[AZ-500] Cycle 4 implement-skill wrap-up reports

Adds the cycle-4 product implementation completeness gate report
(verdict: PASS) and the final implementation report for the .NET 10
migration. Records the Step 16 handoff to Step 11 (test-run skill)
to avoid duplicating the full-suite run already executed during
AC-6 verification (271/271 unit + full integration suite green).

Co-authored-by: Cursor <cursoragent@cursor.com>

.woodpecker/01-test.yml

@@ -7,7 +7,7 @@ labels:
 
 steps:
   - name: unit-tests
-    image: mcr.microsoft.com/dotnet/sdk:8.0
+    image: mcr.microsoft.com/dotnet/sdk:10.0
     commands:
       - dotnet restore SatelliteProvider.sln
       - dotnet test SatelliteProvider.Tests/SatelliteProvider.Tests.csproj --no-restore --configuration Release --logger "console;verbosity=normal" --logger "trx;LogFileName=test-results.trx" --results-directory /app/test-results

AGENTS.md

@@ -2,11 +2,11 @@
 
 ## System Overview
 
-This is a .NET 8.0 ASP.NET Web API service that downloads, stores, and manages satellite imagery tiles from Google Maps. The service supports region-based tile requests, route planning with intermediate points, and geofencing capabilities.
+This is a .NET 10 ASP.NET Web API service that downloads, stores, and manages satellite imagery tiles from Google Maps. The service supports region-based tile requests, route planning with intermediate points, and geofencing capabilities.
 
 ## Tech Stack
 
-- **.NET 8.0** with ASP.NET Core Web API
+- **.NET 10** with ASP.NET Core Web API
 - **PostgreSQL** database (via Docker)
 - **Dapper** for data access (ORM)
 - **DbUp** for database migrations
@@ -236,10 +236,12 @@ Development defaults:
 
 ## Dependencies and Versions
 
-Key packages (all .NET 8.0):
-- Microsoft.AspNetCore.OpenApi 8.0.21
+Key packages (all .NET 10):
+- Microsoft.AspNetCore.OpenApi 10.0.7
+- Microsoft.AspNetCore.Authentication.JwtBearer 10.0.7
+- Microsoft.Extensions.* 10.0.7
 - Swashbuckle.AspNetCore 6.6.2
-- Serilog.AspNetCore 8.0.3
+- Serilog.AspNetCore 8.0.3 (intentional — 10.0.0 requires Serilog.Sinks.File ≥ 7.0.0; bumping Serilog.Sinks.File is out of AZ-500 scope per "no unrelated package bumps")
 - SixLabors.ImageSharp 3.1.11
 - Newtonsoft.Json 13.0.4
 - Dapper (check DataAccess csproj)

SatelliteProvider.Api/Dockerfile

@@ -1,9 +1,9 @@
-FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS base
 WORKDIR /app
 EXPOSE 8080
 EXPOSE 8081
 
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
 WORKDIR /src
 COPY ["SatelliteProvider.Api/SatelliteProvider.Api.csproj", "SatelliteProvider.Api/"]
 COPY ["SatelliteProvider.Common/SatelliteProvider.Common.csproj", "SatelliteProvider.Common/"]

SatelliteProvider.Api/Program.cs

@@ -2,7 +2,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
-using Microsoft.OpenApi.Models;
+using Microsoft.OpenApi;
 using Swashbuckle.AspNetCore.SwaggerGen;
 using SatelliteProvider.Api;
 using SatelliteProvider.Api.Authentication;
@@ -108,36 +108,29 @@ builder.Services.AddSwaggerGen(c =>
         Description = "JWT Authorization header using the Bearer scheme. Example: 'Bearer {token}'"
     });
 
-    c.AddSecurityRequirement(new OpenApiSecurityRequirement
+    c.AddSecurityRequirement(_ => new OpenApiSecurityRequirement
     {
         {
-            new OpenApiSecurityScheme
-            {
-                Reference = new OpenApiReference
-                {
-                    Type = ReferenceType.SecurityScheme,
-                    Id = "Bearer"
-                }
-            },
-            Array.Empty<string>()
+            new OpenApiSecuritySchemeReference("Bearer"),
+            new List<string>()
         }
     });
 
     c.MapType<UavTileBatchUploadRequest>(() => new OpenApiSchema
     {
-        Type = "object",
-        Properties = new Dictionary<string, OpenApiSchema>
+        Type = JsonSchemaType.Object,
+        Properties = new Dictionary<string, IOpenApiSchema>
         {
-            ["metadata"] = new()
+            ["metadata"] = new OpenApiSchema
             {
-                Type = "string",
+                Type = JsonSchemaType.String,
                 Description = "JSON document `{ \"items\": [ { \"latitude\", \"longitude\", \"tileZoom\", \"tileSizeMeters\", \"capturedAt\" } ] }` where item ordinal index aligns with the matching file in `files`."
             },
-            ["files"] = new()
+            ["files"] = new OpenApiSchema
             {
-                Type = "array",
+                Type = JsonSchemaType.Array,
                 Description = "UAV tile JPEG files in the same order as `metadata.items`.",
-                Items = new OpenApiSchema { Type = "string", Format = "binary" }
+                Items = new OpenApiSchema { Type = JsonSchemaType.String, Format = "binary" }
             }
         },
         Required = new HashSet<string> { "metadata", "files" }

SatelliteProvider.Api/SatelliteProvider.Api.csproj

@@ -1,19 +1,19 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <Nullable>enable</Nullable>
         <ImplicitUsings>enable</ImplicitUsings>
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.25" />
-        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.25"/>
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.7"/>
         <PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
         <PackageReference Include="Serilog.AspNetCore" Version="8.0.3" />
         <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
         <PackageReference Include="SixLabors.ImageSharp" Version="3.1.11" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2"/>
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.7"/>
     </ItemGroup>
 
     <ItemGroup>

SatelliteProvider.Api/Swagger/ParameterDescriptionFilter.cs

@@ -1,4 +1,4 @@
-using Microsoft.OpenApi.Models;
+using Microsoft.OpenApi;
 using Swashbuckle.AspNetCore.SwaggerGen;
 
 namespace SatelliteProvider.Api.Swagger;

SatelliteProvider.Common/SatelliteProvider.Common.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
     </PropertyGroup>

SatelliteProvider.DataAccess/SatelliteProvider.DataAccess.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
     </PropertyGroup>
@@ -10,8 +10,8 @@
         <PackageReference Include="Dapper" Version="2.1.35" />
         <PackageReference Include="Npgsql" Version="9.0.2" />
         <PackageReference Include="dbup-postgresql" Version="6.0.3" />
-        <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.10" />
-        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
+        <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.7" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.7" />
     </ItemGroup>
 
     <ItemGroup>

SatelliteProvider.IntegrationTests/Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
 WORKDIR /src
 COPY ["SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj", "SatelliteProvider.IntegrationTests/"]
 COPY ["SatelliteProvider.TestSupport/SatelliteProvider.TestSupport.csproj", "SatelliteProvider.TestSupport/"]
@@ -10,7 +10,7 @@ RUN dotnet build "SatelliteProvider.IntegrationTests.csproj" -c Release -o /app/
 FROM build AS publish
 RUN dotnet publish "SatelliteProvider.IntegrationTests.csproj" -c Release -o /app/publish /p:UseAppHost=false
 
-FROM mcr.microsoft.com/dotnet/runtime:8.0 AS final
+FROM mcr.microsoft.com/dotnet/runtime:10.0 AS final
 WORKDIR /app
 COPY --from=publish /app/publish .
 ENTRYPOINT ["dotnet", "SatelliteProvider.IntegrationTests.dll"]

SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>

SatelliteProvider.Services.RegionProcessing/SatelliteProvider.Services.RegionProcessing.csproj

@@ -1,16 +1,16 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
     </PropertyGroup>
 
     <ItemGroup>
-      <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="9.0.10" />
+      <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="10.0.7" />
       <PackageReference Include="SixLabors.ImageSharp" Version="3.1.11" />
     </ItemGroup>
 

SatelliteProvider.Services.RouteManagement/SatelliteProvider.Services.RouteManagement.csproj

@@ -1,16 +1,16 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
     </PropertyGroup>
 
     <ItemGroup>
-      <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="9.0.10" />
+      <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="10.0.7" />
       <PackageReference Include="SixLabors.ImageSharp" Version="3.1.11" />
     </ItemGroup>
 

SatelliteProvider.Services.TileDownloader/SatelliteProvider.Services.TileDownloader.csproj

@@ -1,16 +1,16 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
     </PropertyGroup>
 
     <ItemGroup>
-      <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
-      <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="9.0.10" />
+      <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Http" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.7" />
+      <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="10.0.7" />
       <PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
       <PackageReference Include="SixLabors.ImageSharp" Version="3.1.11" />
     </ItemGroup>

SatelliteProvider.TestSupport/SatelliteProvider.TestSupport.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <IsPackable>false</IsPackable>

SatelliteProvider.Tests/SatelliteProvider.Tests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
 
@@ -12,13 +12,13 @@
   <ItemGroup>
     <PackageReference Include="coverlet.collector" Version="6.0.0" />
     <PackageReference Include="FluentAssertions" Version="8.8.0" />
-    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="9.0.10" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.10" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="9.0.10" />
-    <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.10" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="9.0.10" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.10" />
+    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="10.0.7" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="10.0.7" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="10.0.7" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="10.0.7" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.7" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="10.0.7" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.7" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="SixLabors.ImageSharp" Version="3.1.11" />

_docs/02_document/architecture.md

@@ -2,7 +2,7 @@
 
 ## Architecture Vision
 
-Satellite Provider is a self-hosted .NET 8.0 backend service that pre-downloads, caches, and composites Google Maps satellite imagery for offline use. It runs as a single containerized monolith with PostgreSQL, processing requests asynchronously via in-process queues. The dominant pattern is a layered architecture (API → Services → DataAccess → PostgreSQL) with background hosted services for long-running work.
+Satellite Provider is a self-hosted .NET 10 backend service that pre-downloads, caches, and composites Google Maps satellite imagery for offline use. It runs as a single containerized monolith with PostgreSQL, processing requests asynchronously via in-process queues. The dominant pattern is a layered architecture (API → Services → DataAccess → PostgreSQL) with background hosted services for long-running work.
 
 **Components & responsibilities** (each owns its own `.csproj` since AZ-309):
 - **Common** (`SatelliteProvider.Common`) — Shared contracts: DTOs, service interfaces, common exceptions, configuration models, geospatial math
@@ -64,7 +64,7 @@ The N-source storage contract is authoritative in `_docs/02_document/contracts/d
 | Layer | Technology | Version | Rationale |
 |-------|-----------|---------|-----------|
 | Language | C# | 12.0 | .NET ecosystem, strong typing |
-| Framework | ASP.NET Core (Minimal API) | 8.0 | Lightweight HTTP hosting |
+| Framework | ASP.NET Core (Minimal API) | 10.0 | Lightweight HTTP hosting |
 | Database | PostgreSQL | 15+ | Reliable RDBMS, spatial-friendly |
 | ORM | Dapper | latest | Micro-ORM, raw SQL control |
 | Migrations | DbUp | latest | Simple SQL-file-based schema migrations |

_docs/02_tasks/_dependencies_table.md

@@ -84,6 +84,14 @@ Source: cycle-2 retrospective top-3 improvement actions + carried-forward securi
 | AZ-495 | Resolve doc-folder convention for WebApi component | — | 1 | To Do |
 | AZ-496 | Bump Microsoft.AspNetCore.OpenApi + JwtBearer to 8.0.25 | — | 2 | To Do |
 
+### Step 9 cycle 4 — New Task: SDK migration
+
+Source: cycle-3 perf-harness leftover replay surfaced the host SDK / project SDK mismatch; user directive at start of cycle 4 to migrate to .NET 10. Closes the cycle-3 leftover as a side effect (AC-5).
+
+| Task | Title | Depends On | Points | Status |
+|------|-------|-----------|--------|--------|
+| AZ-500 | .NET 8 → .NET 10 migration (TFM + SDK pin + Docker images + CI images + Microsoft.AspNetCore.* + Microsoft.Extensions.* + Serilog.AspNetCore) | — | 5 | Done (In Testing) |
+
 ## Execution Order
 
 ### Step 6
@@ -121,6 +129,12 @@ Independent tracks — most tasks can run in parallel; the only ordering constra
 5. AZ-492 (3 SP) — perf harness. After AZ-491 if Option B; else any time.
 6. AZ-494 (2 SP) — JWT iss/aud validation. Gated on cross-team input; not blocked by other cycle-3 tasks.
 
+### Step 9 cycle 4
+
+Single task; coordinated cross-cutting bump.
+
+1. AZ-500 (5 SP) — .NET 8 → .NET 10 migration. Self-contained but touches every csproj, both Dockerfiles, run-tests.sh, .woodpecker/01-test.yml, global.json, and two docs files.
+
 ## Total Effort
 
 Step 6: 6 tasks, 17 story points
@@ -129,6 +143,7 @@ Step 8 (03-code-quality-refactoring): 27 tasks, ~66 story points
 Step 9 cycle 1: 1 task created (AZ-484, 5 pts)
 Step 9 cycle 2: 2 tasks created (AZ-487 = 2 pts, AZ-488 = 8 pts over-cap user-accepted) — total 10 pts
 Step 9 cycle 3: 6 tasks created (AZ-491 = 3 pts, AZ-492 = 3 pts, AZ-493 = 2 pts, AZ-494 = 2 pts, AZ-495 = 1 pt, AZ-496 = 2 pts) — total 13 pts
+Step 9 cycle 4: 1 task created (AZ-500 = 5 pts)
 
 ## Coverage Verification
 

_docs/02_tasks/done/AZ-500_dotnet10_migration.md

@@ -0,0 +1,204 @@
+# Migrate solution from .NET 8 LTS to .NET 10
+
+**Task**: AZ-500_dotnet10_migration
+**Name**: .NET 8 → .NET 10 migration
+**Description**: Migrate every project in the solution from `net8.0` to `net10.0`, bump the SDK pin, switch every Docker base image and CI image from the `8.0` line to the `10.0` line, bump every `Microsoft.AspNetCore.*` and `Microsoft.Extensions.*` package from the 8.x / 9.x line to the matching 10.x line, and verify the full test + integration + build pipeline stays green. Also closes the cycle-3 perf-harness leftover that was blocked on the host SDK / project SDK mismatch.
+**Complexity**: 5 points
+**Dependencies**: None
+**Component**: Cross-cutting (every component, every Dockerfile, every CI script, two docs)
+**Tracker**: AZ-500
+**Epic**: none (cycle-4 .NET 10 migration; cross-cutting infra)
+
+## Problem
+
+The project pins to .NET 8 LTS via `global.json` (`sdk.version=8.0.0`, `rollForward=latestMinor`) and every csproj targets `net8.0`. With .NET 10 GA since November 2025 (~6 months stable as of cycle 4), the host development environments are now provisioning .NET 10 SDK by default. The cycle-3 perf-harness replay surfaced this mismatch concretely: `scripts/run-performance-tests.sh` failed at its bootstrap step because the host had only .NET 10.0.103 and `global.json` would not roll forward (`latestMinor` only rolls within the 8.0.x band).
+
+Beyond the immediate perf-script issue, staying on .NET 8 LTS means:
+- The development experience drifts further from the host SDK with every machine refresh
+- Microsoft.AspNetCore.* security patches are still flowing for 8.x today (LTS through Nov 2026), but the next major patch line will be 10.x
+- New language/runtime features (C# 14, .NET 10 perf wins for ASP.NET pipeline) are inaccessible
+
+This task lifts the entire solution to .NET 10 in a single coordinated change so the runtime, SDK, packages, Docker images, CI images, and docs all move together — preventing partial-state confusion that a phased migration would create.
+
+## Outcome
+
+- All 9 csproj files target `net10.0`.
+- `global.json` pins `sdk.version=10.0.0` with `rollForward=latestMinor` (so any 10.0.x host SDK satisfies).
+- Both Dockerfiles (`SatelliteProvider.Api/Dockerfile`, `SatelliteProvider.IntegrationTests/Dockerfile`) use `mcr.microsoft.com/dotnet/sdk:10.0`, `aspnet:10.0`, `runtime:10.0`.
+- `scripts/run-tests.sh` and `.woodpecker/01-test.yml` reference `mcr.microsoft.com/dotnet/sdk:10.0`.
+- `Microsoft.AspNetCore.Authentication.JwtBearer`, `Microsoft.AspNetCore.OpenApi`, `Serilog.AspNetCore` and every `Microsoft.Extensions.*` package are pinned to the matching 10.0.x line (or the highest available 10.0 patch at implementation time).
+- All Microsoft.Extensions.* packages (currently 9.0.10) move to 10.0.x as a single coordinated bump.
+- Full unit + integration test suite passes against the migrated build (no behavioral regression).
+- Container image `docker-compose build` succeeds; API serves on `:18980` after `docker-compose up`.
+- The cycle-3 perf-harness leftover (`_docs/_process_leftovers/2026-05-12_perf-cycle3-harness-execution.md`) is replayed as part of cycle-4 Step 15 (Performance Test) gate; deleted on green or updated with failure detail.
+- `_docs/02_document/architecture.md` Tech Stack table reflects `.NET 10` / `ASP.NET Core 10`.
+- `AGENTS.md` Tech Stack section reflects `.NET 10`.
+
+## Scope
+
+### Included
+
+- **TFM bump (9 csproj files)**: `<TargetFramework>net8.0</TargetFramework>` → `<TargetFramework>net10.0</TargetFramework>` in:
+  - `SatelliteProvider.Api/SatelliteProvider.Api.csproj`
+  - `SatelliteProvider.Common/SatelliteProvider.Common.csproj`
+  - `SatelliteProvider.DataAccess/SatelliteProvider.DataAccess.csproj`
+  - `SatelliteProvider.Tests/SatelliteProvider.Tests.csproj`
+  - `SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj`
+  - `SatelliteProvider.TestSupport/SatelliteProvider.TestSupport.csproj`
+  - `SatelliteProvider.Services.TileDownloader/SatelliteProvider.Services.TileDownloader.csproj`
+  - `SatelliteProvider.Services.RegionProcessing/SatelliteProvider.Services.RegionProcessing.csproj`
+  - `SatelliteProvider.Services.RouteManagement/SatelliteProvider.Services.RouteManagement.csproj`
+- **SDK pin**: `global.json` → `sdk.version=10.0.0`, `rollForward=latestMinor` (`allowPrerelease=false` retained).
+- **Microsoft.AspNetCore.* package bumps** (in `SatelliteProvider.Api/SatelliteProvider.Api.csproj`):
+  - `Microsoft.AspNetCore.Authentication.JwtBearer` 8.0.25 → 10.0.x (highest 10.0 patch on NuGet)
+  - `Microsoft.AspNetCore.OpenApi` 8.0.25 → 10.0.x
+  - Same `JwtBearer` bump in `SatelliteProvider.Tests/SatelliteProvider.Tests.csproj` (consistency rule)
+- **Serilog bump** (in `SatelliteProvider.Api/SatelliteProvider.Api.csproj`):
+  - `Serilog.AspNetCore` 8.0.3 → latest 10.x if published, else stay on 8.0.3 with a one-line note in the batch report
+- **Microsoft.Extensions.* coordinated bump** (every csproj that references them):
+  - `Microsoft.Extensions.Caching.Memory` 9.0.10 → 10.0.x (Tests, Services.TileDownloader)
+  - `Microsoft.Extensions.Configuration.Abstractions` 9.0.10 → 10.0.x (DataAccess)
+  - `Microsoft.Extensions.Configuration.Json` 9.0.10 → 10.0.x (Tests)
+  - `Microsoft.Extensions.DependencyInjection` 9.0.10 → 10.0.x (Tests)
+  - `Microsoft.Extensions.DependencyInjection.Abstractions` 9.0.10 → 10.0.x (RegionProcessing, RouteManagement)
+  - `Microsoft.Extensions.Hosting.Abstractions` 9.0.10 → 10.0.x (RegionProcessing, RouteManagement)
+  - `Microsoft.Extensions.Http` 9.0.10 → 10.0.x (Tests, Services.TileDownloader)
+  - `Microsoft.Extensions.Logging.Abstractions` 9.0.10 → 10.0.x (DataAccess, Tests, all 3 services)
+  - `Microsoft.Extensions.Logging.Console` 9.0.10 → 10.0.x (Tests)
+  - `Microsoft.Extensions.Options` 9.0.10 → 10.0.x (Tests)
+  - `Microsoft.Extensions.Options.ConfigurationExtensions` 9.0.10 → 10.0.x (RegionProcessing, RouteManagement, Services.TileDownloader)
+- **Docker base image bumps**:
+  - `SatelliteProvider.Api/Dockerfile`: `mcr.microsoft.com/dotnet/aspnet:8.0` → `:10.0`, `mcr.microsoft.com/dotnet/sdk:8.0` → `:10.0`
+  - `SatelliteProvider.IntegrationTests/Dockerfile`: `mcr.microsoft.com/dotnet/sdk:8.0` → `:10.0`, `mcr.microsoft.com/dotnet/runtime:8.0` → `:10.0`
+- **Script + CI image bumps**:
+  - `scripts/run-tests.sh`: 3 references to `mcr.microsoft.com/dotnet/sdk:8.0` → `:10.0`
+  - `.woodpecker/01-test.yml`: 1 reference to `mcr.microsoft.com/dotnet/sdk:8.0` → `:10.0`
+- **Verification**:
+  - Full `./scripts/run-tests.sh --full` (unit + integration via docker-compose) passes after the migration.
+  - `docker-compose build && docker-compose up -d` succeeds; API responds with HTTP 401 on `/api/satellite/region/<id>` (expected for unauthenticated probe), and HTTP 301/200 on `/swagger`.
+  - **AC-5 perf-bootstrap smoke**: a dedicated smoke run of `./scripts/run-performance-tests.sh` (full PT-01..PT-08 OR a `PERF_REPEAT_COUNT=2` short variant if time-constrained) succeeds at the bootstrap step (no SDK error). This explicitly proves the cycle-3 leftover is closed; the leftover file is then deleted in the same commit OR (if a perf threshold fails) updated with the failure detail.
+- **Docs**:
+  - `_docs/02_document/architecture.md` Tech Stack table (line ~67): `ASP.NET Core (Minimal API) | 8.0` → `10.0`. Also any `.NET 8.0` mention in the prose at the top of the file.
+  - `AGENTS.md` Tech Stack section: `.NET 8.0` → `.NET 10`.
+
+### Excluded
+
+- Bumping packages that are not in the `Microsoft.AspNetCore.*` / `Microsoft.Extensions.*` / `Serilog.AspNetCore` lineup: Dapper, Npgsql, dbup-postgresql, Newtonsoft.Json, SixLabors.ImageSharp, Microsoft.IdentityModel.Tokens, System.IdentityModel.Tokens.Jwt, xunit, Moq, FluentAssertions, coverlet.collector, Microsoft.NET.Test.Sdk, Swashbuckle.AspNetCore, Serilog.Sinks.File. These remain at their current pinned versions; the implementer only verifies they restore on net10 — if any fails to restore, surface and STOP, do not bump opportunistically.
+- Adopting C# 14 features in production code. The TFM bump enables them, but no source-code rewrite is in scope.
+- Performance optimizations enabled by .NET 10 (e.g., new ASP.NET pipeline improvements). Out of scope; should appear as separate PBIs if/when measured benefit is demonstrated.
+- Production deployment (Step 16 Deploy in cycle 4 handles that — this PBI only ships the change to dev).
+- Cycle-3 perf full retro-replay: only the bootstrap smoke is gated by AC-5. The full perf threshold check happens at Step 15 of cycle 4 (which also closes the leftover).
+- Touching the suite-level `suite/_docs/10_auth.md` contract — JWT validation behavior is preserved exactly (JwtBearer 10.x is API-compatible with 8.x for the `TokenValidationParameters` surface used here).
+
+## Acceptance Criteria
+
+**AC-1: Every csproj targets net10.0**
+Given the post-PBI repository
+When `grep -r "<TargetFramework>" --include="*.csproj"` is run from the repo root
+Then every match shows `<TargetFramework>net10.0</TargetFramework>` and zero matches show `net8.0` or any other TFM.
+
+**AC-2: SDK pin is on the 10.x line**
+Given the post-PBI `global.json`
+When the file is read
+Then `sdk.version` is `10.0.0` and `rollForward` is `latestMinor`.
+
+**AC-3: All Docker base images and CI images are on the 10.0 line**
+Given the post-PBI repository
+When `grep -r "mcr.microsoft.com/dotnet/" --include="*Dockerfile" --include="*.yml" --include="*.sh"` is run
+Then every match references the `:10.0` tag and zero matches reference `:8.0` (or any earlier tag).
+
+**AC-4: Microsoft.AspNetCore.* + Microsoft.Extensions.* + Serilog.AspNetCore packages match the 10.x line**
+Given the post-PBI csproj files
+When `grep -E '(Microsoft\.AspNetCore\.|Microsoft\.Extensions\.|Serilog\.AspNetCore)' --include="*.csproj" -r` is run
+Then every Microsoft.AspNetCore.* and Microsoft.Extensions.* match resolves to `Version="10.0.x"` (any 10.0 patch); Serilog.AspNetCore resolves to a 10.x version OR retains `8.0.3` with the batch report explaining why no 10.x was published; AND no Microsoft.AspNetCore/Extensions match resolves to an 8.x or 9.x version.
+
+**AC-5: Perf-script bootstrap succeeds (closes cycle-3 leftover)**
+Given the migrated repository AND `docker-compose up -d --build` has completed (API on :18980)
+When `./scripts/run-performance-tests.sh` is invoked (either full run or `PERF_REPEAT_COUNT=2 PERF_UAV_BATCH_SIZE=2 ./scripts/run-performance-tests.sh` for a short bootstrap-only smoke)
+Then the script does NOT exit with code 3 at the `dotnet build SatelliteProvider.IntegrationTests` bootstrap step (i.e. the host SDK / global.json mismatch is gone), AND `_docs/_process_leftovers/2026-05-12_perf-cycle3-harness-execution.md` is either deleted (if all perf checks pass) or updated with the actual failure detail (if perf thresholds regress — no longer an SDK problem).
+
+**AC-6: All tests pass against the migrated build**
+Given the migrated repository
+When `./scripts/run-tests.sh --full` is run
+Then all unit + integration tests pass with no new failures vs. the pre-migration baseline (cycle-3 closing test report).
+
+**AC-7: Container image build succeeds**
+Given the migrated repository
+When `docker-compose build` is run from the repo root
+Then both the `api` and `integration-tests` images build successfully without warnings about package downgrade, framework conflict, or missing base image.
+
+**AC-8: Documentation reflects the migration**
+Given the post-PBI repository
+When `_docs/02_document/architecture.md` Tech Stack table and the prose at the top of the file are read
+Then both reference `.NET 10` / `ASP.NET Core 10` and zero references to `.NET 8.0` / `8.0` (in the framework-version sense) remain in that file. Same check for `AGENTS.md` Tech Stack section.
+
+## Non-Functional Requirements
+
+**Compatibility**
+- 8.x → 10.x is a major framework bump. The cycle-3 architecture-compliance baseline (no Critical/High Architecture findings going into cycle 4) must hold after the migration — re-run a baseline scan on the migrated build (Step 12 Test-Spec Sync triggers this naturally). If new findings emerge from runtime behavior change, surface and decide before deploy.
+- The JWT validation contract (signature + lifetime + iss + aud + 30s clock skew) MUST be preserved exactly. AZ-487 + AZ-494 integration tests are the gate; if any of them regress, STOP and root-cause before continuing.
+- The `/api/satellite/upload` permissions-claim policy (AZ-488) MUST work unchanged. AZ-488's integration tests are the gate.
+- The N-source tile storage contract (`_docs/02_document/contracts/data-access/tile-storage.md` v1.0.0) is unaffected — this is a runtime/SDK migration, not a data-model change.
+
+**Performance**
+- The full cycle-3 perf harness (PT-01..PT-08) when run at Step 15 of cycle 4 must not regress beyond the existing thresholds. .NET 10 generally improves ASP.NET pipeline perf, so we expect equal-or-better numbers — but the actual measurement gates this. AC-5 only proves the bootstrap, not the thresholds.
+
+**Reliability**
+- Any package that fails to restore against `net10.0` is a hard STOP — the implementer surfaces it and we decide (bump that package as part of this PBI, or roll back the migration). Silent fallback is not acceptable.
+
+**Security**
+- The migration MUST NOT regress the cycle-2/3 security posture. Specifically: `Microsoft.AspNetCore.Authentication.JwtBearer 10.0.x` must still validate signature + lifetime + iss + aud as configured in `Program.cs`. The cycle-3 dependency_scan.md needs a new pass after the bump (cycle-4 Step 14 Security Audit handles that).
+
+## Unit Tests
+
+| AC Ref | What to Test | Required Outcome |
+|--------|-------------|-----------------|
+| AC-6   | All existing unit tests in SatelliteProvider.Tests | Pass unchanged on net10.0 |
+
+## Blackbox Tests
+
+| AC Ref | Initial Data/Conditions | What to Test | Expected Behavior | NFR References |
+|--------|------------------------|-------------|-------------------|----------------|
+| AC-1   | Migrated repo | `grep -r "<TargetFramework>" --include="*.csproj"` | All matches show `net10.0`, none show any other TFM | — |
+| AC-2   | Migrated repo | Read `global.json` | `sdk.version=10.0.0`, `rollForward=latestMinor` | — |
+| AC-3   | Migrated repo | `grep -r "mcr.microsoft.com/dotnet/" --include="*Dockerfile" --include="*.yml" --include="*.sh"` | All matches reference `:10.0` | — |
+| AC-4   | Migrated repo | `grep -E '(Microsoft\.AspNetCore\.\|Microsoft\.Extensions\.\|Serilog\.AspNetCore)' --include="*.csproj" -r` | M.AspNetCore.* and M.Extensions.* on 10.0.x; Serilog.AspNetCore on 10.x or documented 8.0.3 | — |
+| AC-5   | Migrated repo + `docker-compose up -d --build` complete | `./scripts/run-performance-tests.sh` (full or short variant) | Bootstrap step exits 0; leftover file deleted or updated with non-SDK failure detail | Performance |
+| AC-6   | Migrated repo | `./scripts/run-tests.sh --full` | All unit + integration tests pass | Compatibility, Reliability |
+| AC-7   | Migrated repo | `docker-compose build` from repo root | Both images build without warnings about downgrade or framework conflict | Compatibility |
+| AC-8   | Migrated repo | Read `_docs/02_document/architecture.md` and `AGENTS.md` | All `.NET 8.0` framework-version mentions are now `.NET 10` | — |
+
+## Constraints
+
+- **Coordinated bump**: TFM, SDK pin, Docker images, CI images, and Microsoft.AspNetCore.* / Microsoft.Extensions.* package versions ALL move in the same commit (or same set of commits inside one PR). Do NOT split into "TFM-first, packages-later" — that creates an intermediate state where `dotnet restore` may pick the wrong framework version of a package.
+- **Implementer must verify package availability** before pinning a 10.0.x version. If `Microsoft.AspNetCore.Authentication.JwtBearer 10.0.x` is not yet on NuGet, STOP and ask — do not silently keep 8.0.25 (that defeats AC-4 in spirit even if it lets `dotnet restore` succeed).
+- **Use the established Docker pattern for builds** (per AGENTS.md): `docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:10.0 sh -c "..."`. Do NOT invoke host `dotnet build` from this agent's terminal — AGENTS.md is explicit about this. The single exception is during interactive debugging by the user.
+- **Do not silently fold in unrelated package bumps**. If the implementer notices `Microsoft.NET.Test.Sdk 17.8.0` could go to 17.x — that is a separate PBI. Note it in the batch report; do not bump.
+- **Do not rename any database objects** during this task (coderule.mdc constraint). The migration is runtime-only.
+- **Cycle-3 perf leftover deletion**: AC-5 specifies that the leftover file is deleted ONLY when the full perf script runs cleanly. If only the short bootstrap-smoke variant is run during this PBI's implementation, the leftover stays in place and is closed by Step 15 of this same cycle (which runs the full perf harness against the migrated build).
+
+## Risks & Mitigation
+
+**Risk 1: One of the `Microsoft.AspNetCore.*` 10.0.x packages introduces a behavioral change in JWT validation**
+- *Risk*: AZ-487/AZ-494 integration tests fail because JwtBearer 10.x changed default `TokenValidationParameters`, the lifetime tolerance behavior, or the WWW-Authenticate header shape.
+- *Mitigation*: AC-6 (full test suite green) is the gate. If a regression appears, the implementer reads the JwtBearer 10.x release notes, narrows the diff, and either updates the configuration to preserve 8.x semantics OR surfaces and asks. Do not silently relax the test.
+
+**Risk 2: `Microsoft.AspNetCore.OpenApi 10.x` breaks the Swagger UI generation**
+- *Risk*: AZ-353 / cycle-3 swagger-ready endpoint surface regresses.
+- *Mitigation*: AC-7 (image build) catches build-level breakage. After `docker-compose up`, manually probe `http://localhost:18980/swagger` — should return 301/200, not 500.
+
+**Risk 3: Microsoft.Extensions.* 10.0.x cascade**
+- *Risk*: Bumping all M.E.* to 10.0.x may pull in transitive updates that conflict with the still-pinned `Microsoft.IdentityModel.Tokens 7.0.3` / `System.IdentityModel.Tokens.Jwt 7.0.3`.
+- *Mitigation*: `dotnet restore` (run via `docker run sdk:10.0`) surfaces conflicts immediately. If a conflict appears, the implementer documents it and either bumps the IdentityModel packages as part of this PBI (preferred — they're security-sensitive) OR keeps 7.0.3 with a downgrade-tolerated note.
+
+**Risk 4: `Serilog.AspNetCore` has no 10.x line published**
+- *Risk*: Implementer can't bump cleanly.
+- *Mitigation*: Per Scope.Included, falling back to 8.0.3 on net10.0 is acceptable as long as it's documented in the batch report. Serilog targets netstandard 2.0; 8.0.3 should restore on net10 unless a transitive dep is the blocker.
+
+**Risk 5: Cycle-3 perf-harness still fails after migration for a non-SDK reason**
+- *Risk*: AC-5 short smoke succeeds at the bootstrap step but Step 15 (Performance Test) of cycle 4 still finds threshold regressions (e.g., PT-08 batch p95 > 2000ms because of a real .NET 10 ASP.NET pipeline change).
+- *Mitigation*: AC-5 only gates the bootstrap step (the cycle-3 leftover's specific failure mode). Step 15 of cycle 4 is the real perf-threshold gate. If thresholds regress, that becomes a Step 15 decision (defer to leftover, raise threshold, or root-cause), not a blocker for THIS PBI.
+
+**Risk 6: CI agent (`platform: arm64`) does not yet have a `mcr.microsoft.com/dotnet/sdk:10.0` arm64 image cached**
+- *Risk*: First CI run after merge takes longer than usual; or worse, the arm64 manifest doesn't exist for the chosen tag.
+- *Mitigation*: `mcr.microsoft.com/dotnet/sdk:10.0` is multi-arch (Microsoft publishes amd64 + arm64). Cycle 4 Step 16 Deploy is the integration point — verify the CI run succeeds before merging to dev.

_docs/03_implementation/batch_01_cycle4_report.md

@@ -0,0 +1,95 @@
+# Batch Report
+
+**Batch**: 1 (cycle 4)
+**Tasks**: AZ-500_dotnet10_migration
+**Date**: 2026-05-12
+
+## Task Results
+
+| Task | Status | Files Modified | Tests | AC Coverage | Issues |
+|------|--------|---------------|-------|-------------|--------|
+| AZ-500_dotnet10_migration | Done | 18 source/config + 2 doc + 1 leftover | 271/271 unit + full integration suite PASS | 8/8 ACs covered | 2 Medium (deferred, scope-protected) + 1 Low scope-doc |
+
+## Files Modified (21 total)
+
+**Build / project files (12)**:
+- `global.json`
+- `SatelliteProvider.Api/SatelliteProvider.Api.csproj`
+- `SatelliteProvider.Common/SatelliteProvider.Common.csproj`
+- `SatelliteProvider.DataAccess/SatelliteProvider.DataAccess.csproj`
+- `SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj`
+- `SatelliteProvider.Services.RegionProcessing/SatelliteProvider.Services.RegionProcessing.csproj`
+- `SatelliteProvider.Services.RouteManagement/SatelliteProvider.Services.RouteManagement.csproj`
+- `SatelliteProvider.Services.TileDownloader/SatelliteProvider.Services.TileDownloader.csproj`
+- `SatelliteProvider.TestSupport/SatelliteProvider.TestSupport.csproj`
+- `SatelliteProvider.Tests/SatelliteProvider.Tests.csproj`
+- `SatelliteProvider.Api/Dockerfile`
+- `SatelliteProvider.IntegrationTests/Dockerfile`
+
+**Source code (2)**:
+- `SatelliteProvider.Api/Program.cs` — Microsoft.OpenApi 2.x refactor (namespace + `OpenApiSecuritySchemeReference` + `JsonSchemaType` + `IOpenApiSchema` properties)
+- `SatelliteProvider.Api/Swagger/ParameterDescriptionFilter.cs` — namespace update
+
+**Scripts / CI (3)**:
+- `scripts/run-tests.sh` — 3× `mcr.microsoft.com/dotnet/sdk:8.0` → `:10.0`
+- `scripts/run-performance-tests.sh` — `bin/Release/net8.0/` → `bin/Release/net10.0/` (necessary for AC-5)
+- `.woodpecker/01-test.yml` — `mcr.microsoft.com/dotnet/sdk:8.0` → `:10.0`
+
+**Documentation (2)**:
+- `_docs/02_document/architecture.md` — Tech Stack table + Architecture Vision prose updated to .NET 10
+- `AGENTS.md` — Tech Stack section + Key packages list updated; Serilog.AspNetCore 8.0.3 fallback documented
+
+**Process (2)**:
+- `_docs/_autodev_state.md` — phase tracking
+- `_docs/_process_leftovers/2026-05-12_perf-cycle3-harness-execution.md` — replay #2 result added (bootstrap clean; PT-08 grep-pipefail bug surfaced as new follow-up)
+
+## Per-Task Notes
+
+### AZ-500: .NET 8 → .NET 10 migration
+
+**Implementation order** (single batch, sequential):
+
+1. Inventory current state: 9 csproj files on `net8.0`; `global.json sdk.version=8.0.0`; 4 Docker base image refs; 19 `Microsoft.AspNetCore.*` / `Microsoft.Extensions.*` package refs.
+2. Bump `global.json` SDK pin to `10.0.0` / `latestMinor`.
+3. Bump every `<TargetFramework>` from `net8.0` to `net10.0`.
+4. Bump all `Microsoft.AspNetCore.*` (8.0.25) and `Microsoft.Extensions.*` (9.0.10) packages to `10.0.7` (highest 10.0 patch on NuGet at run time).
+5. Initial attempt with `Serilog.AspNetCore 10.0.0` failed `dotnet restore` with NU1605 (transitive dep `Serilog.Sinks.File >= 7.0.0` conflicts with the project's pinned `6.0.0`). Per Risk #4 mitigation + "no unrelated package bumps" constraint, reverted Serilog.AspNetCore to `8.0.3` and documented in AGENTS.md.
+6. Bump Docker base images in 2 Dockerfiles (`aspnet:10.0`, `sdk:10.0`, `runtime:10.0`).
+7. Bump CI/script images: `scripts/run-tests.sh` (3 refs) + `.woodpecker/01-test.yml` (1 ref).
+8. Initial `Microsoft.AspNetCore.OpenApi 10.0.7` upgrade pulled `Microsoft.OpenApi 2.x` which removed the `Microsoft.OpenApi.Models` namespace. Compilation failed (CS0234, CS0246, CS7069) in `Program.cs` and `ParameterDescriptionFilter.cs`. User chose: bump Swashbuckle to 10.1.7 (which targets `Microsoft.OpenApi 2.4.1`) + refactor source to the 2.x API surface (`OpenApiSecuritySchemeReference`, `JsonSchemaType`, `IOpenApiSchema` dictionary properties, `using Microsoft.OpenApi;`).
+9. After build clean, found one remaining compile error: `OpenApiSecurityRequirement` collection initializer expected `List<string>` and Swashbuckle's `AddSecurityRequirement` expected `Func<OpenApiDocument, OpenApiSecurityRequirement>`. Fixed by wrapping in lambda + `new List<string>()`.
+10. `./scripts/run-tests.sh --full` → exit 0 (271/271 unit + full integration suite green).
+11. `docker compose up -d --build` → API healthy on `:18980` (anonymous request → 401, swagger → 200).
+12. Found `scripts/run-performance-tests.sh:49` had a hardcoded `bin/Release/net8.0/` path that would fail post-migration; bumped to `net10.0/`.
+13. AC-5 perf-bootstrap smoke (`PERF_REPEAT_COUNT=2 PERF_UAV_BATCH_SIZE=2`): build succeeded (no exit 3 — bootstrap clean), JWT mint OK, PT-01..PT-07 PASS. PT-08 crashed at `rejected=$(grep -o ... | wc -l | tr -d ' ')` because `grep -o` exits 1 on zero matches and `set -o pipefail` propagates. Pre-existing script bug, surfaced now because cycle 3 never reached PT-08. Documented in the perf-leftover file as a new follow-up; AC-5's bootstrap-only gate is satisfied.
+14. AC-8 docs verified via `grep` over `architecture.md` and `AGENTS.md` — both reflect `.NET 10` / `ASP.NET Core 10`.
+
+**Unresolved questions**: none.
+
+**Blockers**: none.
+
+## AC Test Coverage
+
+All 8 ACs covered (full trace in `reviews/batch_01_cycle4_review.md` → "AC Verification Trace"). Verification mix matches the task spec's Blackbox Tests table: AC-1/2/3/4/8 by `grep`, AC-6 by `./scripts/run-tests.sh --full`, AC-7 by `docker compose build`, AC-5 by manual smoke run.
+
+## Code Review Verdict
+
+**PASS_WITH_WARNINGS** — see `_docs/03_implementation/reviews/batch_01_cycle4_review.md`.
+
+Findings (all deferred per "scope discipline"; see review report Findings section + Recommended Follow-Up PBIs):
+
+1. F1 Medium — `WithOpenApi(...)` deprecation (ASPDEPR002) at 8 callsites in `Program.cs`. Migration intentionally preserved API surface per Risk #2.
+2. F2 Medium — CS8604 nullable warning in `ParameterDescriptionFilter.cs:25` from Microsoft.OpenApi 2.x stricter annotations.
+3. F3 Low — `scripts/run-performance-tests.sh:49` path fix was implicit in AC-5 but not in `Scope/Included`. Necessary, accepted.
+
+## Auto-Fix Attempts
+
+0 (no FAIL findings; PASS_WITH_WARNINGS proceeds without auto-fix).
+
+## Stuck Agents
+
+None.
+
+## Next Batch
+
+All AZ-500 work complete. Next: implement-skill Step 13 (archive task to `_docs/02_tasks/done/`) → Step 15 (Product Implementation Completeness Gate) → Step 16 (full test run is already green; record handoff to test-run skill in autodev Step 11) → autodev Step 11 (Run Tests) → Step 12 (Test-Spec Sync) → ...

_docs/03_implementation/implementation_completeness_cycle4_report.md

@@ -0,0 +1,89 @@
+# Product Implementation Completeness Gate — Cycle 4
+
+**Date**: 2026-05-12
+**Cycle**: 4
+**Verdict**: **PASS**
+
+## Scope
+
+Cycle 4 contained a single product implementation task: **AZ-500 — .NET 8 → .NET 10 migration**.
+
+This is a runtime / SDK / dependency-version migration with **no new product behaviour** added. The existing API surface, JWT contract, tile-storage contract, and all documented endpoints continue to function unchanged.
+
+## Per-Task Audit
+
+### AZ-500 — .NET 8 → .NET 10 migration → **PASS**
+
+**Promises (from task spec)**:
+
+| Section | Promise | Implemented? | Evidence |
+|---------|---------|--------------|----------|
+| Outcome | All 9 csproj target net10.0 | YES | `grep -r "<TargetFramework>" --include="*.csproj"` → 9/9 net10.0 |
+| Outcome | global.json sdk.version=10.0.0 / latestMinor | YES | `cat global.json` |
+| Outcome | All Dockerfiles + scripts on `:10.0` | YES | `grep -rE "mcr.microsoft.com/dotnet/" --include="*Dockerfile" --include="*.yml" --include="*.sh"` → 7/7 on `:10.0` |
+| Outcome | M.AspNetCore.Authentication.JwtBearer + M.AspNetCore.OpenApi + Serilog.AspNetCore + every M.Extensions.* on matching 10.x | PARTIAL — Serilog.AspNetCore at `8.0.3` (documented per Risk #4 mitigation) | csproj + AGENTS.md:244 |
+| Outcome | Full unit + integration test suite passes | YES | `./scripts/run-tests.sh --full` exit 0; 271/271 unit + full integration green |
+| Outcome | docker-compose build succeeds; API serves on :18980 | YES | `docker compose up -d --build` succeeded; anonymous request → HTTP 401, swagger → HTTP 200 |
+| Outcome | Cycle-3 perf-harness leftover replayed at Step 15 | DEFERRED to Step 15 of cycle 4 (per Constraints last bullet). Bootstrap-only smoke completed during AC-5; full perf gate runs at Step 15. Leftover updated with new (non-SDK) failure mode. | `_docs/_process_leftovers/2026-05-12_perf-cycle3-harness-execution.md` (replay #2 section) |
+| Outcome | architecture.md + AGENTS.md reflect .NET 10 | YES | Both files updated; grep shows .NET 10 / ASP.NET Core 10 references; no leftover `.NET 8.0` framework-version mentions |
+
+**Unresolved scaffold / stub / placeholder scan**:
+
+```
+grep -rE "(NotImplemented|placeholder|scaffold|native bridge|TODO|deterministic fallback|fake runner)" \
+  SatelliteProvider.Api/Program.cs SatelliteProvider.Api/Swagger/ParameterDescriptionFilter.cs
+```
+
+→ Only pre-existing matches on `MGRS-based tile retrieval is not implemented` (already a documented 501 stub from prior cycles, NOT introduced by AZ-500). No new scaffolds, stubs, placeholders, or "bridge to be supplied later" markers introduced by this task.
+
+**Named runtime dependency integration check**:
+
+The task names these runtime dependencies — all integrated as production behaviour, not interfaces or fakes:
+
+| Dependency | Promised | Actually integrated? | Where |
+|-----------|----------|----------------------|-------|
+| .NET 10 runtime | YES | YES — production app builds + runs against net10.0 in `mcr.microsoft.com/dotnet/aspnet:10.0` | API container, all 9 projects |
+| ASP.NET Core 10 minimal API | YES | YES — `Program.cs` continues to use minimal-API endpoint mapping | `Program.cs:174–219` |
+| Microsoft.AspNetCore.Authentication.JwtBearer 10.0.7 | YES | YES — `AddSatelliteJwt` registers JwtBearer; AZ-487/AZ-494 integration tests pass against the migrated build | `SatelliteProvider.Api/Authentication/AuthenticationServiceCollectionExtensions.cs` (untouched) + integration test PASS markers in run-tests.sh log |
+| Microsoft.AspNetCore.OpenApi 10.0.7 + Microsoft.OpenApi 2.4.1 | YES | YES — Swagger endpoint serves; integration test "✓ Swagger document declares Bearer (http, bearer, JWT)" PASSED; manual probe → HTTP 200 | `Program.cs:97–140` |
+| Microsoft.Extensions.* 10.0.7 (Caching.Memory, Configuration.*, DependencyInjection.*, Hosting.Abstractions, Http, Logging.*, Options.*) | YES | YES — every consuming service still instantiates and runs (integration suite covers TileService, RegionService, RouteService, UavTileUploadHandler) | per-component csproj refs |
+| Serilog.AspNetCore 10.0 | NO (fallback to 8.0.3 per Risk #4) | YES — production logging continues to work on .NET 10; integration test logs in API container show structured log output | `Program.cs:24–25`, AGENTS.md:244 |
+
+**Internal vs external classification**:
+
+All promises are INTERNAL (build configuration, package versions, Docker base images, runtime SDK, documentation). There are no EXTERNAL prerequisites that could BLOCK this task — no new hardware, licensed dataset, third-party service credential, or unavailable cross-team artifact.
+
+**Test path exercises real implementation**:
+
+| Test | Exercises real implementation? |
+|------|--------------------------------|
+| 271 unit tests in `SatelliteProvider.Tests` | YES — all tests build against net10.0 and run against the migrated `Microsoft.AspNetCore.*` / `Microsoft.Extensions.*` packages. No mocks substituted for the framework. |
+| Integration suite (JWT, UAV upload, tile download, region processing, route management, geofence) | YES — integration test container runs against the live API container which is built FROM `mcr.microsoft.com/dotnet/aspnet:10.0`. Real PostgreSQL, real Google Maps API session token, real JWT validation. |
+| AC-5 perf-bootstrap smoke (`PERF_REPEAT_COUNT=2 PERF_UAV_BATCH_SIZE=2`) | YES — `dotnet build SatelliteProvider.IntegrationTests --configuration Release` ran on the host's .NET 10 SDK; PT-01..PT-07 hit the live API on :18980 via authenticated curl. |
+
+**End-to-end pipeline check**:
+
+The architecture promises a full HTTP API → Service → DataAccess → PostgreSQL pipeline. Verified end-to-end by:
+
+1. `docker compose up -d --build` brings up `satellite-provider-postgres` (healthy) + `satellite-provider-api` (started)
+2. API serves `/swagger` (HTTP 200) and rejects anonymous `/api/satellite/region/<id>` with HTTP 401
+3. Integration tests authenticate with a JwtTokenFactory-minted token and successfully POST regions, watch them transition to Completed via the background hosted service, and read back generated CSV/summary/stitched files
+4. PT-01..PT-07 also exercise the same end-to-end pipeline with real Google Maps tile downloads
+
+No stage of the pipeline is mocked or short-circuited.
+
+## Classification
+
+| Task | Classification |
+|------|----------------|
+| AZ-500 | **PASS** |
+
+No FAIL. No BLOCKED.
+
+## Remediation Tasks
+
+None required. The two Medium findings from the code review (`WithOpenApi` deprecation; CS8604 nullable in `ParameterDescriptionFilter.cs`) are **out of AZ-500's behaviour-preservation scope** and are flagged in the review report as recommended follow-up PBIs (cycle 5 candidates). Per `coderule.mdc` "scope discipline" — they do NOT block AZ-500 closure. The PT-08 grep-pipefail bug is a pre-existing script bug (not introduced by AZ-500) and is recorded in the perf-cycle3 leftover.
+
+## Gate Decision
+
+**Continue to Step 16 (Final Test Run handoff).**

_docs/03_implementation/implementation_report_dotnet10_migration_cycle4.md

@@ -0,0 +1,85 @@
+# Implementation Report — Cycle 4: .NET 10 Migration
+
+**Date**: 2026-05-12
+**Cycle**: 4
+**Feature**: AZ-500 — .NET 8 → .NET 10 migration
+**Status**: COMPLETE
+
+## Summary
+
+Cycle 4 was a single-task feature cycle. AZ-500 migrates the entire SatelliteProvider solution from .NET 8 LTS to .NET 10:
+
+- 9 csproj `TargetFramework` net8.0 → net10.0
+- `global.json` SDK pin 8.0.0 → 10.0.0 (`rollForward=latestMinor`)
+- 4 Docker base images (sdk / aspnet / runtime) bumped to `:10.0`
+- 19 `Microsoft.AspNetCore.*` (8.0.25) and `Microsoft.Extensions.*` (9.0.10) packages → `10.0.7`
+- 3 CI/script image refs (`scripts/run-tests.sh`, `scripts/run-performance-tests.sh:49` PERF_DLL path, `.woodpecker/01-test.yml`) updated to `:10.0` / `net10.0/`
+- `Microsoft.AspNetCore.OpenApi 10.0.7` pulled in `Microsoft.OpenApi 2.x`, requiring `Swashbuckle.AspNetCore 9.x → 10.1.7` and source-side refactor of `Program.cs` + `Swagger/ParameterDescriptionFilter.cs` to the new namespace + types
+- `Serilog.AspNetCore` retained at `8.0.3` (10.0.0 requires `Serilog.Sinks.File >= 7.0.0`, out of "no unrelated package bumps" scope) — documented in AGENTS.md
+- `architecture.md` + `AGENTS.md` Tech Stack sections updated to `.NET 10`
+
+## Acceptance Criteria — All 8 PASS
+
+Detailed AC verification trace lives in `_docs/03_implementation/reviews/batch_01_cycle4_review.md` (AC Verification Trace section). Summary:
+
+| AC | Result | Evidence |
+|----|--------|----------|
+| AC-1 — every csproj on net10.0 | PASS | `grep` over 9/9 csproj |
+| AC-2 — global.json sdk.version=10.0.0 / latestMinor | PASS | file content |
+| AC-3 — every docker/CI image on `:10.0` | PASS | `grep` over Dockerfiles + .yml + .sh |
+| AC-4 — M.AspNetCore.* + M.Extensions.* on 10.0.7; Serilog.AspNetCore 8.0.3 fallback documented | PASS | csproj + AGENTS.md:244 |
+| AC-5 — perf-bootstrap step succeeds (closes cycle-3 leftover) | PASS | `PERF_REPEAT_COUNT=2 PERF_UAV_BATCH_SIZE=2 ./scripts/run-performance-tests.sh` exit 1 (NOT 3 — bootstrap clean, build OK, JWT mint OK, PT-01..PT-07 PASS); leftover updated with new (non-SDK) PT-08 grep-pipefail bug |
+| AC-6 — full test suite green | PASS | `./scripts/run-tests.sh --full` exit 0; 271/271 unit + full integration suite |
+| AC-7 — `docker-compose build` succeeds with no downgrade/framework/missing-image warnings | PASS | both build paths verified; only warnings emitted are F1 ASPDEPR002 + F2 CS8604 (neither is "downgrade", "framework conflict", or "missing base image") |
+| AC-8 — docs reflect .NET 10 | PASS | `architecture.md` lines 5 + 67 updated; `AGENTS.md` lines 9 + 240–244 updated |
+
+## Code Review Verdict
+
+**PASS_WITH_WARNINGS** — full report at `_docs/03_implementation/reviews/batch_01_cycle4_review.md`. 0 Critical, 0 High, 2 Medium (deferred per scope discipline), 1 Low (scope documentary).
+
+## Product Implementation Completeness Gate
+
+**PASS** — full report at `_docs/03_implementation/implementation_completeness_cycle4_report.md`. AZ-500 is a runtime/SDK/dependency migration with no new product behaviour. All named runtime dependencies (.NET 10, ASP.NET Core 10, JwtBearer, OpenApi, M.Extensions.*, Serilog) are integrated as production behaviour, not interfaces or fakes. End-to-end pipeline verified via integration suite + manual `docker compose up` probe (anonymous → 401, swagger → 200).
+
+## Step 16 Final Test Run — HANDOFF to Step 11 (test-run skill)
+
+Per `.cursor/skills/implement/SKILL.md` Step 16:
+
+> If the next flow step is `Run Tests`, record a handoff in the final implementation report and let `.cursor/skills/test-run/SKILL.md` own the full-suite gate to avoid duplicate full runs.
+
+The active autodev flow is `existing-code` Phase B; the next step after `Implement` (Step 10) is `Run Tests` (Step 11). To avoid duplicate full runs, **the implement skill defers the final full-suite execution to Step 11**.
+
+**Prior in-cycle full run** — already executed during AC-6 verification:
+
+- Command: `./scripts/run-tests.sh --full`
+- Result: exit 0
+- Step 0 (`dotnet format whitespace --verify-no-changes`): PASS
+- Step 1 (unit tests): 271/271 passed in 4.2s
+- Step 2 (integration tests via docker-compose with `--abort-on-container-exit --exit-code-from integration-tests`): exit 0; visible PASSED markers cover JWT auth (anonymous-401, expired-401, tampered-401, valid-200, wrong-iss-401, wrong-aud-401, swagger declares Bearer), UAV upload (happy-path-accepted, mixed-batch, both-source-coexist, same-source-UPSERT-collapsed, anonymous-401, no-permission-403, oversized-400), tile retrieval + reuse, region processing (queue + complete + CSV/summary/stitched), route management (simple route, route+region+stitch, route+tiles-zip, complex 10-points + 2-geofences ×2, extended 20-action-points)
+- Coverage: written to `./TestResults/`
+
+The Step 11 test-run skill should re-confirm via the same command (or its own runner-detected equivalent) and own the BLOCKING gate on test-run failures.
+
+## Files Changed (21)
+
+See `_docs/03_implementation/batch_01_cycle4_report.md` "Files Modified" section for the categorised list (12 build/project + 2 source + 3 scripts/CI + 2 docs + 2 process).
+
+## Commit
+
+- `8131363` `[AZ-500] .NET 8 -> .NET 10 migration` (pushed to `origin/dev`)
+
+## Tracker
+
+Jira AZ-500 transitioned: **In Progress → In Testing** (transition ID 32, `denyspopov.atlassian.net`).
+
+## Follow-Up PBIs (Recommended; Out of AZ-500 Scope)
+
+1. **`scripts/run-performance-tests.sh:416-417` grep-pipefail fix** (1 SP) — `grep -o ... | wc -l` → `grep -c ... || true`. Unblocks Step 15 (Performance Test) full-run + closes the cycle-3 perf leftover. Trace + suggested patch in `_docs/_process_leftovers/2026-05-12_perf-cycle3-harness-execution.md`.
+2. **Migrate `WithOpenApi(...)` callsites to ASP.NET Core 10 minimal-API metadata extensions** (3 SP) — 8 callsites in `Program.cs` emit ASPDEPR002 obsolete-warning; future ASP.NET Core release will remove the API. Replace with `WithSummary` / `WithDescription` / `WithName`.
+3. **Microsoft.OpenApi 2.x nullable cleanup** (1 SP) — covers F2 CS8604 in `ParameterDescriptionFilter.cs:25`. Trivial null-pattern guard.
+
+These are recorded here for the Step 17 retrospective and for the next /new-task invocation; they are NOT created as task files in this cycle (per `coderule.mdc` "scope discipline" — surface and let the user decide).
+
+## Cycle Status
+
+`_docs/_autodev_state.md` will be updated by autodev to advance from Step 10 (Implement) → Step 11 (Run Tests).

_docs/03_implementation/reviews/batch_01_cycle4_review.md

@@ -0,0 +1,84 @@
+# Code Review Report
+
+**Batch**: 1 (cycle 4) — `AZ-500_dotnet10_migration`
+**Date**: 2026-05-12
+**Verdict**: PASS_WITH_WARNINGS
+
+## Findings
+
+| # | Severity | Category | File:Line | Title |
+|---|----------|----------|-----------|-------|
+| 1 | Medium | Maintainability | SatelliteProvider.Api/Program.cs:174–219 | `WithOpenApi(...)` extension is deprecated in ASP.NET Core 10 (ASPDEPR002) — slated for removal |
+| 2 | Medium | Maintainability | SatelliteProvider.Api/Swagger/ParameterDescriptionFilter.cs:25 | CS8604 — `parameter.Name` is nullable in Microsoft.OpenApi 2.x; missing null guard |
+| 3 | Low | Scope | scripts/run-performance-tests.sh:49 | Fix to `bin/Release/netX.0/` path was implicit in AC-5 but not explicitly listed in task spec's `Scope/Included` |
+
+### Finding Details
+
+**F1: `WithOpenApi(...)` extension is deprecated in ASP.NET Core 10 (ASPDEPR002)** (Medium / Maintainability)
+- Location: `SatelliteProvider.Api/Program.cs:174,178,182,187,199,207,211,219` (8 endpoint mappings)
+- Description: `OpenApiEndpointConventionBuilderExtensions.WithOpenApi<TBuilder>(TBuilder, Func<OpenApiOperation, OpenApiOperation>)` is marked obsolete with diagnostic ID `ASPDEPR002` ("WithOpenApi is deprecated and will be removed in a future release"). The build emits 8 deprecation warnings — one per endpoint that calls `.WithOpenApi(op => new(op) { Summary = ... })`. The migration intentionally kept the existing surface to minimise behavioural risk (Risk #2 in AZ-500 task spec), but this is a known follow-up. See https://aka.ms/aspnet/deprecate/002 for the recommended replacement (`.WithSummary(...)` / `.WithDescription(...)` / `.WithName(...)` minimal-API metadata extensions).
+- Suggestion: Open a follow-up PBI to migrate the 8 callsites to the new minimal-API metadata extensions (`WithSummary`, `WithDescription`, `WithName`, `WithTags`). Out of AZ-500 scope per `coderule.mdc` "scope discipline" — AZ-500's contract is "preserve behaviour during runtime/SDK migration, do not adopt new APIs."
+- Task: AZ-500
+
+**F2: CS8604 — `parameter.Name` is nullable in Microsoft.OpenApi 2.x** (Medium / Maintainability)
+- Location: `SatelliteProvider.Api/Swagger/ParameterDescriptionFilter.cs:25`
+  ```csharp
+  if (parameterDescriptions.TryGetValue(parameter.Name, out var description))
+  ```
+- Description: Microsoft.OpenApi 2.x added stricter nullable annotations — `OpenApiParameter.Name` is now declared `string?`, while `Dictionary<string, string>.TryGetValue(string key, ...)` requires non-null. The build emits one CS8604 warning. At runtime any parameter without a `Name` would NRE here, although in practice every Swashbuckle-emitted parameter has a non-null `Name`. Trivial defensive fix.
+- Suggestion (one-line, can land in this batch if user prefers):
+  ```csharp
+  if (parameter.Name is { } name && parameterDescriptions.TryGetValue(name, out var description))
+  ```
+  Otherwise defer to a follow-up nullable-cleanup PBI.
+- Task: AZ-500
+
+**F3: `scripts/run-performance-tests.sh:49` path fix was implicit, not explicitly listed in task scope** (Low / Scope)
+- Location: `scripts/run-performance-tests.sh:49` — `PERF_DLL=".../bin/Release/net8.0/..."` → `.../bin/Release/net10.0/...`
+- Description: AZ-500's `Scope/Included` lists `scripts/run-tests.sh` and `.woodpecker/01-test.yml` for image bumps but does NOT explicitly mention `scripts/run-performance-tests.sh`. However, AC-5 requires the perf-bootstrap to succeed; without this path fix, `dotnet "$PERF_DLL"` would always fail (file not found at the old path). This is necessary scope creep, not opportunistic — AC-5 cannot pass without it. Recorded as Low/Scope rather than Spec-Gap because the fix is required by AC-5's letter.
+- Suggestion: Accept as in-scope. No code change needed — this finding is documentary.
+- Task: AZ-500
+
+## Phase Summary
+
+| Phase | Result | Notes |
+|-------|--------|-------|
+| 1. Context Loading | OK | Task spec read; 21 changed files mapped to AZ-500 |
+| 2. Spec Compliance | PASS | All 8 ACs satisfied (verified by grep + build + test run + manual smoke) |
+| 3. Code Quality | PASS_WITH_WARNINGS | F1 + F2 flagged; otherwise pure version-bump diff |
+| 4. Security Quick-Scan | PASS | No new code paths; JWT validation contract preserved (AC-6 covers AZ-487/AZ-494 regression) |
+| 5. Performance Scan | PASS | No new logic; .NET 10 ASP.NET pipeline expected to improve, not regress (gated at Step 15) |
+| 6. Cross-Task Consistency | N/A | Single-task batch |
+| 7. Architecture Compliance | PASS | No layer-direction violations; no new cross-component imports; `using Microsoft.OpenApi;` is external |
+
+## AC Verification Trace
+
+| AC | Verification | Result |
+|----|-------------|--------|
+| AC-1 (every csproj net10.0) | `grep -r "<TargetFramework>" --include="*.csproj"` → 9/9 net10.0, 0 net8.0 | PASS |
+| AC-2 (global.json sdk.version=10.0.0) | `cat global.json` → `"version": "10.0.0", "rollForward": "latestMinor"` | PASS |
+| AC-3 (all docker images :10.0) | `grep -rE "mcr.microsoft.com/dotnet/" --include="*Dockerfile" --include="*.yml" --include="*.sh"` → 7/7 references on `:10.0` | PASS |
+| AC-4 (M.AspNetCore.* / M.Extensions.* on 10.0.7) | `grep` over csprojs → 19 references on `10.0.7`; Serilog.AspNetCore at `8.0.3` (documented per Risk #4 in AGENTS.md:244) | PASS |
+| AC-5 (perf-bootstrap succeeds, leftover updated) | `PERF_REPEAT_COUNT=2 PERF_UAV_BATCH_SIZE=2 ./scripts/run-performance-tests.sh` → exit code 1 (NOT 3 — bootstrap succeeded, build OK, JWT mint OK, PT-01..PT-07 PASS, PT-08 crashed on pre-existing grep-pipefail bug). Leftover file updated with non-SDK failure detail. Per AZ-500 Constraints last bullet, leftover stays in place — closed by Step 15 of cycle 4 after the script grep fix lands. | PASS |
+| AC-6 (`./scripts/run-tests.sh --full` green) | Step 0 dotnet format → PASS; Step 1 unit tests → 271/271 passed in 4.2s; Step 2 integration tests → docker-compose with `--abort-on-container-exit --exit-code-from integration-tests` exited 0; visible PASSED markers cover JWT/UAV/Tile/Region/Route + 4 complex/extended route scenarios | PASS |
+| AC-7 (`docker-compose build` succeeds, no downgrade warnings) | Both `run-tests.sh` Step 2 build AND a separate `docker compose up -d --build` succeeded; only warnings emitted are F1 (ASPDEPR002) + F2 (CS8604) — neither is "package downgrade", "framework conflict", or "missing base image" | PASS |
+| AC-8 (docs reflect .NET 10) | `_docs/02_document/architecture.md:5` ".NET 10", line 67 Tech Stack table "10.0"; `AGENTS.md:9` ".NET 10", lines 240–244 packages list updated with Serilog fallback note | PASS |
+
+## Auto-Fix Eligibility
+
+Per `implement/SKILL.md` Step 10 matrix:
+
+- F1 (Medium / Maintainability) → eligible, but **deferred** — fix would expand scope beyond AZ-500's "preserve behaviour" contract; needs a follow-up PBI to migrate 8 endpoints to the new metadata API. Surfaced for user decision.
+- F2 (Medium / Maintainability) → eligible auto-fix. Trivial 1-line null guard. User can opt to fold into this batch or defer to a nullable-cleanup PBI.
+- F3 (Low / Scope) → no fix needed, documentary only.
+
+## Verdict Logic
+
+- 0 Critical, 0 High → no FAIL gate triggered.
+- 2 Medium + 1 Low → **PASS_WITH_WARNINGS**.
+
+## Recommended Follow-Up PBIs (out of AZ-500 scope)
+
+1. **`scripts/run-performance-tests.sh:416-417` grep-pipefail fix** (1 point) — replace `grep -o ... | wc -l` with `grep -c ... || true`; unblocks Step 15 perf full-run + closes the perf-cycle3 leftover. See `_docs/_process_leftovers/2026-05-12_perf-cycle3-harness-execution.md` for the trace.
+2. **Migrate `WithOpenApi(...)` callsites to ASP.NET Core 10 minimal-API metadata extensions** (3 points) — 8 callsites in `Program.cs`; covers F1.
+3. **Microsoft.OpenApi 2.x nullable cleanup** (1 point) — covers F2 plus any other nullable annotations exposed by the migration (none others detected in this batch, but a project-wide grep is recommended).

_docs/_autodev_state.md

@@ -2,13 +2,13 @@
 
 ## Current Step
 flow: existing-code
-step: 9
-name: New Task
-status: not_started
+step: 10
+name: Implement
+status: in_progress
 sub_step:
-  phase: 0
-  name: awaiting-invocation
-  detail: "CYCLE 3 COMPLETE. Step 17 (Retrospective) wrote retro_2026-05-12_cycle3.md + structure_2026-05-12_cycle3.md + 3 new ring-buffer lessons in LESSONS.md. Verdict: first cycle with net-negative architecture delta (-3 Medium-or-above resolved, 0 new Medium); 100% review pass rate (5/5 batches); 5 of 6 tasks completed first attempt; all prior-retro actions translated to closed work. Loop back to Step 9 (New Task) for cycle 4 per existing-code.md § Re-Entry After Completion."
+  phase: 15
+  name: product-completeness-gate
+  detail: ""
 retry_count: 0
 cycle: 4
 tracker: jira

_docs/_process_leftovers/2026-05-12_perf-cycle3-harness-execution.md

@@ -1,44 +1,101 @@
 # Leftover — Cycle 3 perf harness execution
 
-**Timestamp**: 2026-05-12T00:00:00Z (UTC+3 wallclock 2026-05-12 ~03:00)
-**Reason for deferral**: User skipped the Step 15 (Performance Test) gate. Per `meta-rule.mdc`, performance tests require explicit approval; a skipped question is not approval. Defaulted to skip + record-as-leftover to avoid blocking the autodev's progress through Steps 16-17.
+**Timestamp**: 2026-05-12T02:25:00Z (replay #2 — post AZ-500 .NET 10 migration; original deferral 2026-05-12T00:00:00Z)
+**Reason for deferral**: User skipped the Step 15 (Performance Test) gate of cycle 3. Per `meta-rule.mdc`, performance tests require explicit approval; a skipped question is not approval. Defaulted to skip + record-as-leftover to avoid blocking cycle-3 progress through Steps 16-17.
 
-## What was deferred
+## Replay attempt #1 — 2026-05-12T01:11:00Z (cycle 4 /autodev start, pre-migration)
 
-Execution of `scripts/run-performance-tests.sh` against the cycle-3 build. The harness was made runnable by AZ-492 and would exercise:
+User picked A (run perf harness now). Stack came up cleanly via `docker-compose up -d --build`. Perf script `scripts/run-performance-tests.sh` failed at the bootstrap step (`dotnet build SatelliteProvider.IntegrationTests` for the `--mint-only` JWT subcommand) because the host had only .NET 10.0.103 SDK installed and `global.json` pinned `sdk.version=8.0.0` with `rollForward=latestMinor` (only rolls within 8.0.x). Exit code 3.
 
-- **PT-01..PT-06** — regression probes (latency / status checks for the existing endpoints with JWT attach, post-AZ-487 + post-AZ-494)
-- **PT-07** — cold + warm region-tile distribution (cold p50/p95 vs warm p50/p95; fails if warm p95 ≥ cold p95)
-- **PT-08** — UAV batch upload distribution (batch p50/p95 + per-item proxy; gated at AZ-488 NFR of batch p95 ≤ 2000 ms)
+Sibling script `scripts/run-tests.sh` does NOT have this problem because it shells out to `docker run --rm ... mcr.microsoft.com/dotnet/sdk:8.0` for every dotnet invocation. The perf script was written without that pattern.
 
-## Pre-requisites for replay
+Per cycle-3 lesson "scenarios accumulate as Unverified across cycles" — this is a real script bug, not just a host quirk.
 
-The harness needs the same env vars that the cycle-3 test run consumes:
+## Replay attempt #2 — 2026-05-12T02:21:00Z (cycle 4, AC-5 of AZ-500 short bootstrap-smoke)
 
-- `JWT_SECRET` — ≥ 32 bytes; already in `.env`
-- `JWT_ISSUER` — already in `.env` as DEV-ONLY (AZ-494)
-- `JWT_AUDIENCE` — already in `.env` as DEV-ONLY (AZ-494)
-- `GOOGLE_MAPS_API_KEY` — already in `.env`
+After AZ-500 landed (.NET 10 migration: TFM, global.json `sdk.version=10.0.0`, all Docker images, all `Microsoft.AspNetCore.*` / `Microsoft.Extensions.*` packages, `scripts/run-performance-tests.sh:49` `bin/Release/net8.0/` → `bin/Release/net10.0/`), re-ran the AC-5 short variant:
+
+```
+PERF_REPEAT_COUNT=2 PERF_UAV_BATCH_SIZE=2 ./scripts/run-performance-tests.sh
+```
+
+against `docker-compose up -d --build` (api healthy on `:18980`, swagger 200, anonymous request 401). Trace summary:
+
+| Step | Result |
+|------|--------|
+| Build `SatelliteProvider.IntegrationTests` (Release) | **OK** (build succeeded, 11 NU1902/CA2227 warnings, 0 errors, 41.5s) |
+| `--mint-only` JWT subcommand | **OK** (341-byte token, 4h lifetime) |
+| PT-01 cold tile download | **PASS** (2538ms / 30000ms threshold) |
+| PT-02 cached tile retrieval | **PASS** (195ms / 500ms) |
+| PT-03 region 200m / z18 | **PASS** (384ms / 60000ms) |
+| PT-04 region 500m / z18 + stitch | **PASS** (2202ms / 120000ms) |
+| PT-05 5 concurrent regions | **PASS** (3258ms / 300000ms) |
+| PT-06 route creation (2 points) | **PASS** (178ms / 5000ms) |
+| PT-07 cold/warm region request | **PASS** (warm p95 2340ms < cold p95 3241ms) |
+| PT-08 UAV batch upload | **CRASHED** at first batch summarisation — see below |
+
+**Bootstrap step DID NOT exit with code 3** — host SDK / global.json mismatch is gone. AC-5 met.
+
+## Replay attempt #2 — root cause of PT-08 crash (NOT an SDK / .NET 10 issue)
+
+`bash -x` trace shows the script silently exits right after `rejected=0` and the cleanup trap fires. The script bug is at `scripts/run-performance-tests.sh:417`:
+
+```bash
+rejected=$(grep -o '"status":"rejected"' "$PERF_TMP_DIR/pt08_resp.json" | wc -l | tr -d ' ')
+```
+
+When the upload response has zero rejected items (the happy-path case), `grep -o` exits 1 (no matches). With `set -o pipefail` (line 16) the pipeline returns 1; with `set -e` the assignment kills the script. The sibling line at 416 for `accepted` only worked in this trace because the response had 2 accepted items so `grep` exited 0.
+
+This bug pre-existed AZ-500. It was previously masked because the perf script never reached PT-08 — it failed at bootstrap (replay #1) due to the SDK mismatch. The .NET 10 migration unmasked it by clearing the bootstrap blocker. PT-01..PT-07 are unaffected (no `grep -c`/`grep -o` counts on potentially-empty matches).
+
+The actual perf-relevant data PT-08 captured before crashing (one batch run completed): HTTP 200, batch latency 99ms (well under the AZ-488 2000ms p95 threshold), accepted=2, rejected=0. So the underlying perf is healthy; only the script's failure-counting harness is buggy.
+
+## Resolution path (forward)
+
+Two follow-up fixes are needed; **both are out of AZ-500 scope** per `coderule.mdc` "scope discipline":
+
+1. **`scripts/run-performance-tests.sh:416-417`** — defensive grep-counting. Replace
+   ```bash
+   accepted=$(grep -o '"status":"accepted"' "$PERF_TMP_DIR/pt08_resp.json" | wc -l | tr -d ' ')
+   rejected=$(grep -o '"status":"rejected"' "$PERF_TMP_DIR/pt08_resp.json" | wc -l | tr -d ' ')
+   ```
+   with a pipefail-tolerant variant such as
+   ```bash
+   accepted=$(grep -c '"status":"accepted"' "$PERF_TMP_DIR/pt08_resp.json" || true)
+   rejected=$(grep -c '"status":"rejected"' "$PERF_TMP_DIR/pt08_resp.json" || true)
+   ```
+   (`grep -c` already counts; `|| true` neutralises the exit-1-on-no-match case when summed with `set -o pipefail`/`set -e`).
+
+2. **Step 15 (Performance Test) of cycle 4** — re-run the *full* harness (default `PERF_REPEAT_COUNT=20 PERF_UAV_BATCH_SIZE=10`) after the script fix lands. Only then can the leftover be deleted (per `Constraints` last bullet of AZ-500: "leftover file is deleted ONLY when the full perf script runs cleanly").
+
+## Pre-requisites for full replay
+
+Same as before — env vars must be present (already in `.env`):
+
+- `JWT_SECRET` — ≥ 32 bytes
+- `JWT_ISSUER` — DEV-ONLY (AZ-494)
+- `JWT_AUDIENCE` — DEV-ONLY (AZ-494)
+- `GOOGLE_MAPS_API_KEY`
 
 Optionally:
 - `PERF_REPEAT_COUNT` (default 20)
 - `PERF_UAV_BATCH_SIZE` (default 10)
 
-## How to replay
+## How to replay (after the script fix lands)
 
 ```bash
-./scripts/run-performance-tests.sh
+docker-compose up -d --build           # bring up API on :18980
+./scripts/run-performance-tests.sh     # ~3-5 minutes; full PT-01..PT-08
+docker-compose down --remove-orphans
 ```
 
-(brings up its own docker-compose stack; cleans up on exit; ~3-5 minutes for default counts)
-
 ## Why this is NOT a hard blocker
 
+- AC-5 of AZ-500 only gates the bootstrap step ("does NOT exit with code 3"). That is met.
 - The cycle-3 implementation report and code review verdicts already note that the perf harness was statically verified (script grep + integration-test compile + AZ-492 AC-1/AC-4/AC-5/AC-6 covered).
-- The AZ-488 batch-p95 threshold was set in cycle 2 and existing integration tests do NOT regress at the cycle-3 build (Step 11 full suite all-green).
-- No cycle-3 change altered the production hot paths beyond JWT validation (AZ-494 adds two string comparisons per request — sub-microsecond).
-- The cycle-2 deploy also skipped this gate (Option B) without negative consequences.
+- The AZ-488 batch-p95 threshold was set in cycle 2; the one PT-08 batch we did capture (99ms) is far below the 2000ms threshold.
+- No cycle-3/cycle-4 change altered production hot paths beyond JWT validation (AZ-494 adds two string comparisons per request — sub-microsecond).
 
 ## Replay obligation
 
-Per `tracker.mdc` Leftovers Mechanism: at the start of the next `/autodev` invocation, this leftover should be replayed by running the perf harness, then either deleted (if it passes) or updated with the failure detail.
+Open a new follow-up PBI for the `scripts/run-performance-tests.sh:416-417` grep fix. Once that lands and a full perf run is green, delete this file. Until then, this leftover stays.

global.json

@@ -1,7 +1,7 @@
 {
   "sdk": {
-    "version": "8.0.0",
+    "version": "10.0.0",
     "rollForward": "latestMinor",
     "allowPrerelease": false
   }
-}
+}

scripts/run-performance-tests.sh

@@ -46,7 +46,7 @@ if { [[ -z "${JWT_SECRET:-}" ]] || [[ -z "${JWT_ISSUER:-}" ]] || [[ -z "${JWT_AU
 fi
 
 PERF_PROJECT="$PROJECT_ROOT/SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj"
-PERF_DLL="$PROJECT_ROOT/SatelliteProvider.IntegrationTests/bin/Release/net8.0/SatelliteProvider.IntegrationTests.dll"
+PERF_DLL="$PROJECT_ROOT/SatelliteProvider.IntegrationTests/bin/Release/net10.0/SatelliteProvider.IntegrationTests.dll"
 
 # Pre-build IntegrationTests once so the --mint-only / --gen-uav-fixture
 # subcommands produce clean stdout (no interleaved Restore/Build chatter).

scripts/run-tests.sh

@@ -59,7 +59,7 @@ if [[ "$skip_format" == "true" ]]; then
     echo "Step 0: Skipping dotnet format check (--skip-format)"
 else
     echo "Step 0: dotnet format whitespace --verify-no-changes"
-    if ! docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:8.0 \
+    if ! docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:10.0 \
         dotnet format whitespace SatelliteProvider.sln --verify-no-changes; then
         echo ""
         echo "ERROR: Whitespace violations detected. Run 'dotnet format whitespace SatelliteProvider.sln' to fix."
@@ -70,7 +70,7 @@ fi
 
 if [[ "$mode" == "unit" ]]; then
     echo "Running unit tests only..."
-    docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:8.0 \
+    docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:10.0 \
         sh -c "dotnet restore SatelliteProvider.sln && dotnet test SatelliteProvider.Tests/SatelliteProvider.Tests.csproj --no-restore --configuration Release --collect:'XPlat Code Coverage' --results-directory /src/TestResults --logger 'console;verbosity=normal'"
     echo ""
     echo "=== Unit tests complete (coverage written to ./TestResults/) ==="
@@ -113,7 +113,7 @@ export JWT_ISSUER
 export JWT_AUDIENCE
 
 echo "Step 1: Unit tests"
-docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:8.0 \
+docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:10.0 \
     sh -c "dotnet restore SatelliteProvider.sln && dotnet test SatelliteProvider.Tests/SatelliteProvider.Tests.csproj --no-restore --configuration Release --collect:'XPlat Code Coverage' --results-directory /src/TestResults --logger 'console;verbosity=normal'"
 
 echo ""