> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wardin.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Export Evidence Bundle

> Assembles a contiguous signed receipt segment for `range`, the signing-key registry covering those receipts (rotation-safe), the compliance packs in force, and a trust anchor. Verify it offline with the open-source wardin-verify CLI — no Wardin account or network needed. Produces audit-grade / Art-12-grade records for gateway-routed traffic; NOT a compliance certification.



## OpenAPI

````yaml GET /v1/compliance/evidence-bundle
openapi: 3.0.0
info:
  title: Wardin API
  description: AI governance & observability platform — external REST API
  version: '1.0'
  contact: {}
servers: []
security: []
tags: []
paths:
  /v1/compliance/evidence-bundle:
    get:
      tags:
        - compliance
      summary: Export a self-contained, offline-verifiable Evidence Bundle
      description: >-
        Assembles a contiguous signed receipt segment for `range`, the
        signing-key registry covering those receipts (rotation-safe), the
        compliance packs in force, and a trust anchor. Verify it offline with
        the open-source wardin-verify CLI — no Wardin account or network needed.
        Produces audit-grade / Art-12-grade records for gateway-routed traffic;
        NOT a compliance certification.
      operationId: ComplianceController_exportBundle
      parameters:
        - name: range
          required: false
          in: query
          description: Compact window, `Nd` or `Nh` (e.g. 30d, 24h).
          schema:
            example: 30d
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EvidenceBundleDto'
        '400':
          description: Malformed `range` (must match `Nd` or `Nh`)
      security:
        - bearer: []
components:
  schemas:
    EvidenceBundleDto:
      type: object
      properties:
        bundleVersion:
          type: string
          example: '1'
        generatedAt:
          type: string
        tenantId:
          type: string
        range:
          $ref: '#/components/schemas/BundleRangeDto'
        anchor:
          $ref: '#/components/schemas/BundleAnchorDto'
        signingKeys:
          description: >-
            Signing-key registry (EVID-6) for every key_id the receipts
            reference — so verification survives key rotation without a live
            endpoint.
          type: array
          items:
            $ref: '#/components/schemas/BundleKeyDto'
        unresolvedKeyIds:
          description: >-
            key_ids referenced by receipts that could NOT be resolved to a
            public key — their receipts will verify as unverifiable. Empty when
            complete.
          type: array
          items:
            type: string
        packs:
          type: array
          items:
            $ref: '#/components/schemas/BundlePackDto'
        tenantPacks:
          description: >-
            The tenant’s complete custom-pack archive (active + archived) with
            raw YAML bytes — so any tenant-authored citation in the window is
            reproducible offline (there is no git copy for these).
          type: array
          items:
            $ref: '#/components/schemas/BundleTenantPackDto'
        receipts:
          type: array
          items:
            $ref: '#/components/schemas/BundleReceiptDto'
        disclaimer:
          type: string
          description: Honesty posture — surface verbatim.
      required:
        - bundleVersion
        - generatedAt
        - tenantId
        - range
        - anchor
        - signingKeys
        - unresolvedKeyIds
        - packs
        - tenantPacks
        - receipts
        - disclaimer
    BundleRangeDto:
      type: object
      properties:
        label:
          type: string
          example: 30d
        days:
          type: number
          example: 30
        fromSeq:
          type: number
          nullable: true
          example: 1
        toSeq:
          type: number
          nullable: true
          example: 4821
        fromTs:
          type: string
          nullable: true
        toTs:
          type: string
          nullable: true
        receiptCount:
          type: number
          example: 4821
      required:
        - label
        - days
        - receiptCount
    BundleAnchorDto:
      type: object
      properties:
        type:
          type: string
          example: trusted_first_prev_hash
        prevHash:
          type: string
          nullable: true
          description: >-
            Starting prev_hash the verifier trusts (hex). Empty string for the
            true-genesis receipt (seq 1). COMPLY-5 replaces this with a signed
            root.
        note:
          type: string
      required:
        - type
        - note
    BundleKeyDto:
      type: object
      properties:
        keyId:
          type: string
          example: wardin-2026-07
        publicKey:
          type: string
          description: base64 raw 32-byte ed25519 public key.
        validFrom:
          type: string
          nullable: true
        validTo:
          type: string
          nullable: true
          description: null = currently active signing key.
        revokedAt:
          type: string
          nullable: true
          description: >-
            Informational — a revoked/rotated key still verifies the historical
            receipts it signed.
      required:
        - keyId
        - publicKey
    BundlePackDto:
      type: object
      properties:
        framework:
          type: string
          example: eu_ai_act
        version:
          type: string
          example: v1
        title:
          type: string
          example: EU AI Act — automatic logging & deployer duties
        status:
          type: string
          example: draft
        effectiveDate:
          type: string
          example: '2026-07-09'
        packHash:
          type: string
          description: sha256 of the pack’s raw YAML bytes.
        disclaimer:
          type: string
        source:
          type: string
          example: baseline
          enum:
            - baseline
            - tenant
          description: baseline (in-repo) or tenant (BYO custom pack, COMPLY-7).
        rawYaml:
          type: string
          nullable: true
          description: >-
            The exact raw YAML bytes for a tenant-authored pack — snapshotted so
            a DB-authored mapping is reproducible offline. null for baseline
            packs (reproducible from git by packHash).
      required:
        - framework
        - version
        - title
        - status
        - effectiveDate
        - packHash
        - disclaimer
        - source
    BundleTenantPackDto:
      type: object
      properties:
        framework:
          type: string
          example: my_framework
        version:
          type: string
          example: v1
        effectiveDate:
          type: string
          example: '2026-01-01'
        packHash:
          type: string
          example: a1b2c3…
          description: sha256 of the raw YAML bytes.
        status:
          type: string
          example: active
          enum:
            - active
            - archived
        rawYaml:
          type: string
          description: The exact raw YAML bytes (reproducibility).
      required:
        - framework
        - version
        - effectiveDate
        - packHash
        - status
        - rawYaml
    BundleReceiptDto:
      type: object
      properties:
        seq:
          type: number
          example: 4821
        receiptId:
          type: string
          example: 018f1234-5678-7abc-def0-123456789abc
        requestId:
          type: string
        tenantId:
          type: string
        actor:
          type: string
          example: key-1
        provider:
          type: string
          example: anthropic
        model:
          type: string
          example: claude-3-5-haiku-20241022
        promptTokens:
          type: number
          example: 1200
        completionTokens:
          type: number
          example: 340
        costUsd:
          type: number
          example: 0.0042
        checks:
          type: array
          items:
            $ref: '#/components/schemas/ReceiptCheckDto'
        tsMillis:
          type: number
          example: 1752062096789
          description: Receipt timestamp as epoch milliseconds (UTC).
        prevHash:
          type: string
          description: prev_hash (hex); empty for genesis.
        thisHash:
          type: string
          description: this_hash (hex).
        signature:
          type: string
          description: base64 ED25519 signature over this_hash.
        keyId:
          type: string
        packVersion:
          type: string
          example: v1
          description: Compliance pack-set version in force.
        kind:
          type: string
          enum:
            - model_call
            - tool_call
          example: model_call
          description: >-
            model_call | tool_call (COMPLY-4) — unsigned side channel, NOT part
            of the signed canonical receipt; ignored by offline verification.
      required:
        - seq
        - receiptId
        - requestId
        - tenantId
        - actor
        - provider
        - model
        - promptTokens
        - completionTokens
        - costUsd
        - checks
        - tsMillis
        - prevHash
        - thisHash
        - signature
        - keyId
        - packVersion
        - kind
    ReceiptCheckDto:
      type: object
      properties:
        name:
          type: string
          example: policy
        result:
          type: string
          example: allow
      required:
        - name
        - result
  securitySchemes:
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http

````