# Sprint 0123 · Excititor Ingestion & Evidence (Phase V)

## Topic & Scope
- Feed VEX Lens and Vuln Explorer with enriched, canonical evidence while keeping Excititor aggregation-only.
- Lock raw storage validation/idempotency and ship portable evidence bundles plus mirror registration APIs for air-gapped parity.
- **Working directory:** `src/Excititor` (WebService, Core, Storage.Mongo) and docs/airgap.

## Dependencies & Concurrency
- Depends on Phase IV outputs (timeline/locker/attestation) and mirror registration contract.
- Concurrency: storage validators/indexes first; VEX Lens/Vuln endpoints rely on canonicalization; portable bundles depend on mirror registration endpoints.

## Documentation Prerequisites
- docs/modules/excititor/architecture.md
- docs/modules/excititor/implementation_plan.md
- docs/airgap/portable-evidence-bundle-verification.md
- Excititor AGENTS.md files (WebService, Core, Storage)

> **BLOCKED Tasks:** Before working on BLOCKED tasks, review [BLOCKED_DEPENDENCY_TREE.md](./BLOCKED_DEPENDENCY_TREE.md) for root blockers and dependencies.

## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | EXCITITOR-VEXLENS-30-001 | DONE | None | Excititor WebService Guild · VEX Lens Guild | Export observations to VEX Lens with issuer hints, signature blobs, product tree snippets, staleness metadata; no consensus logic. |
| 2 | EXCITITOR-VULN-29-001 | DONE | None | Excititor WebService Guild | Canonicalize advisory/product keys (`advisory_key`), preserve originals in `links[]`; backfill + tests. |
| 3 | EXCITITOR-VULN-29-002 | DONE | Depends on 29-001 | Excititor WebService Guild | `/vuln/evidence/vex/{advisory_key}` returning tenant-scoped raw statements + provenance + attestation references; cursor pagination. |
| 4 | EXCITITOR-VULN-29-004 | DONE | Depends on 29-002 | Excititor WebService Guild · Observability Guild | Metrics/logs for normalization errors, suppression scopes, withdrawn statements for Vuln Explorer + Advisory AI dashboards. |
| 5 | EXCITITOR-STORE-AOC-19-001 | DONE | None | Excititor Storage Guild | Mongo JSON Schema validator for `vex_raw`; offline kit instructions. |
| 6 | EXCITITOR-STORE-AOC-19-002 | DONE | Depends on 19-001 | Excititor Storage Guild · DevOps Guild | Unique indexes/migrations/rollback steps for new validator. |
| 7 | EXCITITOR-AIRGAP-56-001 | DONE | None | Excititor WebService Guild · AirGap Importer Guild | Mirror bundle registration + provenance exposure, sealed-mode error mapping, staleness metrics. |
| 8 | EXCITITOR-AIRGAP-58-001 | DONE | Depends on 56-001 | Excititor Core Guild · Evidence Locker Guild | Portable evidence bundles linked to timeline + attestation metadata; verifier docs for Advisory AI. |

## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-12-03 | Normalised sprint to standard template; working directory set; preserved statuses. | Planning |

## Decisions & Risks
- Aggregation-only posture retained: exports and APIs do not compute verdicts.
- Validator rollout could impact ingestion; staged with rollback docs. Ensure unique indexes deployed before enabling enforcement.
- Portable bundle contents and mirror registration must stay aligned with Evidence Locker schemas; refresh docs/tests if schema evolves.

## Next Checkpoints
- Re-run bundle verification scripts after any Evidence Locker manifest changes.
- Validate VEX Lens/Vuln Explorer still ingest canonicalized keys after downstream schema tweaks.