# Reachability-Aware Vulnerability Prioritization (Competitive Differentiator)

## Module
Attestor

## Status
IMPLEMENTED

## Description
Reachability witness payload with path information, micro-witness function evidence and verdicts, DSSE-signed reachability witnesses, and ground-truth reachability datasets for validation.

## Implementation Details
- **Reachability Witness Payload**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/ReachabilityWitnessPayload.cs` (with `.Path`) -- witness payload with call path from entrypoint to vulnerable function.
- **Reachability Witness Statement**: `Statements/ReachabilityWitnessStatement.cs` -- in-toto statement for DSSE signing.
- **Micro-Witness Function Evidence**: `Predicates/MicroWitnessFunctionEvidence.cs` -- function-level evidence with call-stack depth and reachability status.
- **Micro-Witness Verdicts**: `Predicates/MicroWitnessVerdicts.cs` -- per-function verdicts (Reachable, Unreachable, Unknown) with confidence scores.
- **Micro-Witness Binary Ref**: `Predicates/MicroWitnessBinaryRef.cs` -- binary artifact reference.
- **Micro-Witness CVE Ref**: `Predicates/MicroWitnessCveRef.cs` -- CVE reference with affected function.
- **Micro-Witness Tooling**: `Predicates/MicroWitnessTooling.cs` -- analysis tool metadata (language, tool name, version).
- **Binary Micro-Witness Predicate**: `Predicates/BinaryMicroWitnessPredicate.cs` -- complete micro-witness combining all references.
- **Witness Call Path Nodes**: `Statements/WitnessCallPathNode.cs` -- call path node. `WitnessPathNode.cs` -- generic path node.
- **Witness Gate Info**: `Statements/WitnessGateInfo.cs` -- security gates along the path.
- **VEX Integration**: `Generators/VexProofIntegrator.cs` -- uses reachability evidence to prioritize VEX decisions.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/BinaryMicroWitnessPredicateTests.cs`, `ReachabilityWitnessTests.cs`

## E2E Test Plan
- [ ] Create a `ReachabilityWitnessPayload` with a reachable call path and verify it can prioritize a CVE as high-priority
- [ ] Create a `MicroWitnessVerdicts` entry with "Unreachable" for a critical CVE and verify it deprioritizes the finding
- [ ] Create function evidence with `MicroWitnessFunctionEvidence` at call-stack depth 0 through 5 and verify depth tracking
- [ ] Sign a `ReachabilityWitnessStatement` into a DSSE envelope and verify the signature
- [ ] Build a complete `BinaryMicroWitnessPredicate` with binary ref, CVE ref, function evidence, and SBOM ref; verify all fields
- [ ] Verify `MicroWitnessTooling` distinguishes between language-specific tools (Java call graph vs Python AST analyzer)
- [ ] Integrate reachability evidence into a VEX decision via `VexProofIntegrator`: unreachable function -> "not_affected" status
- [ ] Create witnesses for multiple CVEs on the same component and verify per-CVE prioritization