# VEX Policy-Controlled Trust and Evidence Requirements

## Module
Excititor

## Status
VERIFIED

## Description
Policy-driven trust weights and evidence requirements for VEX claims, with guardrails ensuring safe statuses require evidence satisfaction.

## Implementation Details
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/`, `src/Excititor/StellaOps.Excititor.WebService/`
- **Key Classes**:
  - `BaselineVexConsensusPolicy` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/BaselineVexConsensusPolicy.cs`) - baseline policy with evidence requirements for safe statuses
  - `VexConsensusPolicyOptions` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusPolicyOptions.cs`) - configurable policy options for trust and evidence
  - `TrustWeightRegistry` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/TrustWeightRegistry.cs`) - per-source trust weight configuration
  - `PolicyLatticeAdapter` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/PolicyLatticeAdapter.cs`) - adapts policy engine rules for VEX trust evaluation
  - `VexEvidenceLinkOptions` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Evidence/VexEvidenceLinkOptions.cs`) - evidence linking requirements configuration
  - `PolicyEndpoints` (`src/Excititor/StellaOps.Excititor.WebService/Endpoints/PolicyEndpoints.cs`) - REST endpoints for VEX policy queries
  - `PolicyContracts` (`src/Excititor/StellaOps.Excititor.WebService/Contracts/PolicyContracts.cs`) - API contracts for policy data
- **Interfaces**: `IVexConsensusPolicy`, `IVexLatticeProvider`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Configure a policy requiring binary-diff evidence for `not_affected` status and verify claims without evidence are rejected
- [ ] Verify `TrustWeightRegistry` applies configurable trust weights: increase vendor weight and verify vendor claims rank higher
- [ ] Verify `BaselineVexConsensusPolicy` enforces minimum evidence requirements for safe statuses (not_affected, fixed)
- [ ] Verify `PolicyLatticeAdapter` applies K4 lattice rules from the policy engine to VEX trust evaluation
- [ ] Verify `VexEvidenceLinkOptions` requires specific evidence types (reachability, binary-diff) for specific statuses
- [ ] Verify `PolicyEndpoints` returns the active VEX policy configuration

## Verification
- Verified on 2026-02-13 via `run-001`.
- Tier 0: Source files confirmed present on disk.
- Tier 1: `dotnet build` passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
- Tier 2d: `docs/qa/feature-checks/runs/excititor/vex-policy-controlled-trust-and-evidence-requirements/run-001/tier2-integration-check.json`