# Known-build binary catalog (Build-ID + hash-based binary identity)

## Module
BinaryIndex

## Status
IMPLEMENTED

## Description
BinaryIdentity model and vulnerability assertion repository implement the binary-key-based catalog using Build-ID and file SHA256 as primary keys.

## Implementation Details
- **Modules**: `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/`
- **Key Classes**:
  - `BinaryIdentity` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Models/BinaryIdentity.cs`) - core model with Build-ID, file SHA256, symbol tables as primary keys
  - `BinaryIdentityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/BinaryIdentityService.cs`) - manages binary identity lifecycle
  - `BinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Services/BinaryVulnerabilityService.cs`) - vulnerability assertion repository with Build-ID catalog lookups and match method mapping (buildid_catalog, delta_signature, etc.)
  - `CachedBinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Cache/CachedBinaryVulnerabilityService.cs`) - cached decorator with `LookupByDeltaSignatureAsync`
- **Interfaces**: `IBinaryVulnerabilityService`, `IBinaryVulnAssertionRepository` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/`)
- **Models**: `FixModels` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Models/`) - `FixState`, `FixStatusResult`, `MatchMethod`, `MatchEvidence`

## E2E Test Plan
- [ ] Register a binary identity with known Build-ID and verify it is stored in the catalog
- [ ] Query the catalog by Build-ID and verify the correct binary identity is returned
- [ ] Query by file SHA256 hash and verify the correct binary identity is returned
- [ ] Assert a vulnerability against a binary identity and verify the assertion is persisted
- [ ] Verify `CachedBinaryVulnerabilityService` caches lookups and returns cached results on repeat queries
- [ ] Verify match method mapping: `buildid_catalog` maps to `MatchMethod.BuildIdCatalog`