# DSSE Revision Decision

**Decision ID:** DECISION-MIRROR-001
**Status:** DEFAULT-APPROVED
**Effective Date:** 2025-12-06
**48h Window Started:** 2025-12-06T00:00:00Z

## Decision

The Mirror bundle DSSE envelope format follows the **in-toto v1.0** specification with StellaOps extensions for offline verification.

## Rationale

1. in-toto v1.0 is the industry standard for software supply chain attestations
2. DSSE (Dead Simple Signing Envelope) provides a clean JSON wrapper
3. Existing tooling (`cosign`, `rekor`) supports this format
4. Aligns with Evidence Locker DSSE patterns already implemented

## Specification

```json
{
  "payloadType": "application/vnd.in-toto+json",
  "payload": "<base64-encoded-in-toto-statement>",
  "signatures": [
    {
      "keyid": "<key-id>",
      "sig": "<base64-signature>"
    }
  ]
}
```

### StellaOps Extensions

- `_stellaops.revision`: Bundle revision number
- `_stellaops.timestamp`: ISO-8601 UTC timestamp
- `_stellaops.merkleRoot`: SHA-256 Merkle root of bundle contents

## Impact

- Tasks unblocked: ~5
- Sprint files affected: SPRINT_0150_mirror_dsse

## Reversibility

To change the DSSE format:
1. Propose new format in `docs/modules/mirror/dsse-proposal.md`
2. Get Security Guild sign-off
3. Update all affected sprint files
4. Ensure backward compatibility for existing bundles

## References

- [in-toto Specification](https://in-toto.io/)
- [DSSE Specification](https://github.com/secure-systems-lab/dsse)
- [Mirror Signing Runbook](./signing-runbook.md)
- [DSSE TUF Profile](./dsse-tuf-profile.md)