save checkpoint

docs/features/checked/attestor/remediation-planner.md

@@ -0,0 +1,42 @@
+# Remediation Planner
+
+## Module
+Attestor
+
+## Status
+VERIFIED
+
+## Description
+Frontend has remediation plan preview, remediation panel, and AI-assisted remediation. Backend has structured remediation step models with risk assessment and verification status.
+
+## Implementation Details
+- **AI Remediation Plan Statement**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/AI/AIRemediationPlanStatement.cs` -- in-toto statement wrapping an AI-generated remediation plan.
+- **Remediation Step**: `Predicates/AI/RemediationStep.cs` -- individual remediation step with action, target component, and expected outcome.
+- **Remediation Action Type**: `Predicates/AI/RemediationActionType.cs` -- enum of action types (Upgrade, Patch, Configure, Mitigate, Accept).
+- **Remediation Step Status**: `Predicates/AI/RemediationStepStatus.cs` -- enum tracking step execution status (Pending, InProgress, Completed, Failed, Skipped).
+- **Remediation Risk Assessment**: `Predicates/AI/RemediationRiskAssessment.cs` -- risk assessment for a remediation action (breaking change risk, compatibility impact, rollback plan).
+- **Remediation Verification Status**: `Predicates/AI/RemediationVerificationStatus.cs` -- verification of whether the remediation was successful.
+- **AI Authority Classifier**: `Predicates/AI/AIAuthorityClassifier.cs` (with `.Remediation`, `.RemediationScore`) -- classifies AI-generated remediation plans by authority level.
+- **AI Model Identifier**: `Predicates/AI/AIModelIdentifier.cs` -- identifies the AI model that generated the plan.
+- **DSSE Signing**: `Signing/ProofChainSigner.cs` -- signs remediation plan attestations.
+- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/AIRemediationPlanTests.cs`
+
+## E2E Test Plan
+- [ ] Create an `AIRemediationPlanStatement` with 3 `RemediationStep` entries (Upgrade openssl, Patch libcurl, Configure nginx) and verify the statement structure
+- [ ] Verify each step has a `RemediationActionType` and appropriate target component
+- [ ] Create a `RemediationRiskAssessment` for an upgrade step and verify breaking change risk and rollback plan are captured
+- [ ] Track step execution via `RemediationStepStatus`: move a step from Pending -> InProgress -> Completed and verify status transitions
+- [ ] Verify `RemediationVerificationStatus` confirms whether the remediation was successful (e.g., CVE no longer detected after upgrade)
+- [ ] Classify the remediation plan via `AIAuthorityClassifier.Remediation` and verify authority level based on evidence quality
+- [ ] Sign the remediation plan into a DSSE envelope and verify the signature
+- [ ] Create plans with different `RemediationActionType` values and verify type-specific metadata
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source Verification | PASS |
+| Tier 1 - Build + Code Review | PASS |
+| Tier 2 - Behavioral Verification | PASS |
+| Verified Date | 2026-02-13 |
+| Run ID | run-001 |