save checkpoint

docs/features/checked/scanner/zero-day-window-tracking.md

@@ -0,0 +1,32 @@
+# Zero-Day Window Tracking
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Tracks the exposure window between vulnerability disclosure and remediation application, providing metrics on mean-time-to-remediate and zero-day exposure duration per artifact.
+
+## Implementation Details
+- **Zero-Day Window Tracking**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Core/Models/ZeroDayWindowTracking.cs` - `ZeroDayWindowTracking` model tracking the exposure window between vulnerability disclosure timestamp and remediation application timestamp, computing zero-day exposure duration and mean-time-to-remediate metrics per artifact
+
+## E2E Test Plan
+- [ ] Record a vulnerability disclosure event and verify the zero-day window begins tracking from the disclosure timestamp
+- [ ] Apply a remediation (patch, upgrade, VEX) and verify the exposure window is closed with correct duration calculation
+- [ ] Verify mean-time-to-remediate (MTTR) is computed across multiple vulnerabilities for an artifact
+- [ ] Verify zero-day exposure duration accounts for the time between disclosure (NVD published date) and first scan detection
+- [ ] Verify tracking handles re-opened windows (e.g., regression after a patch is reverted)
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |