# VEX-Rekor Linkage ## Module devops ## Status VERIFIED ## Description Database migration and persistence behavior for linking VEX observations to Rekor entries, enabling transparent VEX decision traceability. ## Implementation Details - **VEX Proof Integrator Metadata**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexProofIntegrator.Helpers.cs` and `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexProofIntegrator.Metadata.cs` implement deterministic VEX verdict status/justification mapping and proof metadata payload generation. - **VEX Verdict Proof Payload**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexVerdictProofPayload.cs` defines the serialized proof-carrying payload contract for VEX verdicts. - **VEX Verdict ID**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Identifiers/VexVerdictId.cs` provides content-addressed VEX verdict identifiers. - **VEX Delta and Merge Models**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaChange.cs`, `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaStatement.cs`, `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaSummary.cs`, and `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexMergeTrace.cs` model delta/merge evidence for VEX decision evolution. - **Rekor Linkage Migration**: `devops/database/migrations/V20260117__vex_rekor_linkage.sql` adds Rekor linkage columns and indexes for Excititor and VexHub tables and attestor verification metadata columns. - **Compose Configuration**: `devops/compose/docker-compose.stella-ops.yml` provides PostgreSQL infrastructure used for linkage verification workflows. - **Excititor Postgres Store**: `src/Excititor/__Libraries/StellaOps.Excititor.Persistence/Postgres/Repositories/PostgresVexObservationStore.cs` now consistently persists and queries Rekor linkage fields on `vex.observations` with ensured Rekor columns/indexes. - **Behavioral Coverage**: `src/Excititor/__Tests/StellaOps.Excititor.Persistence.Tests/PostgresVexObservationStoreTests.cs` includes linkage round-trip, pending-queue, and missing-observation negative-path tests. ## E2E Test Plan - [x] Create VEX observations and validate Rekor linkage fields can be persisted and queried. - [x] Query pending observations and verify unlinked records are returned in deterministic created-at order. - [x] Validate migration adds required Rekor columns and indexes across Excititor and VexHub tables. - [x] Reapply migration and verify existing Rekor linkage data is preserved. ## Verification - Verified on 2026-02-11 with `run-001`. - Tier 0 source checks passed for Attestor VEX/Rekor models, DevOps migration assets, and Excititor persistence/test paths. - Tier 1 passed after resolving a schema mismatch defect in `PostgresVexObservationStore` (`71/71` tests across persistence and attestation suites). - Tier 2 passed with fresh Dockerized PostgreSQL interactions validating migration columns/indexes, linked and pending query paths, and idempotent reapply behavior. - Evidence: - `docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/tier0-source-check.json` - `docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/tier1-build-check.json` - `docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/triage.json` - `docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/fix-summary.json` - `docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/retest-result.json` - `docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/tier2-integration-check.json`