# Provenance Bundle Export and Independent Verification

## Module
EvidenceLocker

## Status
IMPLEMENTED

## Description
Provenance attestation with build models, signers, and verification is implemented. EvidenceLocker supports tar.gz bundle export with Merkle tree integrity.

## Implementation Details
- **Modules**: `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/`
- **Key Classes**:
  - `TarGzBundleExporter` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs`) - exports provenance bundles as tar.gz with Merkle tree
  - `MerkleTreeBuilder` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/MerkleTreeBuilder.cs`) - builds Merkle tree for bundle integrity verification
  - `VerifyScriptGenerator` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/VerifyScriptGenerator.cs`) - generates verification scripts for independent verification
  - `EvidenceSignatureService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Signing/EvidenceSignatureService.cs`) - signs provenance bundles with DSSE
  - `EvidencePortableBundleService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Services/EvidencePortableBundleService.cs`) - creates portable provenance bundles
  - `BundleManifest` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs`) - manifest with provenance attestation references
- **Interfaces**: `IEvidenceBundleExporter`, `IEvidenceSignatureService`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Export a provenance bundle via `TarGzBundleExporter` and verify it contains SLSA provenance attestation and Merkle tree
- [ ] Verify `MerkleTreeBuilder` computes correct Merkle root matching all bundle items
- [ ] Verify `VerifyScriptGenerator` creates scripts that independently verify provenance signatures and Merkle root
- [ ] Verify `EvidenceSignatureService` signs the provenance bundle and the signature is independently verifiable
- [ ] Verify the exported bundle can be verified by a third party using only the bundle contents and public key
- [ ] Verify `EvidencePortableBundleService` creates a self-contained portable bundle for air-gapped environments