save checkpoint

docs/features/checked/scanner/falsification-conditions-per-finding.md

@@ -0,0 +1,37 @@
+# Falsification Conditions Per Finding
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Each vulnerability finding includes falsification conditions -- specific criteria that would disprove the finding, enabling evidence-based triage and automatic dismissal when conditions are met.
+
+## Implementation Details
+- **Core Models**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Core/Models/FalsificationConditions.cs` - Falsification conditions model attached to findings
+- **Falsifiability Generation**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityGenerator.cs` - Generates falsification criteria per finding
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityCriteria.cs` - Criteria model defining what would disprove a finding
+- **DSSE Integration**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Dsse/ExplainabilityPredicateSerializer.cs` - Serializes falsification conditions in DSSE predicates
+
+## E2E Test Plan
+- [ ] Scan an image and verify vulnerability findings include falsification conditions
+- [ ] Verify falsification criteria specify concrete conditions (e.g., "function X is not called", "package Y is not in runtime classpath")
+- [ ] Verify automatic dismissal occurs when falsification conditions are met by evidence (e.g., reachability proves function is unreachable)
+- [ ] Verify falsification conditions are serialized in explainability predicates
+- [ ] Verify triage UI displays falsification conditions to help analysts evaluate findings
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |