- Add a `correction` field to every `finding()` call in detect.py with
actionable remediation advice for all 12 vulnerability types
- Add `CorrectionPanel` component to FindingCard.jsx that renders the
correction text under the technical details when a card is expanded
- Add `.correction` CSS styles with accent-tinted background and a
"HOW TO FIX" label to visually distinguish remediation from details
- Add GET /api/wallet/scan endpoint that shells out to detect.py
- Add CORS config and detect.py script path to application.properties
- walletService.js now calls the real scan endpoint instead of mock
- Replace UtxoCard-based ReportScreen with FindingCard-based layout
- FindingCard: collapsible card with data-driven details panel (address groups, string lists, key-value scalars)
- VulnerabilityBadge: all 14 finding types labeled, severity lowercased, critical style added
- ReportScreen: summary bar shows findings/warnings/txs analyzed; clean banner; separate warnings section
Replace flat string findings with typed objects following a unified
{ type, severity, description, details } envelope across all 12
detectors. Full TXIDs and addresses, no truncation.
When a descriptor is passed directly, strip its checksum, derive the
missing external/internal counterpart, and normalize both through
getdescriptorinfo before importing — matching the full address set
that --wallet produces.
- Replace frontend mock with real fetch calls to POST /api/wallet/analyze and GET /api/wallet/{id}/utxos
- Add Vite dev proxy for /api to avoid CORS in development
- Implement WalletResource.java with the two endpoints
- Add WalletMockData.java with the 5-UTXO dataset
- Configure CORS and port in application.properties
- Add backend/requests/wallet.http with kulala tests (29 assertions, all passing)
