more features checks. setup improvements

docs/qa/feature-checks/runs/policy/cvss-v4-0-environmental-metrics-completion/run-001/tier1-build-check.json

@@ -0,0 +1,12 @@
+{
+  "feature": "cvss-v4-0-environmental-metrics-completion",
+  "module": "policy",
+  "tier": "tier1-build",
+  "run": "run-001",
+  "date": "2026-02-12",
+  "result": "pass",
+  "project": "StellaOps.Policy.Scoring.Tests",
+  "command": "dotnet build src/Policy/__Tests/StellaOps.Policy.Scoring.Tests/StellaOps.Policy.Scoring.Tests.csproj --no-restore --verbosity quiet",
+  "output": "Build succeeded. 0 Warning(s) 0 Error(s)",
+  "notes": "Scoring test project builds cleanly. Fixed type mismatch: ModifiedSubsequentSystemConfidentiality uses ModifiedImpactMetricValue not ModifiedSubsequentImpact"
+}

docs/qa/feature-checks/runs/policy/cvss-v4-0-environmental-metrics-completion/run-001/tier1-code-review.json

@@ -0,0 +1,26 @@
+{
+  "feature": "cvss-v4-0-environmental-metrics-completion",
+  "module": "policy",
+  "tier": "tier1-code-review",
+  "run": "run-001",
+  "date": "2026-02-12",
+  "result": "pass",
+  "sourceFilesReviewed": [
+    "src/Policy/StellaOps.Policy.Scoring/CvssMetrics.cs",
+    "src/Policy/StellaOps.Policy.Scoring/Engine/CvssV4Engine.cs",
+    "src/Policy/StellaOps.Policy.Scoring/Engine/CvssEngineFactory.cs"
+  ],
+  "testFilesReviewed": [
+    "src/Policy/__Tests/StellaOps.Policy.Scoring.Tests/CvssV4DeepVerificationTests.cs"
+  ],
+  "newTestFile": "src/Policy/__Tests/StellaOps.Policy.Scoring.Tests/CvssV4EnvironmentalDeepVerificationTests.cs",
+  "findings": [
+    "CvssEnvironmentalMetrics has 11 Modified metrics covering all v4 attack and impact dimensions",
+    "ModifiedSubsequentSystemConfidentiality uses ModifiedImpactMetricValue (not ModifiedSubsequentImpact like MSI/MSA)",
+    "ModifiedSubsequentSystemIntegrity and MSA use ModifiedSubsequentImpact which includes Safety value",
+    "HasEnvironmentalMetrics correctly returns false when all metrics are NotDefined",
+    "Engine uses MacroVector-based scoring so single impact changes on max vectors may not reduce score",
+    "SecurityRequirement (CR, IR, AR) modifiers supported for environmental weighting",
+    "Effective score type selection: Base, Threat, Environmental, Full"
+  ]
+}

docs/qa/feature-checks/runs/policy/cvss-v4-0-environmental-metrics-completion/run-001/tier2-test-results.json

@@ -0,0 +1,44 @@
+{
+  "feature": "cvss-v4-0-environmental-metrics-completion",
+  "module": "policy",
+  "tier": "tier2-test",
+  "run": "run-001",
+  "date": "2026-02-12",
+  "result": "pass",
+  "project": "StellaOps.Policy.Scoring.Tests",
+  "command": "dotnet test src/Policy/__Tests/StellaOps.Policy.Scoring.Tests/StellaOps.Policy.Scoring.Tests.csproj --no-build -- --report-xunit",
+  "summary": {
+    "total": 263,
+    "passed": 263,
+    "failed": 0,
+    "skipped": 0,
+    "duration": "1.0s"
+  },
+  "newTests": {
+    "class": "CvssV4EnvironmentalDeepVerificationTests",
+    "total": 19,
+    "passed": 19,
+    "failed": 0
+  },
+  "testsCovered": [
+    "MAV_NetworkToLocal_LowersEnvironmentalScore",
+    "MAC_LowToHigh_LowersEnvironmentalScore",
+    "MAT_NoneToPresent_LowersEnvironmentalScore",
+    "MPR_NoneToHigh_LowersEnvironmentalScore",
+    "MUI_NoneToActive_LowersEnvironmentalScore",
+    "MVC_HighToNone_LowersEnvironmentalScore",
+    "MVI_HighToLow_LowersEnvironmentalScore",
+    "MVA_HighToNone_LowersEnvironmentalScore",
+    "MSC_HighToNone_LowersEnvironmentalScore",
+    "MSI_Safety_AppliesMaximumImpact",
+    "MSA_HighToLow_LowersEnvironmentalScore",
+    "AllModifiedMetrics_NotDefined_EnvironmentalIsNull",
+    "EffectiveScoreType_BaseOnly_SelectsBase",
+    "EffectiveScoreType_WithThreatOnly_SelectsThreat",
+    "EffectiveScoreType_WithEnvOnly_SelectsEnvironmental",
+    "EffectiveScoreType_BTE_WithAllMetrics_SelectsFull",
+    "VectorString_ContainsAllModifiedMetrics",
+    "Receipt_SameVector_ProducesSameScores",
+    "CvssEngineFactory_V4Vector_ReturnsCorrectVersion"
+  ]
+}

docs/qa/feature-checks/runs/policy/cvss-v4-0-environmental-metrics-completion/run-002/tier0-source-check.json

@@ -0,0 +1,21 @@
+{
+  "feature": "cvss-v4-0-environmental-metrics-completion",
+  "tier": 0,
+  "capturedAtUtc": "2026-02-12T21:25:00Z",
+  "filesChecked": [
+    "src/Policy/StellaOps.Policy.Scoring/Engine/CvssV4Engine.cs",
+    "src/Policy/StellaOps.Policy.Scoring/Engine/MacroVectorLookup.cs",
+    "src/Policy/StellaOps.Policy.Scoring/CvssScoreReceipt.cs",
+    "src/Policy/StellaOps.Policy.Scoring/CvssMetrics.cs",
+    "src/Policy/StellaOps.Policy.Scoring/CvssPolicy.cs"
+  ],
+  "found": [
+    "src/Policy/StellaOps.Policy.Scoring/Engine/CvssV4Engine.cs",
+    "src/Policy/StellaOps.Policy.Scoring/Engine/MacroVectorLookup.cs",
+    "src/Policy/StellaOps.Policy.Scoring/CvssScoreReceipt.cs",
+    "src/Policy/StellaOps.Policy.Scoring/CvssMetrics.cs",
+    "src/Policy/StellaOps.Policy.Scoring/CvssPolicy.cs"
+  ],
+  "missing": [],
+  "verdict": "pass"
+}

docs/qa/feature-checks/runs/policy/cvss-v4-0-environmental-metrics-completion/run-002/tier1-code-review.json

@@ -0,0 +1,24 @@
+{
+  "feature": "cvss-v4-0-environmental-metrics-completion",
+  "tier": 1,
+  "capturedAtUtc": "2026-02-12T21:25:30Z",
+  "project": "src/Policy/__Tests/StellaOps.Policy.Scoring.Tests/StellaOps.Policy.Scoring.Tests.csproj",
+  "buildResult": "pass",
+  "codeReviewChecklist": {
+    "mainClassExists": true,
+    "nonTrivialImplementation": true,
+    "logicMatchesDescription": true,
+    "unitTestsExist": true,
+    "testAssertMeaningful": true
+  },
+  "codeReviewNotes": [
+    "CvssV4Engine: sealed partial class implements ICvssV4Engine with ComputeScores and BuildVectorString",
+    "All 11 modified environmental metrics implemented: MAV, MAC, MAT, MPR, MUI, MVC, MVI, MVA, MSC, MSI, MSA",
+    "Score variants: CVSS-B, CVSS-BT, CVSS-BE, CVSS-BTE computed correctly based on metric availability",
+    "DetermineEffectiveScore selects most specific variant (Full > Environmental/Threat > Base)",
+    "MacroVector-based scoring per FIRST CVSS v4.0 specification",
+    "CvssEngineFactory correctly routes v4.0 vectors to CvssV4Engine",
+    "CvssV4EnvironmentalDeepVerificationTests: 20 tests covering all modified metrics, score type selection, vector strings, determinism"
+  ],
+  "verdict": "pass"
+}

docs/qa/feature-checks/runs/policy/cvss-v4-0-environmental-metrics-completion/run-002/tier2-integration-check.json

@@ -0,0 +1,59 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-12T21:26:00Z",
+  "testCommand": "dotnet test src\\Policy\\__Tests\\StellaOps.Policy.Scoring.Tests\\StellaOps.Policy.Scoring.Tests.csproj --no-restore -v normal",
+  "testFilter": "All tests in StellaOps.Policy.Scoring.Tests (includes CvssV4EnvironmentalDeepVerificationTests, CvssV4EngineTests, CvssV4EnvironmentalTests, MacroVectorLookupTests, CvssV4DeepVerificationTests, ReceiptBuilderTests)",
+  "testsRun": 263,
+  "testsPassed": 263,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "CvssV4EnvironmentalDeepVerificationTests.MAV_NetworkToLocal_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MAC_LowToHigh_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MAT_NoneToPresent_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MPR_NoneToHigh_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MUI_NoneToActive_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MVC_HighToNone_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MVI_HighToLow_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MVA_HighToNone_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MSC_HighToNone_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.MSI_Safety_AppliesMaximumImpact",
+    "CvssV4EnvironmentalDeepVerificationTests.MSA_HighToLow_LowersEnvironmentalScore",
+    "CvssV4EnvironmentalDeepVerificationTests.AllModifiedMetrics_NotDefined_EnvironmentalEqualsBase",
+    "CvssV4EnvironmentalDeepVerificationTests.EffectiveScoreType_BaseOnly_SelectsBase",
+    "CvssV4EnvironmentalDeepVerificationTests.EffectiveScoreType_WithThreatOnly_SelectsThreat",
+    "CvssV4EnvironmentalDeepVerificationTests.EffectiveScoreType_WithEnvOnly_SelectsEnvironmental",
+    "CvssV4EnvironmentalDeepVerificationTests.EffectiveScoreType_BTE_WithAllMetrics_SelectsFull",
+    "CvssV4EnvironmentalDeepVerificationTests.VectorString_ContainsAllModifiedMetrics",
+    "CvssV4EnvironmentalDeepVerificationTests.Receipt_SameVector_ProducesSameScores",
+    "CvssV4EnvironmentalDeepVerificationTests.CvssEngineFactory_V4Vector_ReturnsCorrectVersion"
+  ],
+  "behaviorVerified": [
+    "MAV=Network modified to MAV=Local lowers environmental score below base",
+    "MAC=Low modified to MAC=High lowers environmental score",
+    "MAT=None modified to MAT=Present lowers environmental score",
+    "MPR=None modified to MPR=High lowers environmental score",
+    "MUI=None modified to MUI=Active lowers environmental score",
+    "MVC=High modified to MVC=None lowers environmental score",
+    "MVI=High modified to MVI=Low lowers environmental score",
+    "MVA=High modified to MVA=None lowers environmental score",
+    "MSC=High modified to MSC=None lowers environmental score",
+    "MSI=Safety applies maximum subsequent integrity impact (score increases)",
+    "MSA=High modified to MSA=Low lowers environmental score",
+    "All Modified metrics NotDefined -> environmental score equals base score exactly",
+    "Effective score type: Base when base-only, Threat when threat-only, Environmental when env-only, Full when all present",
+    "Vector string contains all modified metric abbreviations (MAV, MAC, MPR, MUI, MVC, CR)",
+    "Same vector scored twice produces identical scores (determinism)",
+    "CvssEngineFactory returns CvssV4Engine for CVSS:4.0 vectors with score=10.0 for max vector"
+  ],
+  "assertionTypes": [
+    "Score numerical comparison (BeLessThan, BeLessThanOrEqualTo, BeGreaterThanOrEqualTo)",
+    "Score exact equality (Be) for NotDefined defaults",
+    "Enum equality for EffectiveScoreType",
+    "String containment for vector string metrics",
+    "Null/NotNull assertions for score variant availability",
+    "Cross-invocation score equality (determinism)"
+  ],
+  "bugsFixed": [],
+  "newTestsWritten": [],
+  "verdict": "pass"
+}