git.stella-ops.org/docs/features/unchecked/scanner/finding-evidence-api-contracts.md

Finding Evidence API Contracts (BoundaryProof, VexEvidence, ScoreExplanation)

Module

Scanner

Status

IMPLEMENTED

Description

Unified evidence API data contracts defining FindingEvidenceResponse, BoundaryProof (surface, exposure, auth, controls), VexEvidence (status, justification, source), and ScoreExplanation (additive risk score breakdown with contributions) as immutable record types with JSON serialization.

Implementation Details

• Evidence Contracts:
  • src/Scanner/StellaOps.Scanner.WebService/Contracts/FindingEvidenceContracts.cs - FindingEvidenceResponse, BoundaryProof, VexEvidence, ScoreExplanation as immutable record types
• Unified Evidence Contracts:
  • src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs - Unified evidence response contracts
• Controller:
  • src/Scanner/StellaOps.Scanner.WebService/Controllers/FindingsEvidenceController.cs - FindingsEvidenceController serving evidence data
• Evidence Service:
  • src/Scanner/StellaOps.Scanner.WebService/Services/IUnifiedEvidenceService.cs - IUnifiedEvidenceService interface
  • src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs - Assembles unified evidence per finding
• SmartDiff Boundary Proof:
  • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/BoundaryProof.cs - Boundary proof model

E2E Test Plan

• Query finding evidence via the FindingsEvidenceController and verify FindingEvidenceResponse is returned
• Verify BoundaryProof includes surface, exposure, auth, and controls data
• Verify VexEvidence includes status, justification, and source information
• Verify ScoreExplanation includes additive risk score breakdown with individual contributions
• Verify all contracts serialize as immutable JSON records
• Verify unified evidence endpoint aggregates all evidence types per finding