consolidation of some of the modules, localization fixes, product advisories work, qa work

2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
--- a/docs-archived/modules/verifier/README.md
+++ b/docs-archived/modules/verifier/README.md
@@ -0,0 +1,40 @@
+# Verifier
+
+> Standalone CLI tool for offline verification of evidence bundles in air-gapped environments.
+
+## Purpose
+
+Verifier is a self-contained, cross-platform CLI binary that validates evidence bundles without requiring network access or external dependencies. It checks DSSE signatures, RFC 3161 timestamps, SHA-256 digests, and SBOM integrity, enabling compliance verification in air-gapped environments where no Stella Ops services are reachable.
+
+## Quick Links
+
+- [Architecture](./architecture.md)
+
+## Status
+
+| Attribute    | Value              |
+|-------------|---------------------|
+| **Maturity** | Production          |
+| **Source**   | `src/Verifier/`     |
+
+## Key Features
+
+- Self-contained single-file binary (cross-platform: win-x64, linux-x64, linux-musl-x64, osx-x64, osx-arm64)
+- Bundle extraction (gzip+tar)
+- Manifest validation
+- DSSE signature verification
+- RFC 3161 timestamp verification
+- SHA-256 digest checking
+- Trust profile support (key whitelisting)
+- Output formats (text/JSON/markdown)
+
+## Dependencies
+
+### Upstream
+
+- None (standalone, offline-first design with zero runtime dependencies on Stella Ops services)
+
+### Downstream
+
+- AirGap - offline bundle verification workflows
+- CLI - integrated verification commands for operator use