Binary-level call-graph extraction and symbol graph construction

Module

Signals

IMPLEMENTED

Call-graph ingestion, normalization, and parsing services exist for processing binary call targets into normalized graph structures.

Modules: src/Signals/StellaOps.Signals/Services/, src/Signals/StellaOps.Signals/Parsing/, src/Signals/StellaOps.Signals/Models/
Key Classes:
- CallgraphIngestionService (src/Signals/StellaOps.Signals/Services/CallgraphIngestionService.cs) - ingests call-graph documents and builds symbol graphs
- CallgraphParserResolver (src/Signals/StellaOps.Signals/Parsing/ICallgraphParserResolver.cs) - resolves language-specific call-graph parsers
- CallgraphDocument (src/Signals/StellaOps.Signals/Models/CallgraphDocument.cs) - root document model for call-graph data
- CallgraphNode (src/Signals/StellaOps.Signals/Models/CallgraphNode.cs) - represents a function/method node in the call graph
- CallgraphEdge (src/Signals/StellaOps.Signals/Models/CallgraphEdge.cs) - represents a call edge between nodes
- CallgraphEntrypoint (src/Signals/StellaOps.Signals/Models/CallgraphEntrypoint.cs) - entry point into the call graph (API endpoint, main method)
Interfaces: ICallgraphIngestionService, ICallgraphParserResolver
Source: Feature matrix scan

Ingest a call-graph document via CallgraphIngestionService and verify nodes and edges are stored
Verify parser resolution: submit call graphs for different languages and confirm the correct parser is selected
Verify symbol normalization: ingest a binary call graph and confirm symbols are normalized to canonical form
Verify entry point detection: ingest a call graph with API endpoints and confirm they are identified as entrypoints
Query the constructed symbol graph and verify call paths from entry to vulnerable function