# Rekor Timestamp in Evidence Graph Metadata

## Module
EvidenceLocker

## Status
IMPLEMENTED

## Description
Evidence graph signature metadata extended with Rekor integrated time (RFC3339) and entry URL for UI timestamp linking and verifiable provenance display.

## Implementation Details
- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/`
- **Key Classes**:
  - `EvidenceBundleSignature` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleSignature.cs`) - extended with Rekor integrated time and entry URL fields
  - `EvidenceBundleMetadata` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleMetadata.cs`) - metadata model with Rekor timestamp references
  - `Rfc3161TimestampAuthorityClient` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Signing/Rfc3161TimestampAuthorityClient.cs`) - retrieves and validates RFC 3161 timestamps
  - `TimelineIndexerEvidenceTimelinePublisher` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Timeline/TimelineIndexerEvidenceTimelinePublisher.cs`) - publishes Rekor-timestamped events to the timeline
- **Interfaces**: `ITimestampAuthorityClient`, `IEvidenceTimelinePublisher`
- **Source**: SPRINT_20260112_004_FINDINGS_evidence_graph_rekor_time.md

## E2E Test Plan
- [ ] Create a signed evidence bundle and verify `EvidenceBundleSignature` includes Rekor integrated time in RFC3339 format
- [ ] Verify `EvidenceBundleSignature` includes a Rekor entry URL that resolves to the correct log entry
- [ ] Verify `Rfc3161TimestampAuthorityClient` retrieves and validates RFC 3161 timestamps from the authority
- [ ] Verify `TimelineIndexerEvidenceTimelinePublisher` publishes events with Rekor timestamps for UI display
- [ ] Verify the Rekor entry URL is clickable and links to the transparency log entry in the UI
- [ ] Verify timestamp metadata persists in `EvidenceBundleMetadata` and is returned by API queries