# Deterministic Rekor Receipts with Offline Verification

## Module
AirGap

## Status
VERIFIED

## Description
Offline Rekor receipt verifier validates checkpoint signatures (ECDSA/Ed25519), Merkle inclusion proofs per RFC 6962, and root hash consistency without live transparency log access. Includes TileProxy for local tile-based transparency log proxy, and mirror snapshot resolution for air-gapped deployments.

## Implementation Details
- **Rekor proof builder**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.Build.cs`, `EnhancedRekorProofBuilder.Validate.cs`, `EnhancedRekorProofBuilder.cs`
- **Rekor inclusion proof**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/RekorInclusionProof.cs`
- **Rekor verification step**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/RekorInclusionVerificationStep.cs`
- **Replay verification**: `src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs`
- **Importer replay**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs`, `ReplayDepth.cs`
- **Merkle proofs**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Merkle/DeterministicMerkleTreeBuilder.Proof.cs`, `MerkleProof.cs`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Verify Rekor receipt offline verification validates checkpoint signatures (ECDSA/Ed25519)
- [ ] Test Merkle inclusion proof verification per RFC 6962
- [ ] Test root hash consistency verification without live transparency log
- [ ] Verify replay verification service works in air-gapped mode

## Verification
- Verified on 2026-02-11 with `run-002`.
- Tier 0 source/declaration checks passed for Rekor proof builder surfaces, inclusion proof/verification classes, replay verification contracts, and deterministic Merkle proof primitives.
- Tier 1 build/tests passed across proof-chain, controller, importer, and Attestor/AirGap test suites (`76/76` offline verifier, `80/80` attestor types, `27/27` controller, `154/154` importer).
- Tier 2 behavioral checks passed for offline receipt verification, offline verifier Rekor-proof path handling, and replay verification behavior in both controller and importer paths.
- Evidence:
  - `docs/qa/feature-checks/runs/airgap/deterministic-rekor-receipts-with-offline-verification/run-002/tier0-source-check.json`
  - `docs/qa/feature-checks/runs/airgap/deterministic-rekor-receipts-with-offline-verification/run-002/tier1-build-check.json`
  - `docs/qa/feature-checks/runs/airgap/deterministic-rekor-receipts-with-offline-verification/run-002/tier2-integration-check.json`