stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/features/checked/reachgraph/reachability-analysis-with-call-graph-evidence.md Normal file
View File

@@ -0,0 +1,30 @@
# Reachability Analysis with Call Graph Evidence
## Module
ReachGraph
## Status
IMPLEMENTED
## Description
Reachability analysis is implemented with a dedicated ReachGraph backend service, frontend reachability explanation views, and witness path components showing call graph evidence traces.
## Implementation Details
- **ReachGraphController**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Controllers/ReachGraphController.cs` -- REST API at `v1/reachgraphs` with slice queries supporting call graph evidence; GET `{digest}/slice` with `q` (package), `cve`, `entrypoint`, `file` query parameters
- **IReachGraphSliceService**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Services/IReachGraphSliceService.cs` -- `SliceByPackageAsync`, `SliceByCveAsync` (returns `CveSliceResponse` with `Sinks` and `Paths`), `SliceByEntrypointAsync`, `SliceByFileAsync`
- **ReachGraphSliceService**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Services/ReachGraphSliceService.cs` -- cached slice computation with `IReachGraphCache`
- **ReachabilityPath model**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Models/ReachGraphContracts.cs` -- `Entrypoint`, `Sink`, `Hops` (call chain), `Edges` (graph edges showing evidence trace)
- **CveSliceResponse**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Models/ReachGraphContracts.cs` -- extends `SliceQueryResponse` with `Sinks` and `Paths` for call graph evidence
- **IReachabilityIndex**: `src/__Libraries/StellaOps.Reachability.Core/IReachabilityIndex.cs` -- unified facade with `QueryStaticAsync`, `QueryRuntimeAsync`, `QueryHybridAsync` combining static call graph with runtime evidence
- **EvidenceUriBuilder**: `src/__Libraries/StellaOps.Reachability.Core/EvidenceUriBuilder.cs` -- builds URIs for evidence artifacts
- **Frontend**: reachability explanation views and witness path components in `src/Web/`
- **Tests**: `src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/ReachGraphApiIntegrationTests.cs`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Verify CVE slice returns reachability paths with entrypoint-to-sink hops
- [ ] Test call graph evidence trace includes edge types and evidence URIs
- [ ] Verify package slice shows upstream/downstream reachability with configurable depth
- [ ] Test entrypoint slice traces all paths from a given entrypoint
- [ ] Verify file-based slice returns reachability for symbols in a specific file
- [ ] Test frontend reachability explanation view renders witness paths correctly