mission-testronaut · scfast · Jun 17, 2026 · Jun 17, 2026
diff --git a/.github/workflows/periapsis-vulnerability-exception-request.yml b/.github/workflows/periapsis-vulnerability-exception-request.yml
@@ -49,20 +49,32 @@ jobs:
       - name: Install periapsis
         run: npm install -g periapsis
       - name: Add vulnerability exception
+        env:
+          INPUT_REPO: ${{ inputs.repo }}
+          INPUT_ALERT_NUMBER: ${{ inputs.alertNumber }}
+          INPUT_TYPE: ${{ inputs.exceptionType }}
+          INPUT_PACKAGE: ${{ inputs.package }}
+          INPUT_ECOSYSTEM: ${{ inputs.ecosystem }}
+          INPUT_SCOPE: ${{ inputs.dependencyScope }}
+          INPUT_SEVERITIES: ${{ inputs.severities }}
+          INPUT_REASON: ${{ inputs.reason }}
+          INPUT_UNTIL: ${{ inputs.acceptedUntil }}
+          INPUT_APPROVED_BY: ${{ inputs.approvedBy }}
+          INPUT_EVIDENCE: ${{ inputs.evidenceRef }}
         run: |
           periapsis vulnerability exceptions add \
             --non-interactive \
-            --repo "${{ inputs.repo }}" \
-            --alert-number "${{ inputs.alertNumber }}" \
-            --type "${{ inputs.exceptionType }}" \
-            --package "${{ inputs.package }}" \
-            --ecosystem "${{ inputs.ecosystem }}" \
-            --dependency-scope "${{ inputs.dependencyScope }}" \
-            --severities "${{ inputs.severities }}" \
-            --reason "${{ inputs.reason }}" \
-            --accepted-until "${{ inputs.acceptedUntil }}" \
-            --approved-by "${{ inputs.approvedBy }}" \
-            --evidence-ref "${{ inputs.evidenceRef }}"
+            --repo "$INPUT_REPO" \
+            --alert-number "$INPUT_ALERT_NUMBER" \
+            --type "$INPUT_TYPE" \
+            ${INPUT_PACKAGE:+--package "$INPUT_PACKAGE"} \
+            ${INPUT_ECOSYSTEM:+--ecosystem "$INPUT_ECOSYSTEM"} \
+            ${INPUT_SCOPE:+--dependency-scope "$INPUT_SCOPE"} \
+            --severities "$INPUT_SEVERITIES" \
+            --reason "$INPUT_REASON" \
+            --accepted-until "$INPUT_UNTIL" \
+            --approved-by "$INPUT_APPROVED_BY" \
+            --evidence-ref "$INPUT_EVIDENCE"
       - name: Validate vulnerability policy
         run: periapsis vulnerability validate
       - name: Create pull request

diff --git a/policy/vulnerability-exceptions.json b/policy/vulnerability-exceptions.json
@@ -2,20 +2,17 @@
   {
     "id": "VEX-2026-001",
     "type": "alert",
-    "package": "true",
-    "ecosystem": "true",
     "repo": "mission-testronaut/testronaut-cli",
-    "alertNumber": 1,
-    "dependencyScope": "true",
+    "alertNumber": 16,
     "appliesToSeverities": [
-      "medium"
+      "critical"
     ],
-    "reason": "Testing exception workflow",
-    "acceptedUntil": "2026-09-01T00:00:00.000Z",
+    "reason": "Upstream fix not yet available. Reviewing impact and testing patched version. No production exposure — dev dependency only.",
+    "acceptedUntil": "2026-06-30T00:00:00.000Z",
     "approvedBy": [
-      "shane.fast@ultimarii.com"
+      "Shane Fast"
     ],
-    "createdAt": "2026-06-15T16:16:15.752Z",
-    "evidenceRef": "test-run-002"
+    "createdAt": "2026-06-17T17:14:47.945Z",
+    "evidenceRef": "https://github.com/mission-testronaut/testronaut-cli/security/dependabot/16"
   }
 ]