# Verifier

> Standalone CLI tool for offline verification of evidence bundles in air-gapped environments.

## Purpose

Verifier is a self-contained, cross-platform CLI binary that validates evidence bundles without requiring network access or external dependencies. It checks DSSE signatures, RFC 3161 timestamps, SHA-256 digests, and SBOM integrity, enabling compliance verification in air-gapped environments where no Stella Ops services are reachable.

## Quick Links

- [Architecture](./architecture.md)

## Status

| Attribute    | Value              |
|-------------|---------------------|
| **Maturity** | Production          |
| **Source**   | `src/Verifier/`     |

## Key Features

- Self-contained single-file binary (cross-platform: win-x64, linux-x64, linux-musl-x64, osx-x64, osx-arm64)
- Bundle extraction (gzip+tar)
- Manifest validation
- DSSE signature verification
- RFC 3161 timestamp verification
- SHA-256 digest checking
- Trust profile support (key whitelisting)
- Output formats (text/JSON/markdown)

## Dependencies

### Upstream

- None (standalone, offline-first design with zero runtime dependencies on Stella Ops services)

### Downstream

- AirGap - offline bundle verification workflows
- CLI - integrated verification commands for operator use