From 1085678544990e6caf33da358d4d753383111a53 Mon Sep 17 00:00:00 2001
From: stacknil <stacknil@proton.me>
Date: Thu, 21 May 2026 20:43:55 +0800
Subject: [PATCH] Add reviewer evidence section

---
 docs/reviewer-brief.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/reviewer-brief.md b/docs/reviewer-brief.md
index 0f3bdd3..2c9edfb 100644
--- a/docs/reviewer-brief.md
+++ b/docs/reviewer-brief.md
@@ -8,6 +8,14 @@ Linux auth logs are noisy, format-sensitive, and easy to parse incorrectly. Revi
 
 `LogLens` is a C++20 offline CLI for Linux authentication evidence. It parses `auth.log` / `secure` style syslog input and `journalctl --output=short-full` style input, normalizes the evidence, applies small rule-based detections, and emits deterministic Markdown and JSON reports with parser coverage telemetry.
 
+## Reviewer Evidence
+
+- Reproducible command: `./build/loglens --mode syslog --year 2026 ./assets/sample_auth.log ./out`
+- Deterministic outputs: `report.md`, `report.json`, optional `findings.csv`, optional `warnings.csv`, and parser coverage telemetry.
+- Tests / CI: CTest coverage plus GitHub Actions CI on Ubuntu and Windows; CodeQL is required on protected main.
+- Release evidence: changelog, release process docs, versioned release notes, and GitHub release artifacts.
+- Non-goals: live collection, SIEM replacement, cross-host correlation, exploitation, credential attack automation, or incident verdicts.
+
 ## Quick run
 
 ```bash