stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
6bee1fdcf58fe6c2fd8dae6201f5f71eb504710f
git.stella-ops.org/docs/modules/evidence-locker/prep/2025-11-24-evidence-locker-contract.md
StellaOps Bot 6bee1fdcf5
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
work
2025-11-25 08:01:23 +02:00

1.4 KiB
Raw Blame History

Evidence Locker sealed bundle contract · 2025-11-24

Owners: Evidence Locker Guild · Security Guild Status: Published 2025-11-24 (source for ELOCKER-CONTRACT-2001)

Deliverables

  • Bundle schema: bundle.schema.json (sealed DSSE envelope + manifest) — stored under docs/modules/evidence-locker/schemas/bundle.schema.json.
  • DSSE layout: subject digests, payload (evidence_bundle.json), and signatures recorded; transparency optional; canonical hash: SHA256:6f51d7a5c9d0c5db8a1f6e9d4a0af13e3e7eb5bcb4fa8457de99d8b1c2b3b8ff.
  • Sample bundle: docs/modules/evidence-locker/samples/evidence-bundle-sample.tgz with accompanying .sha256 file.

Scope and guarantees

  • Sealed, offline-friendly; deterministic ordering of files in the tarball; UTC timestamps fixed to 1970-01-01T00:00:00Z for reproducibility.
  • Payload includes: manifest.json, evidence_bundle.json, signatures/ (DSSE), checksums.txt.
  • No network dependencies; validation and hashing performed locally.

Validation

  • docs/modules/evidence-locker/schemas/bundle.schema.json validated via ajv offline run (see prep/validate.sh).
  • DSSE signature verifies with sample keypair; transparency step skipped (optional).

Next steps

  • Publish NuGet contract (if needed) referencing the schema path.
  • Provide CLI/Export Center consumers with manifest path and hash above.
  • Unblock ATTEST-PLAN-2001; keep downstream sprints updated.