# Signed Triage Decisions

## Module
Scanner

## Status
IMPLEMENTED

## Description
Triage decisions are tracked with rationale, evidence linkage, and unified evidence composition supporting attestation chains.

## Implementation Details
- **Triage Decision Model**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageDecision.cs` - `TriageDecision` entity tracking triage decisions with rationale, user attribution, and evidence linkage
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageFinding.cs` - `TriageFinding` entity linking findings to triage decisions
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEvidenceArtifact.cs` - `TriageEvidenceArtifact` linking evidence artifacts to triage decisions for attestation chains
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEnums.cs` - Enums for triage status, decision types, and evidence artifact types
- **Database Context**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Triage/TriageDbContext.cs` - `TriageDbContext` EF Core database context for triage persistence
- **Unified Evidence**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs` - `UnifiedEvidenceService` composing triage decisions with unified evidence for attestation
- **Triage Status Service**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/TriageStatusService.cs` - `TriageStatusService` managing triage workflow state transitions
- **API Contracts**:
  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs` - API contracts for triage decision endpoints
- **Tests**:
  - `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageSchemaIntegrationTests.cs` - Schema integration tests
  - `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageQueryPerformanceTests.cs` - Query performance tests

## E2E Test Plan
- [ ] Create a triage decision for a vulnerability finding with rationale and verify it persists with correct evidence linkage
- [ ] Verify triage decisions include user attribution (who made the decision and when)
- [ ] Verify `UnifiedEvidenceService` composes triage decisions into attestation-compatible evidence chains
- [ ] Verify triage decision state transitions follow the expected workflow (e.g., Open -> Accepted/Rejected -> Closed)
- [ ] Verify `TriageEvidenceArtifact` links supporting evidence (scan results, VEX statements, reachability analysis) to triage decisions
- [ ] Verify triage query performance is within acceptable limits for large finding sets