audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories
This commit is contained in:
master
54
docs/modules/reach-graph/README.md
Normal file
54
docs/modules/reach-graph/README.md
Normal file
@@ -0,0 +1,54 @@
|
||||
# ReachGraph
|
||||
|
||||
> Unified store for reachability subgraphs with edge-level explainability.
|
||||
|
||||
## Purpose
|
||||
|
||||
The ReachGraph module provides a unified store for reachability subgraphs, enabling fast, deterministic, audit-ready answers to "exactly why a dependency is reachable." It consolidates data from Scanner, Signals, and Attestor into content-addressed artifacts with edge-level explainability.
|
||||
|
||||
## Quick Links
|
||||
|
||||
- [Architecture](./architecture.md) - Technical design and implementation details
|
||||
- [Guides](./guides/) - Usage and query guides
|
||||
- [Schemas](./schemas/) - ReachGraph schema definitions
|
||||
|
||||
## Status
|
||||
|
||||
| Attribute | Value |
|
||||
|-----------|-------|
|
||||
| **Maturity** | Production |
|
||||
| **Last Reviewed** | 2025-12-29 |
|
||||
| **Maintainer** | Scanner Guild, Signals Guild |
|
||||
|
||||
## Key Features
|
||||
|
||||
- **Unified Schema**: Extends PoE subgraph format with edge explainability
|
||||
- **Content-Addressed Store**: All artifacts identified by BLAKE3 digest
|
||||
- **Slice Query API**: Fast queries by package, CVE, entrypoint, or file
|
||||
- **Deterministic Replay**: Verify that same inputs produce same graph
|
||||
- **DSSE Signing**: Offline-verifiable proofs
|
||||
|
||||
## Dependencies
|
||||
|
||||
### Upstream (this module depends on)
|
||||
- **Scanner** - CallGraph data source
|
||||
- **Signals** - ReachabilityFactDocument source
|
||||
- **Attestor** - PoE JSON source
|
||||
|
||||
### Downstream (modules that depend on this)
|
||||
- **Policy Engine** - Reachability-based policy evaluation
|
||||
- **Web Console** - Reachability visualization
|
||||
- **CLI** - Reachability queries
|
||||
- **ExportCenter** - Reachability data exports
|
||||
|
||||
## API Endpoints
|
||||
|
||||
- `POST /v1/reachgraphs` - Create new reachgraph
|
||||
- `GET /v1/reachgraphs/{digest}` - Retrieve reachgraph by digest
|
||||
- `GET /v1/reachgraphs/{digest}/slice` - Query slice of reachgraph
|
||||
- `POST /v1/reachgraphs/replay` - Verify deterministic replay
|
||||
|
||||
## Related Documentation
|
||||
|
||||
- [Scanner Architecture](../scanner/architecture.md)
|
||||
- [Signals Architecture](../signals/architecture.md)
|
||||
@@ -197,6 +197,6 @@ Track function-level reachability changes between scans:
|
||||
|
||||
- **Daily reachability stand-up** in `#reachability-build`.
|
||||
- **Fixture sync** every Friday: QA leads run reachbench matrix, post report to Confluence + link in `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md`.
|
||||
- **Decision log** – Append ADRs under `docs/adr/reachability-*` for schema changes.
|
||||
- **Decision log** – Append ADRs under `docs/technical/adr/reachability-*` for schema changes.
|
||||
|
||||
Keep this guide updated whenever scope shifts or a new sprint is added.
|
||||
|
||||
Reference in New Issue
Block a user