stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/features/checked/evidencelocker/evidence-packets-for-every-decision.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.2 KiB
Raw Permalink Blame History

Evidence Packets for Every Decision

Module

EvidenceLocker

Status

IMPLEMENTED

Description

Evidence bundles with manifests, attestations, and export capabilities are implemented for audit-grade decision records.

Implementation Details

  • Modules: src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/, src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/
  • Key Classes:
    • EvidenceBundleBuilder (src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Builders/EvidenceBundleBuilder.cs) - builds evidence bundles for decision records
    • EvidenceBundlePackagingService (src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Services/EvidenceBundlePackagingService.cs) - packages evidence with attestations
    • EvidenceSignatureService (src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Signing/EvidenceSignatureService.cs) - signs evidence bundles with DSSE
    • BundleManifest (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs) - manifest listing bundle contents and hashes
    • TarGzBundleExporter (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs) - exports bundles as tar.gz archives
    • EvidenceBundleMetadata (src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleMetadata.cs) - metadata for each decision's evidence packet
  • Interfaces: IEvidenceBundleBuilder, IEvidenceSignatureService, IEvidenceBundleExporter
  • Source: Feature matrix scan

E2E Test Plan

  • Record a release decision and verify EvidenceBundleBuilder creates an evidence packet with the decision context
  • Verify BundleManifest lists all evidence items with their content-addressed hashes
  • Verify EvidenceSignatureService signs the evidence packet and the signature is verifiable
  • Export the decision evidence packet via TarGzBundleExporter and verify the archive is complete
  • Verify every decision type (promote, block, rollback, override) generates a corresponding evidence packet
  • Verify evidence packets are immutable: attempting to modify after creation fails