semi implemented and features implemented save checkpoint

docs/features/unchecked/doctor/doctor-check-quality-improvements.md

@@ -0,0 +1,24 @@
+# Doctor Check Quality Improvements (Real Diagnostics Replacing Mocks)
+
+## Module
+Doctor
+
+## Status
+IMPLEMENTED
+
+## Description
+Replaced mock implementations in PolicyEngineHealthCheck, OidcProviderConnectivityCheck, and FipsComplianceCheck with real diagnostic logic. Added discriminating evidence fields for AI reasoning and safety annotations (IsDestructive/DryRunVariant) for destructive remediation commands.
+
+## Implementation Details
+- **Policy engine check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Policy/Checks/PolicyEngineHealthCheck.cs`
+- **OIDC connectivity check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Auth/Checks/OidcProviderConnectivityCheck.cs`
+- **FIPS compliance check**: `src/Doctor/__Plugins/StellaOps.Doctor.Plugin.Crypto/Checks/FipsComplianceCheck.cs`
+- **Other crypto checks**: eIDAS (`EidasComplianceCheck.cs`), GOST (`GostAvailabilityCheck.cs`), HSM (`HsmPkcs11AvailabilityCheck.cs`), SM crypto (`SmCryptoAvailabilityCheck.cs`)
+- **Remediation models**: `src/__Libraries/StellaOps.Doctor/Models/RemediationStep.cs` -- includes IsDestructive/DryRunVariant safety annotations
+- **Source**: SPRINT_20260118_015_Doctor_check_quality_improvements.md
+
+## E2E Test Plan
+- [ ] Verify PolicyEngineHealthCheck performs real diagnostic (not mock)
+- [ ] Test OidcProviderConnectivityCheck actually probes OIDC endpoint
+- [ ] Verify FipsComplianceCheck validates FIPS mode status
+- [ ] Test remediation commands include safety annotations (IsDestructive, DryRunVariant)