docs consolidation and others

docs/modules/airgap/guides/portable-evidence.md

@@ -0,0 +1,27 @@
+# Portable Evidence Bundles (DOCS-AIRGAP-58-004)
+
+Guidance for exporting/importing portable evidence bundles across enclaves.
+
+## Bundle contents
+- Evidence payloads (VEX observations/linksets) as NDJSON.
+- Timeline events and attestation DSSE envelopes.
+- Manifest with `bundleId`, `source`, `tenant`, `createdAt`, `files[]`, `dsseEnvelopeHash` (optional).
+
+## Export
+- Produce from Evidence Locker/Excititor with deterministic ordering and SHA-256 hashes.
+- Include Merkle root over evidence files; store in manifest.
+- Sign manifest (DSSE) when trust roots available.
+
+## Import
+- Verify manifest hash, Merkle root, and DSSE signature offline.
+- Enforce tenant scoping; refuse cross-tenant bundles.
+- Emit timeline event upon successful import.
+
+## Constraints
+- No external lookups; verification uses bundled roots.
+- Max size per bundle configurable; default 500 MB.
+- Keep file paths UTF-8 and slash-separated; avoid host-specific metadata.
+
+## Determinism
+- Sort files lexicographically; use ISO-8601 UTC timestamps.
+- Avoid re-compressing files; if tar is used, set deterministic headers (uid/gid=0, mtime=0).