up the blokcing tasks
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Risk Bundle CI / risk-bundle-build (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Risk Bundle CI / risk-bundle-offline-kit (push) Has been cancelled
Risk Bundle CI / publish-checksums (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Risk Bundle CI / risk-bundle-build (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Risk Bundle CI / risk-bundle-offline-kit (push) Has been cancelled
Risk Bundle CI / publish-checksums (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
This commit is contained in:
StellaOps Bot
27
docs/replay/retention-schema-freeze-2025-12-10.md
Normal file
27
docs/replay/retention-schema-freeze-2025-12-10.md
Normal file
@@ -0,0 +1,27 @@
|
||||
# Replay Retention Schema Freeze - 2025-12-10
|
||||
|
||||
## Why
|
||||
- Unblock EvidenceLocker replay ingestion tasks (EVID-REPLAY-187-001) and downstream CLI/runbook work by freezing a retention declaration schema.
|
||||
- Keep outputs deterministic and tenant-scoped while offline/air-gap friendly.
|
||||
|
||||
## Scope & Decisions
|
||||
- Schema path: `docs/schemas/replay-retention.schema.json`.
|
||||
- Fields:
|
||||
- `retention_policy_id` (string, stable ID for policy version).
|
||||
- `tenant_id` (string, required).
|
||||
- `dataset` (string; e.g., evidence_bundle, replay_log, advisory_payload).
|
||||
- `bundle_type` (enum: portable_bundle, sealed_bundle, replay_log, advisory_payload).
|
||||
- `retention_days` (int 1-3650).
|
||||
- `legal_hold` (bool).
|
||||
- `purge_after` (ISO-8601 UTC; derived from ingest + retention_days unless legal_hold=true).
|
||||
- `checksum` (algorithm: sha256/sha512, value hex).
|
||||
- `created_at` (ISO-8601 UTC).
|
||||
- Determinism: no additionalProperties; checksum recorded for audit; UTC timestamps only.
|
||||
- Tenant isolation: tenant_id mandatory; policy IDs may be per-tenant.
|
||||
|
||||
## Impacted Tasks
|
||||
- EVID-REPLAY-187-001, CLI-REPLAY-187-002, RUNBOOK-REPLAY-187-004 are unblocked on retention shape; implementation still required in corresponding modules.
|
||||
|
||||
## Next Steps
|
||||
- Wire schema validation in EvidenceLocker ingest and CLI replay commands.
|
||||
- Document retention defaults and legal-hold overrides in `docs/runbooks/replay_ops.md`.
|
||||
Reference in New Issue
Block a user