save checkpoint

2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
--- a/docs/features/checked/scanner/explainable-triage-ux-with-evidence-linked-findings.md
+++ b/docs/features/checked/scanner/explainable-triage-ux-with-evidence-linked-findings.md
@@ -0,0 +1,49 @@
+# Explainable triage UX with evidence-linked findings
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Tabbed evidence panel with policy, binary diff, confidence meter, and SBOM evidence tabs provides expandable evidence views per finding.
+
+## Implementation Details
+- **Explainability Library**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/` - Explainability services for evidence-linked findings
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Dsse/ExplainabilityPredicateSerializer.cs` - Serializes explainability predicates
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityGenerator.cs` - Generates falsification criteria
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityCriteria.cs` - Criteria model
+- **Triage Services**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/` - Triage domain services
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Models/ExploitPath.cs` - Exploit path model for evidence linking
+- **Evidence Composition**:
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceCompositionService.cs` - Composes multi-source evidence per finding
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceCompositionService.cs` - Interface
+- **Finding Rationale**:
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/FindingRationaleService.cs` - Provides rationale explanations per finding
+  - `src/Scanner/StellaOps.Scanner.WebService/Services/IFindingRationaleService.cs` - Interface
+- **API**:
+  - `src/Scanner/StellaOps.Scanner.WebService/Controllers/FindingsEvidenceController.cs` - Evidence controller
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/FindingEvidenceContracts.cs` - Evidence API contracts
+  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/RationaleContracts.cs` - Rationale contracts
+
+## E2E Test Plan
+- [ ] Query finding evidence via the FindingsEvidenceController and verify tabbed evidence is returned
+- [ ] Verify policy evidence tab includes applicable policy rules and evaluation results
+- [ ] Verify binary diff evidence tab includes delta analysis when available
+- [ ] Verify confidence meter shows score breakdown with contributing factors
+- [ ] Verify SBOM evidence tab includes component provenance and version data
+- [ ] Verify finding rationale service provides human-readable explanations
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |