more features checks. setup improvements

docs/qa/feature-checks/runs/policy/epss-raw-feed-layer/run-001/tier1-code-review.json

@@ -0,0 +1,19 @@
+{
+  "tier": 1,
+  "type": "code_review",
+  "capturedAtUtc": "2026-02-12T12:30:00Z",
+  "feature": "epss-raw-feed-layer",
+  "claimsVerified": true,
+  "missingClaims": [],
+  "presentClaims": [
+    "Unknowns/Services/UnknownRanker.cs - EPSS exploit pressure factors (>=0.90: +0.30, >=0.50: +0.15)",
+    "Scoring/ProfileAwareScoringService.cs - EPSS in profile scoring",
+    "Scoring/RiskScoringModels.cs, RiskScoringTriggerService.cs - EPSS re-scoring triggers",
+    "Simulation/RiskSimulationService.cs - EPSS as signal in simulations",
+    "Gates/PolicyGateEvaluator.cs - EPSS thresholds in gate evaluation",
+    "Endpoints/StalenessEndpoints.cs - feed staleness monitoring",
+    "Scoring/EvidenceWeightedScore/ - EPSS contribution to EWS"
+  ],
+  "verdict": "done",
+  "notes": "EPSS integration verified across the policy engine. UnknownRanker uses EPSS for exploit pressure scoring, risk simulations include EPSS as signal, policy gates evaluate EPSS thresholds, and staleness monitoring covers EPSS feeds."
+}

docs/qa/feature-checks/runs/policy/epss-raw-feed-layer/run-002/tier2-integration-check.json

@@ -0,0 +1,46 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-13T03:20:00Z",
+  "testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal; dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
+  "testFilter": "UnknownRankerTests (EPSS scoring), CveAwareReleasePolicyGatesDeepTests (EPSS gate), PolicyEvaluatorTests (EPSS integration), EwsCalculationBenchmarkTests",
+  "testsRun": 1337,
+  "testsPassed": 1337,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "UnknownRankerTests.ComputeExploitPressure_HighEpss_Adds030",
+    "UnknownRankerTests.ComputeExploitPressure_MediumEpss_Adds015",
+    "UnknownRankerTests.ComputeExploitPressure_AllFactors_SumsCorrectly",
+    "UnknownRankerTests.ComputeExploitPressure_EpssThresholds_AreMutuallyExclusive",
+    "UnknownRankerTests.Rank_SameInput_ReturnsSameResult",
+    "UnknownRankerTests.Rank_MultipleExecutions_ProducesIdenticalScores",
+    "UnknownRankerTests.Rank_Formula_AppliesCorrectWeights",
+    "UnknownRankerTests.Rank_MaximumScore_Is100",
+    "UnknownRankerTests.Rank_ScoreAbove75_AssignsHotBand",
+    "UnknownRankerTests.Rank_ScoreBetween50And75_AssignsWarmBand",
+    "UnknownRankerTests.Rank_ScoreBetween25And50_AssignsColdBand",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_HighEpss_Blocks"
+  ],
+  "behaviorVerified": [
+    "EPSS score >= 0.90 contributes +0.30 exploit pressure factor in unknown ranking",
+    "EPSS score >= 0.50 contributes +0.15 exploit pressure factor",
+    "EPSS score < 0.50 contributes 0 exploit pressure factor (below threshold)",
+    "EPSS thresholds are mutually exclusive (high EPSS does not also add medium bonus)",
+    "EPSS + KEV combination produces correct total exploit pressure (0.50 + 0.30 = 0.80)",
+    "EPSS contributes to risk scoring via UnknownRanker integration",
+    "EPSS-based exploit pressure feeds into band assignment (Hot >= 75, Warm >= 50, Cold >= 25)",
+    "EPSS scoring is deterministic across repeated executions",
+    "DriftGateEvaluator blocks when EPSS exceeds configured threshold",
+    "EPSS migration with 004_epss_risk_scores.sql exists in persistence layer"
+  ],
+  "assertionTypes": [
+    "equality",
+    "threshold-boundary",
+    "mutual-exclusivity",
+    "determinism",
+    "gate-decision"
+  ],
+  "newTestsWritten": [],
+  "bugsFixed": [],
+  "rawOutput": "Unknowns.Tests: 59/59 passed; Engine.Tests: 1278/1278 passed",
+  "verdict": "pass"
+}