# Reachability Replay Verification

## Module
ReachGraph

## Status
IMPLEMENTED

## Description
Replay verification service for reachability computations is implemented in the ReachGraph module.

## Implementation Details
- **IReachGraphReplayService**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Services/IReachGraphReplayService.cs` -- `ReplayAsync(ReplayRequest, tenantId)` for deterministic replay verification
- **ReachGraphReplayService**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Services/ReachGraphReplayService.cs` -- recomputes graph from inputs (SBOM, VEX, callgraph, runtime facts), compares digest using `ReachGraphDigestComputer`; reports `ReplayDivergence` (NodesAdded, NodesRemoved, EdgesChanged) on mismatch
- **ReplayRequest model**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Models/ReachGraphContracts.cs` -- `ExpectedDigest`, `ReplayInputs` (SBOM, VEX, callgraph, runtime facts), optional `ReachGraphScope`
- **ReplayResponse model**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Models/ReachGraphContracts.cs` -- `Match` (bool), `ComputedDigest`, `ExpectedDigest`, `DurationMs`, `InputsVerified` (per-input verification), `Divergence` (detailed diff)
- **ReachGraphController replay endpoint**: `src/ReachGraph/StellaOps.ReachGraph.WebService/Controllers/ReachGraphController.cs` -- POST `v1/reachgraphs/replay` with rate limiting
- **NodeHashRecipe**: `src/__Libraries/StellaOps.Reachability.Core/NodeHashRecipe.cs` -- deterministic node hashing
- **PathHashRecipe**: `src/__Libraries/StellaOps.Reachability.Core/PathHashRecipe.cs` -- deterministic path hashing
- **Tests**: `src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/ReachGraphApiIntegrationTests.cs`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Verify replay from identical inputs produces matching digest (deterministic)
- [ ] Test replay with modified SBOM detects divergence with accurate node/edge diff
- [ ] Verify InputsVerified reports individual input verification status
- [ ] Test replay duration is reported in milliseconds for performance monitoring
- [ ] Verify replay endpoint handles missing original graph with appropriate error