# Automatic code_not_reachable VEX Justification Generation

## Module
Excititor

## Status
IMPLEMENTED

## Description
Automatically generates VEX `code_not_reachable` justifications when reachability slice verdict is "unreachable", including slice digest as evidence reference and supporting OpenVEX, CSAF, and CycloneDX formats. Auto-generated justifications require human approval by default.

## Implementation Details
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/`, `src/Excititor/__Libraries/StellaOps.Excititor.Core/Justification/`, `src/Excititor/__Libraries/StellaOps.Excititor.Core/Reachability/`
- **Key Classes**:
  - `VexNotReachableJustification` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/VexNotReachableJustification.cs`) - generates `code_not_reachable` justifications from reachability data
  - `ReachabilityJustificationGenerator` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Justification/ReachabilityJustificationGenerator.cs`) - generates justifications from reachability slice verdicts
  - `VexDowngradeGenerator` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/VexDowngradeGenerator.cs`) - generates VEX downgrade statements when code is unreachable
  - `AutoVexDowngradeService` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/AutoVexDowngradeService.cs`) - service orchestrating auto-VEX downgrade workflow
  - `ReachabilityLatticeUpdater` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/ReachabilityLatticeUpdater.cs`) - updates lattice state with reachability evidence
  - `TimeBoxedConfidence` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/TimeBoxedConfidence.cs`) - time-bounded confidence for auto-generated justifications
  - `SliceVerdictConsumer` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Reachability/SliceVerdictConsumer.cs`) - consumes reachability slice verdicts
- **Interfaces**: `ISliceVerdictConsumer`
- **Source**: SPRINT_3830_0001_0001_vex_integration_policy_binding.md

## E2E Test Plan
- [ ] Trigger a reachability slice verdict of "unreachable" and verify `VexNotReachableJustification` generates a `code_not_reachable` justification
- [ ] Verify the generated justification includes the slice digest as evidence reference
- [ ] Verify `AutoVexDowngradeService` marks auto-generated justifications as requiring human approval by default
- [ ] Verify `TimeBoxedConfidence` applies time-bounded confidence decay to auto-generated justifications
- [ ] Verify generated justifications are compatible with OpenVEX, CSAF, and CycloneDX export formats
- [ ] Verify `ReachabilityLatticeUpdater` updates the lattice state when reachability evidence changes