# VEX Handling with Formal Reasoning (Lattice-Based Merge)

## Module
Excititor

## Status
VERIFIED

## Description
VEX handling with a K4 trust lattice engine for deterministic merging of vendor/distro/internal VEX claims, claim score merging, conflict penalization, and disposition selection via policy-driven rules.

## Implementation Details
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/`, `src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/`
- **Key Classes**:
  - `ClaimScoreMerger` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/ClaimScoreMerger.cs`) - merges claim scores using lattice algebra with conflict penalization
  - `PolicyLatticeAdapter` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/PolicyLatticeAdapter.cs`) - adapts K4 policy lattice for VEX claim merge
  - `TrustWeightRegistry` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/TrustWeightRegistry.cs`) - registry of per-source trust weights
  - `ClaimScoreCalculator` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/ClaimScoreCalculator.cs`) - calculates claim scores from trust vectors
  - `ClaimStrength` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/ClaimStrength.cs`) - claim strength model
  - `VexScoreEnvelope` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/VexScoreEnvelope.cs`) - envelope wrapping scored VEX claims
  - `VexConsensusResolver` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusResolver.cs`) - resolves consensus using lattice rules
- **Interfaces**: `IVexLatticeProvider`, `IVexConsensusPolicy`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Submit multiple VEX claims for the same vulnerability and verify `ClaimScoreMerger` produces a deterministic merged score using lattice algebra
- [ ] Verify conflict penalization: conflicting claims (affected vs not_affected) reduce the merged score
- [ ] Verify `PolicyLatticeAdapter` applies K4 lattice rules for disposition selection (top > bottom in lattice ordering)
- [ ] Verify `TrustWeightRegistry` applies different weights to vendor, distro, and internal sources
- [ ] Verify `ClaimScoreCalculator` computes scores from multi-dimensional trust vectors
- [ ] Verify the merged result is monotonic: adding more evidence can only increase confidence, not decrease it

## Verification
- Verified on 2026-02-13 via `run-001`.
- Tier 0: Source files confirmed present on disk.
- Tier 1: `dotnet build` passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
- Tier 2d: `docs/qa/feature-checks/runs/excititor/vex-handling-with-formal-reasoning/run-001/tier2-integration-check.json`