Close all 9 DSL migration gaps (spec 038): identity resolution pipeline + Nodes/Teams/OTel fixes

[MrHinsh]

Summary

Closes all 9 open gaps in analysis/dsl-gaps-detected.md (GAP-001 → GAP-009) — spec 038-close-dsl-gaps. All gaps are marked Status: RESOLVED (0 OPEN). Green on net10 and net481; full suite 1,411 passed / 2 skipped (live ADO) / 0 failed.

What changed

Identity resolution pipeline (GAP-001) — the headline work:

• New abstractions in Abstractions.Agent/Identity: IIdentityAdapter, IdentityCandidate, IIdentityMatchingStrategy (+ IdentityMatch).
• IdentitiesOrchestrator.PrepareAsync implements resolution steps 2–3 (UPN → display-name) against the target tenant, caches results, writes prepare-report.json, emits the identity.prepare span + identity.adapter.query child spans + the full prepare metric set.
• IIdentityTranslationTool.Translate() (renamed from IIdentityLookupTool.Resolve() — history preserved via git mv) reads the cache synchronously. Adds DefaultIdentity.
• All three connectors implement IIdentityAdapter (FR-005/019): SimulatedIdentityAdapter, AzureDevOpsIdentityAdapter (ADO SDK IdentityHttpClient), TfsIdentityAdapter (net481, reduced-capability empty+Warning). Dispatched by CompositeIdentityAdapter on target connector type via AddIdentityAdapter<T>.
• Matching strategies own their adapter fetch (ResolveAsync) — no magic-string dispatch in the orchestrator.

Other gaps:

• GAP-002/003: NodesModule ReplicateSourceTree skip-guard; _NodeTransformTool→_nodeTranslationTool; INodeEnsurer confirmed absent.
• GAP-004: default-team structured warning verified.
• GAP-005: TeamImportOrchestrator.TranslatePath() returns null on untranslatable (no silent pass-through); callers skip + warn.
• GAP-006: skip team members whose identity resolves to the configured default.
• GAP-007: deleted the architecturally-impossible CLI @us1-write-idempotency scenario (CLI has no package-fs access — Principle VI).
• GAP-008/009: OTel in-memory exporter tests (ExportMetricsTests, per-test-scoped MeterProvider).

Compliance: net481 guard remediation (FR-018/020 — removed non-compliant interface + DI-hiding #if guards); observability gate applied; doc-sync (.agents/30-context, operator-guide, configuration-reference).

Reviewer notes / known divergences (tracked in specs/038-close-dsl-gaps/discrepancies.md)

• ATDD form: scenarios are covered by code-first DSL + unit + live SystemTests (this repo's evolved convention), not new Reqnroll bindings. The stale identity feature file rewrite is the remaining cleanup.
• ImportAsync tool-param retained as a deliberate DI-cycle-avoidance seam (tool→orchestrator dependency); full lifecycle consolidation is a focused follow-up.
• Metric names are platform.workitems.export.* (the spec's migration.* names were illustrative) — D-007.
• Stale "TFS is source-only" comments across pre-existing files spawned as a separate cleanup task — D-006.

Validation

• dotnet build --no-incremental — 0 errors (net10 + net481).
• dotnet test — 1,411 passed / 2 skipped / 0 failed across 10 assemblies.

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Improved identity resolution with UPN and display-name matching plus connector-specific adapters.
  • New agent-context extension to refresh the managed Spec Kit section in agent context files.

• Improvements

  • Identity translation seam with configurable fallbacks and clearer skip-and-warn behaviours for teams and nodes.
  • Nodes import now skips when replication is disabled.
  • Deterministic per-test OpenTelemetry metrics support.

• Documentation

  • Expanded spec, plan, quickstart and operator guides for DSL migration gap closure.

[coderabbitai]

Warning

Review limit reached

@MrHinsh, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 38 minutes and 42 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 21d6f378-a7bd-4c48-9d85-daf3811ff3aa

📥 Commits

Reviewing files that changed from the base of the PR and between c31e6b7 and 99d80bd.

📒 Files selected for processing (3)

• .agents/20-guardrails/workflow/testing-rules.md
• specs/038-close-dsl-gaps/discrepancies.md
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/AzureDevOpsIdentityAdapterSystemTests.cs

Walkthrough

Replaces identity-lookup with an identity-translation seam: adds prepare-phase resolution, new adapter/matching strategy contracts, keyed composite adapter dispatch, DI/service renames, orchestrator prepare/import changes, connector adapters, scripts, comprehensive tests and spec/docs updates.

Changes

Identity Translation and Prepare Pipeline

Layer / File(s)	Summary
Identity contracts and DI wiring src/.../IIdentityTranslationTool.cs, src/.../IIdentityAdapter.cs, src/.../IIdentityMatchingStrategy.cs, src/.../FactoryRegistrationExtensions.cs, src/.../IdentityServiceCollectionExtensions.cs	Adds the identity-translation interface (Translate, DefaultIdentity), adapter and matching-strategy contracts, composite keyed adapter registration (AddIdentityAdapter<T>("typeKey")) and DI registrations.
Orchestrator and module changes src/.../IdentitiesOrchestrator.cs, src/.../IdentitiesModule.cs, src/.../WorkItems*, src/.../Teams/TeamImportOrchestrator.cs, src/.../NodesModule.cs	Adds PrepareAsync + cached prepared mappings, ResolvePrepared, switches ImportAsync and consumers from lookup→translation tool, delegates prepare reporting to orchestrator, adds NodesModule early-skip when ReplicateSourceTree=false, and tightens TranslatePath/null semantics.
Connector adapters and client factory src/...AzureDevOps/...AzureDevOpsIdentityAdapter.cs, src/...Simulated/SimulatedIdentityAdapter.cs, src/...TfsObjectModel/TfsIdentityAdapter.cs, src/...AzureDevOps/Platform/AzureDevOpsClientFactory.cs	Implements Azure DevOps adapter using IAzureDevOpsClientFactory identity client, deterministic Simulated adapter, and reduced-capability TFS adapter (returns empty + structured warning).
Identity translation tool & options src/.../Tools/IdentityTranslation/*, src/.../Options/IdentityTranslationOptions.cs	Renames/implements IdentityTranslationTool (mapping.json → prepared cache → orchestrator prepared resolution → default → pass-through), adds DefaultIdentity, Initialize/WriteUnresolved behaviour, and options binding.
Factory/wiring and service registration src/.../Connectors/CompositeIdentityAdapter.cs, src/.../FactoryRegistrationExtensions.cs, src/.../ModuleServiceCollectionExtensions.cs	Adds CompositeIdentityAdapter dispatch by ConnectorType, KeyedIdentityAdapter descriptor, AddIdentityAdapter<T> registration helper, and updates module wiring to register strategies and translation tool services.
Scripts, agent extension & config .specify/extensions/agent-context/*, .agents/agents/*, .specify/extensions.yml, .specify/init-options.json, .specify/integration.json	Adds agent-context extension, Bash/PowerShell scripts to refresh managed SPECKIT block, updates integration/init defaults and installs the extension; updates SPECKIT pointers in AGENTS/CLAUDE docs.
Docs, specs and features specs/038-close-dsl-gaps/**, docs/**, features/**, analysis/dsl-gaps-detected.md	Adds full feature/spec/plan/research/checklists/quickstart for closing DSL gaps, documents new contracts and behaviours, records resolved gaps and discrepancies.
Tests tests/**	Adds unit and integration tests: matching strategies, CompositeIdentityAdapter, AzureDevOps/TFS/Simulated adapters, IdentitiesOrchestrator.Prepare tests, ExportMetrics in-memory OTel tests, and many updated existing tests to use IIdentityTranslationTool.

Sequence Diagram(s)

sequenceDiagram
  participant Agent
  participant IdentitiesModule
  participant IdentitiesOrchestrator
  participant CompositeIdentityAdapter
  participant AzureDevOpsIdentityAdapter
  participant IdentityHttpClient
  participant IdentityTranslationTool
  participant WorkItemsOrchestrator

  Agent->>IdentitiesModule: Prepare
  IdentitiesModule->>IdentitiesOrchestrator: PrepareAsync(context, org, proj)
  IdentitiesOrchestrator->>CompositeIdentityAdapter: select adapter by ConnectorType
  CompositeIdentityAdapter->>AzureDevOpsIdentityAdapter: FindByUpn/FindByDisplayName(...)
  AzureDevOpsIdentityAdapter->>IdentityHttpClient: ReadIdentitiesAsync(query)
  IdentityHttpClient-->>AzureDevOpsIdentityAdapter: candidates
  AzureDevOpsIdentityAdapter-->>IdentitiesOrchestrator: IdentityCandidate[]
  IdentitiesOrchestrator->>IdentityTranslationTool: persist prepared mappings
  IdentitiesModule->>IdentitiesOrchestrator: ImportAsync(identityTranslationTool,...)
  WorkItemsOrchestrator->>IdentityTranslationTool: Translate(sourceDescriptor)
  IdentityTranslationTool-->>WorkItemsOrchestrator: targetDescriptor / Default / passthrough

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• nkdAgility/azure-devops-migration-platform#118 — overlaps on identities/orchestrator routing and prepare-flow changes.
• nkdAgility/azure-devops-migration-platform#115 — related work on WorkItems orchestration wiring and identity-tool dependency changes.

Poem

Identities mapped, a seam new-spun,
Adapters whisper, strategies run.
Prepare writes truth, translations reply,
Tests count metrics, warnings fly.
Merge with care — clean, strict, and done.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 038-close-dsl-gaps

[chatgpt-codex-connector]

💡 Codex Review

azure-devops-migration-platform/src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationTool.cs

Lines 163 to 166 in fbff1d6

	foreach (var uniqueName in _allUniqueNames)
	{
	if (!_overrides.ContainsKey(uniqueName))
	unresolved.Add(uniqueName);

Exclude prepared matches from unresolved output

When a descriptor is auto-resolved by Prepare but has no explicit mapping.json override, this loop still adds it to Identities/unresolved.json because it checks only _overrides. That produces a false unresolved report for every UPN/display-name match, so operators or validation that consume the import output will treat successfully translated identities as failures.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 14

Note

Due to the large number of review comments, Critical, Major severity comments were prioritized as inline comments.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/DevOpsMigrationPlatform.Abstractions.Agent/Export/IRevisionFolderProcessorFactory.cs (1)

10-13: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update XML doc to reflect the renamed parameter.

The summary still refers to "identity lookup tool" but the parameter was renamed from IIdentityLookupTool? to IIdentityTranslationTool?. Update line 12 accordingly.

📝 Proposed fix

 /// <summary>
 /// Creates WorkItem resolution processors wired to a specific import target,
-/// id-map store, checkpointing service, identity lookup tool, and artefact store.
+/// id-map store, checkpointing service, identity translation tool, and artefact store.
 /// Injected into module classes to avoid constructing infrastructure types directly.
 /// </summary>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/DevOpsMigrationPlatform.Abstractions.Agent/Export/IRevisionFolderProcessorFactory.cs`
around lines 10 - 13, The XML doc summary for IRevisionFolderProcessorFactory
still says "identity lookup tool" but the parameter/type was renamed to
IIdentityTranslationTool; update the summary text to "identity translation tool"
(and scan the IRevisionFolderProcessorFactory XML comment and any related XML
doc for the same phrase to ensure consistency with the new
IIdentityTranslationTool symbol).

🟡 Minor comments (11)

.agents/skills/speckit-specify/SKILL.md-251-251 (1)

251-251: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add fence languages to satisfy markdownlint MD040.

Line 251 and Line 259 open fenced code blocks without a language identifier, which will keep lint noisy and can block strict doc checks.

Suggested patch

-    ```
+    ```text
     ## Extension Hooks

     **Automatic Hook**: {extension}
     Executing: `/{command}`
     EXECUTE_COMMAND: {command}
-    ```
+    ```
@@
-    ```
+    ```text
     ## Extension Hooks

     **Optional Hook**: {extension}
     Command: `/{command}`
     Description: {description}

     Prompt: {prompt}
     To execute: `/{command}`
-    ```
+    ```

Also applies to: 259-259

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/speckit-specify/SKILL.md at line 251, Two fenced code blocks
in SKILL.md (the blocks containing "## Extension Hooks" for Automatic Hook and
Optional Hook) lack a language identifier and trigger markdownlint MD040; update
each opening fence from ``` to ```text so both blocks start with ```text to
satisfy the linter and keep doc checks green. Locate the two code fences around
the "Automatic Hook" and "Optional Hook" sections and replace their opening
backtick triples with ```text.

.specify/extensions/agent-context/scripts/powershell/update-agent-context.ps1-70-72 (1)

70-72: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Don’t swallow exceptions silently in fallback paths.

These empty catch blocks hide why context refresh was skipped, which makes support and CI troubleshooting harder. Keep the non-fatal flow, but emit diagnostic detail.

Suggested change

-    } catch {
-        # fall through to Python fallback
-    }
+    } catch {
+        Write-Verbose ("agent-context: ConvertFrom-Yaml failed, falling back to Python parser: {0}" -f $_.Exception.Message)
+    }
@@
-    } catch {
-        # Non-fatal: continue without a plan path.
-    }
+    } catch {
+        Write-Verbose ("agent-context: plan discovery failed; continuing without plan path: {0}" -f $_.Exception.Message)
+    }

Also applies to: 182-184

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
@.specify/extensions/agent-context/scripts/powershell/update-agent-context.ps1
around lines 70 - 72, The empty catch blocks that "fall through to Python
fallback" are swallowing exceptions; update those catch blocks (the one with
comment "fall through to Python fallback" and the similar block at the later
occurrence) to log diagnostic details but continue execution: capture the
current exception (e.g. $_ / $PSItem) and write a concise diagnostic line using
Write-Error or Write-Verbose including the exception message and stack trace,
then keep the existing non-fatal fallback behavior so the script still attempts
the Python path.

.agents/skills/speckit-implement/SKILL.md-196-202 (1)

196-202: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add language identifiers to the new fenced code blocks.

Line 196 and Line 204 use plain triple-backtick fences without a language tag, which violates MD040 and can fail markdown lint checks.

Suggested patch

-    ```
+    ```text
     ## Extension Hooks
@@
-    ```
+    ```text
     ## Extension Hooks

Also applies to: 204-213

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/speckit-implement/SKILL.md around lines 196 - 202, Add
explicit language identifiers to the plain triple-backtick fenced code blocks in
the SKILL.md sections that contain the "## Extension Hooks" block and the block
showing "Automatic Hook: {extension} Executing: `/{command}` EXECUTE_COMMAND:
{command}"; replace the opening ``` with ```text (or another appropriate
language tag) for both fenced blocks so they pass MD040 markdown-lint checks
while preserving the existing block content and formatting.

.agents/skills/speckit-plan/SKILL.md-87-93 (1)

87-93: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Specify fence languages in the added hook output examples.

Line 87 and Line 95 use untyped fenced blocks; markdownlint MD040 expects a language tag and may fail doc checks.

Suggested patch

-    ```
+    ```text
     ## Extension Hooks
@@
-    ```
+    ```text
     ## Extension Hooks

Also applies to: 95-104

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/speckit-plan/SKILL.md around lines 87 - 93, Replace the
untyped fenced code blocks that show the "## Extension Hooks" example (the block
containing "Automatic Hook: {extension}", "Executing: `/{command}`", and
"EXECUTE_COMMAND: {command}") and the later example (lines ~95-104) with
language-tagged fences (e.g., change ``` to ```text) so markdownlint MD040
passes; update both occurrences that wrap those hook output examples to use a
language like "text".

docs/configuration-reference.md-857-860 (1)

857-860: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix phase and terminology drift in IdentityTranslation docs.

The section currently says identity translation is for export and still references an “identity lookup store”. That conflicts with the migrated prepare/import translation flow and can mislead operators.

✏️ Suggested doc patch

- The `IdentityTranslation` tool (`Tools.IdentityTranslation`) controls automatic identity resolution during export.
+ The `IdentityTranslation` tool (`Tools.IdentityTranslation`) controls automatic identity translation during prepare/import.

-> **Relationship to `Modules.Identities.DefaultIdentity`**: The `IdentitiesModule` has its own `DefaultIdentity` field for identities that cannot be resolved via the identity lookup store.
+> **Relationship to `Modules.Identities.DefaultIdentity`**: The `IdentitiesModule` has its own `DefaultIdentity` field for identities that cannot be resolved via the identity translation pipeline.

As per coding guidelines, architectural intent and explanations are documented in /docs/*.

Also applies to: 883-883

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/configuration-reference.md` around lines 857 - 860, Update the
IdentityTranslation docs to reflect the prepare/import phase (not export) and
standardize terminology: change the description of
Tools.IdentityTranslation/IdentityTranslation tool to state it controls
automatic identity resolution during the prepare/import translation flow and
that it maps source identity strings (UPNs, display names) to target identity
descriptors using the configured "identity store" (remove or replace "identity
lookup store" phrasing). Also apply the same terminology and phase correction to
the corresponding paragraph referenced at the other occurrence (around the
second mention).

analysis/dsl-gaps-detected.md-228-228 (1)

228-228: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Format identifier names as code to avoid markdown emphasis parsing errors.

Line 228 triggers MD037 due to underscore emphasis parsing. Use backticks for symbol names.

Proposed fix

-**Status:** RESOLVED (2026-06-04) — NodesModule.ImportAsync now returns Skipped without calling INodesOrchestrator when ReplicateSourceTree is false (FR-007); _NodeTransformTool renamed to _nodeTranslationTool (FR-017); INodeEnsurer-based scenarios removed. Verified by NodesModuleTests.
+**Status:** RESOLVED (2026-06-04) — NodesModule.ImportAsync now returns Skipped without calling INodesOrchestrator when ReplicateSourceTree is false (FR-007); `_NodeTransformTool` renamed to `_nodeTranslationTool` (FR-017); INodeEnsurer-based scenarios removed. Verified by NodesModuleTests.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@analysis/dsl-gaps-detected.md` at line 228, Replace plain-text symbol names
on the documented line with inline code formatting to avoid MD037 underscore
emphasis: surround identifiers like NodesModule.ImportAsync,
ReplicateSourceTree, INodesOrchestrator, _nodeTranslationTool (formerly
_NodeTransformTool), INodeEnsurer, and NodesModuleTests with backticks so they
render as `NodesModule.ImportAsync`, `ReplicateSourceTree`,
`INodesOrchestrator`, ``_nodeTranslationTool`` (or ``_NodeTransformTool`` when
mentioning the old name), `INodeEnsurer`, and `NodesModuleTests` in the
markdown.

.agents/skills/speckit-tasks/SKILL.md-106-123 (1)

106-123: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add language identifiers to the new fenced hook output examples.

Line 106 and Line 114 use unlabeled fenced blocks, which triggers markdownlint MD040 and weakens downstream rendering/validation consistency.

Proposed fix

-    ```
+    ```text
     ## Extension Hooks

     **Automatic Hook**: {extension}
     Executing: `/{command}`
     EXECUTE_COMMAND: {command}
-    ```
+    ```

-    ```
+    ```text
     ## Extension Hooks

     **Optional Hook**: {extension}
     Command: `/{command}`
     Description: {description}

     Prompt: {prompt}
     To execute: `/{command}`
-    ```
+    ```

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/speckit-tasks/SKILL.md around lines 106 - 123, Update the two
unlabeled fenced code blocks in the SKILL.md hook examples to include a language
identifier (use "text") so markdownlint MD040 is satisfied: change the fenced
block that shows the "Automatic Hook" example (the block containing "##
Extension Hooks", "**Automatic Hook**: {extension}", "Executing: `/{command}`",
and "EXECUTE_COMMAND: {command}") to start with ```text, and likewise change the
fenced block used for the "Optional Hook" example (the block containing
"**Optional Hook**: {extension}", "Command: `/{command}`", "Description:
{description}", "Prompt: {prompt}", "To execute: `/{command}`") to start with
```text.

specs/038-close-dsl-gaps/tasks.md-300-320 (1)

300-320: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add language hints to fenced code blocks (MD040).

These blocks are currently untyped, which keeps markdownlint warnings active.

Suggested fix

-```
+```text
 Group A (all parallelizable after T013):
   T008: IIdentityAdapter.cs
...
-```
+```text
 Phase 2 (guard refactor) + Phase 7 (US6 deletion) + Phase 8 (US7 OTel) — fully independent, can run concurrently
...
-  ```
+  ```csharp
   // SPDX-License-Identifier: AGPL-3.0-only
   // Copyright (c) Naked Agility Limited

</details>


Also applies to: 324-328, 362-365

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @specs/038-close-dsl-gaps/tasks.md around lines 300 - 320, Several fenced
code blocks in specs/038-close-dsl-gaps/tasks.md are missing language hints
(markdownlint MD040); update each untyped triple-backtick block (for example the
"Group A ..." list block and the license/header block shown in the diff) to
include an appropriate language identifier (e.g., ```text for plain lists and

fences around the shown ranges (including the other occurrences noted at the end
of the comment) and add matching language tags so all ``` blocks are annotated.

.agents/skills/speckit-clarify/SKILL.md-251-257 (1)

251-257: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language identifier to the fenced block (MD040).

The fenced block should declare a language to satisfy markdownlint and keep docs checks clean.

Suggested fix

-    ```
+    ```text
     ## Extension Hooks
 
     **Automatic Hook**: {extension}
     Executing: `/{command}`
     EXECUTE_COMMAND: {command}
     ```

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/speckit-clarify/SKILL.md around lines 251 - 257, The fenced
code block under the "## Extension Hooks" section in SKILL.md lacks a language
identifier (MD040); update the opening triple-backtick for that block (the block
containing "**Automatic Hook**: {extension}" and "Executing: `/{command}`") to
include a language token (e.g., ```text) so the markdown linter passes and
documentation checks remain clean.

.agents/skills/speckit-clarify/SKILL.md-212-213 (1)

212-213: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix the step reference in checklist re-validation.

The text says checklist checks are against the spec “saved in step 7”, but the write step is step 8. That mismatch makes the execution order ambiguous.

Suggested fix

-     4. Re-evaluate each checkbox item against the **updated** spec (the version just saved in step 7).
+     4. Re-evaluate each checkbox item against the **updated** spec (the version just saved in step 8).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/speckit-clarify/SKILL.md around lines 212 - 213, Update the
checklist re-validation step text so it refers to the actual write step number:
locate the paragraph that starts "Re-evaluate each checkbox item against the
**updated** spec (the version just saved in step 7)" and change "step 7" to
"step 8" so the instruction correctly points to the spec saved in the write
step; ensure the adjacent step numbering and wording in the following line ("For
each checkbox item...") remain consistent.

specs/038-close-dsl-gaps/data-model.md-203-220 (1)

203-220: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language identifier to the relationship block (MD040).

This fenced block is missing a language tag and triggers markdownlint noise.

Suggested fix

-```
+```text
 IdentitiesModule
   → IIdentitiesOrchestrator.PrepareAsync(projectName, context, ct)
...

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @specs/038-close-dsl-gaps/data-model.md around lines 203 - 220, The fenced
code block under the IdentitiesModule section is missing a language identifier
and triggers MD040; update the block surrounding the IdentitiesModule diagram
(the triple-backtick fence that contains "IdentitiesModule →
IIdentitiesOrchestrator.PrepareAsync..." etc.) to include a language tag such as
"text" (e.g., replace withtext) so markdownlint stops flagging it; no
other content changes required.

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>🧹 Nitpick comments (6)</summary><blockquote>

<details>
<summary>specs/038-close-dsl-gaps/research.md (1)</summary><blockquote>

`28-36`: _⚡ Quick win_

**Decision 3: Factory creation pattern not addressed.**

The decision mandates constructor injection of `IIdentityTranslationTool` into `IdentitiesOrchestrator` but doesn't clarify how this interacts with factory creation. If `IdentitiesOrchestrator` (or `IIdentitiesOrchestrator`) is created via a factory (as suggested by the `IWorkItemsOrchestratorFactory` pattern in this PR), the factory would need to accept `IIdentityTranslationTool` as a parameter and pass it to the orchestrator's constructor. This doesn't contradict the decision but should be made explicit to avoid confusion during implementation.

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@specs/038-close-dsl-gaps/research.md` around lines 28 - 36, Decision text
omits factory wiring: update the factory creation path so the
constructor-injected IIdentityTranslationTool flows through instead of passing
it to ImportAsync; specifically, modify the factory that constructs
IdentitiesOrchestrator (e.g., IWorkItemsOrchestratorFactory or any factory
creating IIdentitiesOrchestrator) to accept an IIdentityTranslationTool
parameter (or resolve it from DI) and pass it into the IdentitiesOrchestrator
constructor so IIdentitiesOrchestrator.ImportAsync no longer takes
IIdentityLookupTool? and the orchestrator uses its constructor-injected
IIdentityTranslationTool internally.
```

</details>

</blockquote></details>
<details>
<summary>src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/NodesModule.cs (1)</summary><blockquote>

`254-264`: _⚡ Quick win_

**Redundant parameter: `_options.ReplicateSourceTree` is always `true` at the call site.**

The new guard (lines 256–260) returns early when `ReplicateSourceTree` is `false`, so by the time execution reaches line 264, `_options.ReplicateSourceTree` is guaranteed to be `true`. Passing it to the orchestrator is redundant. Either remove the parameter from the orchestrator method signature (if no other callers need it) or just pass `true` directly here to make the invariant explicit.




<details>
<summary>♻️ Proposed fix (pass literal `true`)</summary>

```diff
         await _orchestrator.ImportAsync(
             context, _sourceEndpointInfo, _targetEndpointInfo,
-            _checkpointingFactory, _options.ReplicateSourceTree, ct).ConfigureAwait(false);
+            _checkpointingFactory, replicateSourceTree: true, ct).ConfigureAwait(false);
```
</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/NodesModule.cs`
around lines 254 - 264, The call to _orchestrator.ImportAsync passes
_options.ReplicateSourceTree even though the preceding guard returns when that
flag is false, making the argument redundant; update the call-site in
NodesModule (the await _orchestrator.ImportAsync(...) invocation) to remove the
redundant boolean by either (preferred) changing the orchestrator method
signature ImportAsync to drop the replicate-source-tree parameter and update all
callers accordingly, or (quicker) pass the literal true at this call to make the
invariant explicit; ensure you update any overloads/usages of
_orchestrator.ImportAsync to match the chosen signature change and run
tests/build to confirm no other call-sites break.
```

</details>

</blockquote></details>
<details>
<summary>specs/038-close-dsl-gaps/checklists/requirements.md (1)</summary><blockquote>

`81-81`: _💤 Low value_

**Inconsistent spelling: "modelled" vs "modeled".**

Line 81 uses "modelled" whilst line 81 also contains "modeled" in a different phrase. Pick one spelling variant (British English "modelled" or American English "modeled") and use it consistently throughout the document.

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@specs/038-close-dsl-gaps/checklists/requirements.md` at line 81, The document
uses inconsistent spellings "modelled" and "modeled"; choose one variant (e.g.,
American "modeled" or British "modelled") and make all occurrences consistent,
including the phrase containing IdentityTranslationOptions.DefaultIdentity
(e.g., change "configured default identity modelled via
IdentityTranslationOptions.DefaultIdentity" to use the chosen spelling) and scan
the entire file for other instances to update them to the same variant.
```

</details>

</blockquote></details>
<details>
<summary>specs/038-close-dsl-gaps/discrepancies.md (1)</summary><blockquote>

`10-20`: _⚡ Quick win_

**Table ordering: IDs are in reverse order.**

The discrepancy IDs run D-000, D-007, D-006, D-005, D-004, D-003, D-002, D-001. Whilst reverse chronological order might reflect discovery sequence, a status table is typically sorted by ID in ascending order (D-000, D-001, D-002, …) for easier reference and lookup. Consider reordering.

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@specs/038-close-dsl-gaps/discrepancies.md` around lines 10 - 20, The
discrepancies table is ordered in reverse (D-000, D-007, D-006, …) which hinders
lookup; reorder the table rows so IDs are ascending (D-000, D-001, D-002, …)
while preserving the header row and each row's exact content/status/resolution;
update only the row ordering in specs/038-close-dsl-gaps/discrepancies.md (the
pipe-delimited Markdown table block) and do not change any cell text or
punctuation.
```

</details>

</blockquote></details>
<details>
<summary>src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IIdentityMatchingStrategy.cs (1)</summary><blockquote>

`29-31`: _⚡ Quick win_

**Clarify the purity contract so it matches the interface design.**

Line 30 says strategies perform no I/O, but `ResolveAsync` (Lines 44-46) explicitly allows adapter calls. Tighten the comment so only `Match` is described as pure.



<details>
<summary>Suggested doc fix</summary>

```diff
-/// strategies during PrepareAsync. Strategies are pure: they perform no I/O and no logging —
-/// ambiguity is surfaced via <see cref="IdentityMatch.MatchCount"/> for the orchestrator to log.
+/// strategies during PrepareAsync. <see cref="Match"/> is pure (no I/O, no logging).
+/// <see cref="ResolveAsync"/> may query the adapter, but ambiguity is surfaced via
+/// <see cref="IdentityMatch.MatchCount"/> for the orchestrator to log.
```
</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IIdentityMatchingStrategy.cs`
around lines 29 - 31, Update the interface XML docs to clarify the purity
contract: state that only the Match method is pure (performs no I/O or logging
and surfaces ambiguity via IdentityMatch.MatchCount) while ResolveAsync may
perform adapter calls or I/O; specifically edit the summary/comments on
IIdentityMatchingStrategy (and any mention of PrepareAsync) to remove the
blanket "no I/O" claim and explicitly call out Match as the pure method and
ResolveAsync as allowed to use adapters.
```

</details>

</blockquote></details>
<details>
<summary>src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationTool.cs (1)</summary><blockquote>

`74-75`: _⚡ Quick win_

**Align telemetry/log labels with `IdentityTranslation` naming.**

Old `IdentityLookup` labels remain in spans/logs. Keep naming consistent with the renamed tool to avoid fragmented telemetry and query drift.





<details>
<summary>Suggested fix</summary>

```diff
-        using var activity = s_activitySource.StartActivity("identities.lookup.initialize");
+        using var activity = s_activitySource.StartActivity("identities.translation.initialize");
...
-            "[IdentityLookup] Initialized with {DescriptorCount} descriptors, {MappingCount} mapping overrides.",
+            "[IdentityTranslation] Initialized with {DescriptorCount} descriptors, {MappingCount} mapping overrides.",
...
-            "[IdentityLookup] {Count} identit{Suffix} have no explicit mapping — written to Identities/unresolved.json.",
+            "[IdentityTranslation] {Count} identit{Suffix} have no explicit mapping — written to Identities/unresolved.json.",
```
</details>


Also applies to: 126-128, 175-176

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationTool.cs`
around lines 74 - 75, Replace legacy "IdentityLookup" telemetry/span/log labels
with "IdentityTranslation" in this class: update the
s_activitySource.StartActivity calls (e.g., change
"identities.lookup.initialize" to "identity.translation.initialize" and similar
spans) and any string labels or log messages that contain "identity(s).lookup"
so they use "identity.translation" or "IdentityTranslation" consistently; search
within IdentityTranslationTool for StartActivity and any log calls around the
initialization, lookup and finalization sections (the existing StartActivity
invocations and nearby log messages) and update their span names and labels
accordingly.
```

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.agents/30-context/domains/identity-and-mapping.md:

• Around line 76-79: The section describing the four-step resolution order
  conflicts with the earlier unresolved-identity contract: update the four-step
  text so its final clause matches the unresolved/prepare-report rules (i.e.,
  ambiguous matches and adapter failures must be surfaced as unresolved and can
  block Import/appear in PrepareAsync report, not silently fall through to
  DefaultIdentity or source pass-through). Specifically, revise the line
  describing steps (1) mapping.json override → (2) UPN match → (3) display-name
  match → (4) DefaultIdentity/source pass-through to state that ambiguous or
  adapter-failure outcomes are treated as unresolved identities reported by
  PrepareAsync (and governed by the unresolved/import-blocking rules) and leave
  IIdentityMappingService and IIdentityTranslationTool semantics unchanged.

In @.specify/extensions/agent-context/scripts/bash/update-agent-context.sh:

• Around line 44-95: The Python output is captured via command substitution into
  _raw_opts which strips trailing blank lines so empty context_markers get lost;
  replace that pattern by reading Python stdout directly into the array (e.g. use
  mapfile -t _opts_lines < <("$_python" - "$EXT_CONFIG" <<'PY' ... PY) or
  equivalent) instead of populating _raw_opts and the while-read loop, drop the
  early exit that treats fewer than 3 lines as fatal, and instead pad _opts_lines
  to length 3 with empty strings before assigning CONTEXT_FILE, MARKER_START,
  MARKER_END so empty marker lines are preserved and the downstream defaulting
  logic can run (referencing symbols: _raw_opts, _opts_lines, CONTEXT_FILE,
  MARKER_START, MARKER_END).

In @specs/038-close-dsl-gaps/data-model.md:

• Around line 84-95: The IIdentityTranslationTool interface is missing the
  DefaultIdentity property that implementations expose and orchestration logic
  depends on; add a read-only string property named DefaultIdentity to the
  interface (alongside IsEnabled and Translate) and document its purpose as the
  resolved fallback target identity used by the orchestrator/team-member skip
  behaviour so consumers can access the default identity from implementations of
  IIdentityTranslationTool.
• Around line 60-68: The doc for IIdentityMatchingStrategy is outdated: update
  the interface signature and return description to match the implemented API by
  changing Match to return the structured match result (e.g., MatchResult) instead
  of nullable string and remove the ILogger parameter; document the actual method
  signature used (Match(string sourceIdentity, string sourceDisplayName,
  IReadOnlyList candidates) or the concrete parameter list in
  the code) and describe the returned object's properties (IsMatch, IsAmbiguous,
  MatchCount and any matched descriptor field) so the spec aligns with the real
  IIdentityMatchingStrategy contract.

In @specs/038-close-dsl-gaps/quickstart.md:

• Around line 56-59: The PowerShell command uses an unsupported glob
  ("src/**/.cs") with Select-String -Path; replace this with a recursive file
  enumeration and pipe to Select-String (e.g., use Get-ChildItem -Recurse or
  Get-ChildItem -Path "src" -Filter ".cs" -Recurse piped into Select-String) so
  that the pattern "INodeEnsurer" is searched across all .cs files without relying
  on ** globbing; update the offending Select-String invocation accordingly.
• Around line 89-92: The PowerShell Select-String call uses an unsupported glob
  "features//*.feature"; replace that line so it collects .feature files with
  Get-ChildItem and pipes them to Select-String instead (e.g., use Get-ChildItem
  -Path features -Recurse -Filter *.feature | Select-String -Pattern
  "us1-write-idempotency") — update the Select-String invocation referenced in the
  snippet (the "-Path "features//*.feature"" and "-Pattern
  "us1-write-idempotency"" usage) to the piped Get-ChildItem approach so the
  search works on PowerShell.
• Around line 27-32: The quickstart test list contains incorrect test names
  causing filters to match nothing; open the quickstart markdown that lists the
  tests and replace the wrong entries with the actual test method names from the
  IdentitiesOrchestratorPrepareTests class: change
  PrepareAsync_UpnMatch_ResolvesCorrectly →
  PrepareAsync_UpnMatch_CachesResolvedTarget,
  PrepareAsync_DisplayNameMatch_ResolvesCorrectly →
  PrepareAsync_DisplayNameMatch_WhenNoUpn_CachesResolvedTarget,
  PrepareAsync_AmbiguousDisplayName_LogsWarningAndFallsBack →
  PrepareAsync_AmbiguousDisplayName_LeavesUnresolved, and
  PrepareAsync_AdapterQueryFails_ContinuesAndLogsWarning →
  PrepareAsync_AdapterThrows_ContinuesAndLeavesUnresolved; also remove or stop
  referencing the two non-existent methods
  Translate_WhenIsEnabledFalse_ReturnsSourceUnchanged and
  Translate_AfterPrepare_ReturnsCachedResult (or replace them with their correct
  equivalents) so the quickstart filter strings exactly match the actual test
  method names.

In
@src/DevOpsMigrationPlatform.Infrastructure.Agent/Connectors/CompositeIdentityAdapter.cs:

• Around line 26-34: The constructor CompositeIdentityAdapter currently builds
  _adapterTypes by overwriting duplicate keys; change it to validate each
  KeyedIdentityAdapter in registrations (verify non-null reg, non-empty reg.Key,
  and that reg.AdapterType is a concrete Type implementing the expected adapter
  interface/class) and throw a descriptive
  ArgumentException/InvalidOperationException when a duplicate reg.Key or an
  invalid reg.AdapterType is detected instead of silently replacing entries;
  perform the same validation where registrations are processed later (the logic
  around lines handling _adapterTypes at 62-63) so duplicates/invalid types are
  rejected at construction time with clear error messages naming the offending Key
  and AdapterType.

In
@src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/IdentitiesOrchestrator.cs:

• Around line 64-68: The prepare-phase resolution cache _resolutionCache on
  IdentitiesOrchestrator is shared across runs and must be reset or scoped per
  run; modify PrepareAsync (or the method that begins a new job) to either call
  _resolutionCache.Clear() at start or change _resolutionCache to a per-run map
  keyed by a runId (store and use runId in PrepareAsync and ResolvePrepared),
  ensuring all accesses (ResolvePrepared and any codepaths referenced around lines
  258-323) use the per-run key or the cleared cache so stale mappings cannot leak
  into subsequent jobs.
• Around line 410-417: The catch in IdentitiesOrchestrator.cs currently swallows
  OperationCanceledException, breaking cooperative cancellation; update the catch
  block around the adapter query so that if the caught exception is
  OperationCanceledException or TaskCanceledException (or
  ex.IsCancellationRequested if you have a CancellationToken), rethrow it instead
  of logging/continuing, otherwise log the warning as before; locate the catch
  that logs via _logger.LogWarning(...) referencing descriptor.UniqueName and
  strategy.Name and add the conditional rethrow for cancellation exceptions.

In
@src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationToolServiceCollectionExtensions.cs:

• Around line 36-42: The DI registration for IdentityTranslationTool currently
  resolves IIdentitiesOrchestrator optionally (sp.GetService) which can silently
  skip the orchestrator; change the factory to require the orchestrator by using
  sp.GetRequiredService<DevOpsMigrationPlatform.Abstractions.Agent.Modules.IIdentitiesOrchestrator>()
  when constructing IdentityTranslationTool so resolution fails at startup if the
  orchestrator is missing (update the registration that creates
  IdentityTranslationTool).

In
@src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/Identity/AzureDevOpsIdentityAdapter.cs:

• Around line 77-84: The catch-all in AzureDevOpsIdentityAdapter (the exception
  handler that currently catches Exception ex and returns
  Array.Empty for identity lookups) swallows
  OperationCanceledException and prevents cancellation from propagating; fix by
  explicitly allowing cancellation to flow—either add a specific catch
  (OperationCanceledException) { throw; } before the general catch, or change the
  general catch to catch (Exception ex) when (!(ex is OperationCanceledException)) so that OperationCanceledException is rethrown
  while preserving the existing logging and return behavior for other exceptions.

In
@src/DevOpsMigrationPlatform.Infrastructure.TfsObjectModel/Identity/TfsIdentityAdapter.cs:

• Around line 38-41: The warning logs in TfsIdentityAdapter are emitting raw
  UPN/display-name values via _logger.LogWarning (e.g., the call that includes
  {Upn}) which can leak PII; change the log to omit or redact the actual identity
  value (for example replace the placeholder argument with a constant like
  "" or call a small helper RedactIdentity(string) that returns a
  redacted/tokenized string) and apply the same change to the other occurrences
  noted (the similar _logger.LogWarning at the 48-51 region). Ensure the log
  message still conveys context but never writes the raw upn/display-name
  variable.

In
@src/DevOpsMigrationPlatform.TfsMigrationAgent/TfsMigrationAgentServiceExtensions.cs:

• Around line 77-78: Replace the direct singleton registration that binds
  IIdentityAdapter to TfsIdentityAdapter
  (services.AddSingleton<DevOpsMigrationPlatform.Abstractions.Agent.Identity.IIdentityAdapter,
  TfsIdentityAdapter>()) with the connector keyed registration helper so the
  adapter is resolved via the keyed composite dispatch path; use the project’s
  connector registration API (e.g., RegisterConnectorIdentityAdapter or
  AddConnectorIdentityAdapter) to register TfsIdentityAdapter under the TFS
  connector key so lookups route by connector type instead of the global
  IIdentityAdapter binding.

---

Outside diff comments:
In
@src/DevOpsMigrationPlatform.Abstractions.Agent/Export/IRevisionFolderProcessorFactory.cs:

• Around line 10-13: The XML doc summary for IRevisionFolderProcessorFactory
  still says "identity lookup tool" but the parameter/type was renamed to
  IIdentityTranslationTool; update the summary text to "identity translation tool"
  (and scan the IRevisionFolderProcessorFactory XML comment and any related XML
  doc for the same phrase to ensure consistency with the new
  IIdentityTranslationTool symbol).

---

Minor comments:
In @.agents/skills/speckit-clarify/SKILL.md:

• Around line 251-257: The fenced code block under the "## Extension Hooks"
  section in SKILL.md lacks a language identifier (MD040); update the opening
  triple-backtick for that block (the block containing "Automatic Hook:
  {extension}" and "Executing: /{command}") to include a language token (e.g.,

- Around line 212-213: Update the checklist re-validation step text so it refers
to the actual write step number: locate the paragraph that starts "Re-evaluate
each checkbox item against the **updated** spec (the version just saved in step
7)" and change "step 7" to "step 8" so the instruction correctly points to the
spec saved in the write step; ensure the adjacent step numbering and wording in
the following line ("For each checkbox item...") remain consistent.

In @.agents/skills/speckit-implement/SKILL.md:
- Around line 196-202: Add explicit language identifiers to the plain
triple-backtick fenced code blocks in the SKILL.md sections that contain the "##
Extension Hooks" block and the block showing "Automatic Hook: {extension}
Executing: `/{command}` EXECUTE_COMMAND: {command}"; replace the opening ```
with ```text (or another appropriate language tag) for both fenced blocks so
they pass MD040 markdown-lint checks while preserving the existing block content
and formatting.

In @.agents/skills/speckit-plan/SKILL.md:
- Around line 87-93: Replace the untyped fenced code blocks that show the "##
Extension Hooks" example (the block containing "Automatic Hook: {extension}",
"Executing: `/{command}`", and "EXECUTE_COMMAND: {command}") and the later
example (lines ~95-104) with language-tagged fences (e.g., change ``` to
```text) so markdownlint MD040 passes; update both occurrences that wrap those
hook output examples to use a language like "text".

In @.agents/skills/speckit-specify/SKILL.md:
- Line 251: Two fenced code blocks in SKILL.md (the blocks containing "##
Extension Hooks" for Automatic Hook and Optional Hook) lack a language
identifier and trigger markdownlint MD040; update each opening fence from ``` to
```text so both blocks start with ```text to satisfy the linter and keep doc
checks green. Locate the two code fences around the "Automatic Hook" and
"Optional Hook" sections and replace their opening backtick triples with
```text.

In @.agents/skills/speckit-tasks/SKILL.md:
- Around line 106-123: Update the two unlabeled fenced code blocks in the
SKILL.md hook examples to include a language identifier (use "text") so
markdownlint MD040 is satisfied: change the fenced block that shows the
"Automatic Hook" example (the block containing "## Extension Hooks",
"**Automatic Hook**: {extension}", "Executing: `/{command}`", and
"EXECUTE_COMMAND: {command}") to start with ```text, and likewise change the
fenced block used for the "Optional Hook" example (the block containing
"**Optional Hook**: {extension}", "Command: `/{command}`", "Description:
{description}", "Prompt: {prompt}", "To execute: `/{command}`") to start with
```text.

In
@.specify/extensions/agent-context/scripts/powershell/update-agent-context.ps1:
- Around line 70-72: The empty catch blocks that "fall through to Python
fallback" are swallowing exceptions; update those catch blocks (the one with
comment "fall through to Python fallback" and the similar block at the later
occurrence) to log diagnostic details but continue execution: capture the
current exception (e.g. $_ / $PSItem) and write a concise diagnostic line using
Write-Error or Write-Verbose including the exception message and stack trace,
then keep the existing non-fatal fallback behavior so the script still attempts
the Python path.

In `@analysis/dsl-gaps-detected.md`:
- Line 228: Replace plain-text symbol names on the documented line with inline
code formatting to avoid MD037 underscore emphasis: surround identifiers like
NodesModule.ImportAsync, ReplicateSourceTree, INodesOrchestrator,
_nodeTranslationTool (formerly _NodeTransformTool), INodeEnsurer, and
NodesModuleTests with backticks so they render as `NodesModule.ImportAsync`,
`ReplicateSourceTree`, `INodesOrchestrator`, ``_nodeTranslationTool`` (or
``_NodeTransformTool`` when mentioning the old name), `INodeEnsurer`, and
`NodesModuleTests` in the markdown.

In `@docs/configuration-reference.md`:
- Around line 857-860: Update the IdentityTranslation docs to reflect the
prepare/import phase (not export) and standardize terminology: change the
description of Tools.IdentityTranslation/IdentityTranslation tool to state it
controls automatic identity resolution during the prepare/import translation
flow and that it maps source identity strings (UPNs, display names) to target
identity descriptors using the configured "identity store" (remove or replace
"identity lookup store" phrasing). Also apply the same terminology and phase
correction to the corresponding paragraph referenced at the other occurrence
(around the second mention).

In `@specs/038-close-dsl-gaps/data-model.md`:
- Around line 203-220: The fenced code block under the IdentitiesModule section
is missing a language identifier and triggers MD040; update the block
surrounding the IdentitiesModule diagram (the triple-backtick fence that
contains "IdentitiesModule → IIdentitiesOrchestrator.PrepareAsync..." etc.) to
include a language tag such as "text" (e.g., replace ``` with ```text) so
markdownlint stops flagging it; no other content changes required.

In `@specs/038-close-dsl-gaps/tasks.md`:
- Around line 300-320: Several fenced code blocks in
specs/038-close-dsl-gaps/tasks.md are missing language hints (markdownlint
MD040); update each untyped triple-backtick block (for example the "Group A ..."
list block and the license/header block shown in the diff) to include an
appropriate language identifier (e.g., ```text for plain lists and ```csharp for
C# license/header snippets). Scan the file for similar untyped fences around the
shown ranges (including the other occurrences noted at the end of the comment)
and add matching language tags so all ``` blocks are annotated.

---

Nitpick comments:
In `@specs/038-close-dsl-gaps/checklists/requirements.md`:
- Line 81: The document uses inconsistent spellings "modelled" and "modeled";
choose one variant (e.g., American "modeled" or British "modelled") and make all
occurrences consistent, including the phrase containing
IdentityTranslationOptions.DefaultIdentity (e.g., change "configured default
identity modelled via IdentityTranslationOptions.DefaultIdentity" to use the
chosen spelling) and scan the entire file for other instances to update them to
the same variant.

In `@specs/038-close-dsl-gaps/discrepancies.md`:
- Around line 10-20: The discrepancies table is ordered in reverse (D-000,
D-007, D-006, …) which hinders lookup; reorder the table rows so IDs are
ascending (D-000, D-001, D-002, …) while preserving the header row and each
row's exact content/status/resolution; update only the row ordering in
specs/038-close-dsl-gaps/discrepancies.md (the pipe-delimited Markdown table
block) and do not change any cell text or punctuation.

In `@specs/038-close-dsl-gaps/research.md`:
- Around line 28-36: Decision text omits factory wiring: update the factory
creation path so the constructor-injected IIdentityTranslationTool flows through
instead of passing it to ImportAsync; specifically, modify the factory that
constructs IdentitiesOrchestrator (e.g., IWorkItemsOrchestratorFactory or any
factory creating IIdentitiesOrchestrator) to accept an IIdentityTranslationTool
parameter (or resolve it from DI) and pass it into the IdentitiesOrchestrator
constructor so IIdentitiesOrchestrator.ImportAsync no longer takes
IIdentityLookupTool? and the orchestrator uses its constructor-injected
IIdentityTranslationTool internally.

In
`@src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IIdentityMatchingStrategy.cs`:
- Around line 29-31: Update the interface XML docs to clarify the purity
contract: state that only the Match method is pure (performs no I/O or logging
and surfaces ambiguity via IdentityMatch.MatchCount) while ResolveAsync may
perform adapter calls or I/O; specifically edit the summary/comments on
IIdentityMatchingStrategy (and any mention of PrepareAsync) to remove the
blanket "no I/O" claim and explicitly call out Match as the pure method and
ResolveAsync as allowed to use adapters.

In `@src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/NodesModule.cs`:
- Around line 254-264: The call to _orchestrator.ImportAsync passes
_options.ReplicateSourceTree even though the preceding guard returns when that
flag is false, making the argument redundant; update the call-site in
NodesModule (the await _orchestrator.ImportAsync(...) invocation) to remove the
redundant boolean by either (preferred) changing the orchestrator method
signature ImportAsync to drop the replicate-source-tree parameter and update all
callers accordingly, or (quicker) pass the literal true at this call to make the
invariant explicit; ensure you update any overloads/usages of
_orchestrator.ImportAsync to match the chosen signature change and run
tests/build to confirm no other call-sites break.

In
`@src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationTool.cs`:
- Around line 74-75: Replace legacy "IdentityLookup" telemetry/span/log labels
with "IdentityTranslation" in this class: update the
s_activitySource.StartActivity calls (e.g., change
"identities.lookup.initialize" to "identity.translation.initialize" and similar
spans) and any string labels or log messages that contain "identity(s).lookup"
so they use "identity.translation" or "IdentityTranslation" consistently; search
within IdentityTranslationTool for StartActivity and any log calls around the
initialization, lookup and finalization sections (the existing StartActivity
invocations and nearby log messages) and update their span names and labels
accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ae3e45ee-89d5-42d6-bce4-23447a50851f

📥 Commits

Reviewing files that changed from the base of the PR and between acc9627 and fbff1d6.

📒 Files selected for processing (118)

• .agents/30-context/domains/connector-model.md
• .agents/30-context/domains/identity-and-mapping.md
• .agents/agents.md
• .agents/agents/speckit.agent-context.update.agent.md
• .agents/commands/speckit.agent-context.update.md
• .agents/configure.ps1
• .agents/prompts/speckit.agent-context.update.prompt.md
• .agents/skills/speckit-agent-context-update/SKILL.md
• .agents/skills/speckit-analyze/SKILL.md
• .agents/skills/speckit-checklist/SKILL.md
• .agents/skills/speckit-clarify/SKILL.md
• .agents/skills/speckit-constitution/SKILL.md
• .agents/skills/speckit-implement/SKILL.md
• .agents/skills/speckit-plan/SKILL.md
• .agents/skills/speckit-specify/SKILL.md
• .agents/skills/speckit-tasks/SKILL.md
• .agents/skills/speckit-taskstoissues/SKILL.md
• .specify/extensions.yml
• .specify/extensions/.registry
• .specify/extensions/agent-context/README.md
• .specify/extensions/agent-context/agent-context-config.yml
• .specify/extensions/agent-context/commands/speckit.agent-context.update.md
• .specify/extensions/agent-context/extension.yml
• .specify/extensions/agent-context/scripts/bash/update-agent-context.sh
• .specify/extensions/agent-context/scripts/powershell/update-agent-context.ps1
• .specify/feature.json
• .specify/init-options.json
• .specify/integration.json
• .specify/integrations/claude.manifest.json
• .specify/integrations/speckit.manifest.json
• AGENTS.md
• CLAUDE.md
• analysis/dsl-gaps-detected.md
• docs/configuration-reference.md
• docs/module-development-guide.md
• docs/operator-guide.md
• features/export/config-in-package/config-applied-on-export.feature
• features/import/nodes/import-classification-tree.feature
• scenarios/SystemTest-Live-Migrate-AzureDevOps-Complete.json
• specs/038-close-dsl-gaps/checklists/requirements.md
• specs/038-close-dsl-gaps/data-model.md
• specs/038-close-dsl-gaps/discrepancies.md
• specs/038-close-dsl-gaps/plan.md
• specs/038-close-dsl-gaps/quickstart.md
• specs/038-close-dsl-gaps/research.md
• specs/038-close-dsl-gaps/spec.md
• specs/038-close-dsl-gaps/tasks.md
• src/DevOpsMigrationPlatform.Abstractions.Agent/Export/IRevisionFolderProcessorFactory.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IIdentityAdapter.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IIdentityMatchingStrategy.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IdentityCandidate.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Modules/IIdentitiesOrchestrator.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Modules/TeamsModuleOptions.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Tools/IIdentityTranslationTool.cs
• src/DevOpsMigrationPlatform.Abstractions/Options/IdentityTranslationOptions.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Connectors/CompositeIdentityAdapter.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Connectors/FactoryRegistrationExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Identity/IdentityServiceCollectionExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Identity/Strategies/DisplayNameIdentityMatchingStrategy.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Identity/Strategies/UpnIdentityMatchingStrategy.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/IdentitiesModule.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/IdentitiesOrchestrator.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/ModuleServiceCollectionExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/NodesModule.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/WorkItemsModule.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Teams/TeamImportOrchestrator.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationTool.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationToolServiceCollectionExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/WorkItems/Revisions/RevisionFolderProcessor.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/WorkItems/Revisions/RevisionFolderProcessorFactory.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/WorkItems/WorkItemResolution/IWorkItemsOrchestratorFactory.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/WorkItems/WorkItemResolution/WorkItemsImportRuntime.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/WorkItems/WorkItemResolution/WorkItemsOrchestratorFactory.cs
• src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/Identity/AzureDevOpsIdentityAdapter.cs
• src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/Platform/AzureDevOpsAccess/AzureDevOpsClientFactory.cs
• src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/Platform/AzureDevOpsAccess/IAzureDevOpsClientFactory.cs
• src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/WorkItems/Revisions/ExportServiceCollectionExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/WorkItems/WorkItemResolution/ImportServiceCollectionExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.Simulated/SimulatedIdentityAdapter.cs
• src/DevOpsMigrationPlatform.Infrastructure.Simulated/SimulatedServiceCollectionExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.TfsObjectModel/Identity/TfsIdentityAdapter.cs
• src/DevOpsMigrationPlatform.SchemaGenerator/Program.cs
• src/DevOpsMigrationPlatform.TfsMigrationAgent/TfsMigrationAgentServiceExtensions.cs
• tests/DevOpsMigrationPlatform.CLI.Migration.Tests/Commands/QueueCommandTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Export/ExportMetricsTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/AzureDevOpsIdentityAdapterSystemTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/CompositeIdentityAdapterTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/DisplayNameIdentityMatchingStrategyTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/IdentitiesOrchestratorPrepareTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/UpnIdentityMatchingStrategyTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/FilterScopeImportContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/ImportCommentsContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/ImportCursorResumeContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/ImportEmbeddedImagesContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/ImportIdentityResolutionContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/PreventDuplicateWorkItemsContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/RebuildIdMapFromTargetContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/RerunDeltaImportContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/RevisionFolderProcessorFactoryTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/RevisionFolderProcessorTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/RevisionLevelProgressTrackingContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/StreamingImportReplayContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/StreamingImportReplayTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/WorkItemOrchestratorFilterTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Import/WorkItemResolutionStrategiesContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Modules/NodesModuleTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Modules/TeamsModuleTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Modules/WorkItemsModuleImportTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Prepare/PrepareFeaturesDslTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Services/IdentityMappingContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Services/ServicesFeaturesDslTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Tools/NodeTranslation/NodeTranslationToolTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Tools/NodeTranslation/SkipUnresolvableContext.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Tools/ToolOptionsConfigurationTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Simulated.Tests/SimulatedIdentityAdapterTests.cs
• tests/DevOpsMigrationPlatform.SchemaGenerator.Tests/SchemaGeneratorHostTests.cs
• tests/DevOpsMigrationPlatform.TfsMigrationAgent.Tests/Net481GuardedTypesContractTests.cs
• tests/DevOpsMigrationPlatform.TfsMigrationAgent.Tests/TfsIdentityAdapterTests.cs

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/AzureDevOpsIdentityAdapterSystemTests.cs (1)

21-22: ⚡ Quick win

XML doc contradicts the code and the testing guardrail.

Line 21 claims the test "Skips (Inconclusive) when the required environment is not configured", but lines 36 and 81 correctly call Assert.Fail (not Assert.Inconclusive). Per testing-rules.md lines 199-203, missing prerequisites must use Assert.Fail, and Assert.Inconclusive is banned.

The protection from "normal build gate" comes from the SystemTest_Live category exclusion filter, not from skip behaviour. Update the XML doc to reflect the actual Assert.Fail behaviour.

📝 Proposed doc fix

 /// <summary>
 /// Live integration test for <c>AzureDevOpsIdentityAdapter</c> against a real Azure DevOps
 /// target tenant (operator decision: the ADO adapter's correctness is verified by a live
 /// SystemTest, since the ADO SDK identity types are not cleanly unit-mockable).
-/// Skips (Inconclusive) when the required environment is not configured, so it never fails
-/// the normal build gate.
+/// Fails explicitly (Assert.Fail) when required environment variables are missing; excluded
+/// from normal CI builds via the SystemTest_Live category filter.
 /// </summary>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/AzureDevOpsIdentityAdapterSystemTests.cs`
around lines 21 - 22, Update the XML doc comment on the
AzureDevOpsIdentityAdapterSystemTests class to accurately state that missing
environment prerequisites cause the test to fail via Assert.Fail (not be marked
Inconclusive), and that protection from running in normal CI comes from the
SystemTest_Live category exclusion filter; adjust the summary text to remove the
"Skips (Inconclusive)" wording and mention the Assert.Fail behavior and
category-based exclusion instead (refer to AzureDevOpsIdentityAdapterSystemTests
and the Assert.Fail calls at lines where prerequisites are checked).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@specs/038-close-dsl-gaps/discrepancies.md`:
- Line 13: D-008 in discrepancies.md shows the merge gate violation because
testing-rules.md currently declares the canonical categories as
"SystemTests"/"SystemTests_Live" (plural) which conflicts with build.ps1 and all
existing tests that use "SystemTest"/"SystemTest_Live" (singular); fix this by
either updating testing-rules.md to use the singular forms
("SystemTest"/"SystemTest_Live") to match build.ps1 and existing tests, or
change D-008’s Status from "Open" to "Resolved" and add a one-line resolution
note indicating which side (doc or CI/tests) will be the canonical source,
referencing D-008 and the testing-rules.md category names so the reviewer can
verify the change.

---

Nitpick comments:
In
`@tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/AzureDevOpsIdentityAdapterSystemTests.cs`:
- Around line 21-22: Update the XML doc comment on the
AzureDevOpsIdentityAdapterSystemTests class to accurately state that missing
environment prerequisites cause the test to fail via Assert.Fail (not be marked
Inconclusive), and that protection from running in normal CI comes from the
SystemTest_Live category exclusion filter; adjust the summary text to remove the
"Skips (Inconclusive)" wording and mention the Assert.Fail behavior and
category-based exclusion instead (refer to AzureDevOpsIdentityAdapterSystemTests
and the Assert.Fail calls at lines where prerequisites are checked).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e0418a0b-e704-46e1-bd8d-b7e592843658

📥 Commits

Reviewing files that changed from the base of the PR and between fbff1d6 and c31e6b7.

📒 Files selected for processing (28)

• .agents/20-guardrails/workflow/testing-rules.md
• .agents/30-context/domains/identity-and-mapping.md
• .specify/extensions/agent-context/scripts/bash/update-agent-context.sh
• docs/configuration-reference.md
• features/export/config-in-package/config-applied-on-export.feature
• features/import/nodes/import-classification-tree.feature
• specs/038-close-dsl-gaps/data-model.md
• specs/038-close-dsl-gaps/discrepancies.md
• specs/038-close-dsl-gaps/quickstart.md
• src/DevOpsMigrationPlatform.Abstractions.Agent/Export/IRevisionFolderProcessorFactory.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IIdentityMatchingStrategy.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Connectors/CompositeIdentityAdapter.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/IdentitiesOrchestrator.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationTool.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationToolServiceCollectionExtensions.cs
• src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/Identity/AzureDevOpsIdentityAdapter.cs
• src/DevOpsMigrationPlatform.Infrastructure.TfsObjectModel/Identity/TfsIdentityAdapter.cs
• src/DevOpsMigrationPlatform.TfsMigrationAgent/TfsMigrationAgentServiceExtensions.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Export/ExportMetricsTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/AzureDevOpsIdentityAdapterSystemTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/CompositeIdentityAdapterTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/DisplayNameIdentityMatchingStrategyTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/IdentitiesOrchestratorPrepareTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/UpnIdentityMatchingStrategyTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Modules/NodesModuleTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Modules/TeamsModuleTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Simulated.Tests/SimulatedIdentityAdapterTests.cs
• tests/DevOpsMigrationPlatform.TfsMigrationAgent.Tests/TfsIdentityAdapterTests.cs

💤 Files with no reviewable changes (2)

• features/import/nodes/import-classification-tree.feature
• features/export/config-in-package/config-applied-on-export.feature

✅ Files skipped from review due to trivial changes (2)

• docs/configuration-reference.md
• specs/038-close-dsl-gaps/quickstart.md

🚧 Files skipped from review as they are similar to previous changes (19)

• src/DevOpsMigrationPlatform.Abstractions.Agent/Export/IRevisionFolderProcessorFactory.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Simulated.Tests/SimulatedIdentityAdapterTests.cs
• src/DevOpsMigrationPlatform.TfsMigrationAgent/TfsMigrationAgentServiceExtensions.cs
• src/DevOpsMigrationPlatform.Abstractions.Agent/Identity/IIdentityMatchingStrategy.cs
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Tools/IdentityTranslation/IdentityTranslationToolServiceCollectionExtensions.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/DisplayNameIdentityMatchingStrategyTests.cs
• .agents/30-context/domains/identity-and-mapping.md
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/IdentitiesOrchestratorPrepareTests.cs
• src/DevOpsMigrationPlatform.Infrastructure.TfsObjectModel/Identity/TfsIdentityAdapter.cs
• .specify/extensions/agent-context/scripts/bash/update-agent-context.sh
• tests/DevOpsMigrationPlatform.TfsMigrationAgent.Tests/TfsIdentityAdapterTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Modules/NodesModuleTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/UpnIdentityMatchingStrategyTests.cs
• src/DevOpsMigrationPlatform.Infrastructure.AzureDevOps/Identity/AzureDevOpsIdentityAdapter.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Identity/CompositeIdentityAdapterTests.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Export/ExportMetricsTests.cs
• specs/038-close-dsl-gaps/data-model.md
• src/DevOpsMigrationPlatform.Infrastructure.Agent/Modules/IdentitiesOrchestrator.cs
• tests/DevOpsMigrationPlatform.Infrastructure.Agent.Tests/Modules/TeamsModuleTests.cs