# Offline Slice Bundle Export/Import (OCI Layout)

## Module
Scanner

## Status
VERIFIED

## Description
Offline distribution of reachability slices via OCI layout tar.gz bundles including all referenced artifacts (graphs, SBOMs), with integrity verification on import. Targets <100MB for typical scans.

## Implementation Details
- **Offline Bundle Service**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/Offline/OfflineBundleService.cs` - `OfflineBundleService` exports and imports reachability slices as OCI layout tar.gz bundles with all referenced artifacts
- **Evidence Bundle Export**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceBundleExporter.cs` - `IEvidenceBundleExporter` interface for exporting evidence bundles
  - `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs` - `EvidenceBundleExporter` exports scan evidence as portable bundles
- **OCI Slice Services**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePushService.cs` - Push slices to OCI registries
  - `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePullService.cs` - Pull slices from OCI registries

## E2E Test Plan
- [ ] Export a reachability slice bundle as an OCI layout tar.gz file and verify it contains all referenced artifacts (graphs, SBOMs)
- [ ] Import the exported bundle into a disconnected instance and verify integrity verification passes
- [ ] Verify the exported bundle size stays under 100MB for typical scans
- [ ] Verify tampered bundles fail integrity verification on import
- [ ] Verify the imported bundle's reachability data is usable for offline vulnerability analysis

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |