old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions

2026-01-15 18:37:59 +02:00
parent c631bacee2
commit 88a85cdd92
208 changed files with 32271 additions and 2287 deletions
--- a/src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs
+++ b/src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs
@@ -269,6 +269,9 @@ public sealed class EvidenceBundleExporter : IEvidenceBundleExporter
        sb.AppendLine("    │   ├── manifest.json");
        sb.AppendLine("    │   ├── sbom.cdx.json");
        sb.AppendLine("    │   ├── reachability.json");
+        sb.AppendLine("    │   ├── binary-diff.json       # Binary diff evidence");
+        sb.AppendLine("    │   ├── binary-diff.dsse.json  # Signed binary diff (if attested)");
+        sb.AppendLine("    │   ├── delta-proof.json       # Semantic diff summary");
        sb.AppendLine("    │   ├── vex/");
        sb.AppendLine("    │   ├── attestations/");
        sb.AppendLine("    │   ├── policy/");
@@ -359,6 +362,42 @@ public sealed class EvidenceBundleExporter : IEvidenceBundleExporter
                .ConfigureAwait(false);
        }

+        // Binary diff evidence - Sprint: SPRINT_20260112_009_SCANNER_binary_diff_bundle_export (BINDIFF-SCAN-002)
+        if (evidence.BinaryDiff is not null)
+        {
+            await AddJsonFileAsync("binary-diff.json", evidence.BinaryDiff, streams, entries, ct)
+                .ConfigureAwait(false);
+            
+            // Add DSSE-signed binary diff if attestation refs are present
+            if (evidence.BinaryDiff.AttestationRef is not null)
+            {
+                var dsseWrapper = new
+                {
+                    payloadType = "application/vnd.stellaops.binary-diff+json",
+                    payload = evidence.BinaryDiff,
+                    attestationRef = evidence.BinaryDiff.AttestationRef
+                };
+                await AddJsonFileAsync("binary-diff.dsse.json", dsseWrapper, streams, entries, ct)
+                    .ConfigureAwait(false);
+            }
+
+            // Add delta proof summary for semantic fingerprint changes
+            if (evidence.BinaryDiff.SemanticDiff is not null)
+            {
+                var deltaProof = new
+                {
+                    previousFingerprint = evidence.BinaryDiff.SemanticDiff.PreviousFingerprint,
+                    currentFingerprint = evidence.BinaryDiff.SemanticDiff.CurrentFingerprint,
+                    similarityScore = evidence.BinaryDiff.SemanticDiff.SimilarityScore,
+                    semanticChanges = evidence.BinaryDiff.SemanticDiff.SemanticChanges,
+                    functionChangeCount = evidence.BinaryDiff.FunctionChangeCount,
+                    securityChangeCount = evidence.BinaryDiff.SecurityChangeCount
+                };
+                await AddJsonFileAsync("delta-proof.json", deltaProof, streams, entries, ct)
+                    .ConfigureAwait(false);
+            }
+        }
+
        // Policy evidence
        if (evidence.Policy is not null)
        {