# EntryTrace Unified Entrypoint Analysis Framework

## Module
Scanner

## Status
IMPLEMENTED

## Description
Unified entrypoint detection and analysis framework that orchestrates semantic, temporal, mesh, speculative, binary, and risk analysis into a single EntryTrace pipeline with baseline comparison, caching, and serialization support.

## Implementation Details
- **Core Analyzer**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/IEntryTraceAnalyzer.cs` - Interface
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzer.cs` - Main analyzer orchestrating all sub-analyses
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceContext.cs` - Context model
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceResult.cs` - Result model
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceTypes.cs` - Type definitions
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzerOptions.cs` - Options
- **Semantic Analysis**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Semantic/` - Semantic entrypoint analysis with language adapters
- **Temporal Analysis**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Temporal/` - Temporal entrypoint drift detection
- **Mesh Analysis**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Mesh/` - Docker Compose and Kubernetes mesh entrypoint analysis
- **Speculative Execution**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/` - Symbolic execution for path enumeration
- **Binary Intelligence**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/` - Function-level binary analysis
- **Risk Scoring**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Risk/` - Composite risk scoring
- **Baseline Comparison**: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Baseline/` - Baseline analysis and comparison
- **Caching**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheEnvelope.cs` - Cache envelope model
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheSerializer.cs` - Cache serialization
- **Serialization**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceGraphSerializer.cs` - Graph serialization
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceNdjsonWriter.cs` - NDJSON writer
- **Worker Integration**:
  - `src/Scanner/StellaOps.Scanner.Worker/Processing/EntryTraceExecutionService.cs` - Entry trace execution during scan
- **API**: `src/Scanner/StellaOps.Scanner.WebService/Contracts/EntryTraceResponse.cs` - API response contracts

## E2E Test Plan
- [ ] Scan a container image and verify the EntryTrace pipeline produces unified results combining semantic, binary, and mesh analysis
- [ ] Verify temporal drift detection identifies changed entrypoints between scan versions
- [ ] Verify mesh analysis discovers Docker Compose / Kubernetes service entrypoints
- [ ] Verify speculative execution enumerates possible execution paths from entrypoints
- [ ] Verify baseline comparison highlights new/removed/changed entrypoints
- [ ] Verify caching reduces analysis time on subsequent scans of the same image
- [ ] Verify entry trace results are available via `GET /api/v1/scans/{scanId}/entry-trace`