# Evidence Provenance Chip (DSSE/Receipt with Export)

## Module
Attestor

## Status
VERIFIED

## Description
The advisory proposed a ProvenanceChipComponent showing Signed/Verified/Logged states with DSSE envelope viewing and export. The LineageProvenanceChipsComponent implements this concept as a standalone Angular component displaying attestation status, signature verification status, and Rekor transparency log links with expandable details. The backend DSSE and Rekor infrastructure is fully built in the Attestor module.

## Implementation Details
- **Verification Receipt**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs` -- receipt model with signed/verified/logged status. `VerificationCheck.cs`, `VerificationContext.cs`, `VerificationResult.cs`.
- **Signature Verification**: `Signing/SignatureVerificationResult.cs` -- result of DSSE signature verification. `ProofChainSigner.Verification.cs` -- verification logic.
- **Rekor Receipt**: `StellaOps.Attestor.Core/Rekor/RekorReceipt.cs` -- Rekor transparency log receipt with entry ID and inclusion proof.
- **Evidence Pack Export**: `__Libraries/StellaOps.Attestor.EvidencePack/ReleaseEvidencePackBuilder.cs` -- builds exportable evidence packs. `ReleaseEvidencePackSerializer.cs` -- serialization.
- **Transparency Status**: `StellaOps.Attestor.Core/Transparency/TransparencyStatus.cs`, `TransparencyStatusProvider.cs` -- provides transparency log status. `TransparencyWitnessObservation.cs` -- witness observation records.
- **Frontend**: The Angular `LineageProvenanceChipsComponent` in `src/Web/` consumes this backend data.
- **Tests**: `StellaOps.Attestor.Core.Tests/Transparency/TransparencyStatusProviderTests.cs`

## E2E Test Plan
- [ ] Create a `VerificationReceipt` with signed, verified, and logged statuses and verify all three states are captured
- [ ] Verify DSSE signature via `ProofChainSigner.Verification` and confirm `SignatureVerificationResult` indicates valid
- [ ] Retrieve `TransparencyStatus` via `TransparencyStatusProvider` for a logged attestation and verify it shows the Rekor entry ID
- [ ] Build an evidence pack via `ReleaseEvidencePackBuilder` and export it via `ReleaseEvidencePackSerializer`
- [ ] Verify the exported pack contains the DSSE envelope, verification receipt, and Rekor receipt
- [ ] Create a `TransparencyWitnessObservation` and verify it captures the observation timestamp and witness identity
- [ ] Verify the API endpoint returns provenance chip data consumable by the frontend component

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |