save checkpoint

2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
--- a/docs/features/checked/evidencelocker/verifiable-evidence-for-every-release-decision.md
+++ b/docs/features/checked/evidencelocker/verifiable-evidence-for-every-release-decision.md
@@ -0,0 +1,30 @@
+# Verifiable Evidence for Every Release Decision
+
+## Module
+EvidenceLocker
+
+## Status
+IMPLEMENTED
+
+## Description
+Timestamped evidence with attestation assembly and export services supports verifiable, audit-grade release decision records.
+
+## Implementation Details
+- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/`, `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/`
+- **Key Classes**:
+  - `EvidenceBundleBuilder` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Builders/EvidenceBundleBuilder.cs`) - assembles verifiable evidence for release decisions
+  - `EvidenceSignatureService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Signing/EvidenceSignatureService.cs`) - signs evidence with DSSE for verifiability
+  - `RetimestampService` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/RetimestampService.cs`) - provides timestamps for evidence records
+  - `EvidenceSnapshotService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Services/EvidenceSnapshotService.cs`) - captures point-in-time evidence snapshots
+  - `EvidenceBundleRepository` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Repositories/EvidenceBundleRepository.cs`) - persists verifiable evidence bundles
+  - `TimestampEvidence` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/Models/TimestampEvidence.cs`) - timestamp evidence model for RFC 3161/Rekor timestamps
+- **Interfaces**: `IEvidenceBundleBuilder`, `IEvidenceSignatureService`, `IRetimestampService`, `IEvidenceBundleRepository`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Record a release decision and verify `EvidenceBundleBuilder` creates a verifiable evidence bundle with DSSE signature
+- [ ] Verify `EvidenceSignatureService` produces DSSE signatures that are independently verifiable
+- [ ] Verify `RetimestampService` attaches RFC 3161 or Rekor timestamps to evidence records
+- [ ] Verify `EvidenceSnapshotService` captures the complete decision context at the time of the decision
+- [ ] Verify evidence bundles persisted via `EvidenceBundleRepository` maintain integrity over time (content hash matches)
+- [ ] Verify end-to-end: create, sign, timestamp, store, retrieve, and independently verify an evidence bundle