# 3-Bit Reachability Gate

## Module
Scanner

## Status
IMPLEMENTED

## Description
Gate-based reachability system with multiple gate detectors (auth, admin-only, feature flags, non-default config), gate multiplier calculator, and rich graph annotation for gate-aware reachability.

## Implementation Details
- **Gate Detectors** (each implements `IGateDetector`):
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/AuthGateDetector.cs` - Detects authentication gates on paths
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/AdminOnlyDetector.cs` - Detects admin-only access restrictions
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/FeatureFlagDetector.cs` - Detects feature flag conditions
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/NonDefaultConfigDetector.cs` - Detects non-default configuration gates
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/FileSystemCodeContentProvider.cs` - Provides file system code content for detection
- **Gate Composition & Scoring**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/CompositeGateDetector.cs` - Combines multiple gate detectors
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GateMultiplierCalculator.cs` - Calculates gate multipliers for risk scoring
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GateModels.cs` - Gate data models
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GatePatterns.cs` - Pattern matching rules for gate detection
- **Rich Graph Annotation**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/RichGraphGateAnnotator.cs` - Annotates rich graphs with gate information
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/RichGraph.cs` - Core rich graph model
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/RichGraphWriter.cs` - Writes gate-annotated rich graphs
- **SmartDiff Integration**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs` - Bridges gate detection into smart diff analysis
- **PR Gate**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Cache/PrReachabilityGate.cs` - PR-level reachability gate evaluation

## E2E Test Plan
- [ ] Set up a scan target image containing a web application with authenticated routes, admin-only endpoints, feature-flagged code, and non-default config paths
- [ ] Trigger a scan via `POST /api/v1/scans` with reachability analysis enabled
- [ ] Verify each gate detector identifies its respective gate type in the reachability graph via `GET /api/v1/scans/{scanId}/reachability`
- [ ] Verify `GateMultiplierCalculator` reduces risk scores for gated paths (auth-gated vulns score lower than ungated)
- [ ] Verify the rich graph response includes gate annotations on affected nodes and edges
- [ ] Verify SmartDiff output includes gate-aware reachability context via the `ReachabilityGateBridge`
- [ ] Verify PR gate evaluation correctly blocks/allows based on gate-modified reachability status