save checkpoint

2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
--- a/docs/features/checked/evidencelocker/evidence-bundle-export-with-embedded-verify-scripts.md
+++ b/docs/features/checked/evidencelocker/evidence-bundle-export-with-embedded-verify-scripts.md
@@ -0,0 +1,32 @@
+# Evidence Bundle Export with Embedded Verify Scripts
+
+## Module
+EvidenceLocker
+
+## Status
+IMPLEMENTED
+
+## Description
+Standardized evidence-bundle tar.gz export format with embedded verify.sh (POSIX) and verify.ps1 (PowerShell) scripts, bundled public keys for offline verification, Merkle root verification (RFC 6962), BSD-format SHA256 checksums, and async export worker for large bundles with status tracking (pending/processing/ready/failed).
+
+## Implementation Details
+- **Modules**: `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/Api/`
+- **Key Classes**:
+  - `TarGzBundleExporter` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs`) - creates tar.gz bundles with embedded verify scripts and checksums
+  - `VerifyScriptGenerator` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/VerifyScriptGenerator.cs`) - generates verify.sh (POSIX) and verify.ps1 (PowerShell) scripts
+  - `MerkleTreeBuilder` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/MerkleTreeBuilder.cs`) - builds Merkle tree for bundle integrity (RFC 6962)
+  - `ChecksumFileWriter` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/ChecksumFileWriter.cs`) - writes BSD-format SHA256 checksums
+  - `BundleManifest` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs`) - manifest model for bundle contents
+  - `BundleMetadata` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleMetadata.cs`) - metadata model for bundle export
+  - `ExportEndpoints` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportEndpoints.cs`) - REST endpoints for export operations
+  - `ExportJobService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportJobService.cs`) - async export worker with status tracking
+- **Interfaces**: `IEvidenceBundleExporter`, `IBundleDataProvider`, `IExportJobService`
+- **Source**: SPRINT_20260106_003_003_EVIDENCE_export_bundle.md
+
+## E2E Test Plan
+- [ ] Export an evidence bundle via `ExportEndpoints` and verify the tar.gz contains verify.sh, verify.ps1, checksums, and public keys
+- [ ] Extract the bundle and run the embedded verify.sh script to confirm it validates checksums and Merkle root
+- [ ] Verify `MerkleTreeBuilder` produces RFC 6962-compliant Merkle tree with correct root hash
+- [ ] Verify `ChecksumFileWriter` writes BSD-format SHA256 checksums matching each file in the bundle
+- [ ] Submit a large bundle export and verify `ExportJobService` tracks status through pending/processing/ready states
+- [ ] Verify the exported bundle can be verified offline using only the embedded scripts and bundled public keys