Formal reviews of all review-sets; fix missing tags and ParseStartLine crash

[Copilot]

Ran formal code reviews across all 12 review-sets defined in .reviewmark.yaml. Two issues were identified and fixed.

Changes

docs/reqstream/sarifmark-system.yaml — Add missing tags: [public]

All 9 system-level requirements were missing the tags field that every other subsystem requirement carries. Added tags: [public] to each, consistent with the rest of the requirements files.

src/DemaConsulting.SarifMark/Sarif/SarifResults.cs — Fix crash on oversized startLine

ParseStartLine called GetInt32() unconditionally, which throws FormatException when a SARIF file contains a startLine value exceeding Int32.MaxValue. That exception was not caught by the Read method's catch (JsonException) block, causing an unhandled crash.

Fixed by replacing GetInt32() with TryGetInt32() — invalid or out-of-range values now silently return null instead of crashing:

// Before
return startLineElement.GetInt32(); // throws FormatException on overflow

// After
if (... && startLineElement.TryGetInt32(out var startLine))
    return startLine;
return null;

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code quality improvement

Related Issues

Pre-Submission Checklist

Before submitting this pull request, ensure you have completed the following:

Build and Test

• Code builds successfully: dotnet build --configuration Release
• All unit tests pass: dotnet test --configuration Release
• Self-validation tests pass:
  dotnet run --project src/DemaConsulting.SarifMark --configuration Release --framework net10.0
--no-build -- --validate
• Code produces zero warnings

Code Quality

• Code formatting is correct: dotnet format --verify-no-changes
• New code has appropriate XML documentation comments
• Static analyzer warnings have been addressed

Quality Checks

Please run the following checks before submitting:

• All linters pass: ./lint.sh (Unix/macOS) or cmd /c lint.bat / ./lint.bat (Windows)

Testing

• Added unit tests for new functionality
• Updated existing tests if behavior changed
• All tests follow the AAA (Arrange, Act, Assert) pattern
• Test coverage is maintained or improved

Documentation

• Updated README.md (if applicable)
• Updated ARCHITECTURE.md (if applicable)
• Added code examples for new features (if applicable)
• Updated requirements.yaml (if applicable)

Additional Notes

Reviews with no findings: SarifMark-System, SarifMark-Cli, SarifMark-SelfTest, SarifMark-Utilities, SarifMark-Program, SarifMark-Context, SarifMark-SarifResult, SarifMark-Validation, SarifMark-PathHelpers.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://storage.googleapis.com/chromium-browser-snapshots/Linux_x64/1108766/chrome-linux.zip
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node install.js 127.0.0.1:039659 --role client --parentprocessid 18474 --telemetryoptedin false maConsulting.Sarrev-parse rgo/bin/bash bash --no�� --noprofile fgrep t/dotnet 1 DemaConsulting.Sexec ark.dll t/dotnet (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

This PR applies fixes found during formal reviews across the ReviewMark review-sets: it standardizes requirement metadata in reqstream docs and hardens SARIF parsing against malformed/oversized numeric input.

Changes:

• Add missing tags: [public] to all system-level requirements in docs/reqstream/sarifmark-system.yaml.
• Prevent a crash when startLine exceeds Int32.MaxValue by switching to TryGetInt32() in SarifResults.ParseStartLine.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
docs/reqstream/sarifmark-system.yaml	Adds missing tags: [public] fields for consistency with other reqstream requirement specs.
src/DemaConsulting.SarifMark/Sarif/SarifResults.cs	Makes SARIF startLine parsing resilient to out-of-range values by avoiding overflow exceptions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.