# Signed Risk Verdicts (DSSE/in-toto Envelope)

## Module
Attestor

## Status
VERIFIED

## Description
Verdicts signed as DSSE/in-toto attestations bound to immutable artifact digests, containing policy binding, knowledge snapshot binding, evaluator version, rationale, findings references, and unknowns state.

## Implementation Details
- **Verdict Receipt Payload**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/VerdictReceiptPayload.cs` -- payload containing the verdict decision, inputs, outputs, and rationale.
- **Verdict Receipt Statement**: `Statements/VerdictReceiptStatement.cs` -- in-toto statement wrapping the verdict receipt.
- **Verdict Decision**: `Statements/VerdictDecision.cs` -- the risk verdict (Pass/Fail/Warn) with rationale.
- **Verdict Inputs**: `Statements/VerdictInputs.cs` -- inputs: policy binding, knowledge snapshot digest, evaluator version, findings references.
- **Verdict Outputs**: `Statements/VerdictOutputs.cs` -- outputs: violations, exceptions, unknowns state.
- **Verdict Summary**: `Predicates/VerdictSummary.cs` -- summary of the verdict for proof graph integration.
- **DSSE Signing**: `Signing/ProofChainSigner.cs` (with `.Verification`) -- signs verdicts into DSSE envelopes bound to artifact digests.
- **Signing Key Profile**: `Signing/SigningKeyProfile.cs` -- key profile used for signing the verdict.
- **Proof Subject**: `Builders/ProofSubject.cs` -- artifact digest binding (subject with name and digest map).
- **Verdict Ledger**: `__Libraries/StellaOps.Attestor.VerdictLedger/VerdictLedgerService.cs` -- records signed verdicts in the append-only ledger.
- **Trust Verdict**: `__Libraries/StellaOps.Attestor.TrustVerdict/` -- trust verdict integration.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/VerdictReceiptTests.cs`

## E2E Test Plan
- [ ] Create a `VerdictReceiptPayload` with Pass decision, sign into DSSE envelope, and verify binding to artifact digest
- [ ] Verify `VerdictInputs` captures policy binding ID, knowledge snapshot digest, and evaluator version
- [ ] Verify `VerdictOutputs` captures findings references and unknowns state
- [ ] Create a Fail verdict with rationale and verify the rationale is present in the signed payload
- [ ] Verify the DSSE envelope signature via `ProofChainSigner.Verification`
- [ ] Record the signed verdict in `VerdictLedgerService` and verify the ledger entry
- [ ] Verify immutability: attempt to modify the verdict after signing and confirm signature verification fails
- [ ] Create verdicts for multiple artifacts and verify each is bound to its specific artifact digest via `ProofSubject`

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |