semi implemented and features implemented save checkpoint

docs/features/unchecked/doctor/doctor-advisoryai-integration.md

@@ -0,0 +1,24 @@
+# Doctor AdvisoryAI Integration
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Integration between Doctor diagnostics and AdvisoryAI system to provide AI-powered health diagnosis explanations, with an evidence schema registry for Doctor health results, prompt templates for health context, and a diagnosis API endpoint. While "AdvisoryAI Pipeline with Guardrails" and "AdvisoryAI Orchestrator" exist in known features, the Doctor-specific AI integration for health diagnostics is a distinct feature.
+
+## Implementation Details
+- **AI diagnosis service**: `src/Doctor/__Libraries/StellaOps.Doctor/AdvisoryAI/IDoctorAIDiagnosisService.cs` -- AI-powered diagnosis interface
+- **Context adapter**: `src/Doctor/__Libraries/StellaOps.Doctor/AdvisoryAI/DoctorContextAdapter.cs`, `IDoctorContextAdapter.cs` -- adapts doctor check results to AI context
+- **Evidence schema registry**: `src/Doctor/__Libraries/StellaOps.Doctor/AdvisoryAI/IEvidenceSchemaRegistry.cs` -- schemas for doctor health results
+- **AI context models**: `src/Doctor/__Libraries/StellaOps.Doctor/AdvisoryAI/Models/DoctorAIContext.cs` -- AI context data models
+- **Web UI**: `src/Web/StellaOps.Web/src/app/features/doctor/` -- Doctor feature UI
+- **Source**: SPRINT_20260118_022_Doctor_advisoryai_integration.md
+
+## E2E Test Plan
+- [ ] Verify AI diagnosis endpoint accepts doctor health check results
+- [ ] Test context adapter converts health results to proper AI context
+- [ ] Verify evidence schema registry returns valid schemas
+- [ ] Test Doctor UI displays AI-powered diagnosis explanations

docs/features/unchecked/doctor/doctor-check-quality-improvements.md

@@ -0,0 +1,24 @@
+# Doctor Check Quality Improvements (Real Diagnostics Replacing Mocks)
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Replaced mock implementations in PolicyEngineHealthCheck, OidcProviderConnectivityCheck, and FipsComplianceCheck with real diagnostic logic. Added discriminating evidence fields for AI reasoning and safety annotations (IsDestructive/DryRunVariant) for destructive remediation commands.
+
+## Implementation Details
+- **Policy engine check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Policy/Checks/PolicyEngineHealthCheck.cs`
+- **OIDC connectivity check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Auth/Checks/OidcProviderConnectivityCheck.cs`
+- **FIPS compliance check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Crypto/Checks/FipsComplianceCheck.cs`
+- **Other crypto checks**: eIDAS (`EidasComplianceCheck.cs`), GOST (`GostAvailabilityCheck.cs`), HSM (`HsmPkcs11AvailabilityCheck.cs`), SM crypto (`SmCryptoAvailabilityCheck.cs`)
+- **Remediation models**: `src/__Libraries/StellaOps.Doctor/Models/RemediationStep.cs` -- includes IsDestructive/DryRunVariant safety annotations
+- **Source**: SPRINT_20260118_015_Doctor_check_quality_improvements.md
+
+## E2E Test Plan
+- [ ] Verify PolicyEngineHealthCheck performs real diagnostic (not mock)
+- [ ] Test OidcProviderConnectivityCheck actually probes OIDC endpoint
+- [ ] Verify FipsComplianceCheck validates FIPS mode status
+- [ ] Test remediation commands include safety annotations (IsDestructive, DryRunVariant)

docs/features/unchecked/doctor/doctor-diagnostic-bundle-export-for-support-tickets.md

@@ -0,0 +1,26 @@
+# Doctor Diagnostic Bundle Export for Support Tickets
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Generates comprehensive shareable diagnostic bundles (.zip) for support tickets containing doctor check results, system configuration, evidence, and remediation suggestions. Enables self-service troubleshooting without support escalation.
+
+## Implementation Details
+- **Report storage**: `src/Doctor/StellaOps.Doctor.WebService/Services/IReportStorageService.cs` -- report storage interface
+- **In-memory storage**: `src/Doctor/StellaOps.Doctor.WebService/Services/InMemoryReportStorageService.cs`
+- **Postgres storage**: `src/Doctor/StellaOps.Doctor.WebService/Services/PostgresReportStorageService.cs`
+- **Doctor run service**: `src/Doctor/StellaOps.Doctor.WebService/Services/DoctorRunService.cs` -- orchestrates diagnostic runs
+- **Doctor endpoints**: `src/Doctor/StellaOps.Doctor.WebService/Endpoints/DoctorEndpoints.cs` -- API endpoints for triggering runs and retrieving results
+- **Models**: `src/Doctor/StellaOps.Doctor.WebService/Contracts/DoctorModels.cs` -- diagnostic bundle models
+- **Tests**: `src/Doctor/__Tests/StellaOps.Doctor.WebService.Tests/Services/InMemoryReportStorageServiceTests.cs`, `DoctorRunServiceTests.cs`
+- **Source**: SPRINT_20260112_001_009_DOCTOR_self_service.md
+
+## E2E Test Plan
+- [ ] Verify diagnostic bundle export generates valid .zip file
+- [ ] Test bundle includes check results, configuration, and remediation suggestions
+- [ ] Verify bundle can be stored/retrieved via both in-memory and Postgres backends
+- [ ] Test Doctor API endpoints for triggering runs and downloading bundles

docs/features/unchecked/doctor/doctor-diagnostics-runner.md

@@ -0,0 +1,39 @@
+# Doctor Diagnostics Runner
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Doctor plugin infrastructure with multiple plugins (Vex, BinaryAnalysis, Notify, Observability, Timestamping) providing health checks, diagnostics, and remediation commands is implemented.
+
+## Implementation Details
+- **Plugin interface**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugins.Core/IDoctorPlugin.cs` -- base plugin contract
+- **Plugins** (14 total):
+  - Agent: `AgentDoctorPlugin.cs` -- agent health (capacity, heartbeat, version, certificates, cluster, task queue)
+  - Attestor: `AttestorDoctorPlugin.cs` -- Rekor, cosign, signing key, transparency log checks
+  - Auth: `AuthDoctorPlugin.cs` -- OIDC, signing key, token service checks
+  - BinaryAnalysis: `BinaryAnalysisDoctorPlugin.cs` -- debuginfod, buildinfo cache, corpus mirror, symbol recovery
+  - Compliance: `CompliancePlugin.cs` -- audit readiness, evidence tamper, provenance completeness, attestation signing
+  - Crypto: eIDAS, FIPS, GOST, HSM, SM crypto, cert chain validation checks
+  - Environment: `EnvironmentDoctorPlugin.cs` -- connectivity, capacity, drift, secrets, network policy
+  - EvidenceLocker: `EvidenceLockerDoctorPlugin.cs` -- evidence index, Merkle anchor, provenance chain
+  - Notify: `NotifyDoctorPlugin.cs` -- Slack, Teams, Email, Webhook connectivity checks
+  - Observability: `ObservabilityDoctorPlugin.cs` -- OTLP, Prometheus, log directory checks
+  - Operations: `OperationsDoctorPlugin.cs` -- job queue, dead letter queue, scheduler checks
+  - Policy: `PolicyEngineHealthCheck.cs`
+  - Postgres: `PostgresDoctorPlugin.cs` -- connectivity, connection pool, migration status
+  - Release: `ReleaseDoctorPlugin.cs` -- active release, environment readiness, promotion gates, rollback
+  - Scanner: `ScannerDoctorPlugin.cs` -- SBOM generation, vulnerability scan, reachability, slice cache, witness graph
+  - Storage: `StorageDoctorPlugin.cs` -- disk space, backup directory, evidence locker write
+  - Timestamping: `TimestampingHealthCheckPlugin.cs` -- TSA, OCSP, CRL, time skew, evidence staleness
+  - Vex: `VexDoctorPlugin.cs` -- VEX document validation, issuer trust, schema compliance
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify all 14+ plugins register and execute successfully
+- [ ] Test plugin discovery and loading mechanism
+- [ ] Verify each plugin category produces valid health check results
+- [ ] Test failure scenarios for each check type

docs/features/unchecked/doctor/doctor-health-checks-for-integrations.md

@@ -0,0 +1,29 @@
+# Doctor Health Checks for Integrations
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Individual health checks for webhooks, Slack, Teams, email, OTLP endpoints, debuginfod, corpus mirrors, and more are implemented as pluggable Doctor checks.
+
+## Implementation Details
+- **Webhook checks**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Notify/Checks/WebhookConfiguredCheck.cs`, `WebhookConnectivityCheck.cs`
+- **Slack checks**: `SlackConfiguredCheck.cs`, `SlackConnectivityCheck.cs`
+- **Teams checks**: `TeamsConfiguredCheck.cs`, `TeamsConnectivityCheck.cs`
+- **Email checks**: `EmailConfiguredCheck.cs`, `EmailConnectivityCheck.cs`
+- **Queue checks**: `NotifyQueueHealthCheck.cs`
+- **OTLP check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Observability/Checks/OtlpEndpointCheck.cs`
+- **Prometheus check**: `PrometheusScrapeCheck.cs`
+- **Debuginfod check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.BinaryAnalysis/Checks/DebuginfodAvailabilityCheck.cs`
+- **Corpus mirror check**: `CorpusMirrorFreshnessCheck.cs`
+- **Tests**: `src/Doctor/__Tests/StellaOps.Doctor.Plugin.Notify.Tests/`, `StellaOps.Doctor.Plugin.Observability.Tests/`, `StellaOps.Doctor.Plugin.BinaryAnalysis.Tests/`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify webhook connectivity check probes configured endpoint
+- [ ] Test Slack/Teams/Email configured checks detect missing configuration
+- [ ] Verify OTLP and Prometheus checks validate endpoint reachability
+- [ ] Test debuginfod and corpus mirror freshness checks

docs/features/unchecked/doctor/doctor-runbook-url-integration.md

@@ -0,0 +1,21 @@
+# Doctor Runbook URL Integration
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Extended Doctor diagnostic framework to support runbook URL links in remediation output, making operational runbooks discoverable directly from `stella doctor` CLI and UI results.
+
+## Implementation Details
+- **Remediation models**: `src/__Libraries/StellaOps.Doctor/Models/RemediationStep.cs` -- includes runbook URL field
+- **Doctor models**: `src/Doctor/StellaOps.Doctor.WebService/Contracts/DoctorModels.cs` -- API models with runbook references
+- **Auto-remediation**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Timestamping/AutoRemediation.cs` -- remediation with linked runbooks
+- **Source**: SPRINT_20260117_029_DOCS
+
+## E2E Test Plan
+- [ ] Verify doctor check results include runbook URLs where applicable
+- [ ] Test CLI `stella doctor` output displays runbook links
+- [ ] Verify Web UI Doctor page shows clickable runbook links

docs/features/unchecked/doctor/doctor-scheduled-runs-with-alerting-and-trend-analysis.md

@@ -0,0 +1,28 @@
+# Doctor Scheduled Runs with Alerting and Trend Analysis
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Cron-based scheduled execution of Doctor health checks with configurable schedules, trend data storage for historical analysis, anomaly detection for health metric degradation, and alerting service integration for notifications on health regressions.
+
+## Implementation Details
+- **Schedule worker**: `src/Doctor/StellaOps.Doctor.Scheduler/DoctorScheduleWorker.cs` -- background worker for cron-based execution
+- **Schedule executor**: `src/Doctor/StellaOps.Doctor.Scheduler/Services/ScheduleExecutor.cs` -- executes scheduled doctor runs
+- **Schedule models**: `src/Doctor/StellaOps.Doctor.Scheduler/Models/DoctorSchedule.cs` -- schedule configuration
+- **Execution tracking**: `src/Doctor/StellaOps.Doctor.Scheduler/Models/ScheduleExecution.cs` -- execution records
+- **Trend data**: `src/Doctor/StellaOps.Doctor.Scheduler/Models/TrendDataPoint.cs` -- trend analysis data model
+- **Alert service**: `src/Doctor/StellaOps.Doctor.Scheduler/Services/IAlertService.cs` -- alerting interface for health regressions
+- **Schedule repository**: `src/Doctor/StellaOps.Doctor.Scheduler/Services/IScheduleRepository.cs`
+- **Trend repository**: `src/Doctor/StellaOps.Doctor.Scheduler/Services/ITrendRepository.cs` -- trend data persistence
+- **Options**: `src/Doctor/StellaOps.Doctor.Scheduler/Options/DoctorSchedulerOptions.cs` -- scheduler configuration
+- **Source**: SPRINT_20260118_020_Doctor_scheduled_runs_trending.md
+
+## E2E Test Plan
+- [ ] Verify scheduled doctor runs execute at configured intervals
+- [ ] Test trend data accumulation over multiple runs
+- [ ] Verify alert service triggers on health degradation
+- [ ] Test schedule CRUD operations via repository

docs/features/unchecked/doctor/doctor-yaml-pack-loader-and-first-party-packs.md

@@ -0,0 +1,25 @@
+# Doctor YAML Pack Loader and First-Party Packs
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+YAML-based diagnostic pack loader allowing first-party and user-defined diagnostic packs, with a self-service Doctor UI page for running health checks interactively.
+
+## Implementation Details
+- **Plugin core**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugins.Core/IDoctorPlugin.cs` -- plugin interface for pack loading
+- **First-party packs**: 14+ doctor plugins under `src/Doctor/__Plugins/` covering Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment, EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release, Scanner, Storage, Timestamping, Vex
+- **WebService**: `src/Doctor/StellaOps.Doctor.WebService/` -- web service for Doctor UI and API
+- **Doctor endpoints**: `src/Doctor/StellaOps.Doctor.WebService/Endpoints/DoctorEndpoints.cs` -- API for loading and running packs
+- **Doctor service options**: `src/Doctor/StellaOps.Doctor.WebService/Options/DoctorServiceOptions.cs` -- configuration including pack paths
+- **Web UI**: `src/Web/StellaOps.Web/src/app/features/doctor/` -- self-service Doctor UI page
+- **Source**: SPRINT_20260113_005_DOCTOR
+
+## E2E Test Plan
+- [ ] Verify YAML pack loading discovers and registers all first-party packs
+- [ ] Test custom/user-defined pack loading from configured paths
+- [ ] Verify Doctor UI page allows interactive check execution
+- [ ] Test pack results display correctly in UI