# Risk Budget API Endpoints

## Module
Policy

## Status
IMPLEMENTED

## Description
API endpoints for risk budget management and enforcement with integration-level testing of budget enforcement.

## Implementation Details
- **BudgetEndpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/BudgetEndpoints.cs` -- CRUD endpoints for budget management
- **RiskBudgetEndpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/RiskBudgetEndpoints.cs` -- risk budget evaluation and status endpoints
- **RiskProfileEndpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileEndpoints.cs` -- risk profile configuration endpoints
- **RiskProfileSchemaEndpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileSchemaEndpoints.cs` -- schema validation for risk profiles
- **RiskProfileAirGapEndpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileAirGapEndpoints.cs` -- air-gap compatible risk profile endpoints
- **LedgerExportService**: `src/Policy/StellaOps.Policy.Engine/Ledger/LedgerExportService.cs` -- budget ledger export for compliance
- **LedgerModels**: `src/Policy/StellaOps.Policy.Engine/Ledger/LedgerModels.cs` -- ledger data models
- **LedgerExportStore**: `src/Policy/StellaOps.Policy.Engine/Ledger/LedgerExportStore.cs` -- persistence for ledger exports
- **UnknownBudgetService** / **UnknownsBudgetEnforcer**: `src/Policy/__Libraries/StellaOps.Policy.Unknowns/` -- budget enforcement for unknowns
- **PolicyGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs` -- budget status affects gate level selection

## E2E Test Plan
- [ ] GET budget status endpoint; verify response includes current consumption, limits, and status (Green/Yellow/Red/Exhausted)
- [ ] POST create budget with critical/high/medium limits; verify budget created with correct thresholds
- [ ] POST evaluate risk budget for artifact; verify consumption is calculated and compared against limits
- [ ] Consume budget beyond Yellow threshold; verify status changes to Yellow
- [ ] Consume budget beyond Red threshold; verify status changes to Red
- [ ] Consume budget beyond limit; verify status changes to Exhausted and gate level escalates
- [ ] GET risk profile endpoint; verify profile includes budget configuration and scoring weights
- [ ] POST risk profile schema validation; verify invalid profile returns validation errors
- [ ] GET ledger export; verify budget transactions are exported with timestamps and actor IDs
- [ ] GET air-gap risk profile endpoint; verify offline-compatible response without external dependencies