# Attestable Exception Objects with Expiries and Audit Trails

## Module
Attestor

## Status
PARTIALLY_IMPLEMENTED

## Description
Exceptions are modeled as auditable objects with IDs, owners, expiry dates, and audit trails. The exception ledger UI shows active/pending/expiring counts. Signed override badges indicate cryptographic attestation of exceptions.

## Implementation Details
- **Exception Reference**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Services/ExceptionRef.cs` -- models exception objects with ID, owner, and expiry metadata.
- **Budget Exception Entry**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/BudgetExceptionEntry.cs` -- exception entry within the uncertainty budget system, tracking exception scope and validity period.
- **Budget System Integration**: `BudgetDefinition.cs`, `BudgetObservation.cs`, `BudgetViolationEntry.cs` -- exceptions integrate with the uncertainty budget to allow controlled risk acceptance.
- **VEX Override System**: `src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/VexOverridePredicate.cs` -- signed VEX overrides serve as attestable exceptions. `VexOverridePredicateBuilder.cs` (with `.Build`, `.Serialize`, `.WithMethods` partials) constructs override predicates. `VexOverrideDecision.cs` captures the decision rationale.
- **Evidence Reference**: `VexOverride/EvidenceReference.cs` -- links exception decisions to supporting evidence.
- **Audit Trail**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Audit/AuditHashLogger.cs` (with `.Validation` partial) logs hash-based audit records. `HashAuditRecord.cs` captures individual audit entries. `AuditArtifactTypes.cs` defines auditable artifact types.
- **Persistence**: `src/Attestor/__Libraries/StellaOps.Attestor.Persistence/Entities/AuditLogEntity.cs` -- database entity for audit log persistence.
- **DSSE Signing**: Exceptions are signed via `ProofChainSigner` to produce cryptographic attestation (signed override badges).

## E2E Test Plan
- [ ] Create an exception via `BudgetExceptionEntry` with owner, expiry date, and justification, then verify all fields serialize correctly
- [ ] Build a `VexOverridePredicate` with `VexOverridePredicateBuilder`, sign it via DSSE, and verify the signed envelope contains the override decision
- [ ] Create an exception with an expiry date in the past and verify budget evaluation treats it as expired (no longer valid)
- [ ] Create an exception with a future expiry and verify it is counted as active in the budget check
- [ ] Log exception creation via `AuditHashLogger` and verify `HashAuditRecord` captures the artifact type, timestamp, and hash
- [ ] Query audit trail for a specific exception ID and verify the complete history of changes is returned
- [ ] Verify that `ExceptionRef` correctly links to `EvidenceReference` for evidence-backed exception justification

## Implementation Gaps (2026-02-11)
- `ExceptionRef` currently contains only `ExceptionId`, `Status`, and `CoveredReasonCodes`; it does not model owner/expiry metadata or evidence references as described by the feature claim.
- A concrete `IProofChainRepository` implementation for querying complete audit history by exception ID was not found in `StellaOps.Attestor.Persistence`; only the interface contract exists.
- Core DSSE exception signing and hash audit logging behaviors are implemented and tested, but claim-parity fails for full exception-reference and audit-query workflow coverage.

## Verification
- Evaluated on 2026-02-11 via `run-001`.
- Tier 0 source checks passed, Tier 1 build/tests passed (`52/52` scoped tests), but Tier 1 code review and Tier 2 behavioral claim parity failed on missing exception-reference and audit-query implementation pieces.
- Feature terminalized as `not_implemented` and moved from `unchecked` to `unimplemented`.
- Evidence:
  - `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier0-source-check.json`
  - `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier1-build-check.json`
  - `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier2-integration-check.json`
  - `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/triage.json`

## Not Implemented Findings
- Tier 0 and Tier 1 pass for core exception-signing and audit-hash behavior, but claim parity review found gaps in exception reference modeling and audit-history query implementation.
- ExceptionRef currently contains ExceptionId, Status, and covered reason codes only; owner/expiry/evidence linkage promised by this feature dossier is not modeled in this contract.
- IProofChainRepository exposes audit-log query methods, but no concrete proof-chain repository implementation was found to fulfill complete history retrieval semantics by exception ID in this feature scope.