stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/reachability-trace-export-endpoint-with-runtime-evidence-overlays.md

2.3 KiB
Raw Blame History

Reachability Trace Export Endpoint with Runtime Evidence Overlays

Module

Scanner

Status

IMPLEMENTED

Description

New trace export endpoint (GET /scans/{scanId}/reachability/traces/export) that exports reachability graphs in JSON-Lines or GraphSON format. Includes runtime-confirmed edge flags, reachability scores (0-1), evidence URIs, and SARIF relatedLocations references. Uses StellaOps.Canonical.Json for deterministic content digests. Runtime annotations are overlays only, preserving lattice semantics.

Implementation Details

  • Reachability Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs - ReachabilityEndpoints including trace export (GET /scans/{scanId}/reachability/traces/export) with format selection (JSON-Lines, GraphSON)
  • Runtime Evidence:
    • src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/RuntimeStaticMerger.cs - RuntimeStaticMerger merges runtime observations as overlays onto static reachability graphs
    • src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfRuntimeReachabilityCollector.cs - EbpfRuntimeReachabilityCollector collects runtime evidence from eBPF probes
    • src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfSignalMerger.cs - EbpfSignalMerger merges eBPF signals into reachability graphs
    • src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/IRuntimeReachabilityCollector.cs - Interface for runtime collectors
  • Observation Store:
    • src/Scanner/__Libraries/StellaOps.Scanner.Reachability/FunctionMap/ObservationStore/IRuntimeObservationStore.cs - Interface for runtime observation storage
    • src/Scanner/__Libraries/StellaOps.Scanner.Reachability/FunctionMap/ObservationStore/PostgresRuntimeObservationStore.cs - PostgreSQL-backed observation store

E2E Test Plan

  • Export reachability traces via GET /scans/{scanId}/reachability/traces/export in JSON-Lines format and verify output is valid
  • Export in GraphSON format and verify the output is a valid graph structure
  • Verify runtime-confirmed edges are flagged with runtime evidence metadata
  • Verify reachability scores (0-1) are included for each path
  • Verify evidence URIs link to the supporting evidence artifacts
  • Verify deterministic content digests are computed using canonical JSON serialization