Backend: Add export manifest persistence and signed download verification endpoint

[Junirezz]

Context

exportManifest.ts records checksum metadata for generated export artifacts. Manifests are stored in a module-level array with no persistence.

Problem / Gap

Export provenance cannot be verified after restart. Compliance and governance workflows lack a durable audit trail tying a download to requester, filters, and row counts.

Proposed approach

• Persist export manifests in Prisma with SHA-256 checksum, requester, report type, and filters.
• Add a read-only admin endpoint to verify a manifest by ID and checksum.
• Integrate manifest creation into bulk export and governance export flows.
• Apply retention policy consistent with other admin audit data.

Acceptance criteria

• Every completed export creates a persisted manifest retrievable by ID.
• Checksum verification endpoint returns match/mismatch without exposing raw export rows.
• Manifests survive restart and are listed with pagination for admins.
• Tests cover manifest creation, verification, and retention pruning.

Files/areas affected

• backend/src/exportManifest.ts
• backend/src/bulkExportJobs.ts
• backend/src/listEndpoints.ts
• backend/prisma/schema.prisma

[Osifowora]

@Osifowora has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

​Hi maintainer, I would love to work on this issue. I can get started on it right away.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Osifowora to this issue.

[bandanadivya]

@bandanadivya has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi
I’d like to work on this issue if it’s available. I’m a full-stack Web2 & Web3 developer with solid open-source experience and can start working on it right away.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @bandanadivya to this issue.

[Bigdaddyobamo]

@Bigdaddyobamo has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hello, Boss Ibimode JUnior Please kindly assign this to me.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Bigdaddyobamo to this issue.

[king-aj-the-first]

@king-aj-the-first has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hello, repo maintainer.. please i'd like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @king-aj-the-first to this issue.

[drips-wave]

Congratulations, @king-aj-the-first! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @king-aj-the-first: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @king-aj-the-first as part of the Stellar Wave Program's 6th Wave 🥳

😎 @king-aj-the-first: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.