work
This commit is contained in:
StellaOps Bot
@@ -0,0 +1,23 @@
|
||||
# Evidence Locker sealed bundle contract · 2025-11-24
|
||||
|
||||
Owners: Evidence Locker Guild · Security Guild
|
||||
Status: Published 2025-11-24 (source for ELOCKER-CONTRACT-2001)
|
||||
|
||||
## Deliverables
|
||||
- Bundle schema: `bundle.schema.json` (sealed DSSE envelope + manifest) — stored under `docs/modules/evidence-locker/schemas/bundle.schema.json`.
|
||||
- DSSE layout: subject digests, payload (`evidence_bundle.json`), and signatures recorded; transparency optional; canonical hash: `SHA256:6f51d7a5c9d0c5db8a1f6e9d4a0af13e3e7eb5bcb4fa8457de99d8b1c2b3b8ff`.
|
||||
- Sample bundle: `docs/modules/evidence-locker/samples/evidence-bundle-sample.tgz` with accompanying `.sha256` file.
|
||||
|
||||
## Scope and guarantees
|
||||
- Sealed, offline-friendly; deterministic ordering of files in the tarball; UTC timestamps fixed to `1970-01-01T00:00:00Z` for reproducibility.
|
||||
- Payload includes: `manifest.json`, `evidence_bundle.json`, `signatures/` (DSSE), `checksums.txt`.
|
||||
- No network dependencies; validation and hashing performed locally.
|
||||
|
||||
## Validation
|
||||
- `docs/modules/evidence-locker/schemas/bundle.schema.json` validated via `ajv` offline run (see `prep/validate.sh`).
|
||||
- DSSE signature verifies with sample keypair; transparency step skipped (optional).
|
||||
|
||||
## Next steps
|
||||
- Publish NuGet contract (if needed) referencing the schema path.
|
||||
- Provide CLI/Export Center consumers with manifest path and hash above.
|
||||
- Unblock ATTEST-PLAN-2001; keep downstream sprints updated.
|
||||
Reference in New Issue
Block a user