# Reachability Trace Export Endpoint with Runtime Evidence Overlays

## Module
Scanner

## Status
IMPLEMENTED

## Description
New trace export endpoint (GET /scans/{scanId}/reachability/traces/export) that exports reachability graphs in JSON-Lines or GraphSON format. Includes runtime-confirmed edge flags, reachability scores (0-1), evidence URIs, and SARIF relatedLocations references. Uses StellaOps.Canonical.Json for deterministic content digests. Runtime annotations are overlays only, preserving lattice semantics.

## Implementation Details
- **Reachability Endpoints**:
  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs` - `ReachabilityEndpoints` including trace export (`GET /scans/{scanId}/reachability/traces/export`) with format selection (JSON-Lines, GraphSON)
- **Runtime Evidence**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/RuntimeStaticMerger.cs` - `RuntimeStaticMerger` merges runtime observations as overlays onto static reachability graphs
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfRuntimeReachabilityCollector.cs` - `EbpfRuntimeReachabilityCollector` collects runtime evidence from eBPF probes
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfSignalMerger.cs` - `EbpfSignalMerger` merges eBPF signals into reachability graphs
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/IRuntimeReachabilityCollector.cs` - Interface for runtime collectors
- **Observation Store**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/FunctionMap/ObservationStore/IRuntimeObservationStore.cs` - Interface for runtime observation storage
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/FunctionMap/ObservationStore/PostgresRuntimeObservationStore.cs` - PostgreSQL-backed observation store

## E2E Test Plan
- [ ] Export reachability traces via `GET /scans/{scanId}/reachability/traces/export` in JSON-Lines format and verify output is valid
- [ ] Export in GraphSON format and verify the output is a valid graph structure
- [ ] Verify runtime-confirmed edges are flagged with runtime evidence metadata
- [ ] Verify reachability scores (0-1) are included for each path
- [ ] Verify evidence URIs link to the supporting evidence artifacts
- [ ] Verify deterministic content digests are computed using canonical JSON serialization