24 lines
1.4 KiB
Markdown
24 lines
1.4 KiB
Markdown
# Evidence Locker sealed bundle contract · 2025-11-24
|
|
|
|
Owners: Evidence Locker Guild · Security Guild
|
|
Status: Published 2025-11-24 (source for ELOCKER-CONTRACT-2001)
|
|
|
|
## Deliverables
|
|
- Bundle schema: `bundle.schema.json` (sealed DSSE envelope + manifest) — stored under `docs/modules/evidence-locker/schemas/bundle.schema.json`.
|
|
- DSSE layout: subject digests, payload (`evidence_bundle.json`), and signatures recorded; transparency optional; canonical hash: `SHA256:6f51d7a5c9d0c5db8a1f6e9d4a0af13e3e7eb5bcb4fa8457de99d8b1c2b3b8ff`.
|
|
- Sample bundle: `docs/modules/evidence-locker/samples/evidence-bundle-sample.tgz` with accompanying `.sha256` file.
|
|
|
|
## Scope and guarantees
|
|
- Sealed, offline-friendly; deterministic ordering of files in the tarball; UTC timestamps fixed to `1970-01-01T00:00:00Z` for reproducibility.
|
|
- Payload includes: `manifest.json`, `evidence_bundle.json`, `signatures/` (DSSE), `checksums.txt`.
|
|
- No network dependencies; validation and hashing performed locally.
|
|
|
|
## Validation
|
|
- `docs/modules/evidence-locker/schemas/bundle.schema.json` validated via `ajv` offline run (see `prep/validate.sh`).
|
|
- DSSE signature verifies with sample keypair; transparency step skipped (optional).
|
|
|
|
## Next steps
|
|
- Publish NuGet contract (if needed) referencing the schema path.
|
|
- Provide CLI/Export Center consumers with manifest path and hash above.
|
|
- Unblock ATTEST-PLAN-2001; keep downstream sprints updated.
|