43 lines
3.0 KiB
Markdown
43 lines
3.0 KiB
Markdown
# Auto-VEX Generation from Smart-Diff
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
VEX candidate emission from SmartDiff detection results, generating VEX statements backed by delta evidence.
|
|
|
|
## Implementation Details
|
|
- **VEX Candidate Emission**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateEmitter.cs` - Emits VEX candidates from SmartDiff detection results.
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateModels.cs` - VEX candidate data models.
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexEvidence.cs` - Delta evidence backing VEX statements.
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/Repositories.cs` - Repository interfaces for VEX candidate persistence.
|
|
- **SmartDiff Predicate**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffPredicate.cs` - SmartDiff predicate model including VEX data.
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs` - Bridges reachability gate data into SmartDiff VEX candidates.
|
|
- **SARIF Output**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifOutputGenerator.cs` - SARIF export including VEX candidate data.
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs` - API now embeds VEX candidates in SARIF responses.
|
|
- **API Endpoints**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Program.cs` - Registers SmartDiff endpoints and SmartDiff repositories in API DI.
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs` - Exposes scan-scoped VEX candidate/review routes and candidate lookup routes.
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/InMemoryScanMetadataRepository.cs` - Resolves scan metadata for scan-scoped candidate APIs.
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/SmartDiffEndpointsTests.cs` - API behavioral coverage for candidates, review, and SARIF embedding.
|
|
|
|
## E2E Test Plan
|
|
- [x] Scan two versions of the same image to produce a smart-diff delta.
|
|
- [x] Call `GET /api/v1/smart-diff/{scanId}/vex-candidates` and verify VEX candidates are returned.
|
|
- [x] Verify each VEX candidate includes evidence links referencing the specific delta changes.
|
|
- [x] Submit a review decision via `POST /api/v1/smart-diff/{scanId}/vex-candidates/review` and verify the candidate status updates.
|
|
- [x] Export the SARIF output and verify VEX candidate data is embedded in the SARIF report.
|
|
- [x] Verify VEX candidates include reachability gate context when gates are detected.
|
|
|
|
## Verification
|
|
- Run ID: `run-001` (2026-02-12 UTC).
|
|
- Tier 0 source verification: `docs/qa/feature-checks/runs/scanner/auto-vex-generation-from-smart-diff/run-001/tier0-source-check.json`.
|
|
- Tier 1 build/test evidence: `docs/qa/feature-checks/runs/scanner/auto-vex-generation-from-smart-diff/run-001/tier1-build-check.json`.
|
|
- Tier 2 API verification: `docs/qa/feature-checks/runs/scanner/auto-vex-generation-from-smart-diff/run-001/tier2-e2e-check.json`.
|