# Remediation PR Generator (Deterministic PR/MR Creation)

## Module
Scanner

## Status
IMPLEMENTED

## Description
Deterministic PR/MR generation with template sections (summary, steps, SBOM changes, test requirements, rollback steps, VEX claim, evidence), actual SCM branch creation and file updates, and remediation apply endpoint returning PR metadata.

## Implementation Details
- **Evidence Contracts**:
  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs` - Contracts including remediation evidence models with SBOM changes, VEX claims, and PR metadata
- **Reachability Endpoints**:
  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs` - Endpoints supporting remediation actions with reachability context
- **PR Annotation Service**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationService.cs` - `PrAnnotationService` generates PR/MR annotations with evidence links

## E2E Test Plan
- [ ] Trigger remediation PR generation for a vulnerable dependency and verify a PR template is generated with summary, steps, and SBOM changes sections
- [ ] Verify the generated PR includes test requirements and rollback steps
- [ ] Verify VEX claims are included in the PR body linking to reachability evidence
- [ ] Verify the remediation apply endpoint returns PR metadata (URL, branch name, commit SHA)
- [ ] Verify deterministic generation produces identical PR content for the same input