# Portable Audit Pack Plan (2026-02-10)

## Objective
Deliver a portable, signed, offline-verifiable software supply-chain audit pack profile that auditors and air-gapped operators can validate end-to-end without network calls.

## Why now
- Stella Ops already has strong DSSE/Rekor/offline primitives, but contracts are split across multiple bundle formats.
- Current implementation has partial deterministic guarantees and inconsistent manifest models.
- A single contract and rollout plan is needed before scaling evidence export/import across modules.

## Planned outcome
- One canonical portable pack profile with:
  - JCS-canonicalized manifest
  - SBOM + DSSE attestation references
  - Rekor inclusion/checkpoint anchors with tile material references
  - deterministic file inventory and content digests
  - optional analytics index profile (`components.parquet`)

## Scope
### In scope
- Contract unification across AuditPack, Attestor EvidencePack, EvidenceLocker exports, and CLI verifier paths.
- Deterministic generation and offline verification hardening.
- Golden fixtures and deterministic replay verification matrix.

### Out of scope (initial phase)
- Mandatory Parquet generation in baseline profile.
- Runtime policy model changes unrelated to pack generation/verification.
- External transparency services beyond current supported Rekor-compatible model.

## Delivery phases
1. Contract freeze
   - Canonical manifest/schema and compatibility mapping.
   - Required/optional artifact matrix and fail-closed verification rules.
2. Generator hardening
   - Deterministic serialization, archive metadata, ordering, and digest workflows.
3. Verification parity
   - Offline signature, digest, and Rekor inclusion verification aligned across services and CLI.
4. Optional analytics profile
   - `components.parquet` schema profile, fingerprinting, and operator guidance.
5. QA and release readiness
   - Deterministic fixtures, tamper scenarios, and regression coverage.

## Key risks
- Contract drift between modules.
- Hidden non-determinism (timestamps, traversal order, serializer differences).
- Operator confusion from overlapping legacy bundle formats.
- Optional analytics dependencies introducing rollout friction.

## Mitigations
- Single schema contract and explicit compatibility tables.
- Pinned toolchains and fixture-based byte-stability checks.
- Clear migration/runbook guidance for legacy formats.
- Optional analytics profile behind explicit enablement.

## Traceability
- Translation sprint (completed): `docs-archived/implplan/2026-02-10-completed-sprints/SPRINT_20260210_003_DOCS_portable_audit_pack_translation.md`
- Active implementation sprint: `docs/implplan/SPRINT_20260210_005_EvidenceLocker_portable_audit_pack_implementation.md`
- Detailed contract: `docs/modules/evidence-locker/portable-audit-pack-contract.md`
- Advisory archive record: `docs-archived/product/advisories/10-Feb-2026 - Portable software supply chain audit pack.md`