# Offline Verification System (Rekor Mirror, Local Log, Sigstore Bundle)

## Module
Attestor

## Status
IMPLEMENTED

## Description
Offline Rekor receipt verification using local Merkle proof verification without network dependency. TileProxy provides local tile-based transparency log proxy with content-addressed storage. Sigstore bundle offline verifier with integration tests for air-gapped scenarios.

## Implementation Details
- **Offline Verifier**: `src/Attestor/__Libraries/StellaOps.Attestor.Offline/Services/OfflineVerifier.cs` -- verifies attestations offline using locally cached roots, Merkle proofs, and trust anchors. Implements `Abstractions/IOfflineVerifier.cs`.
- **Offline Root Store**: `Services/FileSystemRootStore.cs` -- stores trusted roots and checkpoint data on the local filesystem. Implements `Abstractions/IOfflineRootStore.cs`.
- **Rule Bundle Signature Verifier**: `Services/RuleBundleSignatureVerifier.cs` -- verifies signed policy rule bundles offline. Implements `Abstractions/IRuleBundleSignatureVerifier.cs`.
- **Offline Verification Result**: `Models/OfflineVerificationResult.cs` -- result model with pass/fail status and detailed check results.
- **TileProxy Service**: `src/Attestor/StellaOps.Attestor.TileProxy/Services/TileProxyService.cs` -- proxies and caches transparency log tiles for offline verification.
- **Content-Addressed Tile Store**: `StellaOps.Attestor.TileProxy/Services/ContentAddressedTileStore.cs` -- stores tiles by content hash for deduplication.
- **Tile Sync Job**: `StellaOps.Attestor.TileProxy/Jobs/TileSyncJob.cs` -- background job that syncs tiles from remote Rekor while online.
- **Tile Endpoints**: `StellaOps.Attestor.TileProxy/Endpoints/TileEndpoints.cs` -- HTTP endpoints for serving cached tiles.
- **Rekor Offline Receipt Verifier**: `StellaOps.Attestor.Core/Verification/RekorOfflineReceiptVerifier.cs` -- verifies Rekor receipts using locally cached data.
- **Merkle Proof Verifier**: `StellaOps.Attestor.Core/Verification/MerkleProofVerifier.cs` -- verifies Merkle inclusion proofs locally.
- **Sigstore Bundle Verifier**: `__Libraries/StellaOps.Attestor.Bundle/SigstoreBundleVerifier.cs` -- verifies Sigstore bundles offline.
- **Tests**: `__Tests/StellaOps.Attestor.Offline.Tests/`, `__Tests/StellaOps.Attestor.TileProxy.Tests/`

## E2E Test Plan
- [ ] Verify an attestation offline via `OfflineVerifier` using cached roots from `FileSystemRootStore` and confirm verification passes
- [ ] Simulate air-gap: disable network, verify an attestation using locally cached tiles via `TileProxyService`, and confirm success
- [ ] Sync tiles via `TileSyncJob` while online, then verify those tiles are accessible offline via `TileEndpoints`
- [ ] Verify a Rekor receipt offline via `RekorOfflineReceiptVerifier` using cached checkpoint and Merkle proof
- [ ] Verify a Sigstore bundle offline via `SigstoreBundleVerifier` and confirm certificate chain and signature are valid
- [ ] Verify `RuleBundleSignatureVerifier` rejects a tampered policy rule bundle offline
- [ ] Verify `ContentAddressedTileStore` deduplicates tiles: store the same tile twice and verify only one copy exists
- [ ] Test `OfflineVerificationResult` captures detailed check results for each verification step (root validity, Merkle proof, signature)