# Verdict Ledger (Append-Only Store)

## Module
Attestor

## Status
VERIFIED

## Description
Append-only verdict ledger for tamper-evident storage of all verdict decisions with hash chain integrity.

## Implementation Details
- **Verdict Ledger Entity**: `src/Attestor/__Libraries/StellaOps.Attestor.Persistence/Entities/VerdictLedgerEntry.cs` -- persisted ledger entry with verdict decision, subject digest, timestamp, and previous entry hash for chain integrity.
- **IVerdictLedgerRepository**: `Persistence/Repositories/IVerdictLedgerRepository.cs` -- repository interface for append-only verdict storage (append, query by subject, verify chain integrity).
- **PostgresVerdictLedgerRepository**: `Persistence/Repositories/PostgresVerdictLedgerRepository.cs` -- PostgreSQL implementation with append-only semantics enforced by database constraints and hash chain verification.
- **Verdict Receipt Payload**: `__Libraries/StellaOps.Attestor.ProofChain/Statements/VerdictReceiptPayload.cs` -- payload stored in the ledger containing the full verdict decision context.
- **Verdict Receipt Statement**: `Statements/VerdictReceiptStatement.cs` -- in-toto statement wrapping the verdict receipt.
- **Verdict Decision**: `Statements/VerdictDecision.cs` -- the decision record (PASS/FAIL/WARN) with reasoning and policy reference.
- **Verdict Inputs**: `Statements/VerdictInputs.cs` -- captured inputs that drove the verdict.
- **Verdict Outputs**: `Statements/VerdictOutputs.cs` -- outputs/actions from the verdict.
- **Trust Verdict Repository**: `__Libraries/StellaOps.Attestor.TrustVerdict/Persistence/ITrustVerdictRepository.cs` -- repository for trust-scored verdicts with `PostgresTrustVerdictRepository.cs` (with `.Store`, `.GetById`, `.Query`, `.Delete`, `.Stats`).
- **Trust Verdict Entity**: `TrustVerdict/Persistence/TrustVerdictEntity.cs` -- persisted trust verdict with scoring data.
- **Trust Verdict Stats**: `TrustVerdict/Persistence/TrustVerdictStats.cs` -- aggregate statistics over the verdict ledger.
- **Tests**: `__Tests/StellaOps.Attestor.Persistence.Tests/`

## E2E Test Plan
- [ ] Append a verdict to the ledger via `PostgresVerdictLedgerRepository` and verify it is persisted with a hash linking to the genesis entry
- [ ] Append 5 verdicts sequentially and verify each entry's previous hash points to the prior entry, forming a valid hash chain
- [ ] Query verdicts by subject digest and verify only matching entries are returned in chronological order
- [ ] Verify append-only: attempt to update or delete an existing ledger entry and confirm the operation is rejected
- [ ] Verify chain integrity: tamper with one entry's hash in the database and call chain verification; confirm the break is detected
- [ ] Store and retrieve a `VerdictReceiptPayload` with full inputs, decision, and outputs; verify round-trip fidelity
- [ ] Query `TrustVerdictStats` and verify aggregate counts (total verdicts, pass/fail/warn breakdown)
- [ ] Append verdicts concurrently from multiple threads and verify all are persisted with valid hash chain ordering

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |