2026
·
2 revisions
Compiled: 2026-03-29 Source audits: findings-security.md, findings-core.md, findings-transports.md, findings-observability.md, findings-migration.md Cross-reference: CONCERNS.md
- Total discrepancies found: 72
- By severity: 12 Critical, 18 High, 28 Medium, 14 Low
- By phase assignment: Phase 2 (20), Phase 3 (28), Phase 4 (19), Phase 5 (5)
AbortWorkerThreadsWhenStopping has been deleted from IWorkerConfiguration (commit 80b036e). The property does not exist anywhere in the main source tree. WorkerConfiguration.md still documents it — any code copied from that page will fail to compile. The post-cancel behavior is now always cooperative wait; the abort code path is gone entirely.
All new Thread( usage removed from main source. Workers now use Task.Factory.StartNew(..., TaskCreationOptions.LongRunning). Thread.Sleep is gone from main source. Only integration test helpers retain thread usage (intentional). One wiki example (Scheduler.md) still shows Thread.Sleep inside a LINQ string expression — it compiles but contradicts the migration.
-
IWorkerConfiguration.AbortWorkerThreadsWhenStopping— REMOVED.WorkerConfiguration.mdlines 23–35 must be deleted and theTimeToWaitForWorkersToCanceldescription updated. -
ITaskSchedulerConfiguration.WaitForThreadPoolToFinish— correct in source; wiki has typoWaitForTheadPoolToFinishthat must be fixed.
Six security findings across three pages require warning blocks or inline notes:
| # | File | Location | Caveat Required |
|---|---|---|---|
| 1 | MessageInterception.md |
Producer block, lines 27–29 | TripleDES hardcoded aaa... key/IV: add warning to use RandomNumberGenerator, load from secrets store, note 3DES is a legacy cipher |
| 2 | MessageInterception.md |
Consumer block, lines 41–44 | Same as above; cross-reference producer caveat |
| 3 | DashboardUi.md |
SHA256 hashing section, lines 74–89 | SHA256 is not a password hash: no salt, no key stretching, brute-force vulnerable; suitable for intranet only; recommend long random password or OIDC |
| 4 | DashboardUi.md |
HTTP base URL, lines 42–44 and 58 |
http://localhost is dev-only; production must use https:// so X-Api-Key header is encrypted in transit |
| 5 | DashboardConfiguration.md |
API key code block, lines 141–144 | Never hardcode "my-secret-key"; read from environment variable or vault |
| 6 | DashboardConfiguration.md |
JSON interceptor config, lines 84–112 | Do not store Key/IV in appsettings.json; use .NET User Secrets for dev, vault for production |
Answers based on evidence from the five audit findings files:
-
Transports.mdcontent — CONFIRMED REVIEWED. findings-transports.md audited it fully. Three high-severity findings: outdated Redis 3.0.x platform claim, Windows Server 2008R2 reference, and SQL Server 2008 minimum version claim (driver dropped 2008 support in v4+). -
Which .NET SDK/package versions are current — PARTIALLY RESOLVED. Audits confirmed:
StackExchange.Redis2.10.1,Microsoft.Data.SqlClient6.1.3,Npgsql8.0.8,System.Data.SQLite.Core1.0.119,LiteDB5.0.21. Wiki SQLite driver version was stale (1.0.101→1.0.119). -
notifications.Logremoval timeline — CONFIRMED REMOVED. findings-core.md verified thatIWorkerNotification.Logis now typed asMicrosoft.Extensions.Logging.ILogger(confirmed inIWorkerNotification.cs:67). NoLog(LogLevel, Func<string>)extension exists anywhere. The old API is broken, not deprecated-but-functional. -
SQLite driver in use — CONFIRMED
System.Data.SQLite.Core1.0.119. TheVersion=3parameter is valid for this driver (it refers to SQLite 3.x, not a version mismatch). CONCERNS.md High concern aboutVersion=3being invalid is not confirmed — it is correct for the driver in use. -
History transport support for Memory transport — UNCONFIRMED. findings-observability.md notes the Memory transport history support claim could not be verified from core-library source alone. Remains an open question for Phase 4 author. The
MessageHistory.mdclaim of "all 6 transports" should be marked as needing verification. -
ConsumerLinq and ConsumerLinqAsync pages — CONFIRMED REVIEWED. findings-core.md audited both. ConsumerLinq.md has one critical finding (
Start()missingConsumerQueueNotificationsparameter) and one high finding (broken logging API). ConsumerLinqAsync.md has one high finding (broken logging API).
Assigned to: Phase 5
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~18 | Stray n prefix on list item renders as n5) — breaks numbered list on GitHub |
High | Remove leading n
|
| 2 | Lines ~12–13 | Duplicate 2) numbering; items should be 1–8 but sequence is 1,2,2,3,4,5(broken),6,7 |
High | Renumber from second 2) onward |
| 3 | Line ~8 | Typo "loose" should be "lose" | Low | Fix typo |
| 4 | Lines 9–23 | Feature list omits message interception, job scheduler, Dashboard, maintenance mode, full transport list | Medium | Expand feature list (Phase 5 consistency pass) |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 1–7 | Lists only 3 variants (Producer, Consumer, ConsumerAsync); omits ProducerLinq, ConsumerLinq, ConsumerLinqAsync, ConsumerAsyncWorkGroup | High | Add links to all queue variants |
| 2 | Line 7 | Typo "amoong" should be "among" | Low | Fix typo |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| — | — | No discrepancies found. CreateProducer<T> factory method confirmed correct. |
— | No action required |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| — | — | No discrepancies found. Send with compiled expression and LinqExpressionToRun both confirmed correct. |
— | No action required |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 1–4 | Extremely thin stub — only mentions TimeConfiguration link. Missing TransportConfiguration, AdditionalConfiguration, Headers, and MessageHistory link | Medium | Expand to list all producer configuration sections; add MessageHistory link |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~45 (Start call) |
queue.Start<SimpleMessage>(Handle) missing required second parameter ConsumerQueueNotifications — code will not compile |
Critical | Update example to pass ConsumerQueueNotifications
|
| 2 | Line ~45 (logging) |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — API removed; ILogger does not accept Func<string> lambda |
High | Replace with notifications.Log.LogDebug("...")
|
| 3 | Lines ~44–60 |
IWorkerNotification description omits: IHeaders HeaderNames, IWorkerHeartBeatNotification HeartBeat, IMetrics Metrics, ActivitySource Tracer, per-message cancellation token |
Medium | Add section listing full IWorkerNotification property surface |
| 4 | Line 38 | Typo "canelazation" should be "cancellation" | Low | Fix typo |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Start call |
queue.Start() missing required ConsumerQueueNotifications parameter — code will not compile |
Critical | Update to queue.Start(notifications) or queue.Start(null)
|
| 2 | Line ~50 |
w.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with w.Log.LogDebug("...")
|
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~55 (Start call) |
queue.Start<SimpleMessage>(Handle) missing required second parameter ConsumerQueueNotifications — code will not compile |
Critical | Update example to include ConsumerQueueNotifications second parameter |
| 2 | Line ~55 (logging) |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with notifications.Log.LogDebug("...")
|
| 3 | Lines ~44–60 |
IWorkerNotification description omits same properties as Consumer.md |
Medium | Same addition as Consumer.md |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~55 |
w.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with w.Log.LogDebug("...")
|
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Link list | Missing link to MessageError configuration (IMessageErrorConfiguration accepted in QueueConsumerConfiguration constructor) |
Medium | Add MessageError configuration link |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Link list | Missing MessageError configuration link (same gap as ConsumerConfiguration.md) |
Medium | Add MessageError configuration link |
| 2 | Link list | Missing MessageHistory link (ConsumerConfiguration.md has it; async consumers also support history) |
Medium | Add MessageHistory link |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 |
AddWorkGroup call |
taskScheduler.AddWorkGroup("workGroupName", 1, 1) uses 3 args; source WorkGroup class shows only 2 params (name, concurrencyLevel). Third parameter description ("max queue size") does not match source. |
High | Verify ITaskScheduler.AddWorkGroup signature in task scheduling assembly; remove third arg if it no longer exists |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 23–35 |
AbortWorkerThreadsWhenStopping property documented but fully removed from source in commit 80b036e. Code example will not compile. Post-cancel behavior is now always cooperative wait. |
Critical | Delete lines 23–35; update TimeToWaitForWorkersToCancel description to remove "Abort the worker threads" bullet |
Assigned to: Phase 2
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~45 |
WaitForTheadPoolToFinish — typo in property name ("Thead" not "Thread"). Correct name is WaitForThreadPoolToFinish. Code will not compile. |
Critical | Fix typo: WaitForTheadPoolToFinish → WaitForThreadPoolToFinish
|
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~8 |
Ubuntu / Redis 3.0.2 — Redis 3.0.x is 2015-era, long end-of-life. Current Redis is 7.x. |
High | Remove or update tested-platform list |
| 2 | Line ~8 |
Windows Server 2008R2 / Redis 3.0.501 — irrelevant and outdated OS reference |
High | Remove Windows 2008R2 / Redis 3.0.501 line |
| 3 | Line ~13 | "SQL Server 2008 or higher" — Microsoft.Data.SqlClient 6.1.3 dropped 2008 support in v4+. Min supported is 2012 SP4 at minimum, practically 2014+. |
High | Update minimum SQL Server version claim; remove "2008" reference |
| 4 | Line ~31 | SQLite driver version listed as 1.0.101; actual version in csproj is 1.0.119
|
Medium | Update to 1.0.119
|
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 67–68 |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API (New finding vs CONCERNS.md — transport pages not individually audited in findings-core.md) |
High | Replace with notifications.Log.LogDebug("...")
|
| 2 | Line 12 | Typo "requries" should be "requires" | Medium | Fix typo |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Entire page | Page is a stub — contains only one sentence about time source. All EnableXxx properties on SqlServerMessageQueueTransportOptions are undocumented. |
Medium | Document all transport options properties with defaults and usage examples |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~46 |
EnableHoldTransactionUntilMessageCommited — typo (Commited single t). Correct source spelling is Committed. Code will not compile. |
Critical | Fix typo: Commited → Committed
|
| 2 | Options list |
EnableHistory not documented. Property exists on SqlServerMessageQueueTransportOptions (defaults false). |
Medium | Add EnableHistory option documentation |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 7–8 |
Ubuntu / Redis 3.0.2 and Windows Server 2008R2 / Redis 3.0.501 — same outdated platform list as Transports.md |
High | Remove or replace with current tested version information |
| 2 | Lines 51–53 |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with notifications.Log.LogDebug("...")
|
| 3 | Feature list | Lists only "Message Delay" and "Message Expiration". Source has all-true: priority, status, heartbeat, delayed processing, status table, route, message expiration. |
Medium | Expand feature list to reflect full capability set |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~26 |
queue.Configuration.Options().DelayedProcessingMonitorTime — property does not exist. Correct path is .DelayedProcessingConfiguration.MonitorTime
|
Critical | Fix property path in code example |
| 2 | Options table |
ClearErrorMessagesBatchLimit not documented. Property exists on RedisQueueTransportOptions line 118. |
Medium | Add ClearErrorMessagesBatchLimit documentation |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| — | — | Not individually audited in findings files. No findings reported. | — | No action required (verify in Phase 3) |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 63–66 |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with notifications.Log.LogDebug("...")
|
| 2 | Connection string |
Integrated Security=true is Windows Kerberos/SSPI only; no guidance for cross-platform deployments |
Low | Add note that Integrated Security is Windows-only; provide Username/Password example |
| 3 | Line 12 | Typo "requries" should be "requires" | Medium | Fix typo |
| 4 | Page title | Uses "PostGre" throughout; source namespace is PostgreSQL. Pre-existing convention — not a functional error. |
Low | No action required (cosmetic; consistent with codebase convention) |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Entire page | Page is a near-empty stub — contains only one sentence about time source. All properties on PostgreSqlMessageQueueTransportOptions are undocumented: AdditionalColumnsOnMetaData, EnablePriority, EnableHoldTransactionUntilMessageCommitted, EnableStatus, EnableHeartBeat, EnableDelayedProcessing, EnableStatusTable, EnableRoute, QueueType, EnableMessageExpiration, EnableHistory
|
High | Document all transport options properties |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~46 |
EnableHoldTransactionUntilMessageCommited — typo (Commited single t). Correct is Committed. Code will not compile. |
Critical | Fix typo: Commited → Committed
|
| 2 | Options list |
EnableHistory not documented. Property exists on PostgreSqlMessageQueueTransportOptions (defaults false). |
Medium | Add EnableHistory option documentation |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 62–65 |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with notifications.Log.LogDebug("...")
|
| 2 | Line 21 |
Version=3 in connection string — CONCERNS.md flagged this as High. Audit confirmed this is correct for System.Data.SQLite.Core in use — Version=3 refers to SQLite 3.x and is valid for this driver. CONCERNS.md concern is not confirmed. |
— | No action required (concern resolved: driver is System.Data.SQLite, not Microsoft.Data.Sqlite) |
| 3 | Line 12 | Typo "requries" should be "requires" | Medium | Fix typo |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Entire page | Page is a stub — contains only one sentence about time source. All properties undocumented: AdditionalColumnsOnMetaData, EnablePriority, EnableStatus, EnableHeartBeat, EnableDelayedProcessing, EnableStatusTable, EnableRoute, QueueType, EnableMessageExpiration, EnableWalMode, EnableHistory, EnableHoldTransactionUntilMessageCommitted
|
High | Document all transport options properties |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Options list |
EnableHistory not documented. Property exists on SqLiteMessageQueueTransportOptions (defaults false). |
Medium | Add EnableHistory option documentation |
| 2 | Options list |
EnableHoldTransactionUntilMessageCommitted not documented at all. Property exists in source. |
Medium | Add EnableHoldTransactionUntilMessageCommitted option with correct spelling (double t) |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines ~10, ~40 |
Version=3 in in-memory connection string — same audit conclusion as SQLiteTransport.md: valid for System.Data.SQLite driver. |
Low | Optionally add comment clarifying Version=3 is a driver flag, not a SQLite URI param |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~20 |
$"Filename=c:\temp\queue.db;Connection=shared;" — unescaped \t in interpolated string is a tab character. Code is incorrect. |
Critical | Change to $@"Filename=c:\temp\queue.db;Connection=shared;" or escape as \\temp\\
|
| 2 | Lines 63–66 |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with notifications.Log.LogDebug("...")
|
| 3 | Feature list | Missing: routing, history support. No note that priority is unsupported (EnablePriority => false hardcoded). |
Medium | Add routing and history to feature list; explicitly note priority is not supported |
| 4 | Line 9 | Typo "requries" should be "requires" | Medium | Fix typo |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Entire page | Page is a stub — contains only one sentence about time source. Configurable properties undocumented: EnableStatusTable, EnableRoute, EnableDelayedProcessing, EnableMessageExpiration, EnableHistory. Fixed properties also undocumented: EnablePriority => false, EnableStatus => true, EnableHeartBeat => true. |
High | Document all properties including fixed/immutable ones |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Options list |
EnableHistory not documented. Property exists on LiteDbMessageQueueTransportOptions (defaults false). |
Medium | Add EnableHistory option documentation |
| 2 | Options list |
EnableStatusTable documented but no note that it defaults to false for LiteDB (unlike SQL transports where it defaults true). |
Low | Add default value note for EnableStatusTable
|
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 49–52 |
notifications.Log.Log(DotNetWorkQueue.Logging.LogLevel.Debug, () => ...) — broken logging API |
High | Replace with notifications.Log.LogDebug("...")
|
| 2 | NuGet guidance | Page does not clarify that MemoryMessageQueueInit is in the core DotNetWorkQueue package (not DotNetWorkQueue.Transport.Memory). MemoryDashboardInit requires the separate transport package. |
Medium | Add NuGet package clarification note |
Assigned to: Phase 3
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Code example | Uses SqlParameter (SQL Server-specific) without noting that NpgsqlParameter, SQLiteParameter are used for other transports. Page is shared for all relational transports. |
Medium | Add note that parameter type varies by transport; label example as SQL Server-specific |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~3 | Typo "explictly" should be "explicitly" | Low | Fix typo |
| 2 | Lines ~34–47 | "MessageId and CorrelationId automatically pushed into ILogger scope — always-on" claim not confirmed in source during audit. No BeginScope decorator was found in Trace/Decorator/. |
Medium | Verify by searching BeginScope usage in message handler pipeline; if not confirmed, qualify the "always-on" claim |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~7 | "Meter" described as "rate measurement (events per second)"; maps to Counter<long> in SDM. "Counter" maps to UpDownCounter<long>. Semantically correct but potentially confusing to users inspecting raw SDM types. |
Low | Add note clarifying SDM instrument types for advanced users |
| 2 | Line ~13 | Prefix casing: wiki uses dotnetworkqueue (lowercase); registered name is DotNetWorkQueue (PascalCase). Some backends normalize; Prometheus example is fine but the actual registered name differs. |
Low | Clarify that root meter name is DotNetWorkQueue (PascalCase); backends may normalize |
| 3 | Line 104 | Grafana screenshot hotlinked from external samples repo URL. If the samples repo image moves or is deleted, the image silently breaks. | Medium | Note external image dependency (resolve in Phase 4 if samples repo is stable; otherwise move image) |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Entire page |
Page is a 4-line stub. All tracing infrastructure is implemented but undocumented. Missing: ActivitySource name (dotnetworkqueue.instrumentationlibrary), setup pattern, trace context propagation, all 17 activity/span names, non-ASP.NET host example. |
Critical | Full rewrite. See findings-observability.md for complete content specification including all 17 activity names and recommended structure. |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 1–12 |
creator.CreateAdminFunctions(queueConnection) — CreateAdminFunctions factory method may not exist in current API. Actual pattern uses IAdminApi from IoC container. |
High | Verify whether CreateAdminFunctions exists; if not, update example to use IAdminApi directly |
| 2 | Code example |
QueueStatusAdmin enum not documented. Users cannot discover they can filter by Waiting = 0 or Processing = 1. |
Medium | Add QueueStatusAdmin enum documentation and filtered-count example |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 27–29 | Hardcoded aaa... TripleDES key/IV in producer example with no warning |
High (Security) | Add security warning caveat (see Security Caveats section, finding #1) |
| 2 | Lines 41–44 | Same hardcoded key/IV in consumer example | High (Security) | Add security warning caveat (finding #2) |
| 3 | Interface section |
IMessageInterceptor member documentation incomplete: missing DisplayName, BaseType, and MessageInterceptorResult return type explanation. Custom interceptor authors cannot implement correctly from wiki alone. |
High | Add "Custom interceptor interface" section covering all 4 members and MessageInterceptorResult(byte[], bool addToGraph, Type) constructor |
| 4 | Line ~3 | Typo "seriaization" should be "serialization" | Low | Fix typo |
| 5 | Line ~3 | Typo "messsage" should be "message" | Low | Fix typo |
| 6 | Line ~15 | Typo "initalization" should be "initialization" | Low | Fix typo |
| 7 | Line ~15 | Typo "decyrpt" should be "decrypt"; "requries" should be "requires" | Low | Fix both typos |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~125 | Claims history supported for all 6 transports including Memory. Memory transport implementation lives in a separate package — support not confirmed during audit. | Medium | Verify Memory transport history support; qualify claim if unconfirmed |
| 2 | Configuration path |
consumer.Configuration.History property path and sub-properties (RetentionDays, StoreBody, MaxExceptionLength, etc.) not verified against IHistoryConfiguration source |
Medium | Verify IHistoryConfiguration exists with all documented properties; remove any that don't exist |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| — | — | No discrepancies found. MaintenanceMode enum, IQueueMaintenanceService, dashboard-hosted pattern all accurate. |
— | No action required |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 28–30 |
AddUpdateJob<SqlServerMessageQueueInit> example uses variable connectionStringSqlite — copy-paste error pairing SQL Server init type with SQLite variable name |
Medium | Rename variable to connectionStringSqlServer or a generic name |
| 2 | Line 36 |
Thread.Sleep(20000) in LINQ string expression — compiles but contradicts Thread-to-Task migration; blocks thread-pool thread |
Medium | Replace with Task.Delay(20000).Wait() or add comment explaining the limitation |
| 3 | Lines 7–9 | "See the WIKI" dead references — no actual links or page names provided | Medium | Add specific links to relevant wiki pages |
| 4 | Line ~3 | Typo "seperate" should be "separate" (appears twice: line ~3 and line ~69) | Low | Fix both instances |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~8 |
private static List<IDisposable> _extraQueueContainers; declared but never initialized. Causes NullReferenceException on .Add(). |
Medium | Fix to = new List<IDisposable>()
|
| 2 | Line ~49 | Typo "accssed" should be "accessed" | Low | Fix typo |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 18–23 |
AddUpdateJob signature passes queueName and connectionString as separate string arguments. Current API may require QueueConnection object instead. Pre-QueueConnection overload may no longer exist. |
High | Verify IJobScheduler.AddUpdateJob overload signatures; update to use QueueConnection if separate string overload is removed |
Assigned to: Phase 4
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| — | — | No discrepancies found. Clock sync, single-second tolerance, common time provider constraints all accurate. | — | No action required |
Assigned to: Phase 4 (security caveats only — page otherwise excluded)
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 74–89 | SHA256 password hashing documented without security caveat | High (Security) | Add caveat warning (see Security Caveats section, finding #3) |
| 2 | Lines 42–44, 58 | HTTP base URL http://localhost:5000 used without HTTPS note |
High (Security) | Add note that production requires https:// (finding #4) |
Assigned to: Phase 4 (security caveats only — page otherwise excluded)
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Lines 141–144 |
options.ApiKey = "my-secret-key" hardcoded with no secrets-management guidance |
High (Security) | Add security note to read from environment variable or vault (finding #5) |
| 2 | Lines 84–112 | TripleDES Key/IV in appsettings.json with no warning about source-control exposure |
High (Security) | Add warning about not committing secrets to source control (finding #6) |
Assigned to: Phase 5
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| 1 | Line ~27 | Typo "Additonal" should be "Additional" (SQL Server "Additional dequeue columns" entry) | Low | Fix typo |
| 2 | Line ~32 | Typo "Additonal" should be "Additional" (SQLite entry — same typo) | Low | Fix typo |
| 3 | Line ~34 | Typo "Additonal" should be "Additional" (PostGre entry — same typo, third instance) | Low | Fix typo |
| 4 | Line ~29 | Typo "Posion" should be "Poison" (Redis Poison Messages entry) | Low | Fix typo |
| 5 | Line ~33 | Display name "PostGre" vs PostgreSQL — cosmetic inconsistency with product name | Low | Consider changing display text to "PostgreSQL" (link target PostGreTransport unchanged) |
Assigned to: Phase 5
| # | Location | Issue | Severity | Action |
|---|---|---|---|---|
| — | — | Not audited in this phase. | — | Review in Phase 5 consistency pass |
The following pages were fully audited and confirmed accurate:
| Page | Audited By | Notes |
|---|---|---|
Producer.md |
findings-core.md |
CreateProducer<T> factory confirmed correct |
ProducerLinq.md |
findings-core.md | Both Send overloads confirmed correct |
MaintenanceMode.md |
findings-observability.md | All interfaces and patterns accurate |
SchedulerRedundancy.md |
findings-observability.md | Redundancy constraints accurate |
FatalExceptionDelayConfiguration.md |
findings-migration.md | No thread references; not otherwise audited |
HeartBeatConfiguration.md |
findings-migration.md | No thread references; not otherwise audited |
MessageExpirationConfiguration.md |
findings-migration.md | No thread references; not otherwise audited |
QueueDelayConfiguration.md |
findings-migration.md | No thread references; not otherwise audited |
RetryDelayConfiguration.md |
findings-migration.md | No thread references; not otherwise audited |
TimeConfiguration.md |
findings-migration.md | No thread references; not otherwise audited |
TransportConfiguration.md |
findings-migration.md | No thread references; not otherwise audited |
| CONCERNS.md Item | Status | Notes |
|---|---|---|
Deprecated notifications.Log logging API |
Confirmed Critical | Confirmed broken in findings-core.md; API fully removed, not shimmed. Also confirmed in all 6 transport pages via CONCERNS.md evidence. |
Home.md stray n and duplicate 2)
|
Confirmed High | Confirmed in findings-observability.md |
Trace.md is a stub |
Confirmed Critical | Confirmed in findings-observability.md; full content specification provided |
Usage.md is underdeveloped |
Confirmed High | Confirmed in findings-core.md |
Admin.md near-stub |
Confirmed High | Confirmed in findings-observability.md; additional finding: CreateAdminFunctions may not exist |
| Redis tested-platform versions 3.0.x | Confirmed High | Confirmed in findings-transports.md |
SQLite Version=3 deprecated |
Not Confirmed | findings-transports.md confirmed driver is System.Data.SQLite.Core where Version=3 IS valid. Concern resolved — no action needed. |
ProducerConfiguration.md near-stub |
Confirmed Medium→High | Confirmed in findings-core.md with additional detail |
ConsumerAsyncConfiguration.md omits MessageHistory |
Confirmed High | Confirmed in findings-core.md |
| "PostGre" sidebar naming | Confirmed Low | findings-transports.md confirms convention is intentional and consistent; Low severity, cosmetic only |
Home.md feature list incomplete |
Confirmed Medium | findings-observability.md confirms |
MessageInterception.md spelling errors |
Confirmed Medium | findings-observability.md confirms all 5 typos |
| "requries" typo on transport pages | Confirmed Medium | findings-transports.md + findings-observability.md; affects SqlServer, PostGre, LiteDb, SQLite transport pages |
LiteDbTransport.md unescaped backslash |
Confirmed Critical | findings-transports.md escalates to Critical (code is functionally broken, not just misleading) |
Scheduler.md mixes SQL Server init with SQLite connection string |
Confirmed Medium | findings-observability.md confirms |
| "See the WIKI" dead references in Scheduler | Confirmed Medium | findings-observability.md confirms |
| SHA256 password storage without caveat | Confirmed High (Security) | findings-security.md findings #3 and #4; escalated to High given SECURITY.md requirements |
| Grafana screenshot hotlinked | Confirmed Medium | findings-observability.md confirms |
| Dummy TripleDES key/IV without warning | Confirmed High (Security) | findings-security.md findings #1 and #2; escalated to High |
| "explictly" typo in Logging.md | Confirmed Low | findings-observability.md confirms |
| "seperate" typo in Scheduler.md | Confirmed Low | findings-observability.md confirms (×2) |
| "canelazation" typo in Consumer.md | Confirmed Low | CONCERNS.md only; not contradicted by audit |
| "amoong" typo in Usage.md | Confirmed Low | CONCERNS.md only; not contradicted by audit |
| Inconsistent heading levels | Noted Low | Not individually audited; carry forward to Phase 5 |
| "Additonal" and "Posion" typos in sidebar | Confirmed Low | findings-observability.md confirms |
Dashboard.md heading says "Dashboard API" |
Confirmed Low | CONCERNS.md only; Dashboard pages are out of scope except DashboardUi and DashboardConfiguration |
Transports.md content unknown |
Resolved | findings-transports.md audited it fully — 4 findings |
notifications.Log removal timeline |
Resolved | API confirmed removed, not shimmed |
| SQLite driver in use | Resolved |
System.Data.SQLite.Core confirmed; Version=3 is valid |
| History support for Memory transport | Unresolved | findings-observability.md could not confirm from core source; open for Phase 4 author |
| ConsumerLinq/ConsumerLinqAsync depth | Resolved | findings-core.md audited both; findings recorded above |
| # | File | Finding | Severity |
|---|---|---|---|
| N1 | Consumer.md |
Start<T> missing ConsumerQueueNotifications second parameter — will not compile |
Critical |
| N2 | ConsumerAsync.md |
Start<T> missing ConsumerQueueNotifications second parameter — will not compile |
Critical |
| N3 | ConsumerLinq.md |
Start() missing ConsumerQueueNotifications parameter — will not compile |
Critical |
| N4 | WorkerConfiguration.md |
AbortWorkerThreadsWhenStopping removed from source; entire section is dead code |
Critical |
| N5 | TaskSchedulerConfiguration.md |
WaitForTheadPoolToFinish typo — property name misspelled, will not compile |
Critical |
| N6 | PostGreQueueCreationOptions.md |
EnableHoldTransactionUntilMessageCommited typo — wrong property name, will not compile |
Critical |
| N7 | SqlServerQueueCreationOptions.md |
EnableHoldTransactionUntilMessageCommited typo — wrong property name, will not compile |
Critical |
| N8 | RedisOptions.md |
DelayedProcessingMonitorTime does not exist; correct path is .DelayedProcessingConfiguration.MonitorTime
|
Critical |
| N9 | MessageInterception.md |
IMessageInterceptor interface documentation incomplete; MessageInterceptorResult return type unexplained |
High |
| N10 | Admin.md |
CreateAdminFunctions factory method may not exist in current API |
High |
| N11 | SchedulerQueueCreation.md |
AddUpdateJob may use old pre-QueueConnection signature with separate string arguments |
High |
| N12 | DashboardConfiguration.md |
Hardcoded API key and TripleDES config in appsettings.json — security caveats missing | High |
| N13 | ConsumerAsyncWorkGroup.md |
AddWorkGroup third parameter may not exist in source |
High |
| N14 |
Consumer.md / ConsumerAsync.md
|
IWorkerNotification property surface incompletely documented |
Medium |
| N15 | ConsumerConfiguration.md |
Missing MessageError configuration link |
Medium |
| N16 | ConsumerAsyncConfiguration.md |
Missing MessageError configuration link |
Medium |
| N17 | PostGreOptions.md |
Page is a stub — all transport options properties undocumented | High |
| N18 | SQLiteOptions.md |
Page is a stub — all transport options properties undocumented | High |
| N19 | LiteDbOptions.md |
Page is a stub — all transport options properties undocumented | High |
| N20 | RedisTransport.md |
Feature list incomplete (priority, routing, heartbeat, status all always-on but unlisted) | Medium |
| N21 | RedisOptions.md |
ClearErrorMessagesBatchLimit not documented |
Medium |
| N22 | SQLiteQueueCreationOptions.md |
EnableHoldTransactionUntilMessageCommitted missing from page entirely |
Medium |
| N23 | Scheduler.md |
Thread.Sleep in LINQ example contradicts Thread-to-Task migration |
Medium |
| N24 | SchedulerTimeSettings.md |
_extraQueueContainers list uninitialized — NullReferenceException in code example |
Medium |
| N25 | Logging.md |
Automatic ILogger scope injection claim unconfirmed | Medium |
| N26 | MessageHistory.md |
Memory transport history support claim unverified | Medium |
| N27 | MessageHistory.md |
IHistoryConfiguration property list not fully verified against source |
Medium |
| N28 | LiteDbTransport.md |
Feature list missing routing and history; no note that priority is unsupported | Medium |
| N29 | MemoryTransport.md |
No NuGet package clarification for MemoryMessageQueueInit vs MemoryDashboardInit
|
Medium |
| N30 | UserDequeueColumns.md |
SQL Server-specific SqlParameter used without transport qualification |
Medium |
For any issues please use the GitHub issues