# S3 Object Lock (WORM Retention) for Evidence Locker

## Module
EvidenceLocker

## Status
IMPLEMENTED

## Description
Object Lock configuration in EvidenceLockerOptions with mode, default retention days, legal hold; enforcement headers in S3 storage for WORM retention and legal hold behavior with startup validation.

## Implementation Details
- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Storage/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Configuration/`
- **Key Classes**:
  - `S3EvidenceObjectStore` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Storage/S3EvidenceObjectStore.cs`) - S3 storage with Object Lock headers for WORM retention
  - `EvidenceLockerOptions` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Configuration/EvidenceLockerOptions.cs`) - configuration including Object Lock mode, retention days, and legal hold settings
  - `EvidenceObjectStore` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Storage/EvidenceObjectStore.cs`) - base object store abstraction
  - `StorageKeyGenerator` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Storage/StorageKeyGenerator.cs`) - generates storage keys for evidence objects
- **Interfaces**: `IEvidenceLockerStorage`
- **Source**: SPRINT_20260112_002_EVIDENCE_evidence_locker_audit_pack_hardening.md

## E2E Test Plan
- [ ] Configure `EvidenceLockerOptions` with Object Lock mode=COMPLIANCE and retention=365 days and verify `S3EvidenceObjectStore` applies WORM headers on write
- [ ] Verify stored objects cannot be deleted before retention period expires
- [ ] Enable legal hold via `EvidenceLockerOptions` and verify objects are locked regardless of retention period
- [ ] Verify startup validation rejects invalid Object Lock configurations (e.g., retention days < 1)
- [ ] Verify `S3EvidenceObjectStore` sends correct S3 headers (x-amz-object-lock-mode, x-amz-object-lock-retain-until-date, x-amz-object-lock-legal-hold)
- [ ] Verify Object Lock mode=GOVERNANCE allows deletion with proper override permissions