Rename Vexer to Excititor

README.md

@@ -29,6 +29,6 @@ for integration steps once available.
 ## Documentation
 
 - `docs/README.md` now consolidates the platform index and points to the updated high-level architecture.
-- Module architecture dossiers live under `docs/ARCHITECTURE_*.md`; the most relevant here are `docs/ARCHITECTURE_FEEDSER.md` (service layout, merge engine, exports) and `docs/ARCHITECTURE_CLI.md` (command surface, AOT packaging, auth flows). Related services such as the Signer, Attestor, Authority, Scanner, UI, Vexer, Zastava, and DevOps pipeline each have their own dossier.
+- Module architecture dossiers live under `docs/ARCHITECTURE_*.md`; the most relevant here are `docs/ARCHITECTURE_FEEDSER.md` (service layout, merge engine, exports) and `docs/ARCHITECTURE_CLI.md` (command surface, AOT packaging, auth flows). Related services such as the Signer, Attestor, Authority, Scanner, UI, Excititor, Zastava, and DevOps pipeline each have their own dossier.
 - Offline operation guidance moved to `docs/24_OFFLINE_KIT.md`, which details bundle composition, verification, and delta workflows. Feedser-specific connector operations stay in `docs/ops/feedser-certbund-operations.md` and companion runbooks under `docs/ops/`.
 

SPRINTS.md

@@ -107,50 +107,50 @@
 | Sprint 4 | Schema Parity & Freshness Alignment | src/StellaOps.Feedser.Exporter.TrivyDb/TASKS.md | DONE (2025-10-15) | Team Exporters – Trivy DB | FEEDEXPORT-TRIVY-04-001 | Propagate new advisory fields into Trivy DB package<br>Extend Bolt builder, metadata, and regression tests for the expanded schema.<br>2025-10-15: `dotnet test src/StellaOps.Feedser.Exporter.TrivyDb.Tests` confirmed canonical metric/CWE propagation. |
 | Sprint 4 | Schema Parity & Freshness Alignment | src/StellaOps.Feedser.Source.Ghsa/TASKS.md | DONE (2025-10-16) | Team Connector Regression Fixtures | FEEDCONN-GHSA-04-004 | Harden CVSS fallback so canonical metric ids persist when GitHub omits vectors; extend fixtures and document severity precedence hand-off to Merge. |
 | Sprint 4 | Schema Parity & Freshness Alignment | src/StellaOps.Feedser.Source.Osv/TASKS.md | DONE (2025-10-16) | Team Connector Expansion – GHSA/NVD/OSV | FEEDCONN-OSV-04-005 | Map OSV advisories lacking CVSS vectors to canonical metric ids/notes and document CWE provenance quirks; schedule parity fixture updates. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Core/TASKS.md | DONE (2025-10-15) | Team Vexer Core & Policy | VEXER-CORE-01-001 | Stand up canonical VEX claim/consensus records with deterministic serializers so Storage/Exports share a stable contract. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Core/TASKS.md | DONE (2025-10-15) | Team Vexer Core & Policy | VEXER-CORE-01-002 | Implement trust-weighted consensus resolver with baseline policy weights, justification gates, telemetry output, and majority/tie handling. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Core/TASKS.md | DONE (2025-10-15) | Team Vexer Core & Policy | VEXER-CORE-01-003 | Publish shared connector/exporter/attestation abstractions and deterministic query signature utilities for cache/attestation workflows. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Policy/TASKS.md | DONE (2025-10-15) | Team Vexer Policy | VEXER-POLICY-01-001 | Established policy options & snapshot provider covering baseline weights/overrides. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Policy/TASKS.md | DONE (2025-10-15) | Team Vexer Policy | VEXER-POLICY-01-002 | Policy evaluator now feeds consensus resolver with immutable snapshots. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Policy/TASKS.md | DONE (2025-10-16) | Team Vexer Policy | VEXER-POLICY-01-003 | Author policy diagnostics, CLI/WebService surfacing, and documentation updates. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Policy/TASKS.md | DONE (2025-10-16) | Team Vexer Policy | VEXER-POLICY-01-004 | Implement YAML/JSON schema validation and deterministic diagnostics for operator bundles. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Policy/TASKS.md | DONE (2025-10-16) | Team Vexer Policy | VEXER-POLICY-01-005 | Add policy change tracking, snapshot digests, and telemetry/logging hooks. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Storage.Mongo/TASKS.md | DONE (2025-10-15) | Team Vexer Storage | VEXER-STORAGE-01-001 | Mongo mapping registry plus raw/export entities and DI extensions in place. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Storage.Mongo/TASKS.md | DONE (2025-10-16) | Team Vexer Storage | VEXER-STORAGE-01-004 | Build provider/consensus/cache class maps and related collections. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Export/TASKS.md | DONE (2025-10-15) | Team Vexer Export | VEXER-EXPORT-01-001 | Export engine delivers cache lookup, manifest creation, and policy integration. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Export/TASKS.md | DONE (2025-10-17) | Team Vexer Export | VEXER-EXPORT-01-004 | Connect export engine to attestation client and persist Rekor metadata. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Attestation/TASKS.md | DONE (2025-10-16) | Team Vexer Attestation | VEXER-ATTEST-01-001 | Implement in-toto predicate + DSSE builder providing envelopes for export attestation. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.Connectors.Abstractions/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors | VEXER-CONN-ABS-01-001 | Deliver shared connector context/base classes so provider plug-ins can be activated via WebService/Worker. |
-| Sprint 5 | Vexer Core Foundations | src/StellaOps.Vexer.WebService/TASKS.md | DONE (2025-10-17) | Team Vexer WebService | VEXER-WEB-01-001 | Scaffold minimal API host, DI, and `/vexer/status` endpoint integrating policy, storage, export, and attestation services. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Worker/TASKS.md | DONE (2025-10-17) | Team Vexer Worker | VEXER-WORKER-01-001 | Create Worker host with provider scheduling and logging to drive recurring pulls/reconciliation. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Formats.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Formats | VEXER-FMT-CSAF-01-001 | Implement CSAF normalizer foundation translating provider documents into `VexClaim` entries. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Formats.CycloneDX/TASKS.md | DONE (2025-10-17) | Team Vexer Formats | VEXER-FMT-CYCLONE-01-001 | Implement CycloneDX VEX normalizer capturing `analysis` state and component references. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Formats.OpenVEX/TASKS.md | DONE (2025-10-17) | Team Vexer Formats | VEXER-FMT-OPENVEX-01-001 | Implement OpenVEX normalizer to ingest attestations into canonical claims with provenance. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Red Hat | VEXER-CONN-RH-01-001 | Ship Red Hat CSAF provider metadata discovery enabling incremental pulls. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Red Hat | VEXER-CONN-RH-01-002 | Fetch CSAF windows with ETag handling, resume tokens, quarantine on schema errors, and persist raw docs. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Red Hat | VEXER-CONN-RH-01-003 | Populate provider trust overrides (cosign issuer, identity regex) and provenance hints for policy evaluation/logging. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Red Hat | VEXER-CONN-RH-01-004 | Persist resume cursors (last updated timestamp/document hashes) in storage and reload during fetch to avoid duplicates. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Red Hat | VEXER-CONN-RH-01-005 | Register connector in Worker/WebService DI, add scheduled jobs, and document CLI triggers for Red Hat CSAF pulls. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Red Hat | VEXER-CONN-RH-01-006 | Add CSAF normalization parity fixtures ensuring RHSA-specific metadata is preserved. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.Cisco.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Cisco | VEXER-CONN-CISCO-01-001 | Implement Cisco CSAF endpoint discovery/auth to unlock paginated pulls. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.Cisco.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Cisco | VEXER-CONN-CISCO-01-002 | Implement Cisco CSAF paginated fetch loop with dedupe and raw persistence support. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.SUSE.RancherVEXHub/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – SUSE | VEXER-CONN-SUSE-01-001 | Build Rancher VEX Hub discovery/subscription path with offline snapshot support. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.MSRC.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – MSRC | VEXER-CONN-MS-01-001 | Deliver AAD onboarding/token cache for MSRC CSAF ingestion. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.Oracle.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Oracle | VEXER-CONN-ORACLE-01-001 | Implement Oracle CSAF catalogue discovery with CPU calendar awareness. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.Ubuntu.CSAF/TASKS.md | DONE (2025-10-17) | Team Vexer Connectors – Ubuntu | VEXER-CONN-UBUNTU-01-001 | Implement Ubuntu CSAF discovery and channel selection for USN ingestion. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Vexer.Connectors.OCI.OpenVEX.Attest/TASKS.md | TODO | Team Vexer Connectors – OCI | VEXER-CONN-OCI-01-001 | Wire OCI discovery/auth to fetch OpenVEX attestations for configured images. |
-| Sprint 6 | Vexer Ingest & Formats | src/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI | VEXER-CLI-01-001 | Add `vexer` CLI verbs bridging to WebService with consistent auth and offline UX. |
-| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Vexer.Core/TASKS.md | TODO | Team Vexer Core & Policy | VEXER-CORE-02-001 | Context signal schema prep – extend consensus models with severity/KEV/EPSS fields and update canonical serializers. |
-| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Vexer.Policy/TASKS.md | TODO | Team Vexer Policy | VEXER-POLICY-02-001 | Scoring coefficients & weight ceilings – add α/β options, weight boosts, and validation guidance. |
-| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Vexer.Storage.Mongo/TASKS.md | TODO | Team Vexer Storage | VEXER-STORAGE-02-001 | Statement events & scoring signals – create immutable VEX statement store plus consensus extensions with indexes/migrations. |
-| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Vexer.WebService/TASKS.md | TODO | Team Vexer WebService | VEXER-WEB-01-004 | Resolve API & signed responses – expose `/vexer/resolve`, return signed consensus/score envelopes, document auth. |
-| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Vexer.Attestation/TASKS.md | DONE (2025-10-16) | Team Vexer Attestation | VEXER-ATTEST-01-002 | Rekor v2 client integration – ship transparency log client with retries and offline queue. |
-| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Vexer.Worker/TASKS.md | TODO | Team Vexer Worker | VEXER-WORKER-01-004 | TTL refresh & stability damper – schedule re-resolve loops and guard against status flapping. |
-| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Vexer.Export/TASKS.md | TODO | Team Vexer Export | VEXER-EXPORT-01-005 | Score & resolve envelope surfaces – include signed consensus/score artifacts in exports. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Core/TASKS.md | DONE (2025-10-15) | Team Excititor Core & Policy | EXCITITOR-CORE-01-001 | Stand up canonical VEX claim/consensus records with deterministic serializers so Storage/Exports share a stable contract. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Core/TASKS.md | DONE (2025-10-15) | Team Excititor Core & Policy | EXCITITOR-CORE-01-002 | Implement trust-weighted consensus resolver with baseline policy weights, justification gates, telemetry output, and majority/tie handling. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Core/TASKS.md | DONE (2025-10-15) | Team Excititor Core & Policy | EXCITITOR-CORE-01-003 | Publish shared connector/exporter/attestation abstractions and deterministic query signature utilities for cache/attestation workflows. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Policy/TASKS.md | DONE (2025-10-15) | Team Excititor Policy | EXCITITOR-POLICY-01-001 | Established policy options & snapshot provider covering baseline weights/overrides. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Policy/TASKS.md | DONE (2025-10-15) | Team Excititor Policy | EXCITITOR-POLICY-01-002 | Policy evaluator now feeds consensus resolver with immutable snapshots. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Policy/TASKS.md | DONE (2025-10-16) | Team Excititor Policy | EXCITITOR-POLICY-01-003 | Author policy diagnostics, CLI/WebService surfacing, and documentation updates. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Policy/TASKS.md | DONE (2025-10-16) | Team Excititor Policy | EXCITITOR-POLICY-01-004 | Implement YAML/JSON schema validation and deterministic diagnostics for operator bundles. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Policy/TASKS.md | DONE (2025-10-16) | Team Excititor Policy | EXCITITOR-POLICY-01-005 | Add policy change tracking, snapshot digests, and telemetry/logging hooks. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Storage.Mongo/TASKS.md | DONE (2025-10-15) | Team Excititor Storage | EXCITITOR-STORAGE-01-001 | Mongo mapping registry plus raw/export entities and DI extensions in place. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Storage.Mongo/TASKS.md | DONE (2025-10-16) | Team Excititor Storage | EXCITITOR-STORAGE-01-004 | Build provider/consensus/cache class maps and related collections. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Export/TASKS.md | DONE (2025-10-15) | Team Excititor Export | EXCITITOR-EXPORT-01-001 | Export engine delivers cache lookup, manifest creation, and policy integration. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Export/TASKS.md | DONE (2025-10-17) | Team Excititor Export | EXCITITOR-EXPORT-01-004 | Connect export engine to attestation client and persist Rekor metadata. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Attestation/TASKS.md | DONE (2025-10-16) | Team Excititor Attestation | EXCITITOR-ATTEST-01-001 | Implement in-toto predicate + DSSE builder providing envelopes for export attestation. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.Connectors.Abstractions/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors | EXCITITOR-CONN-ABS-01-001 | Deliver shared connector context/base classes so provider plug-ins can be activated via WebService/Worker. |
+| Sprint 5 | Excititor Core Foundations | src/StellaOps.Excititor.WebService/TASKS.md | DONE (2025-10-17) | Team Excititor WebService | EXCITITOR-WEB-01-001 | Scaffold minimal API host, DI, and `/excititor/status` endpoint integrating policy, storage, export, and attestation services. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Worker/TASKS.md | DONE (2025-10-17) | Team Excititor Worker | EXCITITOR-WORKER-01-001 | Create Worker host with provider scheduling and logging to drive recurring pulls/reconciliation. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Formats.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Formats | EXCITITOR-FMT-CSAF-01-001 | Implement CSAF normalizer foundation translating provider documents into `VexClaim` entries. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Formats.CycloneDX/TASKS.md | DONE (2025-10-17) | Team Excititor Formats | EXCITITOR-FMT-CYCLONE-01-001 | Implement CycloneDX VEX normalizer capturing `analysis` state and component references. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Formats.OpenVEX/TASKS.md | DONE (2025-10-17) | Team Excititor Formats | EXCITITOR-FMT-OPENVEX-01-001 | Implement OpenVEX normalizer to ingest attestations into canonical claims with provenance. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Red Hat | EXCITITOR-CONN-RH-01-001 | Ship Red Hat CSAF provider metadata discovery enabling incremental pulls. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Red Hat | EXCITITOR-CONN-RH-01-002 | Fetch CSAF windows with ETag handling, resume tokens, quarantine on schema errors, and persist raw docs. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Red Hat | EXCITITOR-CONN-RH-01-003 | Populate provider trust overrides (cosign issuer, identity regex) and provenance hints for policy evaluation/logging. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Red Hat | EXCITITOR-CONN-RH-01-004 | Persist resume cursors (last updated timestamp/document hashes) in storage and reload during fetch to avoid duplicates. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Red Hat | EXCITITOR-CONN-RH-01-005 | Register connector in Worker/WebService DI, add scheduled jobs, and document CLI triggers for Red Hat CSAF pulls. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Red Hat | EXCITITOR-CONN-RH-01-006 | Add CSAF normalization parity fixtures ensuring RHSA-specific metadata is preserved. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.Cisco.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Cisco | EXCITITOR-CONN-CISCO-01-001 | Implement Cisco CSAF endpoint discovery/auth to unlock paginated pulls. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.Cisco.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Cisco | EXCITITOR-CONN-CISCO-01-002 | Implement Cisco CSAF paginated fetch loop with dedupe and raw persistence support. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – SUSE | EXCITITOR-CONN-SUSE-01-001 | Build Rancher VEX Hub discovery/subscription path with offline snapshot support. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.MSRC.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – MSRC | EXCITITOR-CONN-MS-01-001 | Deliver AAD onboarding/token cache for MSRC CSAF ingestion. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.Oracle.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Oracle | EXCITITOR-CONN-ORACLE-01-001 | Implement Oracle CSAF catalogue discovery with CPU calendar awareness. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/TASKS.md | DONE (2025-10-17) | Team Excititor Connectors – Ubuntu | EXCITITOR-CONN-UBUNTU-01-001 | Implement Ubuntu CSAF discovery and channel selection for USN ingestion. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/TASKS.md | TODO | Team Excititor Connectors – OCI | EXCITITOR-CONN-OCI-01-001 | Wire OCI discovery/auth to fetch OpenVEX attestations for configured images. |
+| Sprint 6 | Excititor Ingest & Formats | src/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI | EXCITITOR-CLI-01-001 | Add `excititor` CLI verbs bridging to WebService with consistent auth and offline UX. |
+| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Excititor.Core/TASKS.md | TODO | Team Excititor Core & Policy | EXCITITOR-CORE-02-001 | Context signal schema prep – extend consensus models with severity/KEV/EPSS fields and update canonical serializers. |
+| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Excititor.Policy/TASKS.md | TODO | Team Excititor Policy | EXCITITOR-POLICY-02-001 | Scoring coefficients & weight ceilings – add α/β options, weight boosts, and validation guidance. |
+| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Team Excititor Storage | EXCITITOR-STORAGE-02-001 | Statement events & scoring signals – create immutable VEX statement store plus consensus extensions with indexes/migrations. |
+| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Excititor.WebService/TASKS.md | TODO | Team Excititor WebService | EXCITITOR-WEB-01-004 | Resolve API & signed responses – expose `/excititor/resolve`, return signed consensus/score envelopes, document auth. |
+| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Excititor.Attestation/TASKS.md | DONE (2025-10-16) | Team Excititor Attestation | EXCITITOR-ATTEST-01-002 | Rekor v2 client integration – ship transparency log client with retries and offline queue. |
+| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Excititor.Worker/TASKS.md | TODO | Team Excititor Worker | EXCITITOR-WORKER-01-004 | TTL refresh & stability damper – schedule re-resolve loops and guard against status flapping. |
+| Sprint 7 | Contextual Truth Foundations | src/StellaOps.Excititor.Export/TASKS.md | TODO | Team Excititor Export | EXCITITOR-EXPORT-01-005 | Score & resolve envelope surfaces – include signed consensus/score artifacts in exports. |
 | Sprint 7 | Contextual Truth Foundations | src/StellaOps.Feedser.Core/TASKS.md | TODO | Team Core Engine & Storage Analytics | FEEDCORE-ENGINE-07-001 | Advisory event log & asOf queries – surface immutable statements and replay capability. |
 | Sprint 7 | Contextual Truth Foundations | src/StellaOps.Feedser.Core/TASKS.md | TODO | Team Core Engine & Data Science | FEEDCORE-ENGINE-07-002 | Noise prior computation service – learn false-positive priors and expose deterministic summaries. |
 | Sprint 7 | Contextual Truth Foundations | src/StellaOps.Feedser.Storage.Mongo/TASKS.md | TODO | Team Normalization & Storage Backbone | FEEDSTORAGE-DATA-07-001 | Advisory statement & conflict collections – provision Mongo schema/indexes for event-sourced merge. |
 | Sprint 7 | Contextual Truth Foundations | src/StellaOps.Feedser.Merge/TASKS.md | TODO | BE-Merge | FEEDMERGE-ENGINE-07-001 | Conflict sets & explainers – persist conflict materialization and replay hashes for merge decisions. |
 | Sprint 8 | Mongo strengthening | src/StellaOps.Feedser.Storage.Mongo/TASKS.md | TODO | Team Normalization & Storage Backbone | FEEDSTORAGE-MONGO-08-001 | Causal-consistent Feedser storage sessions<br>Ensure `AddMongoStorage` registers a scoped session facilitator (causal consistency + majority concerns), update repositories to accept optional session handles, and add integration coverage proving read-your-write and monotonic reads across a replica set/election scenario. |
 | Sprint 8 | Mongo strengthening | src/StellaOps.Authority/TASKS.md | TODO | Authority Core & Storage Guild | AUTHSTORAGE-MONGO-08-001 | Harden Authority Mongo usage<br>Introduce scoped MongoDB sessions with `writeConcern`/`readConcern` majority defaults, flow the session through stores used in mutations + follow-up reads, and document middleware pattern for web/API & GraphQL layers. |
-| Sprint 8 | Mongo strengthening | src/StellaOps.Vexer.Storage.Mongo/TASKS.md | TODO | Team Vexer Storage | VEXER-STORAGE-MONGO-08-001 | Causal consistency for Vexer repositories<br>Register Mongo options with majority defaults, push session-aware overloads through raw/export/consensus/cache stores, and extend migration/tests to validate causal reads after writes (including GridFS-backed content) under replica-set failover. |
+| Sprint 8 | Mongo strengthening | src/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Team Excititor Storage | EXCITITOR-STORAGE-MONGO-08-001 | Causal consistency for Excititor repositories<br>Register Mongo options with majority defaults, push session-aware overloads through raw/export/consensus/cache stores, and extend migration/tests to validate causal reads after writes (including GridFS-backed content) under replica-set failover. |

docs/07_HIGH_LEVEL_ARCHITECTURE.md

@@ -37,7 +37,7 @@ It **absorbs** all content from `components.md` so you have a single, authoritat
 | **Scanner.Sbomer.BuildXPlugin** | `stellaops/sbom-indexer`   | BuildKit **generator** for build‑time SBOMs as OCI **referrers**.                                                                           | CI‑side; ephemeral.                                |
 | **Scanner.Sbomer.DockerImage**  | `stellaops/scanner-cli`    | CLI‑orchestrated scanner container for post‑build scans.                                                                                    | Local/CI; ephemeral.                               |
 | **Feedser.WebService**          | `stellaops/feedser-web`    | Vulnerability ingest/normalize/merge/export (JSON + Trivy DB).                                                                              | HA via Mongo locks.                                |
-| **Vexer.WebService**            | `stellaops/vexer-web`      | VEX ingest/normalize/consensus; conflict retention; exports.                                                                                | HA via Mongo locks.                                |
+| **Excititor.WebService**            | `stellaops/excititor-web`      | VEX ingest/normalize/consensus; conflict retention; exports.                                                                                | HA via Mongo locks.                                |
 | **Policy Engine**               | (in `scanner-web`)         | YAML DSL evaluator (waivers, vendor preferences, KEV/EPSS, license, usage‑gating); produces **policy digest**.                              | In‑process; cache per digest.                      |
 | **Signer**                      | `stellaops/signer`         | **Hard gate:** validates entitlement + release integrity; mints signing cert (Fulcio keyless) or uses KMS; signs DSSE.                      | Stateless; HPA by QPS.                             |
 | **Attestor**                    | `stellaops/attestor`       | Posts DSSE bundles to **Rekor v2**; verification endpoints.                                                                                 | Stateless; HPA by QPS.                             |
@@ -72,7 +72,7 @@ flowchart LR
     SW[Scanner.WebService]
     WK[Scanner.Worker xN]
     FEED[Feedser]
-    VEX[Vexer]
+    VEX[Excititor]
     POL[Policy Engine (in Scanner.Web)]
     SGN[Signer\n(entitlement + signing)]
     ATT[Attestor\n(Rekor v2 submit/verify)]
@@ -182,7 +182,7 @@ LS --> IA: PoE (mTLS client cert or JWT with cnf=K_inst), CRL/OCSP/introspect
 * Ingests vendor, distro, OSS feeds; normalizes & merges; persists canonical advisories in Mongo; exports **deterministic JSON** and **Trivy DB**.
 * Offline kit bundles for air‑gapped sites.
 
-### 4.2 Vexer (VEX)
+### 4.2 Excititor (VEX)
 
 * Ingests **OpenVEX / CSAF VEX / CycloneDX VEX**; normalizes claims; retains conflicts; computes **consensus** with provider trust weights and justification gates.
 
@@ -195,7 +195,7 @@ LS --> IA: PoE (mTLS client cert or JWT with cnf=K_inst), CRL/OCSP/introspect
 ### 4.4 PASS/FAIL flow
 
 1. SBOM (Inventory / Usage) → join with **Feedser** advisories.
-2. Apply **Vexer** consensus (statuses & justifications).
+2. Apply **Excititor** consensus (statuses & justifications).
 3. Apply **Policy**; compute PASS/FAIL with waiver TTLs.
 4. Sign the **final report** (DSSE via **Signer**) and log to **Rekor v2** via **Attestor**.
 
@@ -350,8 +350,8 @@ services:
     deploy: { replicas: 4 }
     depends_on: [scanner-web]
   feedser:    { image: stellaops/feedser-web, depends_on: [mongo] }
-  vexer:      { image: stellaops/vexer-web, depends_on: [mongo] }
-  ui:         { image: stellaops/ui, depends_on: [scanner-web, feedser, vexer] }
+  excititor:      { image: stellaops/excititor-web, depends_on: [mongo] }
+  ui:         { image: stellaops/ui, depends_on: [scanner-web, feedser, excititor] }
 ```
 
 * **Backups:** Mongo dumps; MinIO versioned buckets & replication; Rekor v2 DB snapshots; JWKS/Fulcio/KMS key rotation.
@@ -373,7 +373,7 @@ services:
 * M2: Buildx generator certified flows; cross‑registry trust policies.
 * M3: Patch‑Presence plugin (signature‑based backport detection), opt‑in.
 * M3: Zastava Admission control GA with policy presets and dry‑run→enforce stages.
-* Continuous: Policy UX (waiver TTLs, vendor rules), Vexer connectors expansion.
+* Continuous: Policy UX (waiver TTLs, vendor rules), Excititor connectors expansion.
 
 ---
 

docs/ARCHITECTURE_ATTESTOR.md

@@ -1,6 +1,6 @@
 # component_architecture_attestor.md — **Stella Ops Attestor** (2025Q4)
 
-> **Scope.** Implementation‑ready architecture for the **Attestor**: the service that **submits** DSSE envelopes to **Rekor v2**, retrieves/validates inclusion proofs, caches results, and exposes verification APIs. It accepts DSSE **only** from the **Signer** over mTLS, enforces chain‑of‑trust to Stella Ops roots, and returns `{uuid, index, proof, logURL}` to calling services (Scanner.WebService for SBOMs; backend for final reports; Vexer exports when configured).
+> **Scope.** Implementation‑ready architecture for the **Attestor**: the service that **submits** DSSE envelopes to **Rekor v2**, retrieves/validates inclusion proofs, caches results, and exposes verification APIs. It accepts DSSE **only** from the **Signer** over mTLS, enforces chain‑of‑trust to Stella Ops roots, and returns `{uuid, index, proof, logURL}` to calling services (Scanner.WebService for SBOMs; backend for final reports; Excititor exports when configured).
 
 ---
 

docs/ARCHITECTURE_AUTHORITY.md

@@ -6,7 +6,7 @@
 
 ## 0) Mission & boundaries
 
-**Mission.** Provide **fast, local, verifiable** authentication for Stella Ops microservices and tools by minting **very short‑lived** OAuth2/OIDC tokens that are **sender‑constrained** (DPoP or mTLS‑bound). Support RBAC scopes, multi‑tenant claims, and deterministic validation for APIs (Scanner, Signer, Attestor, Vexer, Feedser, UI, CLI, Zastava).
+**Mission.** Provide **fast, local, verifiable** authentication for Stella Ops microservices and tools by minting **very short‑lived** OAuth2/OIDC tokens that are **sender‑constrained** (DPoP or mTLS‑bound). Support RBAC scopes, multi‑tenant claims, and deterministic validation for APIs (Scanner, Signer, Attestor, Excititor, Feedser, UI, CLI, Zastava).
 
 **Boundaries.**
 
@@ -43,7 +43,7 @@
 ```
 iss   = https://authority.<domain>
 sub   = <client_id or user_id>
-aud   = <service audience: signer|scanner|attestor|feedser|vexer|ui|zastava>
+aud   = <service audience: signer|scanner|attestor|feedser|excititor|ui|zastava>
 exp   = <unix ts>  (<= 300 s from iat)
 iat   = <unix ts>
 nbf   = iat - 30
@@ -140,7 +140,7 @@ plan?        = <plan name>              // optional hint for UIs; not used for e
 ### 4.1 Audiences
 
 * `signer` — only the **Signer** service should accept tokens with `aud=signer`.
-* `attestor`, `scanner`, `feedser`, `vexer`, `ui`, `zastava` similarly.
+* `attestor`, `scanner`, `feedser`, `excititor`, `ui`, `zastava` similarly.
 
 Services **must** verify `aud` and **sender constraint** (DPoP/mTLS) per their policy.
 
@@ -153,7 +153,7 @@ Services **must** verify `aud` and **sender constraint** (DPoP/mTLS) per their p
 | `scanner.scan`                     | Scanner.WebService | Submit scan jobs           |
 | `scanner.export`                   | Scanner.WebService | Export SBOMs               |
 | `scanner.read`                     | Scanner.WebService | Read catalog/SBOMs         |
-| `vex.read` / `vex.admin`           | Vexer              | Query/operate              |
+| `vex.read` / `vex.admin`           | Excititor              | Query/operate              |
 | `feedser.read` / `feedser.export`  | Feedser            | Query/exports              |
 | `ui.read` / `ui.admin`             | UI                 | View/admin                 |
 | `zastava.emit` / `zastava.enforce` | Scanner/Zastava    | Runtime events / admission |

docs/ARCHITECTURE_CLI.md

@@ -1,6 +1,6 @@
 # component_architecture_cli.md — **Stella Ops CLI** (2025Q4)
 
-> **Scope.** Implementation‑ready architecture for **Stella Ops CLI**: command surface, process model, auth (Authority/DPoP), integration with Scanner/Vexer/Feedser/Signer/Attestor, Buildx plug‑in management, offline kit behavior, packaging, observability, security posture, and CI ergonomics.
+> **Scope.** Implementation‑ready architecture for **Stella Ops CLI**: command surface, process model, auth (Authority/DPoP), integration with Scanner/Excititor/Feedser/Signer/Attestor, Buildx plug‑in management, offline kit behavior, packaging, observability, security posture, and CI ergonomics.
 
 ---
 
@@ -18,7 +18,7 @@
 
 * CLI **never** signs; it only calls **Signer**/**Attestor** via backend APIs when needed (e.g., `report --attest`).
 * CLI **does not** store long‑lived credentials beyond OS keychain; tokens are **short** (Authority OpToks).
-* Heavy work (scanning, merging, policy) is executed **server‑side** (Scanner/Vexer/Feedser).
+* Heavy work (scanning, merging, policy) is executed **server‑side** (Scanner/Excititor/Feedser).
 
 ---
 
@@ -77,7 +77,7 @@ src/
 
 * `policy get/set/apply` — fetch active policy, apply staged policy, compute digest.
 * `feedser export` — trigger/export canonical JSON or Trivy DB (admin).
-* `vexer export` — trigger/export consensus/raw claims (admin).
+* `excititor export` — trigger/export consensus/raw claims (admin).
 
 ### 2.5 Verification
 
@@ -91,8 +91,8 @@ src/
 
 ### 2.7 Offline kit
 
-* `offline kit pull` — fetch latest **Feedser JSON + Trivy DB + Vexer exports** as a tarball from a mirror.
-* `offline kit import <tar>` — upload the kit to on‑prem services (Feedser/Vexer).
+* `offline kit pull` — fetch latest **Feedser JSON + Trivy DB + Excititor exports** as a tarball from a mirror.
+* `offline kit import <tar>` — upload the kit to on‑prem services (Feedser/Excititor).
 * `offline kit status` — list current seed versions.
 
 ### 2.8 Utilities
@@ -122,7 +122,7 @@ src/
   * `scanner` for scan/export/report/diff
   * `signer` (indirect; usually backend calls Signer)
   * `attestor` for verify
-  * `feedser`/`vexer` for admin verbs
+  * `feedser`/`excititor` for admin verbs
 
 CLI rejects verbs if required scopes are missing.
 
@@ -168,7 +168,7 @@ cli:
     scanner: "https://scanner-web.internal"
     attestor: "https://attestor.internal"
     feedser: "https://feedser-web.internal"
-    vexer: "https://vexer-web.internal"
+    excititor: "https://excititor-web.internal"
   auth:
     audienceDefault: "scanner"
     deviceCode: true
@@ -263,7 +263,7 @@ Exit code: 2
 
 ## 13) Admin & advanced flags
 
-* `--authority`, `--scanner`, `--attestor`, `--feedser`, `--vexer` override config URLs.
+* `--authority`, `--scanner`, `--attestor`, `--feedser`, `--excititor` override config URLs.
 * `--no-color`, `--quiet`, `--json`.
 * `--timeout`, `--retries`, `--retry-backoff-ms`.
 * `--ca-bundle`, `--insecure` (dev only; prints warning).

docs/ARCHITECTURE_DEVOPS.md

@@ -42,7 +42,7 @@ Semantic core + calendar tag:
 A release is a **bundle** of image digests + charts + manifests. All services in a bundle are **wire‑compatible**. Mixed minor versions are allowed within a bounded skew:
 
 * **Web UI ↔ backend**: `±1 minor`.
-* **Scanner ↔ Policy/Vexer/Feedser**: `±1 minor`.
+* **Scanner ↔ Policy/Excititor/Feedser**: `±1 minor`.
 * **Authority/Signer/Attestor triangle**: **must** be same minor (crypto and DPoP/mTLS binding rules).
 
 At startup, services **self‑advertise** their semver & channel; the UI surfaces **mismatch warnings**.
@@ -90,7 +90,7 @@ At startup, services **self‑advertise** their semver & channel; the UI surface
 
 **Gating policy**:
 
-* **Core images** (Authority, Scanner, Feedser, Vexer, Attestor, UI): public **read**.
+* **Core images** (Authority, Scanner, Feedser, Excititor, Attestor, UI): public **read**.
 * **Enterprise add‑ons** (if any) and **pre‑release**: private repos via OAuth2 token service.
 
 > Monetization lever is **signing** (PoE gate), not image pulls, so the core remains simple to consume.
@@ -115,7 +115,7 @@ At startup, services **self‑advertise** their semver & channel; the UI surface
     /attest/   DSSE bundles + Rekor proofs
     /charts/   Helm charts + values templates
     /compose/  docker-compose.yml + .env template
-    /plugins/  Feedser/Vexer connectors (restart-time)
+    /plugins/  Feedser/Excititor connectors (restart-time)
     /policy/   example policies
     /manifest/ release.yaml  (see §6.1)
   ```
@@ -170,7 +170,7 @@ helm install stella stellaops/platform \
   --set scanner.minio.endpoint=http://minio.stella.local:9000 \
   --set scanner.mongo.uri=mongodb://mongo/scanner \
   --set feedser.mongo.uri=mongodb://mongo/feedser \
-  --set vexer.mongo.uri=mongodb://mongo/vexer
+  --set excititor.mongo.uri=mongodb://mongo/excititor
 ```
 
 * Post‑install job registers **Authority clients** (Scanner, Signer, Attestor, UI) and prints **bootstrap** URLs and client credentials (sealed secrets).
@@ -185,7 +185,7 @@ helm install stella stellaops/platform \
   1. Authority (stateless, dual‑key rotation ready)
   2. Signer/Attestor (same minor)
   3. Scanner WebService & Workers
-  4. Feedser, then Vexer (schema migrations are expand/contract)
+  4. Feedser, then Excititor (schema migrations are expand/contract)
   5. UI last
 
 * **DB migrations** are **expand/contract**:
@@ -266,7 +266,7 @@ s3://stellaops/
   feedser/
     json/<exportId>/...
     trivy/<exportId>/...
-  vexer/
+  excititor/
     exports/<exportId>/...
   attestor/
     dsse/<bundleSha256>.json
@@ -289,14 +289,14 @@ s3://stellaops/
 ### 7.4 Mongo retention
 
 * **Scanner**: `runtime.events` use TTL (e.g., 30–90 days); **catalog** permanent.
-* **Feedser/Vexer**: raw docs keep **last N windows**; canonical stores permanent.
+* **Feedser/Excititor**: raw docs keep **last N windows**; canonical stores permanent.
 * **Attestor**: `entries` permanent; `dedupe` TTL 24–48h.
 
 ---
 
 ## 8) Observability & SLOs (operations)
 
-* **Uptime SLO**: 99.9% for Signer/Authority/Attestor; 99.5% for Scanner WebService; Vexer/Feedser 99.0%.
+* **Uptime SLO**: 99.9% for Signer/Authority/Attestor; 99.5% for Scanner WebService; Excititor/Feedser 99.0%.
 * **Error budgets**: tracked per month; dashboards show burn rates.
 * **Golden signals**:
 
@@ -410,8 +410,8 @@ services:
     deploy: { replicas: 4 }
   feedser:
     image: registry.stella-ops.org/stellaops/feedser@sha256:...
-  vexer:
-    image: registry.stella-ops.org/stellaops/vexer@sha256:...
+  excititor:
+    image: registry.stella-ops.org/stellaops/excititor@sha256:...
   web-ui:
     image: registry.stella-ops.org/stellaops/web-ui@sha256:...
   mongo:
@@ -446,7 +446,7 @@ services:
 * `signer.requests_total{result="success"}/minute` > 0 (when scans occur).
 * `attestor.submit_latency_seconds{quantile=0.95}` < 0.3.
 * `scanner.scan_latency_seconds{quantile=0.95}` < target per image size.
-* `feedser.export.duration_seconds` stable; `vexer.consensus.conflicts_total` not exploding after policy changes.
+* `feedser.export.duration_seconds` stable; `excititor.consensus.conflicts_total` not exploding after policy changes.
 * MinIO `s3_requests_errors_total` near zero; Mongo `opcounters` hit expected baseline.
 
 ### Appendix B — Upgrade safety checklist

docs/ARCHITECTURE_EXCITITOR.md

@@ -1,6 +1,6 @@
-# component_architecture_vexer.md — **Stella Ops Vexer** (2025Q4)
+# component_architecture_excititor.md — **Stella Ops Excititor** (2025Q4)
 
-> **Scope.** This document specifies the **Vexer** service: its purpose, trust model, data structures, APIs, plug‑in contracts, storage schema, normalization/consensus algorithms, performance budgets, testing matrix, and how it integrates with Scanner, Policy, Feedser, and the attestation chain. It is implementation‑ready.
+> **Scope.** This document specifies the **Excititor** service: its purpose, trust model, data structures, APIs, plug‑in contracts, storage schema, normalization/consensus algorithms, performance budgets, testing matrix, and how it integrates with Scanner, Policy, Feedser, and the attestation chain. It is implementation‑ready.
 
 ---
 
@@ -10,9 +10,9 @@
 
 **Boundaries.**
 
-* Vexer **does not** decide PASS/FAIL. It supplies **evidence** (statuses + justifications + provenance weights).
-* Vexer preserves **conflicting claims** unchanged; consensus encodes how we would pick, but the raw set is always exportable.
-* VEX consumption is **backend‑only**: Scanner never applies VEX. The backend’s **Policy Engine** asks Vexer for status evidence and then decides what to show.
+* Excititor **does not** decide PASS/FAIL. It supplies **evidence** (statuses + justifications + provenance weights).
+* Excititor preserves **conflicting claims** unchanged; consensus encodes how we would pick, but the raw set is always exportable.
+* VEX consumption is **backend‑only**: Scanner never applies VEX. The backend’s **Policy Engine** asks Excititor for status evidence and then decides what to show.
 
 ---
 
@@ -52,7 +52,7 @@ VexClaim
 
   * `rollupStatus` (after policy weights/justification gates),
   * `sources[]` (winning + losing claims with weights & reasons),
-  * `policyRevisionId` (identifier of the Vexer policy used),
+  * `policyRevisionId` (identifier of the Excititor policy used),
   * `consensusDigest` (stable SHA‑256 over canonical JSON).
 * **Raw claims** export for auditing (unchanged, with provenance).
 * **Provider snapshots** (per source, last N days) for operator debugging.
@@ -76,13 +76,13 @@ All exports are **deterministic**, and (optionally) **attested** via DSSE and lo
 * **Fallback:** `oci:<registry>/<repo>@<digest>` for image‑level VEX.
 * **Special cases:** kernel modules, firmware, platforms → provider‑specific mapping helpers (connector captures provider’s product taxonomy → canonical `productKey`).
 
-> Vexer does not invent identities. If a provider cannot be mapped to purl/CPE/NVRA deterministically, we keep the native **product string** and mark the claim as **non‑joinable**; the backend will ignore it unless a policy explicitly whitelists that provider mapping.
+> Excititor does not invent identities. If a provider cannot be mapped to purl/CPE/NVRA deterministically, we keep the native **product string** and mark the claim as **non‑joinable**; the backend will ignore it unless a policy explicitly whitelists that provider mapping.
 
 ---
 
 ## 3) Storage schema (MongoDB)
 
-Database: `vexer`
+Database: `excititor`
 
 ### 3.1 Collections
 
@@ -246,7 +246,7 @@ public interface IVexConnector
 ### 6.1 Inputs
 
 * Set **S** of `VexClaim` for the key.
-* **Vexer policy snapshot**:
+* **Excititor policy snapshot**:
 
   * **weights** per provider tier and per provider overrides.
   * **justification gates** (e.g., require justification for `not_affected` to be acceptable).
@@ -327,8 +327,8 @@ GET  /providers/{id}/status      → last fetch, doc counts, signature stats
 ## 9) Configuration (YAML)
 
 ```yaml
-vexer:
-  mongo: { uri: "mongodb://mongo/vexer" }
+excititor:
+  mongo: { uri: "mongodb://mongo/excititor" }
   s3:
     endpoint: http://minio:9000
     bucket: stellaops

docs/ARCHITECTURE_FEEDSER.md

@@ -1,6 +1,6 @@
 # component_architecture_feedser.md — **Stella Ops Feedser** (2025Q4)
 
-> **Scope.** Implementation‑ready architecture for **Feedser**: the vulnerability ingest/normalize/merge/export subsystem that produces deterministic advisory data for the Scanner + Policy + Vexer pipeline. Covers domain model, connectors, merge rules, storage schema, exports, APIs, performance, security, and test matrices.
+> **Scope.** Implementation‑ready architecture for **Feedser**: the vulnerability ingest/normalize/merge/export subsystem that produces deterministic advisory data for the Scanner + Policy + Excititor pipeline. Covers domain model, connectors, merge rules, storage schema, exports, APIs, performance, security, and test matrices.
 
 ---
 

docs/ARCHITECTURE_SCANNER.md

@@ -1,6 +1,6 @@
 # component_architecture_scanner.md — **Stella Ops Scanner** (2025Q4)
 
-> **Scope.** Implementation‑ready architecture for the **Scanner** subsystem: WebService, Workers, analyzers, SBOM assembly (inventory & usage), per‑layer caching, three‑way diffs, artifact catalog (MinIO+Mongo), attestation hand‑off, and scale/security posture. This document is the contract between the scanning plane and everything else (Policy, Vexer, Feedser, UI, CLI).
+> **Scope.** Implementation‑ready architecture for the **Scanner** subsystem: WebService, Workers, analyzers, SBOM assembly (inventory & usage), per‑layer caching, three‑way diffs, artifact catalog (MinIO+Mongo), attestation hand‑off, and scale/security posture. This document is the contract between the scanning plane and everything else (Policy, Excititor, Feedser, UI, CLI).
 
 ---
 
@@ -10,7 +10,7 @@
 
 **Boundaries.**
 
-* Scanner **does not** produce PASS/FAIL. The backend (Policy + Vexer + Feedser) decides presentation and verdicts.
+* Scanner **does not** produce PASS/FAIL. The backend (Policy + Excititor + Feedser) decides presentation and verdicts.
 * Scanner **does not** keep third‑party SBOM warehouses. It may **bind** to existing attestations for exact hashes.
 * Core analyzers are **deterministic** (no fuzzy identity). Optional heuristic plug‑ins (e.g., patch‑presence) run under explicit flags and never contaminate the core SBOM.
 

docs/ARCHITECTURE_SIGNER.md

@@ -223,7 +223,7 @@ Supported **predicate types** (extensible):
 
 * `https://stella-ops.org/attestations/sbom/1` (SBOM emissions)
 * `https://stella-ops.org/attestations/report/1` (final PASS/FAIL reports)
-* `https://stella-ops.org/attestations/vex-export/1` (Vexer exports; optional)
+* `https://stella-ops.org/attestations/vex-export/1` (Excititor exports; optional)
 
 **Validation**:
 

docs/ARCHITECTURE_UI.md

@@ -1,6 +1,6 @@
 # component_architecture_web_ui.md — **Stella Ops Web UI** (2025Q4)
 
-> **Scope.** Implementation‑ready architecture for the **Angular SPA** that operators and developers use to drive Stella Ops. This document defines UX surfaces, module boundaries, data flows, auth, RBAC, real‑time updates, performance targets, i18n/a11y, security headers, testing and deployment. The UI is a *consumer* of backend APIs (Scanner, Policy, Vexer, Feedser, Attestor, Authority) and never performs scanning, merging, or signing on its own.
+> **Scope.** Implementation‑ready architecture for the **Angular SPA** that operators and developers use to drive Stella Ops. This document defines UX surfaces, module boundaries, data flows, auth, RBAC, real‑time updates, performance targets, i18n/a11y, security headers, testing and deployment. The UI is a *consumer* of backend APIs (Scanner, Policy, Excititor, Feedser, Attestor, Authority) and never performs scanning, merging, or signing on its own.
 
 ---
 
@@ -10,7 +10,7 @@
 
 * Scans (status, SBOMs, diffs, EntryTrace, attestation).
 * Policy management (rules, exemptions, VEX consumption view).
-* Vulnerability intel (Feedser status), VEX consensus exploration (Vexer).
+* Vulnerability intel (Feedser status), VEX consensus exploration (Excititor).
 * Runtime posture (Zastava observer + admission).
 * Admin operations (tenants, tokens, quotas, licensing posture).
 
@@ -86,7 +86,7 @@ Each feature folder builds as a **standalone route** (lazy loaded). All HTTP sha
 * **VEX inclusion controls**: weight sliders (visualization only), provider allow/deny toggles.
 * **Preview**: select SBOM (or image digest) → show verdict under staged policy.
 
-### 3.5 Vexer
+### 3.5 Excititor
 
 * **Claims explorer**: search by vulnId/productKey/provider; show raw claim (status, justification, evidence).
 * **Consensus view**: rollup per (vuln, product) with accepted/rejected sources, weights, timestamps.
@@ -136,7 +136,7 @@ Each feature folder builds as a **standalone route** (lazy loaded). All HTTP sha
 
 * **`core/http/api-client.ts`** centralizes:
 
-  * Base URLs (Scanner, Vexer, Feedser, Attestor).
+  * Base URLs (Scanner, Excititor, Feedser, Attestor).
   * **Retry** policies on idempotent GETs (backoff + jitter).
   * **Problem+JSON** parser → uniform error toasts with correlation ID.
   * **SSE** helper (EventSource) with auto‑reconnect & backpressure.
@@ -144,7 +144,7 @@ Each feature folder builds as a **standalone route** (lazy loaded). All HTTP sha
 
 * Typed API clients (DTOs in `core/api/models.ts`):
 
-  * `ScannerApi`, `PolicyApi`, `VexerApi`, `FeedserApi`, `AttestorApi`, `AuthorityApi`.
+  * `ScannerApi`, `PolicyApi`, `ExcititorApi`, `FeedserApi`, `AttestorApi`, `AuthorityApi`.
 
 **DTO examples (abbrev):**
 
@@ -184,7 +184,7 @@ export interface VexConsensus {
 
 * **Huge tables** rendered with **virtual scrolling** (CDK Virtual Scroll); sort/filter performed client‑side for ≤ 20k rows; beyond that, server‑side queries via BOM‑Index endpoints.
 * **Component row** shows purl, version, origin (OS pkg / metadata / linker / attested), licenses, and **used** badge (Usage view).
-* **Diff**: compact heatmap per layer; clicking opens a right‑pane with evidence: introducing paths, file hashes, VEX notes (from Vexer consensus) and links to advisories (Feedser).
+* **Diff**: compact heatmap per layer; clicking opens a right‑pane with evidence: introducing paths, file hashes, VEX notes (from Excititor consensus) and links to advisories (Feedser).
 
 ---
 

docs/EXCITITOR_SCORRING.md

@@ -1,6 +1,6 @@
 ## Status
 
-This document tracks the future-looking risk scoring model for Vexer. The calculation below is not active yet; Sprint 7 work will add the required schema fields, policy controls, and services. Until that ships, Vexer emits consensus statuses without numeric scores.
+This document tracks the future-looking risk scoring model for Excititor. The calculation below is not active yet; Sprint 7 work will add the required schema fields, policy controls, and services. Until that ships, Excititor emits consensus statuses without numeric scores.
 
 ## Scoring model (target state)
 
@@ -19,8 +19,8 @@ Safeguards: freeze boosts when product identity is unknown, clamp outputs ≥0,
 
 | Phase | Scope | Artifacts |
 | --- | --- | --- |
-| **Phase 1 – Schema foundations** | Extend Vexer consensus/claims and Feedser canonical advisories with severity, KEV, EPSS, and expose α/β + weight ceilings in policy. | Sprint 7 tasks `VEXER-CORE-02-001`, `VEXER-POLICY-02-001`, `VEXER-STORAGE-02-001`, `FEEDCORE-ENGINE-07-001`. |
-| **Phase 2 – Deterministic score engine** | Implement a scoring component that executes alongside consensus and persists score envelopes with hashes. | Planned task `VEXER-CORE-02-002` (backlog). |
+| **Phase 1 – Schema foundations** | Extend Excititor consensus/claims and Feedser canonical advisories with severity, KEV, EPSS, and expose α/β + weight ceilings in policy. | Sprint 7 tasks `EXCITITOR-CORE-02-001`, `EXCITITOR-POLICY-02-001`, `EXCITITOR-STORAGE-02-001`, `FEEDCORE-ENGINE-07-001`. |
+| **Phase 2 – Deterministic score engine** | Implement a scoring component that executes alongside consensus and persists score envelopes with hashes. | Planned task `EXCITITOR-CORE-02-002` (backlog). |
 | **Phase 3 – Surfacing & enforcement** | Expose scores via WebService/CLI, integrate with Feedser noise priors, and enforce policy-based suppressions. | To be scheduled after Phase 2. |
 
 ## Data model (after Phase 1)
@@ -60,7 +60,7 @@ Safeguards: freeze boosts when product identity is unknown, clamp outputs ≥0,
 
 ## Operational guidance
 
-* **Inputs**: Feedser delivers severity/KEV/EPSS via the advisory event log; Vexer connectors load VEX statements. Policy owns trust tiers and coefficients.
+* **Inputs**: Feedser delivers severity/KEV/EPSS via the advisory event log; Excititor connectors load VEX statements. Policy owns trust tiers and coefficients.
 * **Processing**: the scoring engine (Phase 2) runs next to consensus, storing results with deterministic hashes so exports and attestations can reference them.
 * **Consumption**: WebService/CLI will return consensus plus score; scanners may suppress findings only when policy-authorized VEX gating and signed score envelopes agree.
 

docs/README.md

@@ -37,7 +37,7 @@ Everything here is open‑source and versioned — when you check out a git ta
 - **08 – Module Architecture Dossiers**  
   - [Scanner](ARCHITECTURE_SCANNER.md)  
   - [Feedser](ARCHITECTURE_FEEDSER.md)  
-  - [Vexer](ARCHITECTURE_VEXER.md)  
+  - [Excititor](ARCHITECTURE_EXCITITOR.md)  
   - [Signer](ARCHITECTURE_SIGNER.md)  
   - [Attestor](ARCHITECTURE_ATTESTOR.md)  
   - [Authority](ARCHITECTURE_AUTHORITY.md)  
@@ -48,9 +48,9 @@ Everything here is open‑source and versioned — when you check out a git ta
 - **09 – [API & CLI Reference](09_API_CLI_REFERENCE.md)**
 - **10 – [Plug‑in SDK Guide](10_PLUGIN_SDK_GUIDE.md)**
 - **10 – [Feedser CLI Quickstart](10_FEEDSER_CLI_QUICKSTART.md)**
-- **30 – [Vexer Connector Packaging Guide](dev/30_VEXER_CONNECTOR_GUIDE.md)**
+- **30 – [Excititor Connector Packaging Guide](dev/30_EXCITITOR_CONNECTOR_GUIDE.md)**
 - **30 – Developer Templates**  
-  - [Vexer Connector Skeleton](dev/templates/vexer-connector/)
+  - [Excititor Connector Skeleton](dev/templates/excititor-connector/)
 - **11 – [Authority Service](11_AUTHORITY.md)**
 - **11 – [Data Schemas](11_DATA_SCHEMAS.md)**
 - **12 – [Performance Workbook](12_PERFORMANCE_WORKBOOK.md)**

docs/dev/30_EXCITITOR_CONNECTOR_GUIDE.md

@@ -1,18 +1,18 @@
-# Vexer Connector Packaging Guide
+# Excititor Connector Packaging Guide
 
-> **Audience:** teams implementing new Vexer provider plug‑ins (CSAF feeds,
+> **Audience:** teams implementing new Excititor provider plug‑ins (CSAF feeds,
 > OpenVEX attestations, etc.)  
-> **Prerequisites:** read `docs/ARCHITECTURE_VEXER.md` and the module
-> `AGENTS.md` in `src/StellaOps.Vexer.Connectors.Abstractions/`.
+> **Prerequisites:** read `docs/ARCHITECTURE_EXCITITOR.md` and the module
+> `AGENTS.md` in `src/StellaOps.Excititor.Connectors.Abstractions/`.
 
-The Vexer connector SDK gives you:
+The Excititor connector SDK gives you:
 
 - `VexConnectorBase` – deterministic logging, SHA‑256 helpers, time provider.
 - `VexConnectorOptionsBinder` – strongly typed YAML/JSON configuration binding.
 - `IVexConnectorOptionsValidator<T>` – custom validation hooks (offline defaults, auth invariants).
 - `VexConnectorDescriptor` & metadata helpers for consistent telemetry.
 
-This guide explains how to package a connector so the Vexer Worker/WebService
+This guide explains how to package a connector so the Excititor Worker/WebService
 can load it via the plugin host.
 
 ---
@@ -20,12 +20,12 @@ can load it via the plugin host.
 ## 1. Project layout
 
 Start from the template under
-`docs/dev/templates/vexer-connector/`. It contains:
+`docs/dev/templates/excititor-connector/`. It contains:
 
 ```
-Vexer.MyConnector/
+Excititor.MyConnector/
 ├── src/
-│   ├── Vexer.MyConnector.csproj
+│   ├── Excititor.MyConnector.csproj
 │   ├── MyConnectorOptions.cs
 │   ├── MyConnector.cs
 │   └── MyConnectorPlugin.cs
@@ -36,8 +36,8 @@ Vexer.MyConnector/
 Key points:
 
 - Target `net10.0`, enable `TreatWarningsAsErrors`, reference the
-  `StellaOps.Vexer.Connectors.Abstractions` project (or NuGet once published).
-- Keep project ID prefix `StellaOps.Vexer.Connectors.<Provider>` so the
+  `StellaOps.Excititor.Connectors.Abstractions` project (or NuGet once published).
+- Keep project ID prefix `StellaOps.Excititor.Connectors.<Provider>` so the
   plugin loader can discover it with the default search pattern.
 
 ### 1.1 csproj snippet
@@ -51,7 +51,7 @@ Key points:
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\..\..\src\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\..\..\src\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
   </ItemGroup>
 </Project>
 ```
@@ -135,7 +135,7 @@ this contract today.
 public sealed class MyConnectorPlugin : IConnectorPlugin
 {
     private static readonly VexConnectorDescriptor Descriptor =
-        new("vexer:my-provider", VexProviderKind.Vendor, "My Provider VEX");
+        new("excititor:my-provider", VexProviderKind.Vendor, "My Provider VEX");
 
     public string Name => Descriptor.DisplayName;
 
@@ -150,8 +150,8 @@ public sealed class MyConnectorPlugin : IConnectorPlugin
 }
 ```
 
-> **Note:** the Vexer Worker currently instantiates connectors through the
-> shared `IConnectorPlugin` contract. Once a dedicated Vexer plugin interface
+> **Note:** the Excititor Worker currently instantiates connectors through the
+> shared `IConnectorPlugin` contract. Once a dedicated Excititor plugin interface
 > lands you simply swap the base interface; the descriptor/connector code
 > remains unchanged.
 
@@ -159,18 +159,18 @@ Provide a manifest describing the assembly for operational tooling:
 
 ```yaml
 # manifest/connector.manifest.yaml
-id: vexer-my-provider
-assembly: StellaOps.Vexer.Connectors.MyProvider.dll
-entryPoint: StellaOps.Vexer.Connectors.MyProvider.MyConnectorPlugin
+id: excititor-my-provider
+assembly: StellaOps.Excititor.Connectors.MyProvider.dll
+entryPoint: StellaOps.Excititor.Connectors.MyProvider.MyConnectorPlugin
 description: >
   Official VEX feed for ExampleCorp products (CSAF JSON, daily updates).
 tags:
-  - vexer
+  - excititor
   - csaf
   - vendor
 ```
 
-Store manifests under `/opt/stella/vexer/plugins/<connector>/manifest/` in
+Store manifests under `/opt/stella/excititor/plugins/<connector>/manifest/` in
 production so the deployment tooling can inventory and verify plug‑ins.
 
 ---
@@ -178,9 +178,9 @@ production so the deployment tooling can inventory and verify plug‑ins.
 ## 4. Packaging workflow
 
 1. `dotnet publish -c Release` → copy the published DLLs to
-   `/opt/stella/vexer/plugins/<Provider>/`.
+   `/opt/stella/excititor/plugins/<Provider>/`.
 2. Place `connector.manifest.yaml` next to the binaries.
-3. Restart the Vexer Worker or WebService (hot reload not supported yet).
+3. Restart the Excititor Worker or WebService (hot reload not supported yet).
 4. Verify logs: `VEX-ConnectorLoader` should list the connector descriptor.
 
 ### 4.1 Offline kits
@@ -195,7 +195,7 @@ production so the deployment tooling can inventory and verify plug‑ins.
 ## 5. Testing checklist
 
 - Unit tests around options binding & validators.
-- Integration tests (future `StellaOps.Vexer.Connectors.Abstractions.Tests`)
+- Integration tests (future `StellaOps.Excititor.Connectors.Abstractions.Tests`)
   verifying deterministic logging scopes:
   `logger.BeginScope` should produce `vex.connector.id`, `vex.connector.kind`,
   and `vex.connector.operation`.
@@ -206,7 +206,7 @@ production so the deployment tooling can inventory and verify plug‑ins.
 
 ## 6. Reference template
 
-See `docs/dev/templates/vexer-connector/` for the full quick‑start including:
+See `docs/dev/templates/excititor-connector/` for the full quick‑start including:
 
 - Sample options class + validator.
 - Connector implementation inheriting from `VexConnectorBase`.

docs/dev/templates/excititor-connector/manifest/connector.manifest.yaml

@@ -0,0 +1,8 @@
+id: excititor-my-provider
+assembly: StellaOps.Excititor.Connectors.MyProvider.dll
+entryPoint: StellaOps.Excititor.Connectors.MyProvider.MyConnectorPlugin
+description: |
+  Example connector template. Replace metadata before shipping.
+tags:
+  - excititor
+  - template

docs/dev/templates/excititor-connector/src/Excititor.MyConnector.csproj

@@ -7,6 +7,6 @@
   </PropertyGroup>
   <ItemGroup>
     <!-- Adjust the relative path when copying this template into a repo -->
-    <ProjectReference Include="..\..\..\..\src\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\..\..\..\src\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
   </ItemGroup>
 </Project>

docs/dev/templates/excititor-connector/src/MyConnector.cs

@@ -2,10 +2,10 @@ using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Runtime.CompilerServices;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Connectors.MyProvider;
+namespace StellaOps.Excititor.Connectors.MyProvider;
 
 public sealed class MyConnector : VexConnectorBase
 {

docs/dev/templates/excititor-connector/src/MyConnectorOptions.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace StellaOps.Vexer.Connectors.MyProvider;
+namespace StellaOps.Excititor.Connectors.MyProvider;
 
 public sealed class MyConnectorOptions
 {

docs/dev/templates/excititor-connector/src/MyConnectorOptionsValidator.cs

@@ -1,7 +1,7 @@
 using System.Collections.Generic;
-using StellaOps.Vexer.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.MyProvider;
+namespace StellaOps.Excititor.Connectors.MyProvider;
 
 public sealed class MyConnectorOptionsValidator : IVexConnectorOptionsValidator<MyConnectorOptions>
 {

docs/dev/templates/excititor-connector/src/MyConnectorPlugin.cs

@@ -1,15 +1,15 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using StellaOps.Plugin;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Connectors.MyProvider;
+namespace StellaOps.Excititor.Connectors.MyProvider;
 
 public sealed class MyConnectorPlugin : IConnectorPlugin
 {
     private static readonly VexConnectorDescriptor Descriptor = new(
-        id: "vexer:my-provider",
+        id: "excititor:my-provider",
         kind: VexProviderKind.Vendor,
         displayName: "My Provider VEX");
 

docs/dev/templates/vexer-connector/manifest/connector.manifest.yaml

@@ -1,8 +0,0 @@
-id: vexer-my-provider
-assembly: StellaOps.Vexer.Connectors.MyProvider.dll
-entryPoint: StellaOps.Vexer.Connectors.MyProvider.MyConnectorPlugin
-description: |
-  Example connector template. Replace metadata before shipping.
-tags:
-  - vexer
-  - template

src/StellaOps.Cli/TASKS.md

@@ -1,4 +1,4 @@
-If you are working on this file you need to read docs/ARCHITECTURE_VEXER.md and ./AGENTS.md).
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
 # TASKS
 | Task | Owner(s) | Depends on | Notes |
 |---|---|---|---|
@@ -14,6 +14,6 @@ If you are working on this file you need to read docs/ARCHITECTURE_VEXER.md and
 |Expose auth client resilience settings|DevEx/CLI|Auth libraries LIB5|**DONE (2025-10-10)** – CLI options now bind resilience knobs, `AddStellaOpsAuthClient` honours them, and tests cover env overrides.|
 |Document advanced Authority tuning|Docs/CLI|Expose auth client resilience settings|**DONE (2025-10-10)** – docs/09 and docs/10 describe retry/offline settings with env examples and point to the integration guide.|
 |Surface password policy diagnostics in CLI output|DevEx/CLI, Security Guild|AUTHSEC-CRYPTO-02-004|**DONE (2025-10-15)** – CLI startup runs the Authority plug-in analyzer, logs weakened password policy warnings with manifest paths, added unit tests (`dotnet test src/StellaOps.Cli.Tests`) and updated docs/09 with remediation guidance.|
-|VEXER-CLI-01-001 – Add `vexer` command group|DevEx/CLI|VEXER-WEB-01-001|TODO – Introduce `vexer` verb hierarchy (init/pull/resume/list-providers/export/verify/reconcile) forwarding to WebService with token auth and consistent exit codes.|
-|VEXER-CLI-01-002 – Export download & attestation UX|DevEx/CLI|VEXER-CLI-01-001, VEXER-EXPORT-01-001|TODO – Display export metadata (sha256, size, Rekor link), support optional artifact download path, and handle cache hits gracefully.|
-|VEXER-CLI-01-003 – CLI docs & examples for Vexer|Docs/CLI|VEXER-CLI-01-001|TODO – Update docs/09_API_CLI_REFERENCE.md and quickstart snippets to cover Vexer verbs, offline guidance, and attestation verification workflow.|
+|EXCITITOR-CLI-01-001 – Add `excititor` command group|DevEx/CLI|EXCITITOR-WEB-01-001|TODO – Introduce `excititor` verb hierarchy (init/pull/resume/list-providers/export/verify/reconcile) forwarding to WebService with token auth and consistent exit codes.|
+|EXCITITOR-CLI-01-002 – Export download & attestation UX|DevEx/CLI|EXCITITOR-CLI-01-001, EXCITITOR-EXPORT-01-001|TODO – Display export metadata (sha256, size, Rekor link), support optional artifact download path, and handle cache hits gracefully.|
+|EXCITITOR-CLI-01-003 – CLI docs & examples for Excititor|Docs/CLI|EXCITITOR-CLI-01-001|TODO – Update docs/09_API_CLI_REFERENCE.md and quickstart snippets to cover Excititor verbs, offline guidance, and attestation verification workflow.|

src/StellaOps.Excititor.ArtifactStores.S3.Tests/S3ArtifactClientTests.cs

@@ -1,10 +1,10 @@
 using Amazon.S3;
 using Amazon.S3.Model;
 using Moq;
-using StellaOps.Vexer.ArtifactStores.S3;
-using StellaOps.Vexer.Export;
+using StellaOps.Excititor.ArtifactStores.S3;
+using StellaOps.Excititor.Export;
 
-namespace StellaOps.Vexer.ArtifactStores.S3.Tests;
+namespace StellaOps.Excititor.ArtifactStores.S3.Tests;
 
 public sealed class S3ArtifactClientTests
 {

src/StellaOps.Excititor.ArtifactStores.S3.Tests/StellaOps.Excititor.ArtifactStores.S3.Tests.csproj

@@ -10,6 +10,6 @@
     <PackageReference Include="Moq" Version="4.20.70" />
   </ItemGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.ArtifactStores.S3\StellaOps.Vexer.ArtifactStores.S3.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.ArtifactStores.S3\StellaOps.Excititor.ArtifactStores.S3.csproj" />
   </ItemGroup>
 </Project>

src/StellaOps.Excititor.ArtifactStores.S3/Extensions/ServiceCollectionExtensions.cs

@@ -3,9 +3,9 @@ using Amazon.Runtime;
 using Amazon.S3;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Export;
+using StellaOps.Excititor.Export;
 
-namespace StellaOps.Vexer.ArtifactStores.S3.Extensions;
+namespace StellaOps.Excititor.ArtifactStores.S3.Extensions;
 
 public static class ServiceCollectionExtensions
 {

src/StellaOps.Excititor.ArtifactStores.S3/S3ArtifactClient.cs

@@ -2,9 +2,9 @@ using Amazon.S3;
 using Amazon.S3.Model;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Export;
+using StellaOps.Excititor.Export;
 
-namespace StellaOps.Vexer.ArtifactStores.S3;
+namespace StellaOps.Excititor.ArtifactStores.S3;
 
 public sealed class S3ArtifactClientOptions
 {

src/StellaOps.Excititor.ArtifactStores.S3/StellaOps.Excititor.ArtifactStores.S3.csproj

@@ -12,6 +12,6 @@
     <PackageReference Include="Microsoft.Extensions.Options" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Export\StellaOps.Vexer.Export.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Export\StellaOps.Excititor.Export.csproj" />
   </ItemGroup>
 </Project>

src/StellaOps.Excititor.Attestation.Tests/StellaOps.Excititor.Attestation.Tests.csproj

@@ -7,7 +7,7 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Attestation\StellaOps.Vexer.Attestation.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Attestation\StellaOps.Excititor.Attestation.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
   </ItemGroup>
 </Project>

src/StellaOps.Excititor.Attestation.Tests/VexAttestationClientTests.cs

@@ -1,12 +1,12 @@
 using System.Collections.Immutable;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Attestation.Transparency;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Attestation.Transparency;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Attestation.Tests;
+namespace StellaOps.Excititor.Attestation.Tests;
 
 public sealed class VexAttestationClientTests
 {

src/StellaOps.Excititor.Attestation.Tests/VexDsseBuilderTests.cs

@@ -1,11 +1,11 @@
 using System.Collections.Immutable;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Models;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Models;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Attestation.Tests;
+namespace StellaOps.Excititor.Attestation.Tests;
 
 public sealed class VexDsseBuilderTests
 {

src/StellaOps.Excititor.Attestation/AGENTS.md

@@ -1,6 +1,6 @@
 # AGENTS
 ## Role
-Builds and verifies in-toto/DSSE attestations for Vexer exports and integrates with Rekor v2 transparency logs.
+Builds and verifies in-toto/DSSE attestations for Excititor exports and integrates with Rekor v2 transparency logs.
 ## Scope
 - Attestation envelope builders, signing workflows (keyless/keyed), and predicate model definitions.
 - Rekor v2 client implementation (submit, verify, poll inclusion) with retry/backoff policies.
@@ -9,7 +9,7 @@ Builds and verifies in-toto/DSSE attestations for Vexer exports and integrates w
 ## Participants
 - Export module calls into this layer to generate attestations after export artifacts are produced.
 - WebService and Worker consume verification helpers to ensure stored envelopes remain valid.
-- CLI `vexer verify` leverages verification services through WebService endpoints.
+- CLI `excititor verify` leverages verification services through WebService endpoints.
 ## Interfaces & contracts
 - `IExportAttestor`, `ITransparencyLogClient`, predicate DTOs, and verification result records.
 - Extension methods to register attestation services in DI across WebService/Worker.
@@ -20,4 +20,4 @@ Out: export artifact generation, storage persistence, CLI interaction layers.
 - Structured logs for signing/verification with envelope digest, Rekor URI, and latency; never log private keys.
 - Metrics for attestation successes/failures and Rekor submission durations.
 ## Tests
-- Unit tests and integration stubs (with fake Rekor) will live in `../StellaOps.Vexer.Attestation.Tests`.
+- Unit tests and integration stubs (with fake Rekor) will live in `../StellaOps.Excititor.Attestation.Tests`.

src/StellaOps.Excititor.Attestation/Dsse/DsseEnvelope.cs

@@ -1,7 +1,7 @@
 using System.Collections.Generic;
 using System.Text.Json.Serialization;
 
-namespace StellaOps.Vexer.Attestation.Dsse;
+namespace StellaOps.Excititor.Attestation.Dsse;
 
 public sealed record DsseEnvelope(
     [property: JsonPropertyName("payload")] string Payload,

src/StellaOps.Excititor.Attestation/Dsse/VexDsseBuilder.cs

@@ -8,11 +8,11 @@ using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Attestation.Models;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Models;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Attestation.Dsse;
+namespace StellaOps.Excititor.Attestation.Dsse;
 
 public sealed class VexDsseBuilder
 {

src/StellaOps.Excititor.Attestation/Extensions/ServiceCollectionExtensions.cs

@@ -1,9 +1,9 @@
 using Microsoft.Extensions.DependencyInjection;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Transparency;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Transparency;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Attestation.Extensions;
+namespace StellaOps.Excititor.Attestation.Extensions;
 
 public static class VexAttestationServiceCollectionExtensions
 {

src/StellaOps.Excititor.Attestation/Models/VexAttestationPredicate.cs

@@ -2,9 +2,9 @@ using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Text.Json.Serialization;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Attestation.Models;
+namespace StellaOps.Excititor.Attestation.Models;
 
 public sealed record VexAttestationPredicate(
     string ExportId,

src/StellaOps.Excititor.Attestation/Signing/IVexSigner.cs

@@ -2,7 +2,7 @@ using System;
 using System.Threading;
 using System.Threading.Tasks;
 
-namespace StellaOps.Vexer.Attestation.Signing;
+namespace StellaOps.Excititor.Attestation.Signing;
 
 public sealed record VexSignedPayload(string Signature, string? KeyId);
 

src/StellaOps.Excititor.Attestation/StellaOps.Excititor.Attestation.csproj

@@ -12,6 +12,6 @@
     <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
   </ItemGroup>
 </Project>

src/StellaOps.Excititor.Attestation/TASKS.md

@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-ATTEST-01-001 – In-toto predicate & DSSE builder|Team Excititor Attestation|EXCITITOR-CORE-01-001|**DONE (2025-10-16)** – Added deterministic in-toto predicate/statement models, DSSE envelope builder wired to signer abstraction, and attestation client producing metadata + diagnostics.|
+|EXCITITOR-ATTEST-01-002 – Rekor v2 client integration|Team Excititor Attestation|EXCITITOR-ATTEST-01-001|**DONE (2025-10-16)** – Implemented Rekor HTTP client with retry/backoff, transparency log abstraction, DI helpers, and attestation client integration capturing Rekor metadata + diagnostics.|
+|EXCITITOR-ATTEST-01-003 – Verification suite & observability|Team Excititor Attestation|EXCITITOR-ATTEST-01-002|TODO – Add verification helpers for Worker/WebService, metrics/logging hooks, and negative-path regression tests.|

src/StellaOps.Excititor.Attestation/Transparency/ITransparencyLogClient.cs

@@ -1,8 +1,8 @@
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Vexer.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Dsse;
 
-namespace StellaOps.Vexer.Attestation.Transparency;
+namespace StellaOps.Excititor.Attestation.Transparency;
 
 public sealed record TransparencyLogEntry(string Id, string Location, string? LogIndex, string? InclusionProofUrl);
 

src/StellaOps.Excititor.Attestation/Transparency/RekorHttpClient.cs

@@ -2,9 +2,9 @@ using System.Net.Http.Json;
 using System.Text.Json;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Dsse;
 
-namespace StellaOps.Vexer.Attestation.Transparency;
+namespace StellaOps.Excititor.Attestation.Transparency;
 
 internal sealed class RekorHttpClient : ITransparencyLogClient
 {

src/StellaOps.Excititor.Attestation/Transparency/RekorHttpClientOptions.cs

@@ -1,4 +1,4 @@
-namespace StellaOps.Vexer.Attestation.Transparency;
+namespace StellaOps.Excititor.Attestation.Transparency;
 
 public sealed class RekorHttpClientOptions
 {

src/StellaOps.Excititor.Attestation/VexAttestationClient.cs

@@ -6,13 +6,13 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Models;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Attestation.Transparency;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Models;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Attestation.Transparency;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Attestation;
+namespace StellaOps.Excititor.Attestation;
 
 public sealed class VexAttestationClientOptions
 {
@@ -84,7 +84,7 @@ public sealed class VexAttestationClient : IVexAttestationClient
 
     public ValueTask<VexAttestationVerification> VerifyAsync(VexAttestationRequest request, CancellationToken cancellationToken)
     {
-        // Placeholder until verification flow is implemented in VEXER-ATTEST-01-003.
+        // Placeholder until verification flow is implemented in EXCITITOR-ATTEST-01-003.
         return ValueTask.FromResult(new VexAttestationVerification(true, ImmutableDictionary<string, string>.Empty));
     }
 

src/StellaOps.Excititor.Connectors.Abstractions/AGENTS.md

@@ -1,13 +1,13 @@
 # AGENTS
 ## Role
-Defines shared connector infrastructure for Vexer, including base contexts, result contracts, configuration binding, and helper utilities reused by all connector plug-ins.
+Defines shared connector infrastructure for Excititor, including base contexts, result contracts, configuration binding, and helper utilities reused by all connector plug-ins.
 ## Scope
 - `IVexConnector` context implementation, raw store helpers, verification hooks, and telemetry utilities.
 - Configuration primitives (YAML parsing, secrets handling guidelines) and options validation.
 - Connector lifecycle helpers for retries, paging, `.well-known` discovery, and resume markers.
-- Documentation for connector packaging, plugin manifest metadata, and DI registration (see `docs/dev/30_VEXER_CONNECTOR_GUIDE.md` and `docs/dev/templates/vexer-connector/`).
+- Documentation for connector packaging, plugin manifest metadata, and DI registration (see `docs/dev/30_EXCITITOR_CONNECTOR_GUIDE.md` and `docs/dev/templates/excititor-connector/`).
 ## Participants
-- All Vexer connector projects reference this module to obtain base classes and context services.
+- All Excititor connector projects reference this module to obtain base classes and context services.
 - WebService/Worker instantiate connectors via plugin loader leveraging abstractions defined here.
 ## Interfaces & contracts
 - Connector context, result, and telemetry interfaces; `VexConnectorDescriptor`, `VexConnectorBase`, options binder/validators, authentication helpers.
@@ -19,4 +19,4 @@ Out: provider-specific logic (implemented in individual connector modules), stor
 - Provide structured logging helpers, correlation IDs, and metrics instrumentation toggles for connectors.
 - Enforce redaction of secrets in logs and config dumps.
 ## Tests
-- Abstraction/unit tests will live in `../StellaOps.Vexer.Connectors.Abstractions.Tests`, covering default behaviors and sample harness.
+- Abstraction/unit tests will live in `../StellaOps.Excititor.Connectors.Abstractions.Tests`, covering default behaviors and sample harness.

src/StellaOps.Excititor.Connectors.Abstractions/IVexConnectorOptionsValidator.cs

@@ -1,6 +1,6 @@
 using System.Collections.Generic;
 
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 /// <summary>
 /// Custom validator hook executed after connector options are bound.

src/StellaOps.Excititor.Connectors.Abstractions/StellaOps.Excititor.Connectors.Abstractions.csproj

@@ -7,7 +7,7 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />

src/StellaOps.Excititor.Connectors.Abstractions/TASKS.md

@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-ABS-01-001 – Connector context & base classes|Team Excititor Connectors|EXCITITOR-CORE-01-003|**DONE (2025-10-17)** – Added `StellaOps.Excititor.Connectors.Abstractions` project with `VexConnectorBase`, deterministic logging scopes, metadata builder helpers, and connector descriptors; docs updated to highlight the shared abstractions.|
+|EXCITITOR-CONN-ABS-01-002 – YAML options & validation|Team Excititor Connectors|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Delivered `VexConnectorOptionsBinder` + binder options/validators, environment-variable expansion, data-annotation checks, and custom validation hooks with documentation updates covering the workflow.|
+|EXCITITOR-CONN-ABS-01-003 – Plugin packaging & docs|Team Excititor Connectors|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Authored `docs/dev/30_EXCITITOR_CONNECTOR_GUIDE.md`, added quick-start template under `docs/dev/templates/excititor-connector/`, and updated module docs to reference the packaging workflow.|

src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorBase.cs

@@ -1,9 +1,9 @@
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 /// <summary>
 /// Convenience base class for implementing <see cref="IVexConnector" />.

src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorDescriptor.cs

@@ -1,10 +1,10 @@
 using System.Collections.Immutable;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 /// <summary>
-/// Static descriptor for a Vexer connector plug-in.
+/// Static descriptor for a Excititor connector plug-in.
 /// </summary>
 public sealed record VexConnectorDescriptor
 {

src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorLogScope.cs

@@ -1,8 +1,8 @@
 using System.Linq;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 /// <summary>
 /// Helper to establish deterministic logging scopes for connector operations.

src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorMetadataBuilder.cs

@@ -1,6 +1,6 @@
 using System.Collections.Immutable;
 
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 /// <summary>
 /// Builds deterministic metadata dictionaries for raw documents and logging scopes.

src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsBinder.cs

@@ -2,9 +2,9 @@ using System.Collections.Immutable;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using Microsoft.Extensions.Configuration;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 /// <summary>
 /// Provides strongly typed binding and validation for connector options.

src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsBinderOptions.cs

@@ -1,4 +1,4 @@
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 /// <summary>
 /// Customisation options for connector options binding.

src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsValidationException.cs

@@ -1,6 +1,6 @@
 using System.Collections.Immutable;
 
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;
 
 public sealed class VexConnectorOptionsValidationException : Exception
 {

src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/Connectors/CiscoCsafConnectorTests.cs

@@ -7,18 +7,18 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.DependencyInjection;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Cisco.CSAF;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Cisco.CSAF;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;
 using System.Collections.Immutable;
 using System.IO.Abstractions.TestingHelpers;
 using Xunit;
 using System.Threading;
 
-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Tests.Connectors;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Tests.Connectors;
 
 public sealed class CiscoCsafConnectorTests
 {
@@ -33,7 +33,7 @@ public sealed class CiscoCsafConnectorTests
                     "publisher": {
                       "name": "Cisco",
                       "category": "vendor",
-                      "contact_details": { "id": "vexer:cisco" }
+                      "contact_details": { "id": "excititor:cisco" }
                     }
                   },
                   "distributions": {

src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/Metadata/CiscoProviderMetadataLoaderTests.cs

@@ -5,12 +5,12 @@ using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions.TestingHelpers;
 
-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Tests.Metadata;
 
 public sealed class CiscoProviderMetadataLoaderTests
 {
@@ -24,7 +24,7 @@ public sealed class CiscoProviderMetadataLoaderTests
               "name": "Cisco CSAF",
               "category": "vendor",
               "contact_details": {
-                "id": "vexer:cisco"
+                "id": "excititor:cisco"
               }
             }
           },
@@ -72,7 +72,7 @@ public sealed class CiscoProviderMetadataLoaderTests
 
         var result = await loader.LoadAsync(CancellationToken.None);
 
-        result.Provider.Id.Should().Be("vexer:cisco");
+        result.Provider.Id.Should().Be("excititor:cisco");
         result.Provider.BaseUris.Should().ContainSingle(uri => uri.ToString() == "https://api.security.cisco.com/csaf/v2/advisories/");
         result.Provider.Discovery.RolIeService.Should().Be(new Uri("https://api.security.cisco.com/csaf/rolie/feed"));
         result.ServedFromCache.Should().BeFalse();
@@ -91,7 +91,7 @@ public sealed class CiscoProviderMetadataLoaderTests
               "name": "Cisco CSAF",
               "category": "vendor",
               "contact_details": {
-                "id": "vexer:cisco"
+                "id": "excititor:cisco"
               }
             }
           }
@@ -117,7 +117,7 @@ public sealed class CiscoProviderMetadataLoaderTests
         var result = await loader.LoadAsync(CancellationToken.None);
 
         result.FromOfflineSnapshot.Should().BeTrue();
-        result.Provider.Id.Should().Be("vexer:cisco");
+        result.Provider.Id.Should().Be("excititor:cisco");
     }
 
     private sealed class SingleHttpClientFactory : IHttpClientFactory

src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests.csproj

@@ -11,6 +11,6 @@
     <PackageReference Include="System.IO.Abstractions.TestingHelpers" Version="20.0.28" />
   </ItemGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Cisco.CSAF\StellaOps.Vexer.Connectors.Cisco.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Cisco.CSAF\StellaOps.Excititor.Connectors.Cisco.CSAF.csproj" />
   </ItemGroup>
 </Project>

src/StellaOps.Excititor.Connectors.Cisco.CSAF/AGENTS.md

@@ -20,4 +20,4 @@ Out: normalization/export, attestation, Mongo wiring (handled in other modules).
 - Log fetch batches with document counts/durations; mask credentials.
 - Emit metrics for rate-limit hits, retries, and quarantine events.
 ## Tests
-- Unit tests plus HTTP harness fixtures will live in `../StellaOps.Vexer.Connectors.Cisco.CSAF.Tests`.
+- Unit tests plus HTTP harness fixtures will live in `../StellaOps.Excititor.Connectors.Cisco.CSAF.Tests`.

src/StellaOps.Excititor.Connectors.Cisco.CSAF/CiscoCsafConnector.cs

@@ -5,18 +5,18 @@ using System.Net.Http;
 using System.Runtime.CompilerServices;
 using System.Text.Json;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;
 
-namespace StellaOps.Vexer.Connectors.Cisco.CSAF;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF;
 
 public sealed class CiscoCsafConnector : VexConnectorBase
 {
     private static readonly VexConnectorDescriptor DescriptorInstance = new(
-        id: "vexer:cisco",
+        id: "excititor:cisco",
         kind: VexProviderKind.Vendor,
         displayName: "Cisco CSAF")
     {

src/StellaOps.Excititor.Connectors.Cisco.CSAF/Configuration/CiscoConnectorOptions.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
 
 public sealed class CiscoConnectorOptions : IValidatableObject
 {

src/StellaOps.Excititor.Connectors.Cisco.CSAF/Configuration/CiscoConnectorOptionsValidator.cs

@@ -1,9 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using StellaOps.Vexer.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
 
 public sealed class CiscoConnectorOptionsValidator : IVexConnectorOptionsValidator<CiscoConnectorOptions>
 {

src/StellaOps.Excititor.Connectors.Cisco.CSAF/DependencyInjection/CiscoConnectorServiceCollectionExtensions.cs

@@ -4,13 +4,13 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.DependencyInjection;
 
 public static class CiscoConnectorServiceCollectionExtensions
 {

src/StellaOps.Excititor.Connectors.Cisco.CSAF/Metadata/CiscoProviderMetadataLoader.cs

@@ -5,15 +5,15 @@ using System.Text.Json;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
 
 public sealed class CiscoProviderMetadataLoader
 {
-    public const string CacheKey = "StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata";
+    public const string CacheKey = "StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata";
 
     private readonly IHttpClientFactory _httpClientFactory;
     private readonly IMemoryCache _memoryCache;

src/StellaOps.Excititor.Connectors.Cisco.CSAF/StellaOps.Excititor.Connectors.Cisco.CSAF.csproj

@@ -7,9 +7,9 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />

src/StellaOps.Excititor.Connectors.Cisco.CSAF/TASKS.md

@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-CISCO-01-001 – Endpoint discovery & auth plumbing|Team Excititor Connectors – Cisco|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added `CiscoProviderMetadataLoader` with bearer token support, offline snapshot fallback, DI helpers, and tests covering network/offline discovery to unblock subsequent fetch work.|
+|EXCITITOR-CONN-CISCO-01-002 – CSAF pull loop & pagination|Team Excititor Connectors – Cisco|EXCITITOR-CONN-CISCO-01-001, EXCITITOR-STORAGE-01-003|**DONE (2025-10-17)** – Implemented paginated advisory fetch using provider directories, raw document persistence with dedupe/state tracking, offline resiliency, and unit coverage.|
+|EXCITITOR-CONN-CISCO-01-003 – Provider trust metadata|Team Excititor Connectors – Cisco|EXCITITOR-CONN-CISCO-01-002, EXCITITOR-POLICY-01-001|TODO – Emit cosign/PGP trust metadata and advisory provenance hints for policy weighting.|

src/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests/Authentication/MsrcTokenProviderTests.cs

@@ -6,12 +6,12 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using NSubstitute;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Authentication;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Authentication;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;
 using System.IO.Abstractions.TestingHelpers;
 using Xunit;
 
-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.Tests.Authentication;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.Tests.Authentication;
 
 public sealed class MsrcTokenProviderTests
 {

src/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests.csproj

@@ -7,7 +7,7 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.MSRC.CSAF\StellaOps.Vexer.Connectors.MSRC.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.MSRC.CSAF\StellaOps.Excititor.Connectors.MSRC.CSAF.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="FluentAssertions" Version="6.12.0" />

src/StellaOps.Excititor.Connectors.MSRC.CSAF/AGENTS.md

@@ -20,4 +20,4 @@ Out: normalization/export, attestation, storage implementations (handled elsewhe
 - Log request batches, rate-limit responses, and token refresh events without leaking secrets.
 - Track metrics for documents fetched, retries, and failure categories.
 ## Tests
-- Connector tests with mocked MSRC endpoints and AAD token flow will live in `../StellaOps.Vexer.Connectors.MSRC.CSAF.Tests`.
+- Connector tests with mocked MSRC endpoints and AAD token flow will live in `../StellaOps.Excititor.Connectors.MSRC.CSAF.Tests`.

src/StellaOps.Excititor.Connectors.MSRC.CSAF/Authentication/MsrcTokenProvider.cs

@@ -9,9 +9,9 @@ using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;
 
-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.Authentication;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.Authentication;
 
 public interface IMsrcTokenProvider
 {
@@ -20,7 +20,7 @@ public interface IMsrcTokenProvider
 
 public sealed class MsrcTokenProvider : IMsrcTokenProvider, IDisposable
 {
-    private const string CachePrefix = "StellaOps.Vexer.Connectors.MSRC.CSAF.Token";
+    private const string CachePrefix = "StellaOps.Excititor.Connectors.MSRC.CSAF.Token";
 
     private readonly IHttpClientFactory _httpClientFactory;
     private readonly IMemoryCache _cache;

src/StellaOps.Excititor.Connectors.MSRC.CSAF/Configuration/MsrcConnectorOptions.cs

@@ -2,11 +2,11 @@ using System;
 using System.IO;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;
 
 public sealed class MsrcConnectorOptions
 {
-    public const string TokenClientName = "vexer.connector.msrc.token";
+    public const string TokenClientName = "excititor.connector.msrc.token";
     public const string DefaultScope = "https://api.msrc.microsoft.com/.default";
 
     /// <summary>

src/StellaOps.Excititor.Connectors.MSRC.CSAF/DependencyInjection/MsrcConnectorServiceCollectionExtensions.cs

@@ -4,11 +4,11 @@ using System.Net.Http;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Authentication;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Authentication;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.DependencyInjection;
 
 public static class MsrcConnectorServiceCollectionExtensions
 {
@@ -25,7 +25,7 @@ public static class MsrcConnectorServiceCollectionExtensions
         services.AddHttpClient(MsrcConnectorOptions.TokenClientName, client =>
             {
                 client.Timeout = TimeSpan.FromSeconds(30);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.MSRC.CSAF/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.MSRC.CSAF/1.0");
                 client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
             })
             .ConfigurePrimaryHttpMessageHandler(static () => new HttpClientHandler

src/StellaOps.Excititor.Connectors.MSRC.CSAF/StellaOps.Excititor.Connectors.MSRC.CSAF.csproj

@@ -7,7 +7,7 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />

src/StellaOps.Excititor.Connectors.MSRC.CSAF/TASKS.md

@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-MS-01-001 – AAD onboarding & token cache|Team Excititor Connectors – MSRC|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added MSRC connector project with configurable AAD options, token provider (offline/online modes), DI wiring, and unit tests covering caching and fallback scenarios.|
+|EXCITITOR-CONN-MS-01-002 – CSAF download pipeline|Team Excititor Connectors – MSRC|EXCITITOR-CONN-MS-01-001, EXCITITOR-STORAGE-01-003|TODO – Fetch CSAF packages with retry/backoff, checksum verification, and raw document persistence plus quarantine for schema failures.|
+|EXCITITOR-CONN-MS-01-003 – Trust metadata & provenance hints|Team Excititor Connectors – MSRC|EXCITITOR-CONN-MS-01-002, EXCITITOR-POLICY-01-001|TODO – Emit cosign/AAD issuer metadata, attach provenance details, and document policy integration.|

src/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/AGENTS.md

@@ -20,4 +20,4 @@ Out: normalization/export, policy evaluation, storage implementation.
 - Log image references, attestation counts, verification outcomes; redact credentials.
 - Emit metrics for attestation reuse ratio, verification duration, and failures.
 ## Tests
-- Connector tests with mock OCI registry/attestation responses will live in `../StellaOps.Vexer.Connectors.OCI.OpenVEX.Attest.Tests`.
+- Connector tests with mock OCI registry/attestation responses will live in `../StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest.Tests`.

src/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/TASKS.md

@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-OCI-01-001 – OCI discovery & auth plumbing|Team Excititor Connectors – OCI|EXCITITOR-CONN-ABS-01-001|TODO – Resolve OCI references, configure cosign auth (keyless/keyed), and support offline attestation bundles.|
+|EXCITITOR-CONN-OCI-01-002 – Attestation fetch & verify loop|Team Excititor Connectors – OCI|EXCITITOR-CONN-OCI-01-001, EXCITITOR-ATTEST-01-002|TODO – Download DSSE attestations, trigger verification, handle retries/backoff, and persist raw statements with metadata.|
+|EXCITITOR-CONN-OCI-01-003 – Provenance metadata & policy hooks|Team Excititor Connectors – OCI|EXCITITOR-CONN-OCI-01-002, EXCITITOR-POLICY-01-001|TODO – Emit provenance hints (image, subject digest, issuer) and trust metadata for policy weighting/logging.|

src/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests/Metadata/OracleCatalogLoaderTests.cs

@@ -5,13 +5,13 @@ using System.Text;
 using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;
 using System.IO.Abstractions.TestingHelpers;
 using Xunit;
 using System.Threading;
 
-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Tests.Metadata;
 
 public sealed class OracleCatalogLoaderTests
 {

src/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests.csproj

@@ -7,7 +7,7 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Oracle.CSAF\StellaOps.Vexer.Connectors.Oracle.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Oracle.CSAF\StellaOps.Excititor.Connectors.Oracle.CSAF.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="FluentAssertions" Version="6.12.0" />

src/StellaOps.Excititor.Connectors.Oracle.CSAF/AGENTS.md

@@ -20,4 +20,4 @@ Out: normalization, storage internals, export/attestation flows.
 - Log CPU release windows, document counts, and fetch durations; redact any secrets.
 - Emit metrics for deduped vs new documents and quarantine rates.
 ## Tests
-- Harness tests with mocked Oracle catalogues will live in `../StellaOps.Vexer.Connectors.Oracle.CSAF.Tests`.
+- Harness tests with mocked Oracle catalogues will live in `../StellaOps.Excititor.Connectors.Oracle.CSAF.Tests`.

src/StellaOps.Excititor.Connectors.Oracle.CSAF/Configuration/OracleConnectorOptions.cs

@@ -2,11 +2,11 @@ using System;
 using System.IO;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
 
 public sealed class OracleConnectorOptions
 {
-    public const string HttpClientName = "vexer.connector.oracle.catalog";
+    public const string HttpClientName = "excititor.connector.oracle.catalog";
 
     /// <summary>
     /// Oracle CSAF catalog endpoint hosting advisory metadata.

src/StellaOps.Excititor.Connectors.Oracle.CSAF/Configuration/OracleConnectorOptionsValidator.cs

@@ -1,9 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.IO.Abstractions;
-using StellaOps.Vexer.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
 
 public sealed class OracleConnectorOptionsValidator : IVexConnectorOptionsValidator<OracleConnectorOptions>
 {

src/StellaOps.Excititor.Connectors.Oracle.CSAF/DependencyInjection/OracleConnectorServiceCollectionExtensions.cs

@@ -4,13 +4,13 @@ using System.Net.Http;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.DependencyInjection;
 
 public static class OracleConnectorServiceCollectionExtensions
 {
@@ -29,7 +29,7 @@ public static class OracleConnectorServiceCollectionExtensions
         services.AddHttpClient(OracleConnectorOptions.HttpClientName, client =>
             {
                 client.Timeout = TimeSpan.FromSeconds(60);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.Oracle.CSAF/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.Oracle.CSAF/1.0");
                 client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
             })
             .ConfigurePrimaryHttpMessageHandler(static () => new HttpClientHandler

src/StellaOps.Excititor.Connectors.Oracle.CSAF/Metadata/OracleCatalogLoader.cs

@@ -9,13 +9,13 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
 
-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;
 
 public sealed class OracleCatalogLoader
 {
-    public const string CachePrefix = "StellaOps.Vexer.Connectors.Oracle.CSAF.Catalog";
+    public const string CachePrefix = "StellaOps.Excititor.Connectors.Oracle.CSAF.Catalog";
 
     private readonly IHttpClientFactory _httpClientFactory;
     private readonly IMemoryCache _memoryCache;

src/StellaOps.Excititor.Connectors.Oracle.CSAF/OracleCsafConnector.cs

@@ -2,17 +2,17 @@ using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Runtime.CompilerServices;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;
+using StellaOps.Excititor.Core;
 
-namespace StellaOps.Vexer.Connectors.Oracle.CSAF;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF;
 
 public sealed class OracleCsafConnector : VexConnectorBase
 {
     private static readonly VexConnectorDescriptor DescriptorInstance = new(
-        id: "vexer:oracle",
+        id: "excititor:oracle",
         kind: VexProviderKind.Vendor,
         displayName: "Oracle CSAF")
     {

src/StellaOps.Excititor.Connectors.Oracle.CSAF/StellaOps.Excititor.Connectors.Oracle.CSAF.csproj

@@ -7,7 +7,7 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />

src/StellaOps.Excititor.Connectors.Oracle.CSAF/TASKS.md

@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-ORACLE-01-001 – Oracle CSAF catalogue discovery|Team Excititor Connectors – Oracle|EXCITITOR-CONN-ABS-01-001|DOING (2025-10-17) – Implement catalogue discovery, CPU calendar awareness, and offline snapshot import for Oracle CSAF feeds.|
+|EXCITITOR-CONN-ORACLE-01-002 – CSAF download & dedupe pipeline|Team Excititor Connectors – Oracle|EXCITITOR-CONN-ORACLE-01-001, EXCITITOR-STORAGE-01-003|TODO – Fetch CSAF documents with retry/backoff, checksum validation, revision deduplication, and raw persistence.|
+|EXCITITOR-CONN-ORACLE-01-003 – Trust metadata + provenance|Team Excititor Connectors – Oracle|EXCITITOR-CONN-ORACLE-01-002, EXCITITOR-POLICY-01-001|TODO – Emit Oracle signing metadata (PGP/cosign) and provenance hints for consensus weighting.|

src/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests/Connectors/RedHatCsafConnectorTests.cs

@@ -8,17 +8,17 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;
 
-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Tests.Connectors;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Tests.Connectors;
 
 public sealed class RedHatCsafConnectorTests
 {
-    private static readonly VexConnectorDescriptor Descriptor = new("vexer:redhat", VexProviderKind.Distro, "Red Hat CSAF");
+    private static readonly VexConnectorDescriptor Descriptor = new("excititor:redhat", VexProviderKind.Distro, "Red Hat CSAF");
 
     [Fact]
     public async Task FetchAsync_EmitsDocumentsAfterSince()

src/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests/Metadata/RedHatProviderMetadataLoaderTests.cs

@@ -6,11 +6,11 @@ using System.Text;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
 using System.IO.Abstractions.TestingHelpers;
 
-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Tests.Metadata;
 
 public sealed class RedHatProviderMetadataLoaderTests
 {

src/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests.csproj

@@ -7,8 +7,8 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.SUSE.RancherVEXHub\StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.RedHat.CSAF\StellaOps.Excititor.Connectors.RedHat.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="FluentAssertions" Version="6.12.0" />

src/StellaOps.Excititor.Connectors.RedHat.CSAF/AGENTS.md

@@ -14,7 +14,7 @@ Connector for Red Hat CSAF VEX feeds, fetching provider metadata, CSAF documents
 - Policy/consensus rely on Red Hat trust metadata captured here.
 ## Interfaces & contracts
 - Implements `IVexConnector` with Red Hat-specific options (parallelism, token auth if configured).
-- Uses abstractions from `StellaOps.Vexer.Connectors.Abstractions` for HTTP/resume helpers.
+- Uses abstractions from `StellaOps.Excititor.Connectors.Abstractions` for HTTP/resume helpers.
 ## In/Out of scope
 In: data acquisition, HTTP retries, raw document persistence, provider metadata population.
 Out: normalization, storage internals, attestation, general connector abstractions (covered elsewhere).
@@ -22,4 +22,4 @@ Out: normalization, storage internals, attestation, general connector abstractio
 - Log provider metadata URL, revision ids, fetch durations; redact tokens.
 - Emit counters for documents fetched, skipped (304), quarantined.
 ## Tests
-- Connector harness tests (mock HTTP) and resume regression cases will live in `../StellaOps.Vexer.Connectors.RedHat.CSAF.Tests`.
+- Connector harness tests (mock HTTP) and resume regression cases will live in `../StellaOps.Excititor.Connectors.RedHat.CSAF.Tests`.

src/StellaOps.Excititor.Connectors.RedHat.CSAF/Configuration/RedHatConnectorOptions.cs

@@ -1,7 +1,7 @@
 using System.Collections.Generic;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
 
 public sealed class RedHatConnectorOptions
 {
@@ -10,7 +10,7 @@ public sealed class RedHatConnectorOptions
     /// <summary>
     /// HTTP client name registered for the connector.
     /// </summary>
-    public const string HttpClientName = "vexer.connector.redhat";
+    public const string HttpClientName = "excititor.connector.redhat";
 
     /// <summary>
     /// URI of the CSAF provider metadata document.

src/StellaOps.Excititor.Connectors.RedHat.CSAF/DependencyInjection/RedHatConnectorServiceCollectionExtensions.cs

@@ -2,13 +2,13 @@ using System.Net;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.DependencyInjection;
 
 public static class RedHatConnectorServiceCollectionExtensions
 {
@@ -29,7 +29,7 @@ public static class RedHatConnectorServiceCollectionExtensions
         services.AddHttpClient(RedHatConnectorOptions.HttpClientName, client =>
             {
                 client.Timeout = TimeSpan.FromSeconds(30);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.RedHat/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.RedHat/1.0");
                 client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
             })
             .ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler

src/StellaOps.Excititor.Connectors.RedHat.CSAF/Metadata/RedHatProviderMetadataLoader.cs

@@ -8,15 +8,15 @@ using System.Text.Json.Serialization;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;
 
-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
 
 public sealed class RedHatProviderMetadataLoader
 {
-    public const string CacheKey = "StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata";
+    public const string CacheKey = "StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata";
 
     private readonly IHttpClientFactory _httpClientFactory;
     private readonly IMemoryCache _cache;
@@ -242,7 +242,7 @@ public sealed class RedHatProviderMetadataLoader
 
         var trust = BuildTrust();
         return new VexProvider(
-            id: "vexer:redhat",
+            id: "excititor:redhat",
             displayName: document.Metadata.Provider.Name,
             kind: VexProviderKind.Distro,
             baseUris: distributions,

src/StellaOps.Excititor.Connectors.RedHat.CSAF/RedHatCsafConnector.cs

@@ -7,13 +7,13 @@ using System.Text.Json;
 using System.Xml.Linq;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;
 
-namespace StellaOps.Vexer.Connectors.RedHat.CSAF;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF;
 
 public sealed class RedHatCsafConnector : VexConnectorBase
 {

src/StellaOps.Excititor.Connectors.RedHat.CSAF/StellaOps.Excititor.Connectors.RedHat.CSAF.csproj

@@ -7,8 +7,8 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />

src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md

@@ -0,0 +1,10 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-RH-01-001 – Provider metadata discovery|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added `RedHatProviderMetadataLoader` with HTTP/ETag caching, offline snapshot handling, and validation; exposed DI helper + tests covering live, cached, and offline scenarios.|
+|EXCITITOR-CONN-RH-01-002 – Incremental CSAF pulls|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-001, EXCITITOR-STORAGE-01-003|**DONE (2025-10-17)** – Implemented `RedHatCsafConnector` with ROLIE feed parsing, incremental filtering via `context.Since`, CSAF document download + metadata capture, and persistence through `IVexRawDocumentSink`; tests cover live fetch/cache/offline scenarios with ETag handling.|
+|EXCITITOR-CONN-RH-01-003 – Trust metadata emission|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002, EXCITITOR-POLICY-01-001|**DONE (2025-10-17)** – Provider metadata loader now emits trust overrides (weight, cosign issuer/pattern, PGP fingerprints) and the connector surfaces provenance hints for policy/consensus layers.|
+|EXCITITOR-CONN-RH-01-004 – Resume state persistence|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002, EXCITITOR-STORAGE-01-003|**DONE (2025-10-17)** – Connector now loads/saves resume state via `IVexConnectorStateRepository`, tracking last update timestamp and recent document digests to avoid duplicate CSAF ingestion; regression covers state persistence and duplicate skips.|
+|EXCITITOR-CONN-RH-01-005 – Worker/WebService integration|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002|**DONE (2025-10-17)** – Worker/WebService now call `AddRedHatCsafConnector`, register the connector + state repo, and default worker scheduling adds the `excititor:redhat` provider so background jobs and orchestration can activate the connector without extra wiring.|
+|EXCITITOR-CONN-RH-01-006 – CSAF normalization parity tests|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002, EXCITITOR-FMT-CSAF-01-001|**DONE (2025-10-17)** – Added RHSA fixture-driven regression verifying CSAF normalizer retains Red Hat product metadata, tracking fields, and timestamps (`rhsa-sample.json` + `CsafNormalizerTests.NormalizeAsync_PreservesRedHatSpecificMetadata`).|

src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/Authentication/RancherHubTokenProviderTests.cs

@@ -6,11 +6,11 @@ using System.Threading;
 using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Authentication;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Authentication;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;
 using Xunit;
 
-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests.Authentication;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests.Authentication;
 
 public sealed class RancherHubTokenProviderTests
 {

src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/Metadata/RancherHubMetadataLoaderTests.cs

@@ -7,20 +7,20 @@ using System.Text;
 using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Authentication;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Metadata;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Authentication;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Metadata;
 using System.IO.Abstractions.TestingHelpers;
 using System.Threading;
 using Xunit;
 
-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests.Metadata;
 
 public sealed class RancherHubMetadataLoaderTests
 {
     private const string SampleDiscovery = """
         {
-          "hubId": "vexer:suse.rancher",
+          "hubId": "excititor:suse.rancher",
           "title": "SUSE Rancher VEX Hub",
           "subscription": {
             "eventsUri": "https://vexhub.suse.com/api/v1/events",

src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests.csproj

@@ -7,8 +7,8 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.RedHat.CSAF\StellaOps.Vexer.Connectors.RedHat.CSAF.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.SUSE.RancherVEXHub\StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="FluentAssertions" Version="6.12.0" />

src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/AGENTS.md

@@ -20,4 +20,4 @@ Out: normalization/export tasks, storage layer implementation, attestation.
 - Log subscription IDs, batch sizes, and checkpoint updates while redacting secrets.
 - Emit metrics for messages processed, lag, and retries.
 ## Tests
-- Connector harness tests with simulated hub responses will live in `../StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests`.
+- Connector harness tests with simulated hub responses will live in `../StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests`.