more features checks. setup improvements

docs/qa/feature-checks/runs/policy/auditable-exception-objects/run-001/tier0-source-check.json

@@ -0,0 +1,35 @@
+{
+  "type": "source-check",
+  "capturedAtUtc": "2026-02-12T21:52:00Z",
+  "featureSlug": "auditable-exception-objects",
+  "module": "policy",
+  "keySourceFiles": [
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Models/ExceptionObject.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Models/ExceptionEvent.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Models/ExceptionApplication.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Models/RecheckPolicy.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Models/EvidenceHook.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Services/ExceptionEvaluator.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Services/RecheckEvaluationService.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Services/EvidenceRequirementValidator.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Repositories/IExceptionRepository.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Repositories/PostgresExceptionRepository.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Repositories/IExceptionApplicationRepository.cs",
+    "src/Policy/__Libraries/StellaOps.Policy.Exceptions/Repositories/PostgresExceptionApplicationRepository.cs",
+    "src/Policy/StellaOps.Policy.Engine/Adapters/ExceptionAdapter.cs",
+    "src/Policy/StellaOps.Policy.Engine/Adapters/ExceptionEffectRegistry.cs",
+    "src/Policy/StellaOps.Policy.Engine/ExceptionCache/ExceptionCacheModels.cs",
+    "src/Policy/StellaOps.Policy.Engine/ExceptionCache/IExceptionEffectiveCache.cs",
+    "src/Policy/StellaOps.Policy.Engine/ExceptionCache/MessagingExceptionEffectiveCache.cs",
+    "src/Policy/StellaOps.Policy.Engine/ExceptionCache/RedisExceptionEffectiveCache.cs",
+    "src/Policy/StellaOps.Policy.Engine/Events/ExceptionEventPublisher.cs",
+    "src/Policy/StellaOps.Policy.Engine/Workers/ExceptionLifecycleService.cs",
+    "src/Policy/StellaOps.Policy.Engine/Workers/ExceptionLifecycleWorker.cs",
+    "src/Policy/StellaOps.Policy.Engine/Services/ExceptionApprovalRulesService.cs",
+    "src/Policy/StellaOps.Policy.Engine/Services/ExceptionAwareEvaluationService.cs"
+  ],
+  "filesFound": 23,
+  "filesMissing": 0,
+  "percentPresent": 100,
+  "verdict": "pass"
+}

docs/qa/feature-checks/runs/policy/auditable-exception-objects/run-001/tier1-code-review.json

@@ -0,0 +1,46 @@
+{
+  "type": "code-review",
+  "capturedAtUtc": "2026-02-12T21:52:00Z",
+  "featureSlug": "auditable-exception-objects",
+  "module": "policy",
+  "checklist": {
+    "mainClassExists": true,
+    "nonTrivialImplementation": true,
+    "logicMatchesFeatureDoc": true,
+    "unitTestsExist": true,
+    "testsAssertMeaningfulOutcomes": true
+  },
+  "codeReviewNotes": [
+    "ExceptionObject: 313 lines, full domain model with governed state machine (Proposed->Approved->Active->Expired/Revoked), scope constraints (artifact digest, PURL pattern, vulnerability ID, policy rule ID, environments, tenant), evidence refs, compensating controls, metadata, recheck policy integration.",
+    "ExceptionScope: validates at least one constraint exists, supports PURL wildcards, multi-environment scoping, tenant RLS.",
+    "ExceptionEvent: Audit trail events for all lifecycle transitions (creation, approval, activation, expiry, revocation).",
+    "ExceptionEvaluator: Evaluates whether an exception applies to a given finding context.",
+    "RecheckEvaluationService: Automatic re-evaluation of exceptions against changing security context.",
+    "EvidenceRequirementValidator: Validates required evidence is submitted before exception activation.",
+    "PostgresExceptionRepository: Postgres persistence for exception objects with audit trail.",
+    "ExceptionAdapter: Adapts exceptions for policy evaluation pipeline.",
+    "ExceptionEffectRegistry: Tracks effects of applied exceptions on findings.",
+    "ExceptionCache (Redis + Messaging): Caches effective exceptions for fast policy evaluation.",
+    "ExceptionEventPublisher: Publishes exception lifecycle events.",
+    "ExceptionLifecycleService/Worker: Background processing for exception expiry, recheck scheduling.",
+    "ExceptionApprovalRulesService: Governs approval workflow rules.",
+    "ExceptionAwareEvaluationService: Policy evaluation with exception awareness."
+  ],
+  "testFiles": [
+    "src/Policy/__Tests/StellaOps.Policy.Exceptions.Tests/ExceptionObjectTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Exceptions.Tests/ExceptionEventTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Exceptions.Tests/ExceptionEvaluatorTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Exceptions/ExceptionObjectTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Exceptions/ExceptionHistoryTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Exceptions/ExceptionEventTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Exceptions/ExceptionEvaluatorTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/PostgresExceptionObjectRepositoryTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/ExceptionRepositoryTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/PostgresExceptionApplicationRepositoryTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Workers/ExceptionLifecycleServiceTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Adapters/ExceptionEffectRegistryTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Adapters/ExceptionAdapterTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/Services/ExceptionServiceTests.cs"
+  ],
+  "verdict": "pass"
+}

docs/qa/feature-checks/runs/policy/auditable-exception-objects/run-001/tier2-integration-check.json

@@ -0,0 +1,31 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-12T21:52:00Z",
+  "featureSlug": "auditable-exception-objects",
+  "module": "policy",
+  "testFilter": "Exception",
+  "testsRun": 708,
+  "testsPassed": 708,
+  "testsFailed": 0,
+  "behaviorVerified": [
+    "ExceptionScope validation requires at least one constraint (artifact digest, PURL pattern, vulnerability ID, or policy rule ID)",
+    "ExceptionScope validates correctly for all constraint types individually",
+    "ExceptionScope supports multi-environment scoping and tenant ID",
+    "ExceptionObject.IsEffectiveAt returns true only when status=Active AND not expired",
+    "ExceptionObject.IsEffectiveAt returns false for Proposed, Approved, Expired, Revoked statuses",
+    "ExceptionObject.HasExpiredAt correctly identifies expired exceptions",
+    "ExceptionObject supports all 5 lifecycle statuses (Proposed, Approved, Active, Expired, Revoked)",
+    "ExceptionObject supports all 4 exception types (Vulnerability, Policy, Unknown, Component)",
+    "ExceptionObject supports all 10 reason codes (FalsePositive through Other)",
+    "ExceptionObject stores multiple approver IDs correctly",
+    "ExceptionObject stores content-addressed evidence references (sha256:hash)",
+    "ExceptionObject.IsBlockedByRecheck returns true when recheck triggers Block action",
+    "ExceptionObject.RequiresReapproval returns true when recheck triggers RequireReapproval action",
+    "ExceptionObject stores arbitrary metadata key-value pairs",
+    "ExceptionAdapter adapts exceptions for policy evaluation",
+    "ExceptionEffectRegistry tracks effects of applied exceptions",
+    "ExceptionLifecycleService handles exception expiry and recheck scheduling",
+    "Exception gateway service handles approval workflows"
+  ],
+  "verdict": "pass"
+}