# EvidenceLocker Module Charter

## Mission
- Store, package, and export evidence bundles with deterministic outputs.

## Responsibilities
- Maintain evidence bundle schemas and export formats.
- Provide API and worker workflows for evidence packaging and retrieval.
- Enforce deterministic ordering, hashing, and offline-friendly behavior.
- Support transparency log (Rekor) and RFC3161 timestamp references in bundle metadata.
- Support S3 Object Lock for WORM retention and legal hold when configured.

## Required Reading
- docs/README.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/evidence-locker/architecture.md
- docs/modules/evidence-locker/export-format.md
- docs/modules/evidence-locker/evidence-bundle-v1.md
- docs/modules/evidence-locker/attestation-contract.md
- docs/modules/evidence-locker/schemas/stellaops-evidence-pack.v1.schema.json
- docs/modules/evidence-locker/schemas/bundle.manifest.schema.json

## Working Agreement
- Deterministic ordering and invariant formatting for export artifacts.
- Use TimeProvider and IGuidGenerator where timestamps or IDs are created.
- Propagate CancellationToken for async operations.
- Keep offline-first behavior (no network dependencies unless explicitly configured).
- Bundle manifests must serialize transparency and timestamp references in deterministic order (logIndex, tokenPath).
- Object Lock configuration is validated at startup when enabled.

## Testing Strategy
- Unit tests for bundling, export serialization, and hash stability.
- Schema evolution tests for bundle compatibility.
- Tests for transparency and timestamp reference serialization.
- Tests for Object Lock configuration validation.

## Service Endpoints
- Development: https://localhost:10060, http://localhost:10061
- Local alias: https://evidencelocker.stella-ops.local, http://evidencelocker.stella-ops.local
- Env var: STELLAOPS_EVIDENCELOCKER_URL