save checkpoint: save features

2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
--- a/docs/features/unimplemented/binaryindex/binary-intelligence-graph-binary-identity-indexing.md
+++ b/docs/features/unimplemented/binaryindex/binary-intelligence-graph-binary-identity-indexing.md
@@ -0,0 +1,38 @@
+# Binary Intelligence Graph / Binary Identity Indexing
+
+## Module
+BinaryIndex
+
+## Status
+PARTIALLY_IMPLEMENTED
+
+## Description
+Complete BinaryIndex module with binary identity indexing, ELF feature extraction, vulnerability fingerprint matching, and reachability status tracking. Advisory marked as SUPERSEDED by this implementation.
+
+## Implementation Details
+- **Modules**: `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/`
+- **Key Classes**:
+  - `BinaryIdentityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/BinaryIdentityService.cs`) - binary identity management
+  - `ElfFeatureExtractor` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/ElfFeatureExtractor.cs`) - ELF feature extraction
+  - `BinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Services/BinaryVulnerabilityService.cs`) - vulnerability matching with Build-ID catalog lookups
+  - `SignatureMatcher` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/SignatureMatcher.cs`) - signature-based vulnerability fingerprint matching
+  - `ReachGraphBinaryReachabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/ReachGraphBinaryReachabilityService.cs`) - reachability status tracking
+- **Models**: `BinaryIdentity`, `FixModels` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Models/`)
+- **Persistence**: `IBinaryVulnAssertionRepository`, `IBinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/`)
+
+## E2E Test Plan
+- [ ] Verify end-to-end flow: submit binary, extract identity, index in the graph, and query by Build-ID
+- [ ] Verify vulnerability fingerprint matching via `SignatureMatcher` returns correct match scores
+- [ ] Verify reachability status tracking integrates with ReachGraph
+- [ ] Verify `BinaryVulnerabilityService` correctly maps match methods (buildid_catalog, delta_signature, etc.)
+- [ ] Verify binary identity indexing supports multi-tenant contexts via `ITenantContext`
+
+## Verification
+- Run: `docs/qa/feature-checks/runs/binaryindex/binary-intelligence-graph-binary-identity-indexing/run-001/`
+- Date (UTC): 2026-02-11
+- Verdict: `not_implemented`
+
+## Missing / Mismatched Behavior
+- Default WebService runtime composition wires `IBinaryVulnerabilityService` to `InMemoryBinaryVulnerabilityService`, so live resolution API behavior does not exercise full persistence-backed vulnerability matching.
+- Analysis service registration defaults to `NullBinaryReachabilityService` unless explicitly overridden, so ReachGraph-backed reachability tracking is not active by default.
+- `BinaryVulnerabilityService` method mapping does not explicitly include `delta_signature` in `MapMethod`, which mismatches the documented match-method coverage claim.