# Offline Kit with SBOM + DSSE + Rekor Receipt

## Module
EvidenceLocker

## Status
IMPLEMENTED

## Description
Offline kit import with SBOM, DSSE attestation verification, offline timestamp verification, and bundled test fixtures for offline scenarios.

## Implementation Details
- **Modules**: `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/`, `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Import/`, `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/`
- **Key Classes**:
  - `TimestampBundleExporter` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/Bundle/TimestampBundleExporter.cs`) - exports timestamp bundles for offline kits
  - `TimestampBundleImporter` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/Bundle/TimestampBundleImporter.cs`) - imports timestamp bundles from offline kits
  - `OfflineTimestampVerifier` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/Verification/OfflineTimestampVerifier.cs`) - verifies Rekor timestamps offline
  - `TimestampEvidence` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/Models/TimestampEvidence.cs`) - timestamp evidence data model
  - `RevocationEvidence` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/Models/RevocationEvidence.cs`) - revocation evidence for offline verification
  - `RetimestampService` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/RetimestampService.cs`) - re-timestamps evidence for extended retention
  - `TimestampEvidenceRepository` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Timestamping/TimestampEvidenceRepository.cs`) - persists timestamp evidence
  - `EvidenceBundleImporter` (`src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Import/EvidenceBundleImporter.cs`) - imports evidence bundles from offline kits
- **Interfaces**: `IRetimestampService`, `ITimestampEvidenceRepository`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Export an offline kit via `TimestampBundleExporter` containing SBOM, DSSE attestation, and Rekor receipt
- [ ] Import the offline kit via `TimestampBundleImporter` and verify all components are ingested
- [ ] Verify `OfflineTimestampVerifier` validates Rekor receipts without network access
- [ ] Verify `RetimestampService` re-timestamps evidence before certificate expiry
- [ ] Verify `TimestampEvidence` and `RevocationEvidence` models capture all required fields for offline verification
- [ ] Verify the offline kit can be verified in an air-gapped environment using only bundled artifacts