Auto-VEX Generation from Smart-Diff

Module

Scanner

IMPLEMENTED

VEX candidate emission from SmartDiff detection results, generating VEX statements backed by delta evidence.

VEX Candidate Emission:
- src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateEmitter.cs - Emits VEX candidates from SmartDiff detection results
- src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateModels.cs - VEX candidate data models
- src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexEvidence.cs - Delta evidence backing VEX statements
- src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/Repositories.cs - Repository interfaces for VEX candidate persistence
SmartDiff Predicate:
- src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffPredicate.cs - SmartDiff predicate model including VEX data
- src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs - Bridges reachability gate data into SmartDiff VEX candidates
SARIF Output:
- src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifOutputGenerator.cs - SARIF export including VEX candidate data
API Endpoint:
- src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs - SmartDiffEndpoints exposes VEX candidates via REST (VexCandidatesResponse, VexCandidateDto, ReviewRequest)

Scan two versions of the same image to produce a smart-diff delta
Call GET /api/v1/smart-diff/{scanId}/vex-candidates and verify VEX candidates are returned
Verify each VEX candidate includes evidence links referencing the specific delta changes
Submit a review decision via POST /api/v1/smart-diff/{scanId}/vex-candidates/review and verify the candidate status updates
Export the SARIF output and verify VEX candidate data is embedded in the SARIF report
Verify VEX candidates include reachability gate context when gates are detected