docs: restructure design and requirements files to comply with DEMA s…

…tandards

- Delete docs/design/introduction.txt and create docs/design/introduction.md
  with required Software Structure and Folder Layout sections
- Create docs/design/system.md with system architecture, external interfaces,
  data flow, and design constraints
- Rename docs/design/nuget-cache-design.md -> docs/design/nuget-cache.md
- Rename docs/design/path-helpers-design.md -> docs/design/path-helpers.md
- Create docs/reqstream/system.yaml with system-level requirements
- Rename docs/reqstream/unit-nuget-cache.yaml -> docs/reqstream/nuget-cache.yaml
- Rename docs/reqstream/unit-path-helpers.yaml -> docs/reqstream/path-helpers.yaml
- Move all OTS reqstream files into docs/reqstream/ots/ subdirectory
- Update requirements.yaml includes to use new file paths
- Update .reviewmark.yaml with standard review-sets including system-level
  reviews and requirements.yaml in needs-review

Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>

.reviewmark.yaml

@@ -1,60 +1,63 @@
 ---
 # ReviewMark Configuration File
-# This file defines which files require review, where the evidence store is located,
-# and how files are grouped into named review-sets following software unit boundaries.
-
-# Patterns identifying all files that require review.
-# Processed in order; prefix a pattern with '!' to exclude.
 needs-review:
-  - "**/*.cs"                    # All C# source and test files
-  - "docs/design/**/*.md"        # Design documents
+  - "requirements.yaml"          # Root requirements file
   - "docs/reqstream/**/*.yaml"   # Requirements files
+  - "docs/design/**/*.md"        # Design documents
+  - "**/*.cs"                    # All C# source and test files
   - "!**/obj/**"                 # Exclude build output
   - "!**/bin/**"                 # Exclude build output
 
-# Evidence source: review data and index.json are located in the 'reviews' branch
-# of this repository, accessed through the GitHub public HTTPS raw content access.
-# Note: The 'reviews' branch must be created and populated with review evidence PDFs
-# and an index.json before enforcement (--enforce flag) can be enabled in the pipeline.
 evidence-source:
   type: url
   location: https://raw.githubusercontent.com/demaconsulting/NuGetCaching/reviews/index.json
 
-# Review sets grouping files by logical unit of review.
-# Each review-set groups requirements, source, and tests for a coherent software unit
-# so that an AI-assisted review can verify consistency across the full evidence chain.
 reviews:
-  # Software unit reviews - one per class
+  - id: NuGetCaching-System
+    title: Review of NuGetCaching System Integration
+    paths:
+      - "docs/reqstream/system.yaml"
+      - "docs/design/introduction.md"
+      - "docs/design/system.md"
+
+  - id: NuGetCaching-Design
+    title: Review of NuGetCaching Architecture and Design
+    paths:
+      - "docs/reqstream/system.yaml"
+      - "docs/reqstream/platform-requirements.yaml"
+      - "docs/design/introduction.md"
+      - "docs/design/system.md"
+      - "docs/design/nuget-cache.md"
+      - "docs/design/path-helpers.md"
+
+  - id: NuGetCaching-AllRequirements
+    title: Review of All NuGetCaching Requirements
+    paths:
+      - "requirements.yaml"
+      - "docs/reqstream/**/*.yaml"
+
   - id: NuGetCaching-NuGetCache
     title: Review of NuGetCaching NuGetCache Unit
     paths:
-      - "docs/reqstream/unit-nuget-cache.yaml"
-      - "docs/design/nuget-cache-design.md"
+      - "docs/reqstream/nuget-cache.yaml"
+      - "docs/design/nuget-cache.md"
       - "src/**/NuGetCache.cs"
       - "test/**/NuGetCacheTests.cs"
 
   - id: NuGetCaching-PathHelpers
     title: Review of NuGetCaching PathHelpers Unit
     paths:
-      - "docs/reqstream/unit-path-helpers.yaml"
-      - "docs/design/path-helpers-design.md"
+      - "docs/reqstream/path-helpers.yaml"
+      - "docs/design/path-helpers.md"
       - "src/**/PathHelpers.cs"
       - "test/**/PathHelpersTests.cs"
 
-  # Platform and OTS dependency reviews
-  - id: Platform-Support
-    title: Review of Platform and Runtime Support Requirements
+  - id: NuGetCaching-OTS
+    title: Review of NuGetCaching Off-The-Shelf Dependencies
     paths:
-      - "docs/reqstream/platform-requirements.yaml"
+      - "docs/reqstream/ots/**/*.yaml"
 
-  - id: OTS-Dependencies
-    title: Review of Off-The-Shelf Software Dependencies
+  - id: NuGetCaching-Platform
+    title: Review of NuGetCaching Platform Support Requirements
     paths:
-      - "docs/reqstream/ots-mstest.yaml"
-      - "docs/reqstream/ots-reqstream.yaml"
-      - "docs/reqstream/ots-buildmark.yaml"
-      - "docs/reqstream/ots-versionmark.yaml"
-      - "docs/reqstream/ots-sarifmark.yaml"
-      - "docs/reqstream/ots-sonarmark.yaml"
-      - "docs/reqstream/ots-reviewmark.yaml"
-      - "docs/reqstream/ots-nuget.yaml"
+      - "docs/reqstream/platform-requirements.yaml"

docs/design/introduction.md

@@ -0,0 +1,61 @@
+# Introduction
+
+## Purpose
+
+This document provides the design documentation for the DemaConsulting NuGet Caching
+library. It serves as the bridge between requirements and implementation for formal
+code review and compliance auditing. Reviewers use this document to verify that the
+implementation matches the design, and auditors use it to trace requirements through
+design to code.
+
+## Scope
+
+This design documentation covers:
+
+- The `NuGetCache` public static class providing package caching functionality
+- The `PathHelpers` internal static class providing safe path-combination utilities
+- Design decisions and rationale for each unit
+- Traceability from design to requirements
+
+Excluded from scope:
+
+- NuGet protocol internals and third-party library design
+- Build and packaging infrastructure
+- Platform-specific NuGet configuration details
+
+## Software Structure
+
+The software is organized as follows:
+
+```text
+DemaConsulting.NuGet.Caching (System)
+├── NuGetCache (Unit)
+└── PathHelpers (Unit)
+```
+
+## Folder Layout
+
+The source code is organized to mirror the software structure:
+
+```text
+src/DemaConsulting.NuGet.Caching/
+├── NuGetCache.cs               — NuGet package caching class (public API)
+└── PathHelpers.cs              — Safe path combination utilities (internal)
+```
+
+Test code mirrors the source structure:
+
+```text
+test/DemaConsulting.NuGet.Caching.Tests/
+├── NuGetCacheTests.cs          — Tests for NuGetCache class
+└── PathHelpersTests.cs         — Tests for PathHelpers class
+```
+
+## Audience
+
+This document is intended for:
+
+- Software developers working on DemaConsulting NuGet Caching
+- Quality assurance teams validating design against requirements
+- Code reviewers assessing correctness and security of the implementation
+- Auditors verifying design traceability

docs/design/system.md

@@ -0,0 +1,56 @@
+# System Design
+
+## Overview
+
+The DemaConsulting NuGet Caching library is a .NET library that provides programmatic
+NuGet package caching functionality. The system ensures specific NuGet package versions
+are available in the local global packages cache before use, enabling tools and automation
+workflows to depend on locally cached packages without requiring the .NET SDK restore
+workflow.
+
+## System Architecture
+
+The system comprises two software units:
+
+- **NuGetCache**: The public API surface providing the `EnsureCachedAsync` method
+- **PathHelpers**: An internal utility class providing safe path-combination operations
+
+## External Interfaces
+
+### NuGet Protocol (NuGet.Protocol)
+
+The system communicates with NuGet package sources using the NuGet client SDK
+(`NuGet.Protocol` version 7.3.0). This provides:
+
+- `SourceRepository` for connecting to NuGet v2 and v3 feeds
+- `FindPackageByIdResource` for locating and downloading packages
+- `GlobalPackagesFolderUtility` for installing packages into the global cache
+
+### NuGet Configuration (NuGet.Configuration)
+
+The system reads NuGet configuration from the local machine using `NuGet.Configuration`
+version 7.3.0. This provides:
+
+- `Settings.LoadDefaultSettings` for reading the NuGet configuration hierarchy
+- `SettingsUtility.GetGlobalPackagesFolder` for resolving the cache directory
+- `PackageSourceProvider` for enumerating enabled package sources
+- `PackageSourceMapping` for respecting package source mapping rules
+
+## Data Flow
+
+1. Caller invokes `NuGetCache.EnsureCachedAsync(packageId, version)`
+2. The system loads NuGet configuration from machine/user settings
+3. The system checks for a cached package using the sentinel file (`.nupkg.metadata`)
+4. If not cached, the system queries configured NuGet sources sequentially
+5. On successful download, the package is installed into the global packages folder
+6. The absolute path to the cached package folder is returned
+
+## Design Constraints
+
+- The library targets .NET Standard 2.0 for maximum compatibility, with additional
+  security validation enabled on .NET 5.0 and later
+- The system reads from the same NuGet configuration hierarchy as the `dotnet` CLI
+  and Visual Studio, ensuring consistent behavior
+- All path operations use `PathHelpers.SafePathCombine` to prevent path traversal
+  vulnerabilities when processing package identifiers and version strings from
+  external NuGet feeds

docs/reqstream/system.yaml

@@ -0,0 +1,17 @@
+---
+# System-Level Requirements for the NuGetCaching Library
+#
+# These requirements define the overall system behavior and integration
+# requirements for the DemaConsulting NuGet Caching library.
+
+sections:
+  - title: System Requirements
+    requirements:
+      - id: Caching-Sys-PackageCaching
+        title: The system shall provide a .NET library for programmatic NuGet package caching.
+        justification: |
+          Tools and automation workflows need to ensure specific NuGet package versions are
+          available in the local global packages cache before use, without requiring the
+          full .NET SDK restore workflow.
+        tests:
+          - NuGetCache_EnsureCachedAsync_ReturnsPackageFolder

requirements.yaml

@@ -20,14 +20,15 @@
 #   list below (unit files first, then platform, then ots in alphabetical order)
 
 includes:
-  - docs/reqstream/unit-nuget-cache.yaml
-  - docs/reqstream/unit-path-helpers.yaml
+  - docs/reqstream/system.yaml
+  - docs/reqstream/nuget-cache.yaml
+  - docs/reqstream/path-helpers.yaml
   - docs/reqstream/platform-requirements.yaml
-  - docs/reqstream/ots-buildmark.yaml
-  - docs/reqstream/ots-mstest.yaml
-  - docs/reqstream/ots-nuget.yaml
-  - docs/reqstream/ots-reqstream.yaml
-  - docs/reqstream/ots-reviewmark.yaml
-  - docs/reqstream/ots-sarifmark.yaml
-  - docs/reqstream/ots-sonarmark.yaml
-  - docs/reqstream/ots-versionmark.yaml
+  - docs/reqstream/ots/buildmark.yaml
+  - docs/reqstream/ots/mstest.yaml
+  - docs/reqstream/ots/nuget.yaml
+  - docs/reqstream/ots/reqstream.yaml
+  - docs/reqstream/ots/reviewmark.yaml
+  - docs/reqstream/ots/sarifmark.yaml
+  - docs/reqstream/ots/sonarmark.yaml
+  - docs/reqstream/ots/versionmark.yaml