# Runtime-Static SBOM Reconciliation

## Module
Scanner

## Status
IMPLEMENTED

## Description
Reconciles runtime process snapshots (from /proc filesystem) against static SBOM analysis to identify discrepancies between declared and actually-loaded libraries. Detects ghost libraries (loaded at runtime but missing from SBOM) and phantom libraries (in SBOM but not loaded).

## Implementation Details
- **Runtime Reconciliation**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/EntryTraceRuntimeReconciler.cs` - `EntryTraceRuntimeReconciler` reconciles runtime process snapshots against static SBOM analysis, detecting ghost libraries (runtime-only) and phantom libraries (SBOM-only)
- **Process Snapshots**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcFileSystemSnapshot.cs` - Collects runtime process state from /proc filesystem
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcProcess.cs` - Model for runtime processes
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcGraph.cs` - Process dependency graph
  - `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcGraphBuilder.cs` - Builds process graphs from snapshots
- **Runtime-Static Merge**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/RuntimeStaticMerger.cs` - `RuntimeStaticMerger` merges runtime observations with static analysis for comprehensive views

## E2E Test Plan
- [ ] Reconcile runtime process snapshots against static SBOM and verify ghost libraries (loaded at runtime but missing from SBOM) are detected
- [ ] Verify phantom libraries (declared in SBOM but not loaded at runtime) are identified
- [ ] Verify matching libraries (present in both runtime and SBOM) are confirmed as consistent
- [ ] Verify the reconciliation report includes library name, version, and source (runtime vs static) for each discrepancy
- [ ] Verify runtime-static merge correctly augments static reachability analysis with runtime-confirmed paths