save checkpoint

docs/features/checked/scanner/evidence-privacy-controls.md

@@ -0,0 +1,34 @@
+# Evidence Privacy Controls (Redaction Service)
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Role-based evidence redaction with three levels: Full (no redaction for security_admin/evidence:full), Standard (redacts source code from reachability paths and call stack arguments/locals, keeps hashes and line ranges), and Minimal (strips reachability paths entirely, removes call stacks, reduces provenance to build ID/digest/verified flag, preserves VEX and EPSS public data). Supports field-level selective redaction (SourceCode, CallArguments flags). Determines redaction level from ClaimsPrincipal.
+
+## Implementation Details
+- **Redaction Service**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Privacy/EvidenceRedactionService.cs` - Core redaction service with role-based level determination from ClaimsPrincipal
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Privacy/EvidenceRedactionLevel.cs` - Redaction level enum (Full, Standard, Minimal)
+
+## E2E Test Plan
+- [ ] Authenticate as `security_admin` and verify Full redaction level returns all evidence fields
+- [ ] Authenticate as a standard user and verify Standard redaction level redacts source code and call stack arguments
+- [ ] Authenticate with minimal permissions and verify Minimal redaction level strips reachability paths and call stacks
+- [ ] Verify VEX and EPSS public data is preserved at all redaction levels
+- [ ] Verify field-level selective redaction (SourceCode, CallArguments flags) works correctly
+- [ ] Verify hash values and line ranges are preserved at Standard level
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |