stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details

Browse Source
This commit is contained in:
master
2025-11-20 07:50:52 +02:00
parent 616ec73133
commit 10212d67c0
473 changed files with 316758 additions and 388 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/modules/mirror/milestone-0-thin-bundle.md Normal file
View File

@@ -0,0 +1,30 @@
# Mirror Thin Bundle · Milestone 0 (sample)
## Scope
- Provide a deterministic placeholder thin bundle so downstream air-gap/console/attestation tracks can wire references while MIRROR-CRT-56-001 code lands.
- Sample bundle published at `out/mirror/thin/mirror-thin-m0-sample.tar.gz` (created 2025-11-19 UTC) with fixed metadata only; no advisories/policies/images included.
## Owners
- Primary: Alex Kim
- Backup: Priya Desai
## Artefacts
- Bundle: `out/mirror/thin/mirror-thin-m0-sample.tar.gz`
- SHA256: `bd1013885a27f651e28331c7a240d417d265bd411d09b51b47bd7c2196659674`
- Manifest inside bundle: `sample-m0/manifest.json`
- Notes: `sample-m0/README.txt`
## Layout (within tar.gz)
```
sample-m0/
manifest.json # version, bundle_id, created, notes
README.txt # purpose, determinism and replacement guidance
```
## Refresh cadence
- Replace this sample with real thin bundle once MIRROR-CRT-56-001 assembler emits manifests (target: 2025-11-20).
- Maintain same path prefix `out/mirror/thin/` and update hash in this file and sprint log when refreshed.
## Usage
- Downstream tasks may reference this path/hash to unblock contract wiring and CI harnesses.
- Do not ship to customers; for internal wiring/tests only.

34
docs/modules/mirror/thin-bundle-assembler.md Normal file
View File

@@ -0,0 +1,34 @@
# MIRROR-CRT-56-001 · Thin bundle assembler handoff (v0.1)
Purpose: unblock MIRROR-CRT-56-001 by defining expected assembler outputs so the real thin bundle can replace the milestone-0 sample.
## Expected outputs
- Artifact: `out/mirror/thin/mirror-thin-v1.tar.gz`
- Manifest: `out/mirror/thin/mirror-thin-v1.manifest.json` containing:
- `version`: "1.0.0"
- `created`: UTC ISO-8601
- `layers`: array of `{ digest, size, path }`
- `indexes`: array of `{ name, digest }` for evidence/linkset indexes
- `hashes`: `{ tarball_sha256, manifest_sha256 }`
- Checksums: `.sha256` files for tarball and manifest stored alongside artifacts.
## Assembly steps (reference for assembler owners)
1) Produce layer tar parts deterministically (sorted entries, zeroed mtimes/uid/gid, pax headers disabled).
2) Compose `mirror-thin-v1.tar.gz` using stable order: `manifest.json`, `layers/*`, `indexes/*`.
3) Generate manifest JSON and compute SHA256 for both tarball and manifest; write `.sha256` files.
4) Sign manifest (DSSE optional) and place signature next to manifest if available.
## Determinism requirements
- POSIX tar with numeric owner 0:0, mtime 0, sorted paths.
- Gzip with `--no-name` and fixed timestamp 0.
- No duplicate files; symlinks forbidden.
## Evidence
- When produced, place artefacts under `out/mirror/thin/` and add hashes to this doc.
## Owners
- Mirror Creator Guild (assembler)
- AirGap Guild (consumer)
## Status
- Handoff doc published 2025-11-19; awaiting assembler output to replace milestone-0 sample.