# Unknowns Ranking Algorithm (HOT/WARM/COLD bands)

## Module
Policy

## Status
IMPLEMENTED

## Description
Unknown ranker with weighted scoring (popularity, exploit potential, uncertainty density, centrality, staleness), HOT/WARM/COLD band assignment, and BlastRadius model. Database migration for blast radius/containment exists.

## Implementation Details
- **UnknownRanker**: `src/Policy/__Libraries/StellaOps.Policy.Unknowns/Services/UnknownRanker.cs` (sealed class)
  - Two-factor scoring: Score = (Uncertainty * 50) + (ExploitPressure * 50)
  - **Uncertainty factors** (sum capped at 1.0):
    - Missing VEX: +0.40
    - Missing reachability: +0.30
    - Conflicting signals: +0.20
    - Stale evidence: +0.10
  - **Exploit pressure factors** (sum capped at 1.0):
    - KEV flagged: +0.50
    - EPSS >= 0.90: +0.30
    - EPSS >= 0.50: +0.15
    - CVSS >= 9.0: +0.05
  - **Containment reduction** (capped at 40%):
    - Isolated: 15%, NotNetFacing: 5%, NonRoot: 5%, Seccomp: 10%, FsRO: 10%, NetworkIsolated: 5%
  - **Time decay**: 7d=100%, 30d=90%, 90d=75%, 180d=60%, 365d=40%, >365d=20%
  - **Band assignment**: Hot >= 75, Warm >= 50, Cold >= 25, Negligible < 25
  - **Reason codes**: AnalyzerLimit, Reachability, Identity, Provenance, VexConflict, FeedGap, ConfigUnknown
- **BlastRadius model**: `src/Policy/__Libraries/StellaOps.Policy.Unknowns/Models/BlastRadius.cs`
  - Dependents (int), NetFacing (bool), Privilege (string?)
- **UnknownRankerOptions**: `src/Policy/__Libraries/StellaOps.Policy.Unknowns/Services/UnknownRankerOptions.cs` -- configurable weights and thresholds
- **UnknownRankInput**: includes EpssScore, CvssScore, IsKev, ContainmentSignals, LastEvaluatedAt, ReasonCodes

## E2E Test Plan
- [ ] Rank unknown with missing VEX + KEV flagged; verify score = (0.40*50) + (0.50*50) = 45; band=Warm
- [ ] Rank unknown with missing VEX + missing reachability + KEV + EPSS=0.95; verify score = (0.70*50) + (0.80*50) = 75; band=Hot
- [ ] Rank unknown with no uncertainty + no exploit pressure; verify score=0; band=Negligible
- [ ] Rank unknown with Isolated containment; verify 15% reduction from raw score
- [ ] Rank unknown with all containment signals; verify exactly 40% reduction (cap)
- [ ] Rank unknown last evaluated 90 days ago; verify decay factor=0.75 applied
- [ ] Rank unknown last evaluated 365 days ago; verify decay factor=0.40 applied
- [ ] Verify band assignment: score 80 -> Hot, score 55 -> Warm, score 30 -> Cold, score 10 -> Negligible
- [ ] Verify reason codes: unknown with VexConflict produces reason=VexConflict
- [ ] Verify deterministic ranking: same inputs always produce same score and band