audit, advisories and doctors/setup work

docs/dev/extending-binary-analysis.md

@@ -15,68 +15,38 @@ The binary analysis system is designed for extensibility. You can add support fo
 ### Core Interfaces
 
 ```
-┌─────────────────────────────────────────────────────────────────┐
-│                    Binary Analysis Pipeline                      │
-├─────────────────────────────────────────────────────────────────┤
-│                                                                 │
-│  IBinaryFormatDetector ──▶ ISectionHashExtractor<TConfig>       │
-│          │                         │                            │
-│          ▼                         ▼                            │
-│  BinaryFormat enum         SectionHashSet                       │
-│  (elf, pe, macho)          (per-format)                        │
-│                                    │                            │
-│                                    ▼                            │
-│                            IVerdictClassifier                   │
-│                                    │                            │
-│                                    ▼                            │
-│                            BinaryDiffFinding                    │
-│                                                                 │
-└─────────────────────────────────────────────────────────────────┘
++---------------------------+    +----------------------+    +-------------------+
+| IElfSectionHashExtractor  |--->| BinaryDiffService    |--->| BinaryDiffFinding |
++---------------------------+    +----------------------+    +-------------------+
 ```
 
 ### Key Interfaces
 
 ```csharp
 /// <summary>
-/// Detects binary format from file magic/headers.
+/// Extracts section hashes from ELF binaries.
 /// </summary>
-public interface IBinaryFormatDetector
+public interface IElfSectionHashExtractor
 {
-    BinaryFormat Detect(ReadOnlySpan<byte> header);
-    BinaryFormat DetectFromPath(string filePath);
-}
-
-/// <summary>
-/// Extracts section hashes for a specific binary format.
-/// </summary>
-public interface ISectionHashExtractor<TConfig> where TConfig : class
-{
-    BinaryFormat SupportedFormat { get; }
-
-    Task<SectionHashSet?> ExtractAsync(
-        string filePath,
-        TConfig? config = null,
+    Task<ElfSectionHashSet?> ExtractAsync(
+        string elfPath,
         CancellationToken cancellationToken = default);
 
-    Task<SectionHashSet?> ExtractFromBytesAsync(
-        ReadOnlyMemory<byte> bytes,
+    Task<ElfSectionHashSet?> ExtractFromBytesAsync(
+        ReadOnlyMemory<byte> elfBytes,
         string virtualPath,
-        TConfig? config = null,
         CancellationToken cancellationToken = default);
 }
-
-/// <summary>
-/// Classifies binary changes as patched/vanilla/unknown.
-/// </summary>
-public interface IVerdictClassifier
-{
-    Verdict Classify(SectionHashSet? baseHashes, SectionHashSet? targetHashes);
-    double ComputeConfidence(SectionHashSet? baseHashes, SectionHashSet? targetHashes);
-}
 ```
 
+Future multi-format support (PE, Mach-O) will introduce format detection and
+dedicated extractors similar to the ELF interface above.
+
 ## Adding a New Binary Format
 
+The current implementation is ELF-only. The steps below describe the intended
+shape for adding PE or Mach-O support; adjust interfaces as they are introduced.
+
 ### Step 1: Define Configuration
 
 ```csharp