41 lines
1.2 KiB
Markdown
41 lines
1.2 KiB
Markdown
# Verifier
|
|
|
|
> Standalone CLI tool for offline verification of evidence bundles in air-gapped environments.
|
|
|
|
## Purpose
|
|
|
|
Verifier is a self-contained, cross-platform CLI binary that validates evidence bundles without requiring network access or external dependencies. It checks DSSE signatures, RFC 3161 timestamps, SHA-256 digests, and SBOM integrity, enabling compliance verification in air-gapped environments where no Stella Ops services are reachable.
|
|
|
|
## Quick Links
|
|
|
|
- [Architecture](./architecture.md)
|
|
|
|
## Status
|
|
|
|
| Attribute | Value |
|
|
|-------------|---------------------|
|
|
| **Maturity** | Production |
|
|
| **Source** | `src/Verifier/` |
|
|
|
|
## Key Features
|
|
|
|
- Self-contained single-file binary (cross-platform: win-x64, linux-x64, linux-musl-x64, osx-x64, osx-arm64)
|
|
- Bundle extraction (gzip+tar)
|
|
- Manifest validation
|
|
- DSSE signature verification
|
|
- RFC 3161 timestamp verification
|
|
- SHA-256 digest checking
|
|
- Trust profile support (key whitelisting)
|
|
- Output formats (text/JSON/markdown)
|
|
|
|
## Dependencies
|
|
|
|
### Upstream
|
|
|
|
- None (standalone, offline-first design with zero runtime dependencies on Stella Ops services)
|
|
|
|
### Downstream
|
|
|
|
- AirGap - offline bundle verification workflows
|
|
- CLI - integrated verification commands for operator use
|