more features checks. setup improvements

docs/qa/feature-checks/runs/policy/epss-threshold-policy-gate/run-001/tier1-code-review.json

@@ -0,0 +1,16 @@
+{
+  "tier": 1,
+  "type": "code_review",
+  "capturedAtUtc": "2026-02-12T12:30:00Z",
+  "feature": "epss-threshold-policy-gate",
+  "claimsVerified": true,
+  "missingClaims": [],
+  "presentClaims": [
+    "Gates/PolicyGateEvaluator.cs - EPSS-aware gate evaluation",
+    "Unknowns/Services/UnknownRanker.cs - EPSS exploit pressure (>=0.90:+0.30, >=0.50:+0.15, KEV:+0.50)",
+    "Scoring/ProfileAwareScoringService.cs - EPSS weights in profiles",
+    "Scoring/ScorePolicyService.cs - EPSS threshold evaluation per policy"
+  ],
+  "verdict": "done",
+  "notes": "EPSS threshold gate verified. PolicyGateEvaluator integrates EPSS thresholds. UnknownRanker uses EPSS for exploit pressure with configurable factors. Band assignment uses combined score (Hot>=75, Warm>=50, Cold>=25)."
+}

docs/qa/feature-checks/runs/policy/epss-threshold-policy-gate/run-002/tier2-integration-check.json

@@ -0,0 +1,51 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-13T03:25:00Z",
+  "testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal; dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
+  "testFilter": "UnknownRankerTests (EPSS threshold scoring), CveAwareReleasePolicyGatesDeepTests (DriftGate EPSS), PolicyEvaluatorTests",
+  "testsRun": 1337,
+  "testsPassed": 1337,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "UnknownRankerTests.ComputeExploitPressure_InKev_Adds050",
+    "UnknownRankerTests.ComputeExploitPressure_HighEpss_Adds030",
+    "UnknownRankerTests.ComputeExploitPressure_MediumEpss_Adds015",
+    "UnknownRankerTests.ComputeExploitPressure_CriticalCvss_Adds005",
+    "UnknownRankerTests.ComputeExploitPressure_AllFactors_SumsCorrectly",
+    "UnknownRankerTests.ComputeExploitPressure_EpssThresholds_AreMutuallyExclusive",
+    "UnknownRankerTests.Rank_ScoreAbove75_AssignsHotBand",
+    "UnknownRankerTests.Rank_ScoreBetween50And75_AssignsWarmBand",
+    "UnknownRankerTests.Rank_ScoreBetween25And50_AssignsColdBand",
+    "UnknownRankerTests.Rank_ScoreBelow25_AssignsResolvedBand",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_HighEpss_Blocks",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_NoMaterialDrift_Allows",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_Disabled_AllowsEverything",
+    "CveAwareReleasePolicyGatesDeepTests.DriftGate_Override_BypassesBlock"
+  ],
+  "behaviorVerified": [
+    "EpssThresholdGate blocks releases when EPSS score exceeds configured threshold",
+    "EpssThresholdGate allows when EPSS below threshold",
+    "EPSS + KEV combination: KEV=true + EPSS=0.95 produces exploit pressure 0.80 (0.50+0.30)",
+    "EPSS + KEV combination: KEV=true + EPSS=0.50 produces exploit pressure 0.65 (0.50+0.15)",
+    "HOT band assignment for findings with total score >= 75 (high EPSS + high uncertainty)",
+    "Band transition boundaries: Hot>=75, Warm>=50, Cold>=25, Resolved<25",
+    "EpssThresholdGate supports percentile and score threshold modes",
+    "EpssThresholdGate supports per-environment configuration overrides",
+    "EpssThresholdGate handles missing EPSS with configurable action (Allow/Warn/Fail)",
+    "EpssThresholdGate supports reachability-aware filtering (OnlyReachable)",
+    "DriftGateEvaluator integrates EPSS threshold for drift detection",
+    "Gate result types: Pass, PassWithNote, Warn, Block via GateResultFactory"
+  ],
+  "assertionTypes": [
+    "gate-decision",
+    "threshold-boundary",
+    "band-assignment",
+    "environment-override",
+    "reachability-filter",
+    "missing-data-handling"
+  ],
+  "newTestsWritten": [],
+  "bugsFixed": [],
+  "rawOutput": "Unknowns.Tests: 59/59 passed; Engine.Tests: 1278/1278 passed",
+  "verdict": "pass"
+}