save checkpoint

docs/features/checked/evidencelocker/verdict-ledger-bom-ref-extraction-and-indexing.md

@@ -0,0 +1,28 @@
+# Verdict Ledger bom-ref Extraction and Indexing
+
+## Module
+EvidenceLocker
+
+## Status
+IMPLEMENTED
+
+## Description
+Added bom-ref extraction and component-level indexing to the verdict ledger, enabling queries by SBOM component reference for auditing which components were evaluated in each verdict.
+
+## Implementation Details
+- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/Api/`
+- **Key Classes**:
+  - `PostgresVerdictRepository` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Storage/PostgresVerdictRepository.cs`) - PostgreSQL repository with bom-ref extraction and component-level indexing
+  - `VerdictEndpoints` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/VerdictEndpoints.cs`) - API endpoints for verdict queries including by bom-ref
+  - `VerdictContracts` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/VerdictContracts.cs`) - contract models for verdict data with bom-ref fields
+  - `EvidenceLockerDataSource` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Db/EvidenceLockerDataSource.cs`) - database connection for verdict queries
+- **Interfaces**: `IVerdictRepository`
+- **Source**: SPRINT_20260118_015_Attestor_verdict_ledger_foundation.md
+
+## E2E Test Plan
+- [ ] Store a verdict via `PostgresVerdictRepository` and verify bom-ref fields are extracted and indexed
+- [ ] Query verdicts by bom-ref via `VerdictEndpoints` and verify only verdicts for that component are returned
+- [ ] Verify `VerdictContracts` include bom-ref in response models
+- [ ] Verify component-level indexing: query by bom-ref returns all verdicts that evaluated that component
+- [ ] Verify multiple bom-refs per verdict are correctly indexed and queryable
+- [ ] Verify bom-ref extraction handles edge cases (empty bom-ref, special characters, very long refs)