# Base Image Detection and Recommendations ## Module Scanner ## Status VERIFIED ## Description Base image detection via layer diffID fingerprinting with PostgreSQL-backed fingerprint storage and deterministic in-memory matching. The detector now supports exact and fuzzy matching, ranked recommendations, and bulk recommendation queries for multiple image references. ## Implementation Details - **Core detection contract**: - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/IBaseImageDetector.cs` - `DetectBaseImageAsync` (single-layer lookup) - `GetRecommendationsAsync` (ranked exact/fuzzy recommendations) - `GetRecommendationsBulkAsync` (bulk recommendations) - **Detector implementation**: - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/BaseImageDetector.cs` - PostgreSQL-backed fingerprint persistence and load - deterministic in-memory index - fuzzy fallback by nearest layer index + lexical tie-break - **Recommendation scoring engine**: - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/BaseImageMatchEngine.cs` - deterministic exact/fuzzy scoring with confidence and rationale - **Layer resolution + reuse integration**: - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/ILayerDigestResolver.cs` - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/LayerDigestResolver.cs` - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/LayerProvenance.cs` - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Reuse/ILayerReuseDetector.cs` - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Reuse/LayerReuseDetector.cs` - **DI registration**: - `src/Scanner/__Libraries/StellaOps.Scanner.Manifest/ManifestServiceCollectionExtensions.cs` - **Behavioral tests**: - `src/Scanner/__Tests/StellaOps.Scanner.Core.Tests/BaseImageRecommendationTests.cs` ## E2E Test Plan - [x] Scan an image built on a known base image and verify exact base image attribution is returned. - [x] Verify exact layer prefix match identifies the correct base image with confidence `1.0`. - [x] Verify fuzzy matching returns ranked recommendations when base layers are partially modified. - [x] Verify bulk recommendations return deterministic per-image results for multiple image references. - [x] Verify non-overlapping layers return no recommendations (negative path). ## Verification - Run ID: `run-001` - Date (UTC): 2026-02-12 - Tier 0: Source files and symbols present (`tier0-source-check.json`). - Tier 1: `StellaOps.Scanner.Manifest` + `StellaOps.Scanner.Core.Tests` build passed; focused recommendation tests passed (`tier1-build-check.json`, `tier1-tests-base-image.log`). - Tier 2: Behavioral integration checks passed via targeted class run (`tier2-e2e-check.json`).