feat: Anti-Fake-Evidence System (Phase 1-4b)

Implement full evidence integrity pipeline to prevent compliance theater:
- Confidence levels (E0-E4), truth status tracking, assertion engine
- Four-Eyes approval workflow, audit trail, reject endpoint
- Evidence distribution dashboard, LLM audit routes
- Traceability matrix (backend endpoint + Compliance Hub UI tab)
- Anti-fake badges, control status machine, normative patterns
- 2 migrations, 4 test suites, MkDocs documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend-compliance/compliance/api/dashboard_routes.py

@@ -32,14 +32,21 @@ from ..db import (
     ControlRepository,
     EvidenceRepository,
     RiskRepository,
+    AssertionDB,
 )
 from .schemas import (
     DashboardResponse,
+    MultiDimensionalScore,
     ExecutiveDashboardResponse,
     TrendDataPoint,
     RiskSummary,
     DeadlineItem,
     TeamWorkloadItem,
+    TraceabilityAssertion,
+    TraceabilityEvidence,
+    TraceabilityCoverage,
+    TraceabilityControl,
+    TraceabilityMatrixResponse,
 )
 from .tenant_utils import get_tenant_id as _get_tenant_id
 from .db_utils import row_to_dict as _row_to_dict
@@ -95,6 +102,14 @@ async def get_dashboard(db: Session = Depends(get_db)):
     # or compute from by_status dict
     score = ctrl_stats.get("compliance_score", 0.0)
 
+    # Multi-dimensional score (Anti-Fake-Evidence)
+    try:
+        ms = ctrl_repo.get_multi_dimensional_score()
+        multi_score = MultiDimensionalScore(**ms)
+    except Exception as e:
+        logger.warning(f"Failed to compute multi-dimensional score: {e}")
+        multi_score = None
+
     return DashboardResponse(
         compliance_score=round(score, 1),
         total_regulations=len(regulations),
@@ -107,6 +122,7 @@ async def get_dashboard(db: Session = Depends(get_db)):
         total_risks=len(risks),
         risks_by_level=risks_by_level,
         recent_activity=[],
+        multi_score=multi_score,
     )
 
 
@@ -125,11 +141,18 @@ async def get_compliance_score(db: Session = Depends(get_db)):
     else:
         score = 0
 
+    # Multi-dimensional score (Anti-Fake-Evidence)
+    try:
+        multi_score = ctrl_repo.get_multi_dimensional_score()
+    except Exception:
+        multi_score = None
+
     return {
         "score": round(score, 1),
         "total_controls": total,
         "passing_controls": passing,
         "partial_controls": partial,
+        "multi_score": multi_score,
     }
 
 
@@ -597,6 +620,158 @@ async def get_score_history(
     }
 
 
+# ============================================================================
+# Evidence Distribution (Anti-Fake-Evidence Phase 3)
+# ============================================================================
+
+@router.get("/dashboard/evidence-distribution")
+async def get_evidence_distribution(
+    db: Session = Depends(get_db),
+    tenant_id: str = Depends(_get_tenant_id),
+):
+    """Evidence counts by confidence level and four-eyes status."""
+    evidence_repo = EvidenceRepository(db)
+    all_evidence = evidence_repo.get_all()
+
+    by_confidence = {"E0": 0, "E1": 0, "E2": 0, "E3": 0, "E4": 0}
+    four_eyes_pending = 0
+
+    for e in all_evidence:
+        level = e.confidence_level.value if e.confidence_level else "E1"
+        if level in by_confidence:
+            by_confidence[level] += 1
+        if e.requires_four_eyes and e.approval_status not in ("approved", "rejected"):
+            four_eyes_pending += 1
+
+    return {
+        "by_confidence": by_confidence,
+        "four_eyes_pending": four_eyes_pending,
+        "total": len(all_evidence),
+    }
+
+
+# ============================================================================
+# Traceability Matrix (Anti-Fake-Evidence Phase 4a)
+# ============================================================================
+
+@router.get("/dashboard/traceability-matrix", response_model=TraceabilityMatrixResponse)
+async def get_traceability_matrix(
+    db: Session = Depends(get_db),
+    tenant_id: str = Depends(_get_tenant_id),
+):
+    """
+    Full traceability chain: Control → Evidence → Assertions.
+
+    Loads each entity set once, builds in-memory indices, and nests
+    the result so the frontend can render a matrix view.
+    """
+    ctrl_repo = ControlRepository(db)
+    evidence_repo = EvidenceRepository(db)
+
+    # 1. Load all three entity sets
+    controls = ctrl_repo.get_all()
+    all_evidence = evidence_repo.get_all()
+    all_assertions = db.query(AssertionDB).filter(
+        AssertionDB.entity_type == "evidence",
+    ).all()
+
+    # 2. Index assertions by evidence_id (entity_id)
+    assertions_by_evidence: Dict[str, list] = {}
+    for a in all_assertions:
+        assertions_by_evidence.setdefault(a.entity_id, []).append(a)
+
+    # 3. Index evidence by control_id
+    evidence_by_control: Dict[str, list] = {}
+    for e in all_evidence:
+        evidence_by_control.setdefault(str(e.control_id), []).append(e)
+
+    # 4. Build nested response
+    result_controls: list = []
+    total_controls = 0
+    covered_controls = 0
+    fully_verified = 0
+
+    for ctrl in controls:
+        total_controls += 1
+        ctrl_id = str(ctrl.id)
+        ctrl_evidence = evidence_by_control.get(ctrl_id, [])
+
+        nested_evidence: list = []
+        has_evidence = len(ctrl_evidence) > 0
+        has_assertions = False
+        all_verified = True
+        min_conf: Optional[str] = None
+        conf_order = {"E0": 0, "E1": 1, "E2": 2, "E3": 3, "E4": 4}
+
+        for e in ctrl_evidence:
+            ev_id = str(e.id)
+            ev_assertions = assertions_by_evidence.get(ev_id, [])
+
+            nested_assertions = [
+                TraceabilityAssertion(
+                    id=str(a.id),
+                    sentence_text=a.sentence_text,
+                    assertion_type=a.assertion_type or "assertion",
+                    confidence=a.confidence or 0.0,
+                    verified=a.verified_by is not None,
+                )
+                for a in ev_assertions
+            ]
+
+            if nested_assertions:
+                has_assertions = True
+            for na in nested_assertions:
+                if not na.verified:
+                    all_verified = False
+
+            conf = e.confidence_level.value if e.confidence_level else "E1"
+            if min_conf is None or conf_order.get(conf, 1) < conf_order.get(min_conf, 1):
+                min_conf = conf
+
+            nested_evidence.append(TraceabilityEvidence(
+                id=ev_id,
+                title=e.title,
+                evidence_type=e.evidence_type,
+                confidence_level=conf,
+                status=e.status.value if e.status else "valid",
+                assertions=nested_assertions,
+            ))
+
+        if not has_assertions:
+            all_verified = False
+
+        if has_evidence:
+            covered_controls += 1
+        if has_evidence and has_assertions and all_verified:
+            fully_verified += 1
+
+        coverage = TraceabilityCoverage(
+            has_evidence=has_evidence,
+            has_assertions=has_assertions,
+            all_assertions_verified=all_verified,
+            min_confidence_level=min_conf,
+        )
+
+        result_controls.append(TraceabilityControl(
+            id=ctrl_id,
+            control_id=ctrl.control_id,
+            title=ctrl.title,
+            status=ctrl.status.value if ctrl.status else "planned",
+            domain=ctrl.domain.value if ctrl.domain else "unknown",
+            evidence=nested_evidence,
+            coverage=coverage,
+        ))
+
+    summary = {
+        "total_controls": total_controls,
+        "covered_controls": covered_controls,
+        "fully_verified": fully_verified,
+        "uncovered_controls": total_controls - covered_controls,
+    }
+
+    return TraceabilityMatrixResponse(controls=result_controls, summary=summary)
+
+
 # ============================================================================
 # Reports
 # ============================================================================