save checkpoint: save features

2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
--- a/docs/features/checked/binaryindex/patch-coverage-tracking.md
+++ b/docs/features/checked/binaryindex/patch-coverage-tracking.md
@@ -0,0 +1,35 @@
+# Patch Coverage Tracking
+
+## Module
+BinaryIndex
+
+## Status
+VERIFIED
+
+## Description
+Dedicated patch coverage API endpoint for tracking which CVE patches are covered in binary analysis.
+
+## Implementation Details
+- **Modules**: `src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/`
+- **Key Classes**:
+  - `PatchCoverageController` (`src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/PatchCoverageController.cs`) - REST API controller for patch coverage queries using `IDeltaSignatureRepository`
+  - `DeltaSignatureMatcher` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/DeltaSignatureMatcher.cs`) - matches delta signatures to assess patch coverage
+  - `DeltaSigService` / `DeltaSigServiceV2` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/`) - service layer for delta-sig operations
+- **Interfaces**: `IDeltaSignatureRepository` - repository for persisted delta signatures used by patch coverage queries
+
+## E2E Test Plan
+- [x] Query patch coverage API for a known CVE and verify coverage status (covered/not covered)
+- [x] Verify patch coverage percentage calculation: submit binaries with partial patch coverage
+- [x] Verify that delta signatures for the CVE fix are used to determine coverage
+- [x] Verify API returns correct coverage for batch queries across multiple CVEs
+- [x] Verify coverage tracking updates when new delta signatures are added
+
+## Verification
+- Tier 0/1/2 artifacts: `docs/qa/feature-checks/runs/binaryindex/patch-coverage-tracking/run-001/`.
+- Result: verified.
+- Evidence summary:
+  - `tier1-test-webservice-patchcoverage.log`: Passed 7/7.
+  - `tier1-test-deltasig-matcher.log`: Passed 8/8.
+  - `tier2-test-webservice-patchcoverage.log`: Passed 7/7.
+  - `tier2-test-deltasig-matcher.log`: Passed 8/8.
+- Note: webservice and webservice-tests builds were run with scoped output paths in this run to avoid concurrent binary-lock collisions on shared `bin/Release` outputs.