save checkpoint

docs/features/checked/scanner/entrytrace-unified-entrypoint-analysis-framework.md

@@ -0,0 +1,55 @@
+# EntryTrace Unified Entrypoint Analysis Framework
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Unified entrypoint detection and analysis framework that orchestrates semantic, temporal, mesh, speculative, binary, and risk analysis into a single EntryTrace pipeline with baseline comparison, caching, and serialization support.
+
+## Implementation Details
+- **Core Analyzer**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/IEntryTraceAnalyzer.cs` - Interface
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzer.cs` - Main analyzer orchestrating all sub-analyses
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceContext.cs` - Context model
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceResult.cs` - Result model
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceTypes.cs` - Type definitions
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzerOptions.cs` - Options
+- **Semantic Analysis**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Semantic/` - Semantic entrypoint analysis with language adapters
+- **Temporal Analysis**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Temporal/` - Temporal entrypoint drift detection
+- **Mesh Analysis**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Mesh/` - Docker Compose and Kubernetes mesh entrypoint analysis
+- **Speculative Execution**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/` - Symbolic execution for path enumeration
+- **Binary Intelligence**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/` - Function-level binary analysis
+- **Risk Scoring**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Risk/` - Composite risk scoring
+- **Baseline Comparison**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Baseline/` - Baseline analysis and comparison
+- **Caching**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheEnvelope.cs` - Cache envelope model
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheSerializer.cs` - Cache serialization
+- **Serialization**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceGraphSerializer.cs` - Graph serialization
+  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceNdjsonWriter.cs` - NDJSON writer
+- **Worker Integration**:
+  - `src/Scanner/StellaOps.Scanner.Worker/Processing/EntryTraceExecutionService.cs` - Entry trace execution during scan
+- **API**: `src/Scanner/StellaOps.Scanner.WebService/Contracts/EntryTraceResponse.cs` - API response contracts
+
+## E2E Test Plan
+- [ ] Scan a container image and verify the EntryTrace pipeline produces unified results combining semantic, binary, and mesh analysis
+- [ ] Verify temporal drift detection identifies changed entrypoints between scan versions
+- [ ] Verify mesh analysis discovers Docker Compose / Kubernetes service entrypoints
+- [ ] Verify speculative execution enumerates possible execution paths from entrypoints
+- [ ] Verify baseline comparison highlights new/removed/changed entrypoints
+- [ ] Verify caching reduces analysis time on subsequent scans of the same image
+- [ ] Verify entry trace results are available via `GET /api/v1/scans/{scanId}/entry-trace`
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |