save checkpoint

2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
--- a/docs/features/checked/scanner/remediation-pr-generator.md
+++ b/docs/features/checked/scanner/remediation-pr-generator.md
@@ -0,0 +1,36 @@
+# Remediation PR Generator (Deterministic PR/MR Creation)
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Deterministic PR/MR generation with template sections (summary, steps, SBOM changes, test requirements, rollback steps, VEX claim, evidence), actual SCM branch creation and file updates, and remediation apply endpoint returning PR metadata.
+
+## Implementation Details
+- **Evidence Contracts**:
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs` - Contracts including remediation evidence models with SBOM changes, VEX claims, and PR metadata
+- **Reachability Endpoints**:
+  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs` - Endpoints supporting remediation actions with reachability context
+- **PR Annotation Service**:
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationService.cs` - `PrAnnotationService` generates PR/MR annotations with evidence links
+
+## E2E Test Plan
+- [ ] Trigger remediation PR generation for a vulnerable dependency and verify a PR template is generated with summary, steps, and SBOM changes sections
+- [ ] Verify the generated PR includes test requirements and rollback steps
+- [ ] Verify VEX claims are included in the PR body linking to reachability evidence
+- [ ] Verify the remediation apply endpoint returns PR metadata (URL, branch name, commit SHA)
+- [ ] Verify deterministic generation produces identical PR content for the same input
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |