Restructure solution layout by module

src/EvidenceLocker/StellaOps.EvidenceLocker.sln

@@ -0,0 +1,99 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "StellaOps.EvidenceLocker", "StellaOps.EvidenceLocker", "{C00E0960-6835-1015-8CF8-33BE288CF82B}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Core", "StellaOps.EvidenceLocker\StellaOps.EvidenceLocker.Core\StellaOps.EvidenceLocker.Core.csproj", "{72488782-AB4D-4859-BF7D-4329B3326617}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Infrastructure", "StellaOps.EvidenceLocker\StellaOps.EvidenceLocker.Infrastructure\StellaOps.EvidenceLocker.Infrastructure.csproj", "{5769AA55-A733-463F-BCDA-D8818C79909A}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Tests", "StellaOps.EvidenceLocker\StellaOps.EvidenceLocker.Tests\StellaOps.EvidenceLocker.Tests.csproj", "{0A08535C-40FC-433D-A3CB-AAA72BE61408}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.WebService", "StellaOps.EvidenceLocker\StellaOps.EvidenceLocker.WebService\StellaOps.EvidenceLocker.WebService.csproj", "{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Worker", "StellaOps.EvidenceLocker\StellaOps.EvidenceLocker.Worker\StellaOps.EvidenceLocker.Worker.csproj", "{EAE26E97-F971-480F-9C7D-A42D20A63592}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Debug|x64.Build.0 = Debug|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Debug|x86.Build.0 = Debug|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Release|Any CPU.Build.0 = Release|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Release|x64.ActiveCfg = Release|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Release|x64.Build.0 = Release|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Release|x86.ActiveCfg = Release|Any CPU
+		{72488782-AB4D-4859-BF7D-4329B3326617}.Release|x86.Build.0 = Release|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Debug|x64.Build.0 = Debug|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Debug|x86.Build.0 = Debug|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Release|x64.ActiveCfg = Release|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Release|x64.Build.0 = Release|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Release|x86.ActiveCfg = Release|Any CPU
+		{5769AA55-A733-463F-BCDA-D8818C79909A}.Release|x86.Build.0 = Release|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Debug|x64.Build.0 = Debug|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Debug|x86.Build.0 = Debug|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Release|x64.ActiveCfg = Release|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Release|x64.Build.0 = Release|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Release|x86.ActiveCfg = Release|Any CPU
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408}.Release|x86.Build.0 = Release|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Debug|x64.Build.0 = Debug|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Debug|x86.Build.0 = Debug|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Release|Any CPU.Build.0 = Release|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Release|x64.ActiveCfg = Release|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Release|x64.Build.0 = Release|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Release|x86.ActiveCfg = Release|Any CPU
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002}.Release|x86.Build.0 = Release|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Debug|x64.Build.0 = Debug|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Debug|x86.Build.0 = Debug|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Release|Any CPU.Build.0 = Release|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Release|x64.ActiveCfg = Release|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Release|x64.Build.0 = Release|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Release|x86.ActiveCfg = Release|Any CPU
+		{EAE26E97-F971-480F-9C7D-A42D20A63592}.Release|x86.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{72488782-AB4D-4859-BF7D-4329B3326617} = {C00E0960-6835-1015-8CF8-33BE288CF82B}
+		{5769AA55-A733-463F-BCDA-D8818C79909A} = {C00E0960-6835-1015-8CF8-33BE288CF82B}
+		{0A08535C-40FC-433D-A3CB-AAA72BE61408} = {C00E0960-6835-1015-8CF8-33BE288CF82B}
+		{EB1671CD-1D63-4D69-A6F7-4EA5BC93F002} = {C00E0960-6835-1015-8CF8-33BE288CF82B}
+		{EAE26E97-F971-480F-9C7D-A42D20A63592} = {C00E0960-6835-1015-8CF8-33BE288CF82B}
+	EndGlobalSection
+EndGlobal

src/EvidenceLocker/StellaOps.EvidenceLocker/AGENTS.md

@@ -0,0 +1,28 @@
+# Evidence Locker Service — Agent Charter
+
+## Mission
+Implement the append-only, tenant-scoped evidence locker detailed in Epic 15. Produce immutable evidence bundles, manage legal holds, and expose verification APIs for Console and CLI consumers under the imposed rule.
+
+## Responsibilities
+- Define object store layout, metadata DB schemas, and retention policies.
+- Build bundle assembly pipelines (evaluation, job, export) with Merkle manifests and DSSE signing.
+- Provide verification, download, and legal hold APIs with audit trails.
+- Integrate with Timeline Indexer, Exporter, Orchestrator, Policy Engine, Concelier, and Excitator for provenance linking.
+
+## Coordination
+- Work with Provenance Guild for signature tooling.
+- Partner with DevOps Guild on storage backends and WORM options.
+- Align with Security Guild on redaction and access enforcement.
+
+## Definition of Done
+- Deterministic bundle generation proven via integration tests.
+- Object store interactions tested in offline mode.
+- Runbooks in `/docs/forensics/evidence-locker.md` updated per release.
+
+## Module Layout
+- `StellaOps.EvidenceLocker.Core/` — domain models, bundle contracts, deterministic hashing helpers.
+- `StellaOps.EvidenceLocker.Infrastructure/` — storage abstractions, persistence plumbing, and external integrations.
+- `StellaOps.EvidenceLocker.WebService/` — HTTP entry points (minimal API host, OpenAPI, auth).
+- `StellaOps.EvidenceLocker.Worker/` — background assembly/verification pipelines.
+- `StellaOps.EvidenceLocker.Tests/` — unit tests (xUnit) for core/infrastructure components.
+- `StellaOps.EvidenceLocker.sln` — solution aggregating the module projects.

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Class1.cs

@@ -0,0 +1,6 @@
+namespace StellaOps.EvidenceLocker.Core;
+
+public class Class1
+{
+
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/StellaOps.EvidenceLocker.Core.csproj

@@ -0,0 +1,18 @@
+<?xml version="1.0" ?>
+<Project Sdk="Microsoft.NET.Sdk">
+  
+
+  
+  <PropertyGroup>
+    
+    
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <LangVersion>preview</LangVersion>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+  </PropertyGroup>
+  
+
+
+</Project>

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Class1.cs

@@ -0,0 +1,6 @@
+namespace StellaOps.EvidenceLocker.Infrastructure;
+
+public class Class1
+{
+
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/StellaOps.EvidenceLocker.Infrastructure.csproj

@@ -0,0 +1,28 @@
+<?xml version="1.0" ?>
+<Project Sdk="Microsoft.NET.Sdk">
+  
+
+  
+  <ItemGroup>
+    
+    
+    <ProjectReference Include="..\StellaOps.EvidenceLocker.Core\StellaOps.EvidenceLocker.Core.csproj"/>
+    
+  
+  </ItemGroup>
+  
+
+  
+  <PropertyGroup>
+    
+    
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <LangVersion>preview</LangVersion>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+  </PropertyGroup>
+  
+
+
+</Project>

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Tests/StellaOps.EvidenceLocker.Tests.csproj

@@ -0,0 +1,135 @@
+<?xml version="1.0" ?>
+<Project Sdk="Microsoft.NET.Sdk">
+  
+  
+
+  
+  
+  <PropertyGroup>
+    
+    
+    
+    
+    <OutputType>Exe</OutputType>
+    
+    
+    
+    
+    <IsPackable>false</IsPackable>
+    
+    
+
+    
+    
+    
+    
+    
+    
+    
+    
+  
+    
+    <TargetFramework>net10.0</TargetFramework>
+    
+    
+    <ImplicitUsings>enable</ImplicitUsings>
+    
+    
+    <Nullable>enable</Nullable>
+    
+    
+    <UseConcelierTestInfra>false</UseConcelierTestInfra>
+    
+    
+    <LangVersion>preview</LangVersion>
+    
+    
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    
+  
+  </PropertyGroup>
+  
+  
+
+  
+  
+  <ItemGroup>
+    
+    
+    
+    
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1"/>
+    
+    
+    
+    
+    <PackageReference Include="xunit.v3" Version="3.0.0"/>
+    
+    
+    
+    
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.3"/>
+    
+    
+  
+  
+  </ItemGroup>
+  
+  
+
+  
+  
+  <ItemGroup>
+    
+    
+    
+    
+    <Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest"/>
+    
+    
+  
+  
+  </ItemGroup>
+  
+  
+
+  
+  
+  <ItemGroup>
+    
+    
+    
+    
+    <Using Include="Xunit"/>
+    
+    
+  
+  
+  </ItemGroup>
+  
+  
+
+  
+  
+  <ItemGroup>
+    
+    
+    
+    
+    <ProjectReference Include="..\StellaOps.EvidenceLocker.Core\StellaOps.EvidenceLocker.Core.csproj"/>
+    
+    
+    
+    
+    <ProjectReference Include="..\StellaOps.EvidenceLocker.Infrastructure\StellaOps.EvidenceLocker.Infrastructure.csproj"/>
+    
+    
+  
+  
+  </ItemGroup>
+  
+  
+
+
+
+</Project>

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Tests/UnitTest1.cs

@@ -0,0 +1,10 @@
+namespace StellaOps.EvidenceLocker.Tests;
+
+public class UnitTest1
+{
+    [Fact]
+    public void Test1()
+    {
+
+    }
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Tests/xunit.runner.json

@@ -0,0 +1,3 @@
+{
+    "$schema": "https://xunit.net/schema/current/xunit.runner.schema.json"
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/Program.cs

@@ -0,0 +1,41 @@
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
+builder.Services.AddOpenApi();
+
+var app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (app.Environment.IsDevelopment())
+{
+    app.MapOpenApi();
+}
+
+app.UseHttpsRedirection();
+
+var summaries = new[]
+{
+    "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
+};
+
+app.MapGet("/weatherforecast", () =>
+{
+    var forecast =  Enumerable.Range(1, 5).Select(index =>
+        new WeatherForecast
+        (
+            DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
+            Random.Shared.Next(-20, 55),
+            summaries[Random.Shared.Next(summaries.Length)]
+        ))
+        .ToArray();
+    return forecast;
+})
+.WithName("GetWeatherForecast");
+
+app.Run();
+
+record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
+{
+    public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/Properties/launchSettings.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": false,
+      "applicationUrl": "http://localhost:5115",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "https": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": false,
+      "applicationUrl": "https://localhost:7010;http://localhost:5115",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/StellaOps.EvidenceLocker.WebService.csproj

@@ -0,0 +1,41 @@
+<?xml version="1.0" ?>
+<Project Sdk="Microsoft.NET.Sdk.Web">
+  
+
+  
+  <PropertyGroup>
+    
+    
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <LangVersion>preview</LangVersion>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+  </PropertyGroup>
+  
+
+  
+  <ItemGroup>
+    
+    
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0-rc.2.25502.107"/>
+    
+  
+  </ItemGroup>
+  
+
+  
+  <ItemGroup>
+    
+    
+    <ProjectReference Include="..\StellaOps.EvidenceLocker.Core\StellaOps.EvidenceLocker.Core.csproj"/>
+    
+    
+    <ProjectReference Include="..\StellaOps.EvidenceLocker.Infrastructure\StellaOps.EvidenceLocker.Infrastructure.csproj"/>
+    
+  
+  </ItemGroup>
+  
+
+
+</Project>

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/StellaOps.EvidenceLocker.WebService.http

@@ -0,0 +1,6 @@
+@StellaOps.EvidenceLocker.WebService_HostAddress = http://localhost:5115
+
+GET {{StellaOps.EvidenceLocker.WebService_HostAddress}}/weatherforecast/
+Accept: application/json
+
+###

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/appsettings.json

@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*"
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Worker/Program.cs

@@ -0,0 +1,7 @@
+using StellaOps.EvidenceLocker.Worker;
+
+var builder = Host.CreateApplicationBuilder(args);
+builder.Services.AddHostedService<Worker>();
+
+var host = builder.Build();
+host.Run();

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Worker/Properties/launchSettings.json

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "profiles": {
+    "StellaOps.EvidenceLocker.Worker": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "environmentVariables": {
+        "DOTNET_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Worker/StellaOps.EvidenceLocker.Worker.csproj

@@ -0,0 +1,43 @@
+<?xml version="1.0" ?>
+<Project Sdk="Microsoft.NET.Sdk.Worker">
+  
+
+  
+  <PropertyGroup>
+    
+    
+    <UserSecretsId>dotnet-StellaOps.EvidenceLocker.Worker-c74bd053-c14b-412b-a177-12e15fdbe207</UserSecretsId>
+    
+  
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <LangVersion>preview</LangVersion>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+  </PropertyGroup>
+  
+
+  
+  <ItemGroup>
+    
+    
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.0-rc.2.25502.107"/>
+    
+  
+  </ItemGroup>
+  
+
+  
+  <ItemGroup>
+    
+    
+    <ProjectReference Include="..\StellaOps.EvidenceLocker.Core\StellaOps.EvidenceLocker.Core.csproj"/>
+    
+    
+    <ProjectReference Include="..\StellaOps.EvidenceLocker.Infrastructure\StellaOps.EvidenceLocker.Infrastructure.csproj"/>
+    
+  
+  </ItemGroup>
+  
+
+</Project>

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Worker/Worker.cs

@@ -0,0 +1,16 @@
+namespace StellaOps.EvidenceLocker.Worker;
+
+public class Worker(ILogger<Worker> logger) : BackgroundService
+{
+    protected override async Task ExecuteAsync(CancellationToken stoppingToken)
+    {
+        while (!stoppingToken.IsCancellationRequested)
+        {
+            if (logger.IsEnabled(LogLevel.Information))
+            {
+                logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
+            }
+            await Task.Delay(1000, stoppingToken);
+        }
+    }
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Worker/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.Hosting.Lifetime": "Information"
+    }
+  }
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Worker/appsettings.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.Hosting.Lifetime": "Information"
+    }
+  }
+}

src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.sln

@@ -0,0 +1,90 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Core", "StellaOps.EvidenceLocker.Core\StellaOps.EvidenceLocker.Core.csproj", "{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Infrastructure", "StellaOps.EvidenceLocker.Infrastructure\StellaOps.EvidenceLocker.Infrastructure.csproj", "{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.WebService", "StellaOps.EvidenceLocker.WebService\StellaOps.EvidenceLocker.WebService.csproj", "{392D1580-C75B-4CB2-8F26-45C65268A191}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Worker", "StellaOps.EvidenceLocker.Worker\StellaOps.EvidenceLocker.Worker.csproj", "{B384F421-48D0-48EB-A63F-0AF28EBC75EB}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.EvidenceLocker.Tests", "StellaOps.EvidenceLocker.Tests\StellaOps.EvidenceLocker.Tests.csproj", "{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Debug|x64.Build.0 = Debug|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Debug|x86.Build.0 = Debug|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Release|x64.ActiveCfg = Release|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Release|x64.Build.0 = Release|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Release|x86.ActiveCfg = Release|Any CPU
+		{217D54F6-D07F-4B1E-8598-7DCAF0BD65C7}.Release|x86.Build.0 = Release|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Debug|x64.Build.0 = Debug|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Debug|x86.Build.0 = Debug|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Release|Any CPU.Build.0 = Release|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Release|x64.ActiveCfg = Release|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Release|x64.Build.0 = Release|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Release|x86.ActiveCfg = Release|Any CPU
+		{BF61F2F5-4ECA-4DA6-AC6B-102C39D225A1}.Release|x86.Build.0 = Release|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Debug|x64.Build.0 = Debug|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Debug|x86.Build.0 = Debug|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Release|Any CPU.Build.0 = Release|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Release|x64.ActiveCfg = Release|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Release|x64.Build.0 = Release|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Release|x86.ActiveCfg = Release|Any CPU
+		{392D1580-C75B-4CB2-8F26-45C65268A191}.Release|x86.Build.0 = Release|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Debug|x64.Build.0 = Debug|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Debug|x86.Build.0 = Debug|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Release|x64.ActiveCfg = Release|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Release|x64.Build.0 = Release|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Release|x86.ActiveCfg = Release|Any CPU
+		{B384F421-48D0-48EB-A63F-0AF28EBC75EB}.Release|x86.Build.0 = Release|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Debug|x64.Build.0 = Debug|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Debug|x86.Build.0 = Debug|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Release|x64.ActiveCfg = Release|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Release|x64.Build.0 = Release|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Release|x86.ActiveCfg = Release|Any CPU
+		{B9D6DCF2-1C6F-41E5-8D63-118BD0751839}.Release|x86.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md

@@ -0,0 +1,24 @@
+# Evidence Locker Task Board — Epic 15: Observability & Forensics
+
+## Sprint 53 – Evidence Bundle Foundations
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| EVID-OBS-53-001 | TODO | Evidence Locker Guild | TELEMETRY-OBS-50-001, DEVOPS-OBS-50-003 | Bootstrap `StellaOps.Evidence.Locker` service with Postgres schema for `evidence_bundles`, `evidence_artifacts`, `evidence_holds`, tenant RLS, and object-store abstraction (WORM optional). | Service builds/tests; migrations deterministic; storage abstraction has local filesystem + S3 drivers; compliance checklist recorded. |
+| EVID-OBS-53-002 | TODO | Evidence Locker Guild, Orchestrator Guild | EVID-OBS-53-001, ORCH-OBS-53-001 | Implement bundle builders for evaluation/job/export snapshots collecting inputs, outputs, env digests, run metadata. Generate Merkle tree + manifest skeletons and persist root hash. | Builders cover three bundle types; integration tests verify deterministic manifests; root hash stored; docs stubbed. |
+| EVID-OBS-53-003 | TODO | Evidence Locker Guild, Security Guild | EVID-OBS-53-002 | Expose REST APIs (`POST /evidence/snapshot`, `GET /evidence/:id`, `POST /evidence/verify`, `POST /evidence/hold/:case_id`) with audit logging, tenant enforcement, and size quotas. | APIs documented via OpenAPI; tests cover RBAC/legal hold; size quota rejection returns structured error; audit logs validated. |
+
+## Sprint 54 – Provenance Integration
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| EVID-OBS-54-001 | TODO | Evidence Locker Guild, Provenance Guild | EVID-OBS-53-003, PROV-OBS-53-002 | Attach DSSE signing and RFC3161 timestamping to bundle manifests; validate against Provenance verification library. Wire legal hold retention extension and chain-of-custody events for Timeline Indexer. | Bundles signed; verification tests pass; timeline events emitted; timestamp optional but documented; retention updates recorded. |
+| EVID-OBS-54-002 | TODO | Evidence Locker Guild, DevEx/CLI Guild | EVID-OBS-54-001, CLI-FORENSICS-54-001 | Provide bundle download/export packaging (tgz) with checksum manifest, offline verification instructions, and sample fixture for CLI tests. | Packaging script deterministic; CLI verifies sample; offline instructions documented; checksum cross-check done. |
+
+## Sprint 55 – Incident Mode & Retention
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| EVID-OBS-55-001 | TODO | Evidence Locker Guild, DevOps Guild | EVID-OBS-54-001, DEVOPS-OBS-55-001 | Implement incident mode hooks increasing retention window, capturing additional debug artefacts, and emitting activation/deactivation events to Timeline Indexer + Notifier. | Incident mode extends retention per config; activation events emitted; tests cover revert to baseline; runbook updated. |
+
+## Sprint 60 – Sealed Mode Portability
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| EVID-OBS-60-001 | TODO | Evidence Locker Guild | EVID-OBS-55-001, AIRGAP-CTL-56-002 | Deliver portable evidence export flow for sealed environments: generate sealed bundles with checksum manifest, redacted metadata, and offline verification script. Document air-gapped import/verify procedures. | Portable bundle tooling implemented; checksum/verify script passes; sealed-mode docs updated; tests cover tamper + re-import scenarios. |