# Golden Pairs Validation Infrastructure

## Module
Tools

## Status
IMPLEMENTED

## Description
Data model for golden pair metadata, binary artifacts, and diff reports used to validate binary diff detection against known-good CVE fix pairs.

## Implementation Details
- **Golden Pairs Models**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Models/` -- data models defining golden pair records (CVE ID, package name, distro, pre/post versions), binary artifact metadata (section hashes, file sizes, architectures), and diff report structures (changed sections, confidence scores).
- **Golden Pairs Schema Provider**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Schema/GoldenPairsSchemaProvider.cs` -- provides JSON schema definitions for validating golden pair metadata files, diff reports, and mirror source configurations.
- **Golden Pair Loader**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Services/GoldenPairLoader.cs` -- loads and validates golden pair records from the local file store, resolving binary artifact paths and associated diff reports.
- **Serialization**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Serialization/` -- canonical JSON serialization for golden pair data ensuring deterministic output for hash comparison and attestation purposes.
- **Section Hash Provider**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Services/SectionHashProvider.cs` -- computes deterministic per-section hashes for binary artifacts, enabling reproducible diff comparisons across environments.

## E2E Test Plan
- [ ] Load a golden pair record via `GoldenPairLoader` and verify all required fields (CVE ID, package name, pre/post versions, distro) are populated and valid
- [ ] Validate a golden pair metadata file against the schema from `GoldenPairsSchemaProvider` and verify it passes; then corrupt a required field and verify validation fails
- [ ] Serialize a golden pair record via the canonical serializer, deserialize it back, and verify round-trip fidelity (all fields match, no data loss)
- [ ] Compute section hashes for a binary artifact using `SectionHashProvider` on two separate runs and verify the hashes are identical (determinism check)
- [ ] Load a diff report for a known CVE fix pair and verify it correctly identifies which binary sections changed between pre-patch and post-patch versions
- [ ] Verify the schema provider covers all model types: golden pair records, diff reports, and mirror source configurations