# Evidence Packets for Every Decision

## Module
EvidenceLocker

## Status
IMPLEMENTED

## Description
Evidence bundles with manifests, attestations, and export capabilities are implemented for audit-grade decision records.

## Implementation Details
- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/`, `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/`
- **Key Classes**:
  - `EvidenceBundleBuilder` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Builders/EvidenceBundleBuilder.cs`) - builds evidence bundles for decision records
  - `EvidenceBundlePackagingService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Services/EvidenceBundlePackagingService.cs`) - packages evidence with attestations
  - `EvidenceSignatureService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Signing/EvidenceSignatureService.cs`) - signs evidence bundles with DSSE
  - `BundleManifest` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs`) - manifest listing bundle contents and hashes
  - `TarGzBundleExporter` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs`) - exports bundles as tar.gz archives
  - `EvidenceBundleMetadata` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleMetadata.cs`) - metadata for each decision's evidence packet
- **Interfaces**: `IEvidenceBundleBuilder`, `IEvidenceSignatureService`, `IEvidenceBundleExporter`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Record a release decision and verify `EvidenceBundleBuilder` creates an evidence packet with the decision context
- [ ] Verify `BundleManifest` lists all evidence items with their content-addressed hashes
- [ ] Verify `EvidenceSignatureService` signs the evidence packet and the signature is verifiable
- [ ] Export the decision evidence packet via `TarGzBundleExporter` and verify the archive is complete
- [ ] Verify every decision type (promote, block, rollback, override) generates a corresponding evidence packet
- [ ] Verify evidence packets are immutable: attempting to modify after creation fails