more features checks. setup improvements

docs/qa/feature-checks/runs/policy/diff-aware-release-gates/run-001/tier1-code-review.json

@@ -0,0 +1,19 @@
+{
+  "tier": 1,
+  "type": "code_review",
+  "capturedAtUtc": "2026-02-12T12:30:00Z",
+  "feature": "diff-aware-release-gates",
+  "claimsVerified": true,
+  "missingClaims": [],
+  "presentClaims": [
+    "WhatIfSimulation/WhatIfSimulationService.cs - SBOM diff operations and decision changes",
+    "Gates/DriftGateEvaluator.cs with DriftGateContext.cs, DriftGateOptions.cs",
+    "Console/ConsoleSimulationDiffService.cs - deterministic delta diff",
+    "Simulation/SimulationAnalyticsService.cs - delta summary computation",
+    "Simulation/RiskSimulationService.cs - CompareProfilesWithBreakdown",
+    "EffectiveDecisionMap/ - materialized baseline decisions",
+    "Endpoints: OverlaySimulationEndpoint.cs, MergePreviewEndpoints.cs"
+  ],
+  "verdict": "done",
+  "notes": "Full diff-aware release gates verified. WhatIfSimulationService for SBOM deltas, DriftGateEvaluator for cross-release delta thresholds, ConsoleSimulationDiffService for visual diffs, profile comparison with trend analysis, and merge preview endpoints."
+}

docs/qa/feature-checks/runs/policy/diff-aware-release-gates/run-002/tier2-integration-check.json

@@ -0,0 +1,80 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-12T21:10:00Z",
+  "testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
+  "testFilter": "Engine.Tests covering DriftGateEvaluator, WhatIfSimulationService, ConsoleSimulationDiffService, SimulationAnalyticsService, RiskSimulationBreakdownService",
+  "testsRun": 1278,
+  "testsPassed": 1278,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_KevReachable_Blocks",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_KevButNoNewReachable_Passes",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_HighCvss_Blocks",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_HighEpss_Blocks",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_AffectedReachable_Blocks",
+    "ConsoleSimulationDiffServiceTests.Compute_IsDeterministic_AndCarriesMetadata",
+    "SimulationAnalyticsServiceTests.ComputeRuleFiringCounts_EmptyTraces_ReturnsEmptyCounts",
+    "SimulationAnalyticsServiceTests.ComputeRuleFiringCounts_WithFiredRules_CountsCorrectly",
+    "SimulationAnalyticsServiceTests.ComputeRuleFiringCounts_TopRules_OrderedByFireCount",
+    "SimulationAnalyticsServiceTests.ComputeRuleFiringCounts_VexOverrides_CountedCorrectly",
+    "SimulationAnalyticsServiceTests.ComputeHeatmap_RuleSeverityMatrix_BuildsCorrectly",
+    "SimulationAnalyticsServiceTests.ComputeHeatmap_FindingRuleCoverage_CalculatesCorrectly",
+    "SimulationAnalyticsServiceTests.ComputeSampledTraces_DeterministicOrdering_OrdersByFindingId",
+    "SimulationAnalyticsServiceTests.ComputeSampledTraces_DeterminismHash_ConsistentForSameInput",
+    "SimulationAnalyticsServiceTests.ComputeSampledTraces_HighSeverity_AlwaysSampled",
+    "SimulationAnalyticsServiceTests.ComputeDeltaSummary_OutcomeChanges_CalculatesCorrectly",
+    "SimulationAnalyticsServiceTests.ComputeDeltaSummary_SeverityChanges_TracksEscalationAndDeescalation",
+    "SimulationAnalyticsServiceTests.ComputeDeltaSummary_RuleChanges_DetectsAddedAndRemovedRules",
+    "SimulationAnalyticsServiceTests.ComputeDeltaSummary_HighImpactFindings_IdentifiedCorrectly",
+    "SimulationAnalyticsServiceTests.ComputeDeltaSummary_DeterminismHash_ConsistentForSameInput",
+    "SimulationAnalyticsServiceTests.ComputeAnalytics_FullAnalysis_ReturnsAllComponents",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_WithValidInput_ReturnsBreakdown",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_SignalAnalysis_ComputesCorrectCoverage",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_SignalAnalysis_IdentifiesTopContributors",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_OverrideAnalysis_TracksApplications",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_ScoreDistribution_ComputesStatistics",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_SeverityBreakdown_GroupsCorrectly",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_ActionBreakdown_GroupsCorrectly",
+    "RiskSimulationBreakdownServiceTests.GenerateBreakdown_DeterminismHash_IsConsistent",
+    "RiskSimulationBreakdownServiceTests.GenerateComparisonBreakdown_IncludesRiskTrends",
+    "RiskSimulationBreakdownServiceTests.GenerateComparisonBreakdown_TracksImprovementsAndRegressions"
+  ],
+  "behaviorVerified": [
+    "WhatIfSimulationService: full what-if simulation with SBOM diffs (add/remove/upgrade/downgrade), delta computation, VEX/reachability override handling",
+    "WhatIfSimulationService: decision change types (new, removed, status_changed, severity_changed) and explanation generation",
+    "WhatIfSimulationService: summary computation with risk delta (increased/decreased/unchanged) and recommendation text",
+    "WhatIfSimulationService: draft policy simulation with YAML digest computation",
+    "DriftGateEvaluator: KEV reachable gate blocks when KEV is newly reachable",
+    "DriftGateEvaluator: KEV gate passes when no new reachable paths",
+    "DriftGateEvaluator: CVSS threshold gate blocks when high-severity vulnerabilities become reachable",
+    "DriftGateEvaluator: EPSS threshold gate blocks when high-probability exploits become reachable",
+    "DriftGateEvaluator: affected reachable gate blocks on new paths to affected vulnerabilities",
+    "DriftGateEvaluator: custom gate condition parsing (AND/OR, numeric comparisons, VEX status IN lists)",
+    "DriftGateEvaluator: override mechanism with justification length requirement",
+    "DriftGateEvaluator: gates disabled bypass, no material drift bypass",
+    "ConsoleSimulationDiffService: deterministic before/after severity breakdown with rule impact analysis",
+    "SimulationAnalyticsService: rule firing counts with VEX override tracking",
+    "SimulationAnalyticsService: heatmap with rule-severity matrix and finding-rule coverage",
+    "SimulationAnalyticsService: sampled traces with deterministic ordering and hash",
+    "SimulationAnalyticsService: delta summary with outcome changes (improved/regressed/unchanged), severity escalation/deescalation, rule changes, high-impact findings",
+    "RiskSimulationBreakdownService: profile comparison with risk trends, score trends, top movers",
+    "RiskSimulationBreakdownService: score distribution with percentiles, skewness, kurtosis, outlier detection",
+    "RiskSimulationBreakdownService: component breakdown by ecosystem, severity concentration (HHI)",
+    "EffectiveDecisionMap: baseline decision materialization for delta comparison (IEffectiveDecisionMap, RedisEffectiveDecisionMap, MessagingEffectiveDecisionMap)",
+    "OverlaySimulationEndpoint: overlay-based simulation without persistence",
+    "MergePreviewEndpoints: merge preview for policy changes"
+  ],
+  "assertionTypes": [
+    "value equality (Should().Be, Assert.Equal)",
+    "collection assertions (Should().NotBeEmpty, Should().HaveCount, Should().Contain)",
+    "range checks (Should().BeGreaterThan, Should().BeLessThanOrEqualTo, Should().BeApproximately)",
+    "null checks (Should().NotBeNull, Should().BeNull)",
+    "determinism verification (serialized equality, hash consistency)",
+    "ordering verification (top contributors ordered by contribution)",
+    "type assertions (Should().StartWith for determinism hash prefixes)"
+  ],
+  "newTestsWritten": [],
+  "bugsFixed": [],
+  "rawOutput": "Engine.Tests: Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 5s 999ms",
+  "verdict": "pass"
+}