# VEX conflict resolution (side-by-side merge with provenance)

## Module
Concelier

## Status
IMPLEMENTED

## Description
VEX conflict resolver and consensus engine merge statements from multiple sources with rationale models explaining merge outcomes.

## Implementation Details
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/`
- **Key Classes**:
  - `VexConflictResolver` (`src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConflictResolver.cs`) - resolves conflicts between VEX statements from multiple sources with provenance-based precedence
  - `VexConsumptionReporter` (`src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionReporter.cs`) - reports VEX consumption outcomes and merge rationale
  - `VexConsumptionPolicyLoader` (`src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionPolicyLoader.cs`) - loads VEX consumption policies defining merge rules
  - `VexConsumptionPolicyDefaults` (`src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionPolicy.cs`) - default merge policy configuration
  - `VexConsumptionOptions` (`src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionOptions.cs`) - options for VEX consumption behavior
- **Interfaces**: `IVexConflictResolver`, `IVexConsumptionReporter`, `IVexConsumptionPolicyLoader`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Submit two conflicting VEX statements (affected vs not_affected) for the same CVE+product and verify the resolver produces a merged outcome with rationale
- [ ] Verify provenance-based precedence: vendor VEX statement takes precedence over community source
- [ ] Verify `VexConsumptionReporter` emits a report explaining why one statement won over another
- [ ] Verify policy-based resolution: load a custom merge policy and confirm it changes the resolution outcome
- [ ] Verify side-by-side preservation: both original statements remain accessible after merge