semi implemented and features implemented save checkpoint

docs/features/unchecked/concelier/concelier-vendor-risk-signal-provider.md

@@ -0,0 +1,24 @@
+# Concelier Vendor Risk Signal Provider
+
+## Module
+Concelier
+
+## Status
+IMPLEMENTED
+
+## Description
+Extracts vendor-specific risk signals from advisory data, emits fix availability events, and tracks advisory field changes for risk scoring. Not in the known list.
+
+## Implementation Details
+- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/`
+- **Key Classes**:
+  - `VendorRiskSignalExtractor` (`src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/VendorRiskSignalExtractor.cs`) - extracts vendor-specific risk signals (CVSS, exploit maturity, fix availability) from advisory data
+  - `PolicyStudioSignalPicker` (`src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/PolicyStudio/PolicyStudioSignalPicker.cs`) - filters and selects signals for policy evaluation
+- **Interfaces**: `IPolicyStudioSignalPicker`
+- **Source**: Sprint 0115 (batch_14/file_16.md)
+
+## E2E Test Plan
+- [ ] Provide a vendor advisory with CVSS and fix availability and verify `VendorRiskSignalExtractor` produces correct risk signals
+- [ ] Verify fix availability emission: advisory with a fix emits a fix-available signal event
+- [ ] Verify field change tracking: update an advisory field and verify the risk signal reflects the change
+- [ ] Verify signal extraction handles missing fields gracefully (no CVSS, no fix info)