# 4-Tier Backport Evidence Resolver

## Module
Concelier

## Status
VERIFIED

## Description
Multi-tier backport evidence resolution with tier precedence, distro mappings, cross-distro OVAL integration, and deterministic backport verdicts.

## Implementation Details
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.Merge/`, `src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/`
- **Key Classes**:
  - `BackportEvidenceResolver` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/BackportEvidenceResolver.cs`) - multi-tier evidence resolution with tier precedence logic
  - `BackportStatusService` (`src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs`) - backport status lookups with version comparison
  - `FixIndexService` (`src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/FixIndexService.cs`) - O(1) distro patch lookups via fix index
  - `ProvenanceScopeService` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/ProvenanceScopeService.cs`) - provenance scope tracking for backport-aware deduplication
- **Persistence**: `ProvenanceScopeRepository` (`src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Repositories/ProvenanceScopeRepository.cs`)
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Submit a CVE with known backport status across multiple distros and verify the `BackportEvidenceResolver` returns correct tier-based verdict
- [ ] Verify tier precedence: Tier 1 evidence (direct patch proof) overrides Tier 2/3/4 evidence
- [ ] Verify cross-distro resolution: same CVE produces correct backport verdicts for Alpine, Debian, and RedHat simultaneously
- [ ] Verify deterministic verdicts: identical inputs produce identical backport verdicts across repeated runs
- [ ] Verify `FixIndexService` returns O(1) lookup performance for known distro patch entries