# Delta Verdict and Change Trace System

## Module
Attestor

## Status
VERIFIED

## Description
Full delta computation engine with verdict predicates, change trace entries, budget tracking, VEX delta computation, attestation service, and smart diff with trust indicators. Frontend delta-verdict service and models consume the API. Delta-first comparison shows what changed since last trusted point.

## Implementation Details
- **Delta Verdict Predicate**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/DeltaVerdictPredicate.cs` (with `.Budget` partial) -- predicate for delta verdict attestations with budget impact tracking.
- **Delta Models**: `DeltaVerdictChange.cs` -- individual change entry. `DeltaFindingKey.cs` -- unique finding identifier for delta tracking. `VerdictDeltaSummary.cs` -- summary of all changes. `VerdictFindingChange.cs` -- per-finding change details. `VerdictRuleChange.cs` -- policy rule changes.
- **Change Trace Service**: `__Libraries/StellaOps.Attestor.ProofChain/ChangeTrace/ChangeTraceAttestationService.cs` (with `.Helpers`, `.Mapping`) -- implements `IChangeTraceAttestationService`. Produces change trace attestations.
- **Change Trace Predicate**: `Predicates/ChangeTracePredicate.cs`, `ChangeTracePredicateSummary.cs`, `ChangeTraceDeltaEntry.cs` -- change trace predicate models.
- **VEX Delta**: `Predicates/VexDeltaPredicate.cs`, `VexDeltaChange.cs`, `VexDeltaStatement.cs`, `VexDeltaSummary.cs` -- VEX-specific delta tracking.
- **SBOM Delta**: `Predicates/SbomDeltaPredicate.cs`, `SbomDeltaComponent.cs`, `SbomDeltaSummary.cs`, `SbomDeltaVersionChange.cs` -- SBOM diff tracking.
- **Statements**: `Statements/DeltaVerdictStatement.cs`, `ChangeTraceStatement.cs` -- in-toto statement wrappers.
- **Trust Delta**: `Predicates/TrustDeltaRecord.cs` -- trust score change tracking.
- **Delta Attestation Service (Core)**: `StellaOps.Attestor.Core/Delta/DeltaAttestationService.cs`, `IDeltaAttestationService.cs`
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/Statements/DeltaVerdictStatementTests.cs`, `ChangeTrace/ChangeTracePredicateTests.cs`, `StellaOps.Attestor.Core.Tests/Delta/DeltaAttestationServiceTests.cs`

## E2E Test Plan
- [ ] Generate a delta verdict between two snapshots with added, removed, and changed findings and verify `DeltaVerdictPredicate` categorizes each correctly
- [ ] Verify `VerdictDeltaSummary` counts (added, removed, changed, unchanged) match the actual changes
- [ ] Generate a change trace via `ChangeTraceAttestationService` and verify `ChangeTraceDeltaEntry` entries capture timestamps and change types
- [ ] Compute a VEX delta between two VEX documents and verify `VexDeltaSummary` tracks status changes
- [ ] Compute an SBOM delta between two SBOMs and verify `SbomDeltaComponent` captures added/removed/changed components
- [ ] Verify budget impact tracking in `DeltaVerdictPredicate.Budget` by adding findings that exceed budget thresholds
- [ ] Verify `TrustDeltaRecord` captures trust score changes between snapshots
- [ ] Wrap delta verdict in `DeltaVerdictStatement` and verify valid in-toto statement output

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |