stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs/features/checked/evidencelocker/evidence-bundle-export-with-embedded-verify-scripts.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.7 KiB
Raw Blame History

Evidence Bundle Export with Embedded Verify Scripts

Module

EvidenceLocker

Status

IMPLEMENTED

Description

Standardized evidence-bundle tar.gz export format with embedded verify.sh (POSIX) and verify.ps1 (PowerShell) scripts, bundled public keys for offline verification, Merkle root verification (RFC 6962), BSD-format SHA256 checksums, and async export worker for large bundles with status tracking (pending/processing/ready/failed).

Implementation Details

  • Modules: src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/, src/EvidenceLocker/StellaOps.EvidenceLocker/Api/
  • Key Classes:
    • TarGzBundleExporter (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs) - creates tar.gz bundles with embedded verify scripts and checksums
    • VerifyScriptGenerator (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/VerifyScriptGenerator.cs) - generates verify.sh (POSIX) and verify.ps1 (PowerShell) scripts
    • MerkleTreeBuilder (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/MerkleTreeBuilder.cs) - builds Merkle tree for bundle integrity (RFC 6962)
    • ChecksumFileWriter (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/ChecksumFileWriter.cs) - writes BSD-format SHA256 checksums
    • BundleManifest (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs) - manifest model for bundle contents
    • BundleMetadata (src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleMetadata.cs) - metadata model for bundle export
    • ExportEndpoints (src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportEndpoints.cs) - REST endpoints for export operations
    • ExportJobService (src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportJobService.cs) - async export worker with status tracking
  • Interfaces: IEvidenceBundleExporter, IBundleDataProvider, IExportJobService
  • Source: SPRINT_20260106_003_003_EVIDENCE_export_bundle.md

E2E Test Plan

  • Export an evidence bundle via ExportEndpoints and verify the tar.gz contains verify.sh, verify.ps1, checksums, and public keys
  • Extract the bundle and run the embedded verify.sh script to confirm it validates checksums and Merkle root
  • Verify MerkleTreeBuilder produces RFC 6962-compliant Merkle tree with correct root hash
  • Verify ChecksumFileWriter writes BSD-format SHA256 checksums matching each file in the bundle
  • Submit a large bundle export and verify ExportJobService tracks status through pending/processing/ready states
  • Verify the exported bundle can be verified offline using only the embedded scripts and bundled public keys