Evidence TTL and staleness policy

Module

Signals

PARTIALLY_IMPLEMENTED

Retention options and lifecycle services exist for evidence expiry, but the advisory noted TTL strategy at 50% coverage.

Modules: src/Signals/StellaOps.Signals/Services/, src/Signals/StellaOps.Signals/Options/
Key Classes:
- UnknownsDecayService (src/Signals/StellaOps.Signals/Services/UnknownsDecayService.cs) - applies decay to stale unknown findings (related TTL behavior)
- UnknownsDecayOptions (src/Signals/StellaOps.Signals/Options/UnknownsDecayOptions.cs) - configurable decay/TTL thresholds
- NightlyDecayWorker (src/Signals/StellaOps.Signals/Services/NightlyDecayWorker.cs) - scheduled worker for TTL processing
Source: Feature matrix scan

Comprehensive evidence TTL policy engine covering all evidence types (callgraph, runtime, SBOM correlation, attestation)
Per-evidence-type configurable TTL with different retention periods
Staleness detection that marks evidence as stale before hard expiry
Automated evidence archival workflow (move to cold storage before deletion)
TTL policy dashboard showing evidence age distribution and upcoming expirations

Implement EvidenceTtlPolicyEngine with per-type configurable retention periods
Add staleness detection service that marks evidence nearing TTL as stale
Implement evidence archival pipeline for cold storage migration
Add TTL policy configuration UI and monitoring dashboard
Extend NightlyDecayWorker to handle evidence expiry across all evidence types