# Proof Spine System (Assembly, Segment Construction, Explainable Quiet Alerts)

## Module
Attestor

## Status
VERIFIED

## Description
Proof spine builder producing chained segments (SBOM_SLICE, MATCH, REACHABILITY, GUARD_ANALYSIS, RUNTIME_OBSERVATION, POLICY_EVAL), each DSSE-signed with hash-linked predecessors. Chains evidence IDs, reasoning IDs, VEX verdict IDs into signed proof bundles with Merkle root computation. VexProofSpineService in Policy engine enables explainable quiet alerts.

## Implementation Details
- **Proof Spine Assembly**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Assembly/` -- proof spine assembly:
  - `ProofSpineRequest.cs` -- request specifying subjects and evidence to include in the spine.
  - `ProofSpineResult.cs` -- result containing assembled spine with Merkle root and linked segments.
  - `ProofSpineSubject.cs` -- individual subject within a spine (artifact digest, type).
  - `MerkleTree.cs` -- Merkle tree used for spine root computation.
  - `SpineVerificationCheck.cs` -- individual verification check for a spine segment.
  - `SpineVerificationResult.cs` -- aggregate verification result for the complete spine.
- **Proof Spine Statement**: `Statements/ProofSpineStatement.cs` -- in-toto statement wrapping a proof spine.
- **Proof Spine Predicate**: `Predicates/ProofSpinePredicate.cs` -- predicate containing Merkle root, segment list, evidence IDs, reasoning IDs, and VEX verdict IDs.
- **DSSE Signing**: `Signing/ProofChainSigner.cs` -- signs each spine segment into a DSSE envelope with hash-linked predecessor.
- **Content-Addressed Identifiers**: `Identifiers/EvidenceId.cs`, `ReasoningId.cs`, `VexVerdictId.cs` -- IDs chained in the spine.
- **Persistence**: `__Libraries/StellaOps.Attestor.Persistence/Entities/SpineEntity.cs` -- persists spine data.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/ProofSpineTests.cs`

## E2E Test Plan
- [ ] Assemble a proof spine via `ProofSpineRequest` with 5 subjects and verify `ProofSpineResult` contains a valid Merkle root
- [ ] Verify each spine segment is DSSE-signed and hash-linked to its predecessor
- [ ] Create spine segments of different types (SBOM_SLICE, MATCH, REACHABILITY, POLICY_EVAL) and verify segment type metadata
- [ ] Chain evidence IDs, reasoning IDs, and VEX verdict IDs into the spine and verify all IDs are present in `ProofSpinePredicate`
- [ ] Verify the spine via `SpineVerificationCheck` for each segment and confirm `SpineVerificationResult` passes
- [ ] Build a `ProofSpineStatement` and sign it; verify the DSSE envelope wraps the complete spine
- [ ] Persist the spine via `SpineEntity` and retrieve it; verify data integrity
- [ ] Tamper with one segment's hash and verify spine verification detects the break in the hash chain

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |