# Export Center Risk Bundle Builder

## Module
ExportCenter

## Status
IMPLEMENTED

## Description
Generates signed risk bundles aggregating vulnerability findings, VEX decisions, and policy evaluations into portable, DSSE-signed export artifacts for compliance reporting and auditor handoff.

## Implementation Details
- **Risk bundle builder**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleBuilder.cs` -- aggregates findings, VEX decisions, and policy evaluations into portable bundles
- **Risk bundle models**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleModels.cs` -- bundle data models
- **Risk bundle signing**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleSigning.cs` -- DSSE signing for risk bundles
- **Risk bundle job**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleJob.cs` -- async job for bundle generation
- **Object store**: `src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleObjectStore.cs`, `FileSystemRiskBundleObjectStore.cs` -- bundle storage
- **Job handler**: `src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/RiskBundle/RiskBundleJobHandler.cs` -- processes risk bundle jobs
- **Attestation service**: `src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/Attestation/ExportAttestationService.cs` -- DSSE attestations for exports
- **Source**: SPRINT_0163_0001_0001_exportcenter_ii.md

## E2E Test Plan
- [ ] Verify risk bundle builder aggregates vulnerability findings correctly
- [ ] Test DSSE signing produces valid signed bundles
- [ ] Verify bundle includes VEX decisions and policy evaluations
- [ ] Test async job processing for large bundles
- [ ] Verify bundle storage and retrieval via object store