> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wardin.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Export Evidence Bundle

> Assembles a contiguous signed receipt segment for `range`, the signing-key registry covering those receipts (rotation-safe), the compliance packs in force, and a trust anchor. Verify it offline with the open-source wardin-verify CLI — no Wardin account or network needed. Produces audit-grade / Art-12-grade records for gateway-routed traffic; NOT a compliance certification.



## OpenAPI

````yaml GET /v1/compliance/evidence-bundle
openapi: 3.0.0
info:
  title: Wardin API
  description: AI governance & observability platform — external REST API
  version: '1.0'
  contact: {}
servers: []
security: []
tags: []
paths:
  /v1/compliance/evidence-bundle:
    get:
      tags:
        - compliance
      summary: Export a self-contained, offline-verifiable Evidence Bundle
      description: >-
        Assembles a contiguous signed receipt segment for `range`, the
        signing-key registry covering those receipts (rotation-safe), the
        compliance packs in force, and a trust anchor. Verify it offline with
        the open-source wardin-verify CLI — no Wardin account or network needed.
        Produces audit-grade / Art-12-grade records for gateway-routed traffic;
        NOT a compliance certification.
      operationId: ComplianceController_exportBundle
      parameters:
        - name: range
          required: false
          in: query
          description: Compact window, `Nd` or `Nh` (e.g. 30d, 24h).
          schema:
            example: 30d
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EvidenceBundleDto'
        '400':
          description: Malformed `range` (must match `Nd` or `Nh`)
      security:
        - bearer: []
components:
  schemas:
    EvidenceBundleDto:
      type: object
      properties:
        bundleVersion:
          type: string
          example: '1'
        generatedAt:
          type: string
        tenantId:
          type: string
        range:
          $ref: '#/components/schemas/BundleRangeDto'
        anchor:
          $ref: '#/components/schemas/BundleAnchorDto'
        signingKeys:
          description: >-
            Signing-key registry (EVID-6) for every key_id the receipts
            reference — so verification survives key rotation without a live
            endpoint.
          type: array
          items:
            $ref: '#/components/schemas/BundleKeyDto'
        unresolvedKeyIds:
          description: >-
            key_ids referenced by receipts that could NOT be resolved to a
            public key — their receipts will verify as unverifiable. Empty when
            complete.
          type: array
          items:
            type: string
        packs:
          type: array
          items:
            $ref: '#/components/schemas/BundlePackDto'
        receipts:
          type: array
          items:
            $ref: '#/components/schemas/BundleReceiptDto'
        disclaimer:
          type: string
          description: Honesty posture — surface verbatim.
      required:
        - bundleVersion
        - generatedAt
        - tenantId
        - range
        - anchor
        - signingKeys
        - unresolvedKeyIds
        - packs
        - receipts
        - disclaimer
    BundleRangeDto:
      type: object
      properties:
        label:
          type: string
          example: 30d
        days:
          type: number
          example: 30
        fromSeq:
          type: object
          nullable: true
          example: 1
        toSeq:
          type: object
          nullable: true
          example: 4821
        fromTs:
          type: object
          nullable: true
        toTs:
          type: object
          nullable: true
        receiptCount:
          type: number
          example: 4821
      required:
        - label
        - days
        - receiptCount
    BundleAnchorDto:
      type: object
      properties:
        type:
          type: string
          example: trusted_first_prev_hash
        prevHash:
          type: object
          nullable: true
          description: >-
            Starting prev_hash the verifier trusts (hex). Empty string for the
            true-genesis receipt (seq 1). COMPLY-5 replaces this with a signed
            root.
        note:
          type: string
      required:
        - type
        - note
    BundleKeyDto:
      type: object
      properties:
        keyId:
          type: string
          example: wardin-2026-07
        publicKey:
          type: string
          description: base64 raw 32-byte ed25519 public key.
        validFrom:
          type: object
          nullable: true
        validTo:
          type: object
          nullable: true
          description: null = currently active signing key.
        revokedAt:
          type: object
          nullable: true
          description: >-
            Informational — a revoked/rotated key still verifies the historical
            receipts it signed.
      required:
        - keyId
        - publicKey
    BundlePackDto:
      type: object
      properties:
        framework:
          type: string
          example: eu_ai_act
        version:
          type: string
          example: v1
        title:
          type: string
          example: EU AI Act — automatic logging & deployer duties
        status:
          type: string
          example: draft
        effectiveDate:
          type: string
          example: '2026-07-09'
        packHash:
          type: string
          description: sha256 of the pack’s raw YAML bytes.
        disclaimer:
          type: string
      required:
        - framework
        - version
        - title
        - status
        - effectiveDate
        - packHash
        - disclaimer
    BundleReceiptDto:
      type: object
      properties:
        seq:
          type: number
          example: 4821
        receiptId:
          type: string
          example: 018f1234-5678-7abc-def0-123456789abc
        requestId:
          type: string
        tenantId:
          type: string
        actor:
          type: string
          example: key-1
        provider:
          type: string
          example: anthropic
        model:
          type: string
          example: claude-3-5-haiku-20241022
        promptTokens:
          type: number
          example: 1200
        completionTokens:
          type: number
          example: 340
        costUsd:
          type: number
          example: 0.0042
        checks:
          type: array
          items:
            $ref: '#/components/schemas/ReceiptCheckDto'
        tsMillis:
          type: number
          example: 1752062096789
          description: Receipt timestamp as epoch milliseconds (UTC).
        prevHash:
          type: string
          description: prev_hash (hex); empty for genesis.
        thisHash:
          type: string
          description: this_hash (hex).
        signature:
          type: string
          description: base64 ED25519 signature over this_hash.
        keyId:
          type: string
        packVersion:
          type: string
          example: v1
          description: Compliance pack-set version in force.
      required:
        - seq
        - receiptId
        - requestId
        - tenantId
        - actor
        - provider
        - model
        - promptTokens
        - completionTokens
        - costUsd
        - checks
        - tsMillis
        - prevHash
        - thisHash
        - signature
        - keyId
        - packVersion
    ReceiptCheckDto:
      type: object
      properties:
        name:
          type: string
          example: policy
        result:
          type: string
          example: allow
      required:
        - name
        - result
  securitySchemes:
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http

````