# DSSE/Receipt Schema for Authority/Sbomer/Vexer Flows

## Module
AirGap

## Status
VERIFIED

## Description
DSSE envelope signing/verification across multiple modules with schema types, SPDX3 integration, and air-gap bundle signing. The receipt schema supports Authority, Sbomer, and Vexer flows.

## Implementation Details
- **DSSE signing**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/DsseEnvelope.cs`, `DsseSignature.cs`, `ProofChainSigner.Verification.cs`
- **DSSE SPDX3**: `src/Attestor/__Libraries/StellaOps.Attestor.Spdx3/DsseSpdx3Envelope.cs`, `DsseSpdx3Signature.cs`, `DsseSpdx3Signer.SignAsync.cs`, `DsseSpdx3Signer.Verify.cs`
- **DSSE verification**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/DsseSignatureVerificationStep.cs`
- **Importer DSSE parsing**: `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs`
- **Receipt models**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs`, `VerificationResult.cs`, `VerificationCheck.cs`, `VerificationContext.cs`
- **Signing profiles**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/SigningKeyProfile.cs`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Verify DSSE envelope creation for Authority/Sbomer/Vexer flows
- [ ] Test DSSE signature verification with multiple key profiles
- [ ] Verify receipt schema captures all required verification checks
- [ ] Test SPDX3 DSSE integration

## Verification
- Run ID: `run-001`
- Date (UTC): `2026-02-11`
- Tier 0: `docs/qa/feature-checks/runs/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows/run-001/tier0-source-check.json` (`verdict=pass`)
- Tier 1: `docs/qa/feature-checks/runs/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows/run-001/tier1-build-check.json` (`buildResult=pass`, `testResult=pass`)
- Tier 2: `docs/qa/feature-checks/runs/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows/run-001/tier2-integration-check.json` (`verdict=pass`)