# EvidenceLocker Replay API (draft) — 2025-11-18

Scope: EVID-REPLAY-187-001 baseline API surface using shared orchestrator/advisory evidence schemas.

## Endpoints (prefix `/api/evidencelocker/replay`)
- `POST /records` — ingest replay bundle (DSSE + manifest). Request: multipart or JSON with CAS URIs; Response: `{ recordId, bundleDigest }`.
- `POST /verify` — verify replay bundle signatures/hashes. Request: `{ bundleDigest | bundleUri }`; Response: `{ status: "pass|fail", findings: [] }`.
- `POST /replay` — schedule replay job against stored records. Request: `{ recordId, targetTenant, policyRevisionId? }`; Response: `{ jobId }`.
- `POST /prune` — enforce retention policy. Request: `{ maxAgeDays, keepLatestPerDigest: bool }`; Response: `{ pruned: int }`.

## Models (draft)
```json
{
  "recordId": "uuid",
  "bundleDigest": "sha256:...",
  "bundleUri": "cas://evidence/replay/{digest}",
  "tenant": "string",
  "ingestedAt": "2025-11-18T12:00:00Z",
  "dsse": {
    "payloadType": "application/vnd.stellaops.replay+json",
    "payload": "base64",
    "signatures": [ { "keyid": "...", "sig": "..." } ]
  }
}
```

## Retention policy draft
- Default: `maxAgeDays = 30`, `keepLatestPerDigest = true`.
- Deterministic pruning order: sort by `ingestedAt` ascending, then `recordId`.

## Notes
- Align request/response DTOs with `StellaOps.Orchestrator.Schemas` naming (camelCase, UTC ISO-8601).
- CLI verbs `stella evidence replay record|verify|replay` to mirror these routes (see CLI-REPLAY-187-002).
- Update `docs/replay/DETERMINISTIC_REPLAY.md` once finalized.