save checkpoint

docs/features/checked/scanner/layered-resolver-pipeline.md

@@ -0,0 +1,51 @@
+# Layered Resolver Pipeline (ELF/PE Feature Extraction)
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Binary analysis with call graph extraction for ELF/PE formats and patch verification orchestration.
+
+## Implementation Details
+- **Binary Call Graph Extraction**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryCallGraphExtractor.cs` - `BinaryCallGraphExtractor` extracts call graphs from ELF/PE binaries
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryEntrypointClassifier.cs` - Classifies binary entrypoints (main, DllMain, init/fini)
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/FunctionBoundaryDetector.cs` - Detects function boundaries in binary code
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/DwarfDebugReader.cs` - Reads DWARF debug information from ELF binaries
+- **Disassembly**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/X86Disassembler.cs` - x86/x64 disassembly for call graph extraction
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/Arm64Disassembler.cs` - ARM64 disassembly support
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/DirectCallExtractor.cs` - Extracts direct call targets from disassembled code
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/BinaryTextSectionReader.cs` - Reads .text sections from binaries
+- **Binary Analysis**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryDynamicLoadDetector.cs` - Detects dlopen/LoadLibrary dynamic loading patterns
+  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryStringLiteralScanner.cs` - Scans string literals for library references
+- **Patch Verification**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/PatchVerificationOrchestrator.cs` - `PatchVerificationOrchestrator` coordinates patch verification steps
+  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/IPatchVerificationOrchestrator.cs` - Interface for orchestrator
+  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationResult.cs` - Verification result with status and evidence
+  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationEvidence.cs` - Evidence collected during verification
+  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/IPatchSignatureStore.cs` - Interface for patch signature storage
+  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/InMemoryPatchSignatureStore.cs` - In-memory patch signature store
+
+## E2E Test Plan
+- [ ] Scan a container image containing ELF binaries and verify call graph extraction produces function nodes and call edges
+- [ ] Scan a container with PE (Windows) binaries and verify PE-specific features (DllMain, exports) are extracted
+- [ ] Verify DWARF debug information is used to enrich function names when available
+- [ ] Verify dynamic loading patterns (dlopen/LoadLibrary) are detected and reported
+- [ ] Verify patch verification orchestrator validates that a claimed patch is present in the binary
+- [ ] Verify patch signature store records and retrieves known patch signatures for comparison
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |