# Triage database schema and API endpoints

## Module
Scanner

## Status
VERIFIED

## Description
PostgreSQL triage schema with migration, DbContext, and tested API endpoints for triage status management.

## Implementation Details
- **Database Schema**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/TriageDbContext.cs` - `TriageDbContext` EF Core database context defining the triage schema with migrations
- **Entity Models**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageFinding.cs` - `TriageFinding` entity representing a vulnerability finding in triage
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageDecision.cs` - `TriageDecision` entity for triage decision records
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEvidenceArtifact.cs` - `TriageEvidenceArtifact` entity linking evidence to triage decisions
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageScan.cs` - `TriageScan` entity for scan metadata
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageSnapshot.cs` - `TriageSnapshot` entity for point-in-time triage state
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageRiskResult.cs` - `TriageRiskResult` entity for risk assessment results
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageReachabilityResult.cs` - `TriageReachabilityResult` entity for reachability analysis results
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriagePolicyDecision.cs` - `TriagePolicyDecision` entity for policy evaluation results
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEnums.cs` - Triage status, decision, and lane enumerations
- **API Endpoints**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/TriageStatusService.cs` - `TriageStatusService` managing triage workflow state transitions
  - `src/Scanner/StellaOps.Scanner.WebService/Controllers/TriageController.cs` - `TriageController` REST API for triage operations
  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs` - API contracts for triage endpoints
- **Tests**:
  - `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageSchemaIntegrationTests.cs` - Schema migration tests
  - `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageQueryPerformanceTests.cs` - Query performance tests
  - `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/TriageStatusEndpointsTests.cs` - API endpoint tests

## E2E Test Plan
- [ ] Run database migration and verify the triage schema is created with all expected tables and indexes
- [ ] Create a triage finding via the API and verify it persists with correct status and metadata
- [ ] Transition a finding through triage states (New -> In Review -> Accepted/Rejected) and verify state transitions are validated
- [ ] Query triage findings with filters (status, severity, scan ID) and verify correct results with acceptable query performance
- [ ] Verify triage snapshots capture point-in-time state for audit purposes
- [ ] Verify policy decisions and reachability results are correctly linked to triage findings

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |