save checkpoint

2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
--- a/docs/features/checked/binaryindex/reproducible-build-verification.md
+++ b/docs/features/checked/binaryindex/reproducible-build-verification.md
@@ -0,0 +1,28 @@
+# Reproducible build verification
+
+## Module
+BinaryIndex
+
+## Status
+IMPLEMENTED
+
+## Description
+Reproducible build backend supports local rebuilds with air-gap bundle support for verifying binary provenance.
+
+## Implementation Details
+- **Modules**: `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/`, `src/BinaryIndex/StellaOps.BinaryIndex.Worker/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GroundTruth.Reproducible/`
+- **Key Classes**:
+  - `ReproducibleBuildJob` (`src/BinaryIndex/StellaOps.BinaryIndex.Worker/Jobs/ReproducibleBuildJob.cs`) - worker job that executes reproducible builds using `IFunctionFingerprintExtractor`, `IPatchDiffEngine`, and `IFingerprintClaimRepository`
+  - `ReproducibleBuildJob` (builders) (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/ReproducibleBuildJobTypes.cs`) - builder-level reproducible build job with options
+  - `ReproducibleBuildOptions` - configuration for build verification parameters
+  - `ValidationHarnessService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GroundTruth.Reproducible/ValidationHarnessService.cs`) - validates reproducible build outputs
+  - `FingerprintClaim` / `FingerprintClaimEvidence` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/FingerprintClaimModels.cs`) - claims produced from build verification
+- **Interfaces**: `IReproducibleBuilder` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/IReproducibleBuilder.cs`), `IReproducibleBuildJob`
+
+## E2E Test Plan
+- [ ] Submit a source package and verify reproducible build produces matching binary fingerprints
+- [ ] Verify `FingerprintClaim` is generated with correct `FingerprintClaimEvidence` linking to Build-ID
+- [ ] Verify build verification with non-matching binaries produces a failed verification result
+- [ ] Verify air-gap bundle support: import build inputs from bundle and verify build completes offline
+- [ ] Verify `ReproducibleBuildOptions` configuration controls build behavior
+- [ ] Verify build job integrates with `IPatchDiffEngine` for post-build comparison