# Evidence TTL and staleness policy

## Module
Signals

## Status
PARTIALLY_IMPLEMENTED

## Description
Retention options and lifecycle services exist for evidence expiry, but the advisory noted TTL strategy at 50% coverage.

## What's Implemented
- **Modules**: `src/Signals/StellaOps.Signals/Services/`, `src/Signals/StellaOps.Signals/Options/`
- **Key Classes**:
  - `UnknownsDecayService` (`src/Signals/StellaOps.Signals/Services/UnknownsDecayService.cs`) - applies decay to stale unknown findings (related TTL behavior)
  - `UnknownsDecayOptions` (`src/Signals/StellaOps.Signals/Options/UnknownsDecayOptions.cs`) - configurable decay/TTL thresholds
  - `NightlyDecayWorker` (`src/Signals/StellaOps.Signals/Services/NightlyDecayWorker.cs`) - scheduled worker for TTL processing
- **Source**: Feature matrix scan

## What's Missing
- Comprehensive evidence TTL policy engine covering all evidence types (callgraph, runtime, SBOM correlation, attestation)
- Per-evidence-type configurable TTL with different retention periods
- Staleness detection that marks evidence as stale before hard expiry
- Automated evidence archival workflow (move to cold storage before deletion)
- TTL policy dashboard showing evidence age distribution and upcoming expirations

## Implementation Plan
- Implement `EvidenceTtlPolicyEngine` with per-type configurable retention periods
- Add staleness detection service that marks evidence nearing TTL as stale
- Implement evidence archival pipeline for cold storage migration
- Add TTL policy configuration UI and monitoring dashboard
- Extend `NightlyDecayWorker` to handle evidence expiry across all evidence types

## Related Documentation
- Source: See feature catalog