Reproducible build verification

Module

BinaryIndex

IMPLEMENTED

Reproducible build backend supports local rebuilds with air-gap bundle support for verifying binary provenance.

Modules: src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/, src/BinaryIndex/StellaOps.BinaryIndex.Worker/, src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GroundTruth.Reproducible/
Key Classes:
- ReproducibleBuildJob (src/BinaryIndex/StellaOps.BinaryIndex.Worker/Jobs/ReproducibleBuildJob.cs) - worker job that executes reproducible builds using IFunctionFingerprintExtractor, IPatchDiffEngine, and IFingerprintClaimRepository
- ReproducibleBuildJob (builders) (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/ReproducibleBuildJobTypes.cs) - builder-level reproducible build job with options
- ReproducibleBuildOptions - configuration for build verification parameters
- ValidationHarnessService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GroundTruth.Reproducible/ValidationHarnessService.cs) - validates reproducible build outputs
- FingerprintClaim / FingerprintClaimEvidence (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/FingerprintClaimModels.cs) - claims produced from build verification
Interfaces: IReproducibleBuilder (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/IReproducibleBuilder.cs), IReproducibleBuildJob

Submit a source package and verify reproducible build produces matching binary fingerprints
Verify FingerprintClaim is generated with correct FingerprintClaimEvidence linking to Build-ID
Verify build verification with non-matching binaries produces a failed verification result
Verify air-gap bundle support: import build inputs from bundle and verify build completes offline
Verify ReproducibleBuildOptions configuration controls build behavior
Verify build job integrates with IPatchDiffEngine for post-build comparison