# Deterministic Diff-Aware Rescans (SmartDiff / Diff-Native CI)

## Module
Scanner

## Status
IMPLEMENTED

## Description
SmartDiff with golden fixture tests, schema validation, state comparison, reachability gates, SARIF output, performance benchmarks, and layer caching for diff-native CI capability.

## Implementation Details
- **SmartDiff Core**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffPredicate.cs` - SmartDiff predicate model
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffJsonSerializer.cs` - JSON serialization for determinism
- **Detection Engine**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/MaterialRiskChangeDetector.cs` - Detects material risk changes between scans
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/MaterialRiskChangeResult.cs` - Detection result model
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/RiskStateSnapshot.cs` - Risk state snapshot for comparison
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/SmartDiffScoringConfig.cs` - Scoring configuration
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/BoundaryProof.cs` - Boundary proof model
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs` - Reachability gate integration
- **VEX Candidate Emission**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateEmitter.cs`
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateModels.cs`
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexEvidence.cs`
- **SARIF Output**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifOutputGenerator.cs` - SARIF 2.1.0 output for CI integration
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifModels.cs` - SARIF models
- **Attestation**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Attestation/DeltaVerdictBuilder.cs` - Builds delta verdicts
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Attestation/DeltaVerdictOciPublisher.cs` - Publishes delta verdicts to OCI
- **API**: `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs` - SmartDiff REST API

## E2E Test Plan
- [ ] Run a SmartDiff between two scan versions and verify material risk changes are detected
- [ ] Verify golden fixture tests produce deterministic SmartDiff output
- [ ] Verify SmartDiff schema validation passes for generated predicates
- [ ] Verify SARIF output contains diff-aware findings suitable for CI integration
- [ ] Verify reachability gate context is included in SmartDiff results
- [ ] Verify VEX candidates are emitted from SmartDiff detection results
- [ ] Verify delta verdicts can be published to OCI registry