stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs/features/checked/scanner/auto-vex-generation-from-smart-diff.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

3.0 KiB
Raw Blame History

Auto-VEX Generation from Smart-Diff

Module

Scanner

Status

VERIFIED

Description

VEX candidate emission from SmartDiff detection results, generating VEX statements backed by delta evidence.

Implementation Details

  • VEX Candidate Emission:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateEmitter.cs - Emits VEX candidates from SmartDiff detection results.
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateModels.cs - VEX candidate data models.
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexEvidence.cs - Delta evidence backing VEX statements.
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/Repositories.cs - Repository interfaces for VEX candidate persistence.
  • SmartDiff Predicate:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffPredicate.cs - SmartDiff predicate model including VEX data.
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs - Bridges reachability gate data into SmartDiff VEX candidates.
  • SARIF Output:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifOutputGenerator.cs - SARIF export including VEX candidate data.
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs - API now embeds VEX candidates in SARIF responses.
  • API Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Program.cs - Registers SmartDiff endpoints and SmartDiff repositories in API DI.
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs - Exposes scan-scoped VEX candidate/review routes and candidate lookup routes.
    • src/Scanner/StellaOps.Scanner.WebService/Services/InMemoryScanMetadataRepository.cs - Resolves scan metadata for scan-scoped candidate APIs.
    • src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/SmartDiffEndpointsTests.cs - API behavioral coverage for candidates, review, and SARIF embedding.

E2E Test Plan

  • Scan two versions of the same image to produce a smart-diff delta.
  • Call GET /api/v1/smart-diff/{scanId}/vex-candidates and verify VEX candidates are returned.
  • Verify each VEX candidate includes evidence links referencing the specific delta changes.
  • Submit a review decision via POST /api/v1/smart-diff/{scanId}/vex-candidates/review and verify the candidate status updates.
  • Export the SARIF output and verify VEX candidate data is embedded in the SARIF report.
  • Verify VEX candidates include reachability gate context when gates are detected.

Verification

  • Run ID: run-001 (2026-02-12 UTC).
  • Tier 0 source verification: docs/qa/feature-checks/runs/scanner/auto-vex-generation-from-smart-diff/run-001/tier0-source-check.json.
  • Tier 1 build/test evidence: docs/qa/feature-checks/runs/scanner/auto-vex-generation-from-smart-diff/run-001/tier1-build-check.json.
  • Tier 2 API verification: docs/qa/feature-checks/runs/scanner/auto-vex-generation-from-smart-diff/run-001/tier2-e2e-check.json.