# Content-Addressed Identifiers (ArtifactId, EvidenceId, ProofBundleId)

## Module
Attestor

## Status
VERIFIED

## Description
Full content-addressed ID system with types for ArtifactId, EvidenceId, ReasoningId, VexVerdictId, ProofBundleId, plus a content-addressed ID generator and SHA256 parser.

## Implementation Details
- **ID Generator**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Identifiers/ContentAddressedIdGenerator.cs` (with `.Graph` partial) -- implements `IContentAddressedIdGenerator`. Generates SHA-256 content-addressed IDs from canonical JSON content.
- **Base Types**: `ContentAddressedId.cs` -- base record type. `GenericContentAddressedId.cs` -- generic typed variant.
- **Typed ID Records**:
  - `ArtifactId.cs` -- identifies attestation artifacts
  - `EvidenceId.cs` -- identifies evidence items
  - `ProofBundleId.cs` -- identifies proof bundles
  - `VexVerdictId.cs` -- identifies VEX verdicts
  - `ReasoningId.cs` -- identifies reasoning chains
  - `SbomEntryId.cs` -- identifies SBOM entries
  - `TrustAnchorId.cs` -- identifies trust anchors
  - `GraphRevisionId.cs` -- identifies graph revision state
- **SHA-256 Parser**: `Sha256IdParser.cs` -- parses and validates `sha256:<64-hex-chars>` format.
- **Proof Hashing**: `__Libraries/StellaOps.Attestor.ProofChain/ProofHashing.cs` -- SHA-256 hashing utilities.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/ContentAddressedIdTests.cs`, `ContentAddressedIdGeneratorTests.cs`

## E2E Test Plan
- [ ] Generate an `ArtifactId` from content via `ContentAddressedIdGenerator` and verify the output matches `sha256:<64-hex-chars>` format
- [ ] Generate IDs for identical content twice and verify they are equal
- [ ] Generate IDs for different content and verify they differ
- [ ] Parse a valid `sha256:abc123...` string via `Sha256IdParser` and verify successful parsing
- [ ] Attempt to parse an invalid ID (wrong prefix, wrong length) and verify parser rejects it
- [ ] Generate `EvidenceId`, `ProofBundleId`, `VexVerdictId`, `ReasoningId` for same content and verify they produce the same hash but are distinct types
- [ ] Generate a `GraphRevisionId` from a proof graph state, modify the graph, regenerate, and verify the ID changes
- [ ] Verify `SbomEntryId` produces deterministic IDs for identical SBOM component content

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |