first draft enhancement 2

.env.example

@@ -190,19 +190,22 @@ FORENSIC_AUDIT_RETENTION_HOURS=24
 FORENSIC_AUDIT_MAX_ENTRIES=50
 
 # ============================================================================
-# 10. QUALITY CONTROL & BIAS DETECTION (ADVANCED)
+# 10. CONFIDENCE SCORING SYSTEM (Enhancement 2)
 # ============================================================================
 
-# Confidence scoring weights (must sum to 1.0)
-CONFIDENCE_EMBEDDINGS_WEIGHT=0.3
-CONFIDENCE_CONSENSUS_WEIGHT=0.25
-CONFIDENCE_DOMAIN_MATCH_WEIGHT=0.25
-CONFIDENCE_FRESHNESS_WEIGHT=0.2
+# Confidence component weights (must sum to 1.0)
+CONFIDENCE_EMBEDDINGS_WEIGHT=0.3      # Weight for vector similarity quality
+CONFIDENCE_CONSENSUS_WEIGHT=0.25      # Weight for micro-task agreement  
+CONFIDENCE_DOMAIN_MATCH_WEIGHT=0.25   # Weight for domain alignment
+CONFIDENCE_FRESHNESS_WEIGHT=0.2       # Weight for tool freshness/maintenance
 
 # Confidence thresholds (0-100)
-CONFIDENCE_MINIMUM_THRESHOLD=40
-CONFIDENCE_MEDIUM_THRESHOLD=60
-CONFIDENCE_HIGH_THRESHOLD=80
+CONFIDENCE_MINIMUM_THRESHOLD=40        # Below this = weak recommendation
+CONFIDENCE_MEDIUM_THRESHOLD=60         # 40-59 = weak, 60-79 = moderate  
+CONFIDENCE_HIGH_THRESHOLD=80           # 80+ = strong recommendation
+
+# Domain keywords for confidence scoring (domain:keyword1,keyword2|domain:keyword3,keyword4)
+CONFIDENCE_DOMAIN_KEYWORDS="incident-response:incident,breach,attack,compromise,response|malware-analysis:malware,virus,trojan,reverse,analysis|network-forensics:network,traffic,packet,pcap,wireshark|mobile-forensics:mobile,android,ios,phone,app|cloud-forensics:cloud,aws,azure,saas,paas"
 
 # ============================================================================
 # PERFORMANCE TUNING PRESETS