# Stack-Trace/Exploit Path View

## Module
Scanner

## Status
VERIFIED

## Description
A dedicated "Stack-Trace Lens" UX component that renders exploit paths as interactive stack-trace visualizations, allowing security engineers to trace the call chain from entrypoint to vulnerable function. Combines backend exploit path grouping with a frontend visualization component.

## What's Implemented
- **Exploit Path Grouping (Backend)**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Services/IExploitPathGroupingService.cs` - `IExploitPathGroupingService` interface for grouping triage findings by their exploit path similarity
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Models/ExploitPath.cs` - `ExploitPath` model representing a call chain from entrypoint to vulnerable function
- **Path Explanation (Backend)**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Explanation/PathExplanationService.cs` - `PathExplanationService` generating human-readable explanations of reachability paths
  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Explanation/PathRenderer.cs` - `PathRenderer` rendering call-graph paths as structured output (text, JSON, diagram-ready format)
- **Triage API**:
  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageInboxEndpoints.cs` - `TriageInboxEndpoints` REST API serving triage findings with exploit path data to frontend consumers
- **Call Path Models**:
  - `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/WitnessCallPathNode.cs` - `WitnessCallPathNode` model for individual nodes in a call path
  - `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/WitnessPathNode.cs` - `WitnessPathNode` model for path traversal nodes

## What's Missing
- **Stack-Trace Lens UI Component**: No dedicated Angular component in `src/Web/` that renders exploit paths as interactive stack-trace visualizations with:
  - Collapsible call-chain frames (entrypoint -> intermediate calls -> vulnerable function)
  - Syntax-highlighted source snippets at each frame (when source mapping is available)
  - Reachability tier badge per frame (Confirmed/Likely/Present)
  - Click-to-expand frame details (file path, line number, function signature)
- **Path Comparison View**: No side-by-side comparison of multiple exploit paths reaching the same vulnerable function from different entrypoints
- **Path Sharing/Export**: No URL-addressable deep links to specific exploit paths for sharing in issue trackers
- **Path Filtering**: No filtering of exploit paths by reachability confidence, entrypoint type, or path length

## Implementation Plan
1. Create `ExploitPathViewComponent` in `src/Web/` as an Angular component consuming the TriageInboxEndpoints exploit path API
2. Implement collapsible stack-frame rendering with entrypoint -> call chain -> sink visualization
3. Add source snippet rendering using source-map data when available from the scanner
4. Add reachability tier badges per frame using the PathExplanationService output
5. Implement path comparison view for vulnerabilities with multiple exploit paths
6. Add deep-link URL routing for direct navigation to specific exploit paths
7. Add path filtering controls (confidence tier, entrypoint type, path length)

## E2E Test Plan
- [ ] Navigate to a triage finding with a known exploit path and verify the Stack-Trace Lens component renders the full call chain from entrypoint to vulnerable function
- [ ] Verify each frame in the stack trace shows the correct function signature, file path, and reachability tier badge
- [ ] Click to expand a frame and verify source snippet is displayed (when source mapping is available)
- [ ] Verify collapsing intermediate frames hides call chain details while keeping entrypoint and sink visible
- [ ] Open the path comparison view for a vulnerability with multiple exploit paths and verify side-by-side rendering
- [ ] Copy the deep link URL for a specific exploit path, navigate to it in a new browser tab, and verify the same path is displayed
- [ ] Apply path filtering by reachability confidence and verify only paths matching the selected tier are shown

## Related Documentation
- Source: See feature catalog
- Architecture: `docs/modules/scanner/architecture.md`

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |