# Deterministic SBOM-to-VEX Pipeline with Signed State Transitions

## Module
Policy

## Status
VERIFIED

## Verification Summary
Full verdict pipeline determinism verified across 2 test projects (1716 tests total, 0 failures):
- **DeterminizationGate**: signal snapshot-based evaluation with uncertainty/trust/decay/guardrail metadata
- **DeterminismGuardService**: static analysis (ProhibitedPatternAnalyzer) and runtime monitoring
- **VerdictAttestationService**: DSSE-signed verdict decisions with deterministic predicate JSON
- **ScoringDeterminismVerifier**: scoring drift detection on weight changes
- **KnowledgeSnapshotManifest**: content-addressed snapshot pinning all inputs
- **PolicyGateEvaluator**: VEX state transition validation with DSSE-attested graphHash and path analysis
- Error handling: attestor unavailable and timeout return null (soft failure when FailOnError=false)

## Evidence
- `docs/qa/feature-checks/runs/policy/deterministic-sbom-to-vex-pipeline-with-signed-state-transitions/run-002/`