Summary

• P1-A: Replace broken [ThreadStatic] OAuth pattern with CERTInextOAuthAuthenticator : AuthenticatorBase — bearer token now injected per-request
• P1-B: Add blockingBuffer.CompleteAdding() in finally block in Synchronize — sync stream now terminates correctly
• P2-A: Ping() now checks _config.Enabled and returns early when disabled
• P2-B: Add DomainName, SignerName, SignerPlace, SignerIp to GetTemplateParameterAnnotations() — these were in the manifest but invisible in the Command UI
• P2-C: Fix RenewalWindowDays semantics to Option A — renew only when cert expires within the next N days, not "unless expired >N days ago"
• P3-A: Add ExecuteWithRetryAsync — 3 attempts on 5xx/network errors, immediate return on 4xx
• P3-C: CERTInextClient now implements IDisposable; disposes RestClient and SemaphoreSlim
• GroupNumber: Added as connector config field; GetProductDetailsAsync now passes it — fixes empty product list on accounts that require it
• Product response model: Fix GetProductDetailsResponse deserialization — API returns nested category envelope (productDetails[].products[]), not a flat list

Tests

• 104 unit tests pass (new tests for every P1-P3 fix: OAuth header injection, CompleteAdding, Ping disabled, renewal window semantics, retry logic)
• Integration tests overhauled: removed stale hardcoded-order tests, added LifecycleTests (enroll → sync → revoke), all empty-account tests skip gracefully

Makefile / scripts

• All API curl targets extracted from Makefile into individual scripts under scripts/
• Shared HMAC signing in scripts/lib/certinext-auth.sh
• New targets: generate-order-149-fresh, probe-endpoints, get-field-details, list-cas, create-product

Analysis docs

• analysis/certinext-caplugin/postman-api-findings.md — sandbox API findings: product codes (global per environment, not per-account), AgreementAcceptance endpoint, DCV numeric method codes, product management API confirmed absent

Test plan

• dotnet test certinext-caplugin.sln — all 104 unit tests pass
• dotnet test CERTInext.IntegrationTests/ — 4 pass, 4 skip (fresh sandbox account; lifecycle test unblocked once product 149 auto-approval is enabled in the portal)
• make ping — ValidateCredentials succeeds
• make get-product-details-group — returns full product list
• make orders — returns order report