VEX annotation and export (OpenVEX + CycloneDX VEX formats)

Module

Excititor

VERIFIED

OpenVEX, CycloneDX, and CSAF VEX normalizers plus consensus export service implement multi-format VEX annotation and export.

Modules: src/Excititor/__Libraries/StellaOps.Excititor.Export/, src/Excititor/__Libraries/StellaOps.Excititor.Core/
Key Classes:
- ExportEngine (src/Excititor/__Libraries/StellaOps.Excititor.Export/ExportEngine.cs) - multi-format VEX export engine
- VexExportManifest (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexExportManifest.cs) - manifest tracking exported VEX data
- FileSystemArtifactStore (src/Excititor/__Libraries/StellaOps.Excititor.Export/FileSystemArtifactStore.cs) - file-based storage for exported artifacts
- VexConsensus (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensus.cs) - consensus model for export
- VexCanonicalJsonSerializer (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexCanonicalJsonSerializer.cs) - canonical JSON for deterministic export
- VexConsensusResolver (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusResolver.cs) - resolves consensus before export
Interfaces: IVexArtifactStore, IVexExportStore
Source: Feature matrix scan

Export VEX data in OpenVEX format via ExportEngine and verify schema compliance
Export VEX data in CycloneDX format and verify CycloneDX VEX schema compliance
Export VEX data in CSAF format and verify CSAF schema compliance
Verify VexExportManifest tracks all exported artifacts with content hashes
Verify VexCanonicalJsonSerializer produces deterministic output across repeated exports
Verify FileSystemArtifactStore persists exported artifacts to the configured directory

Verified on 2026-02-13 via run-001.
Tier 0: Source files confirmed present on disk.
Tier 1: dotnet build passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
Tier 2d: docs/qa/feature-checks/runs/excititor/vex-annotation-and-export/run-001/tier2-integration-check.json