2.9 KiB
2.9 KiB
Deterministic Diff-Aware Rescans (SmartDiff / Diff-Native CI)
Module
Scanner
Status
VERIFIED
Description
SmartDiff with golden fixture tests, schema validation, state comparison, reachability gates, SARIF output, performance benchmarks, and layer caching for diff-native CI capability.
Implementation Details
- SmartDiff Core:
src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffPredicate.cs- SmartDiff predicate modelsrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffJsonSerializer.cs- JSON serialization for determinism
- Detection Engine:
src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/MaterialRiskChangeDetector.cs- Detects material risk changes between scanssrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/MaterialRiskChangeResult.cs- Detection result modelsrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/RiskStateSnapshot.cs- Risk state snapshot for comparisonsrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/SmartDiffScoringConfig.cs- Scoring configurationsrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/BoundaryProof.cs- Boundary proof modelsrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs- Reachability gate integration
- VEX Candidate Emission:
src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateEmitter.cssrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateModels.cssrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexEvidence.cs
- SARIF Output:
src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifOutputGenerator.cs- SARIF 2.1.0 output for CI integrationsrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifModels.cs- SARIF models
- Attestation:
src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Attestation/DeltaVerdictBuilder.cs- Builds delta verdictssrc/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Attestation/DeltaVerdictOciPublisher.cs- Publishes delta verdicts to OCI
- API:
src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs- SmartDiff REST API
E2E Test Plan
- Run a SmartDiff between two scan versions and verify material risk changes are detected
- Verify golden fixture tests produce deterministic SmartDiff output
- Verify SmartDiff schema validation passes for generated predicates
- Verify SARIF output contains diff-aware findings suitable for CI integration
- Verify reachability gate context is included in SmartDiff results
- Verify VEX candidates are emitted from SmartDiff detection results
- Verify delta verdicts can be published to OCI registry
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |