# Finding Evidence API Contracts (BoundaryProof, VexEvidence, ScoreExplanation)

## Module
Scanner

## Status
IMPLEMENTED

## Description
Unified evidence API data contracts defining FindingEvidenceResponse, BoundaryProof (surface, exposure, auth, controls), VexEvidence (status, justification, source), and ScoreExplanation (additive risk score breakdown with contributions) as immutable record types with JSON serialization.

## Implementation Details
- **Evidence Contracts**:
  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/FindingEvidenceContracts.cs` - `FindingEvidenceResponse`, `BoundaryProof`, `VexEvidence`, `ScoreExplanation` as immutable record types
- **Unified Evidence Contracts**:
  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs` - Unified evidence response contracts
- **Controller**:
  - `src/Scanner/StellaOps.Scanner.WebService/Controllers/FindingsEvidenceController.cs` - `FindingsEvidenceController` serving evidence data
- **Evidence Service**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/IUnifiedEvidenceService.cs` - `IUnifiedEvidenceService` interface
  - `src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs` - Assembles unified evidence per finding
- **SmartDiff Boundary Proof**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/BoundaryProof.cs` - Boundary proof model

## E2E Test Plan
- [ ] Query finding evidence via the FindingsEvidenceController and verify `FindingEvidenceResponse` is returned
- [ ] Verify `BoundaryProof` includes surface, exposure, auth, and controls data
- [ ] Verify `VexEvidence` includes status, justification, and source information
- [ ] Verify `ScoreExplanation` includes additive risk score breakdown with individual contributions
- [ ] Verify all contracts serialize as immutable JSON records
- [ ] Verify unified evidence endpoint aggregates all evidence types per finding