docs consolidation work

docs/modules/vex-lens/README.md

@@ -44,9 +44,62 @@ VEX Lens produces a deterministic, provenance-rich consensus view of VEX stateme
 - Traces/logs: `consensus.group`, `consensus.join`, `consensus.persist` spans with correlation IDs and issuer details; structured logs capture trust adjustments and reconciliation outcomes.
 - Offline bundles include `consensus.jsonl`, `conflicts.jsonl`, manifest + DSSE signatures, enabling mirror deployments and replay validation.
 
+## Implementation Status
+
+### Phase 1 – Core lens service (In Progress)
+- Normalization pipeline: CSAF/OpenVEX/CycloneDX format support
+- Product mapping library with conservative scope scoring
+- Trust weighting functions: issuer tier, freshness decay, scope quality
+- Consensus algorithm with deterministic digest computation
+- Persistence: vex_consensus, vex_consensus_history, vex_conflict_queue tables
+- Connector-supplied trust weights/tiers from Excititor vex.provenance.* contract
+
+### Phase 2 – API & integrations (Planned)
+- REST endpoints: /vex/consensus (query/detail/simulate/export)
+- Policy Engine threshold integration and simulation support
+- Vuln Explorer UI chips for consensus signals
+- VEX Lens change events for downstream consumers
+
+### Phase 3 – Issuer Directory & signatures (Planned)
+- Issuer registry with CRUD, audit logs, CSAF publisher import
+- Key management and signature verification
+- RBAC enforcement and tenant overrides
+- Revocation runbooks and trust recalculation
+
+### Phase 4 – Console & CLI experiences (Planned)
+- Console module: evidence table, quorum bar, conflicts, simulation drawer
+- CLI commands: stella vex consensus list/show/simulate/export
+- Saved views, filters, JSON/CSV output support
+
+### Phase 5 – Recompute & performance (Planned)
+- Recompute scheduling: policy activation, Excititor deltas
+- Caching strategy and load tests (10M records/tenant, P95 < 500ms)
+- Observability dashboards and Offline Kit exports
+- Backpressure handling and incident surfacing
+
+### Key Acceptance Criteria
+- Consensus results reproducible across VEX formats with deterministic digests
+- Signature verification influences trust weights without pipeline failure
+- Policy simulations show quorum shifts without persisting state
+- Issuer Directory enforces RBAC, audit logs, key rotation
+- Recompute pipeline handles deltas with backpressure management
+- Performance: P95 < 500ms for 100-row pages at 10M records/tenant
+
+### Technical Decisions & Risks
+- Product mapping ambiguity: conservative scoring, manual overrides, warnings, policy review
+- Issuer compromise: signature verification, trust weighting, tenant overrides, revocation runbooks
+- Evidence storms: batching, worker sharding, orchestrator rate limiting, priority queues
+- Performance: caching, indexing, load tests, quota enforcement
+- Offline gaps: deterministic exports, manifest hashes, Offline Kit tests
+
+### Provenance-Aware Trust Weighting (Current Focus)
+- Connector metadata contract: vex.provenance.* fields with provider id/name/kind
+- Weight calculation: trust.weight baseline × freshness × justification scope
+- Integrity hints: cosign.* and pgp.fingerprints toggle signature-policy shortcuts
+- Policy exposure: original provenance in sources[] for explain workflows
+
 ## Key docs & references
 - [`architecture.md`](architecture.md) — implementation-ready blueprint covering inputs, algorithm, APIs, storage, observability, and exports.
-- [`implementation_plan.md`](implementation_plan.md) — phased delivery roadmap and acceptance criteria.
 - [`scoring.md`](scoring.md) — future risk scoring model and formula reference.
 - [`../../vex/aggregation.md`](../../vex/aggregation.md) — Aggregation-Only Contract boundaries for VEX ingestion and downstream consumers.
 - **Operations:** [`operations/deployment.md`](operations/deployment.md), [`operations/offline-kit.md`](operations/offline-kit.md) — deployment guides and offline bundle preparation.