# Version Comparison Explainability UX ("Why Fixed/Vulnerable" Popover)

## Module
Scanner

## Status
IMPLEMENTED

## Description
UI explainability for distro version comparisons: "Compared With" badge showing which comparator (RPM EVR, dpkg, APK, SemVer) was used, and "Why Fixed/Vulnerable" popover showing step-by-step comparison proof lines (epoch, upstream, revision). Version comparators emit human-readable proof lines showing each comparison step.

## Implementation Details
- **Version Comparison Evidence**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/VersionComparisonEvidence.cs` - `VersionComparisonEvidence` model capturing step-by-step comparison proof lines (epoch, upstream, revision) with the comparator type used
- **Service Version Comparer**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Analyzers/ServiceVersionComparer.cs` - `ServiceVersionComparer` comparing service versions with proof line emission

## E2E Test Plan
- [ ] Compare an RPM package version and verify the "Compared With" badge shows "RPM EVR" as the comparator
- [ ] Verify the "Why Fixed" popover shows step-by-step comparison proof: epoch comparison, upstream version comparison, and release/revision comparison
- [ ] Compare a dpkg package version and verify epoch, upstream-version, and debian-revision are shown separately in proof lines
- [ ] Compare an APK package version and verify the Alpine-specific version comparison rules are applied and explained
- [ ] Verify SemVer comparisons show major.minor.patch breakdown with clear fixed/vulnerable reasoning
- [ ] Verify proof lines are human-readable and explain why the installed version is fixed or vulnerable relative to the advisory range