qa: close exportcenter features 001-002 and unblock policy build

docs/features/checked/exportcenter/export-center-risk-bundle-builder.md

@@ -0,0 +1,27 @@
+# Export Center Risk Bundle Builder
+
+## Module
+ExportCenter
+
+## Status
+IMPLEMENTED
+
+## Description
+Generates signed risk bundles aggregating vulnerability findings, VEX decisions, and policy evaluations into portable, DSSE-signed export artifacts for compliance reporting and auditor handoff.
+
+## Implementation Details
+- **Risk bundle builder**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleBuilder.cs` -- aggregates findings, VEX decisions, and policy evaluations into portable bundles
+- **Risk bundle models**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleModels.cs` -- bundle data models
+- **Risk bundle signing**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleSigning.cs` -- DSSE signing for risk bundles
+- **Risk bundle job**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleJob.cs` -- async job for bundle generation
+- **Object store**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleObjectStore.cs`, `FileSystemRiskBundleObjectStore.cs` -- bundle storage
+- **Job handler**: `src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/RiskBundle/RiskBundleJobHandler.cs` -- processes risk bundle jobs
+- **Attestation service**: `src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/Attestation/ExportAttestationService.cs` -- DSSE attestations for exports
+- **Source**: SPRINT_0163_0001_0001_exportcenter_ii.md
+
+## E2E Test Plan
+- [ ] Verify risk bundle builder aggregates vulnerability findings correctly
+- [ ] Test DSSE signing produces valid signed bundles
+- [ ] Verify bundle includes VEX decisions and policy evaluations
+- [ ] Test async job processing for large bundles
+- [ ] Verify bundle storage and retrieval via object store