more features checks. setup improvements

docs/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-002/tier0-source-check.json

@@ -0,0 +1 @@
+{"featureFile":"docs/features/unchecked/concelier/vex-consumption-from-sbom-documents.md","filesChecked":["src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionReporter.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionPolicyLoader.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConflictResolver.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionOptions.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/ParsedSbomParser.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexExtractors.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumer.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexTrustEvaluator.cs"],"found":["src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionReporter.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionPolicyLoader.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConflictResolver.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionOptions.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/ParsedSbomParser.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexExtractors.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumer.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexTrustEvaluator.cs"],"missing":[],"verdict":"pass"}

docs/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-002/tier1-code-review.json

@@ -0,0 +1 @@
+{"project":"src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/StellaOps.Concelier.SbomIntegration.csproj","testProject":"src/Concelier/__Tests/StellaOps.Concelier.SbomIntegration.Tests/StellaOps.Concelier.SbomIntegration.Tests.csproj","buildResult":"pass","testResult":"pass","totalTests":130,"testsPassed":130,"testsFailed":0,"errors":[],"codeReviewChecklist":{"mainClassExists":true,"nonTrivialImplementation":true,"logicMatchesFeatureDescription":true,"unitTestsExerciseCoreBehavior":true,"testsAssertMeaningfulOutcomes":true},"codeReviewNotes":["VexConsumer: orchestrates VEX extraction from SBOM, trust evaluation, conflict resolution, and report generation","CycloneDxVexExtractor: extracts embedded VEX from CycloneDX SBOMs, maps bom-ref to PURL","SpdxVexExtractor: extracts embedded VEX from SPDX SBOMs","VexTrustEvaluator: per-statement trust evaluation based on source provenance, justification quality, and evidence age","VexConsumptionPolicyDefaults: default policy requiring justification for not_affected statements","Tests: VexConsumerTests (not_affected extraction, missing justification filtering), VexExtractorTests (CycloneDX bom-ref to PURL, SPDX format handling), VexIntegrationTests (full E2E: parse CycloneDX SBOM with embedded VEX -> extract -> evaluate -> resolve), SbomAdvisoryMatcherVexTests (VEX filtering in advisory matching)"],"verdict":"pass"}

docs/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-002/tier2-integration-check.json

@@ -0,0 +1 @@
+{"type":"integration","capturedAtUtc":"2026-02-13T09:30:00Z","testCommand":"dotnet test \"src\Concelier\__Tests\StellaOps.Concelier.SbomIntegration.Tests\StellaOps.Concelier.SbomIntegration.Tests.csproj\" --no-restore -v normal","testFilter":"VexConsumerTests, VexExtractorTests, VexIntegrationTests, SbomAdvisoryMatcherVexTests","testsRun":130,"testsPassed":130,"testsFailed":0,"featureRelevantTests":7,"targetedTestMethods":["VexConsumerTests.ConsumeAsync_ReturnsNotAffectedStatement","VexConsumerTests.ConsumeAsync_MissingJustification_FiltersStatement","VexExtractorTests.CycloneDxExtractor_MapsBomRefToPurl","VexExtractorTests.SpdxExtractor_HandlesSpdxFormat","VexIntegrationTests.ConsumeFromSbomAsync_ParsesEmbeddedCycloneDxVex","SbomAdvisoryMatcherVexTests.MatchAsync_FiltersNotAffectedVexStatements"],"behaviorVerified":["CycloneDX SBOM embedded VEX extraction: VexConsumer parses not_affected with ComponentNotPresent justification, returns Trusted trust level","SPDX SBOM embedded VEX extraction: SpdxVexExtractor handles SPDX format correctly","Missing justification filtering: statements without justification filtered with 'vex.justification.missing' warning","Per-statement trust evaluation: VexTrustEvaluator assigns trust based on source provenance and evidence quality","Full E2E integration: ParsedSbomParser -> VexConsumer.ConsumeFromSbomAsync -> extract + evaluate + resolve -> consumption result with CVE ID, status, affected components","VEX-aware advisory matching: SbomAdvisoryMatcher filters not_affected VEX statements from match results"],"assertionTypes":["Assert.Single on consumed statements","Assert.Equal on VexStatus.NotAffected and VexTrustLevel.Trusted","Assert.Empty on warnings (valid statement) / Assert.Contains on warnings (missing justification)","Assert.Contains on affected components (PURL mapping from bom-ref)"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 130, Skipped: 0, Total: 130, Duration: 1s 255ms - StellaOps.Concelier.SbomIntegration.Tests.dll (net10.0|x64)","verdict":"pass"}