save checkpoint

docs/features/checked/riskengine/cvss-kev-risk-signal-combination.md

@@ -32,6 +32,85 @@ Risk engine combining CVSS scores with KEV (Known Exploited Vulnerabilities) dat
 
 ## Verification
 - **Verified**: 2026-02-10
-- **Method**: Tier 1 code review + Tier 2d test verification
+- **Method**: Tier 2a live API replay + Tier 2d regression verification
 - **Build**: Core and Infrastructure projects build cleanly (0 errors, 0 warnings). Worker/WebService have deprecation notices but compile.
-- **Tests**: 44+ tests covering this feature across 4 test files (UnitTest1/RiskScoreWorkerTests: 17, RiskEngineApiTests: 4, FixChainRiskProviderTests: 13, FixChainRiskIntegrationTests: 10). All 55/55 module tests pass.
+- **Tests**: RiskEngine suite re-run in Release with 94/94 passing, including added API/provider regression coverage (`Simulations_CvssKev_UsesInlineSignals`, provider-list exposure check, and inline-signal provider unit tests).
+- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-002/tier2-api-check.json`
+
+## Recheck (Run-003)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
+- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
+- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-003/tier2-api-check.json`
+- **Outcome**: CVSS+KEV provider exposure and inline-signal simulation behavior remain stable after subsequent module edits.
+
+
+## Recheck (Run-004)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
+- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
+- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-004/tier2-api-check.json`
+- **Outcome**: CVSS+KEV provider exposure and inline-signal simulation behavior remain stable.
+
+## Recheck (Run-005)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay validated via RiskEngine integration suite.
+- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
+- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-005/tier2-api-check.json`
+- **Outcome**: CVSS/KEV risk signal combination behavior remains healthy.
+
+## Recheck (Run-006)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay + deterministic integration suite replay.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-006/tier2-api-check.json
+- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
+
+## Recheck (Run-007)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay + deterministic integration suite replay.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-007/tier2-api-check.json
+- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
+
+## Recheck (Run-008)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay + deterministic integration suite replay.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-008/tier2-api-check.json
+- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
+
+## Recheck (Run-009)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay + deterministic integration suite replay.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-009/tier2-api-check.json
+- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
+
+
+## Recheck (Run-010)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2d deterministic integration replay.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-010/tier2-integration-check.json
+- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
+## Recheck (Run-011)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2d deterministic integration replay.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-011/tier2-integration-check.json
+- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
+## Recheck (Run-012)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a API replay + deterministic integration suite replay.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-012/tier2-api-check.json
+- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
+
+## Recheck (Run-013)
+- **Verified**: 2026-02-10
+- **Method**: Tier 2a live HTTPS API verification with fresh request/response capture.
+- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
+- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-013/tier2-api-check.json
+- **Captured Requests**: `/risk-scores/providers`; `/risk-scores/simulations` for KEV bonus (0.95), no-KEV baseline (0.75), and unknown provider error semantics.
+- **Outcome**: CVSS+KEV checked behavior revalidated from live API transactions.