stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

compose and authority fixes. finish sprints.

Browse Source
This commit is contained in:
master
2026-02-17 21:59:47 +02:00
parent fb46a927ad
commit 49cdebe2f1
187 changed files with 23189 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/modules/evidence-locker/export-format.md
View File

@@ -288,6 +288,24 @@ Write-Host "=== Verification Complete: PASSED ===" -ForegroundColor Green
- File extension: `.openvex.json`
- Location: `vex/statements/`
### Runtime Witness Triplets (MWD-004)
Runtime micro-witnesses are exported under `runtime-witnesses/` as deterministic triplets grouped by `witness_id`:
| Artifact | MIME Type | File Pattern |
|----------|-----------|--------------|
| Trace payload | `application/vnd.stellaops.witness.v1+json` | `runtime-witnesses/<witness-id>/trace.json` |
| DSSE envelope | `application/vnd.dsse.envelope+json` | `runtime-witnesses/<witness-id>/trace.dsse.json` |
| Sigstore bundle | `application/vnd.dev.sigstore.bundle.v0.3+json` | `runtime-witnesses/<witness-id>/trace.sigstore.json` |
Manifest/index entries for these artifacts carry deterministic replay keys:
- `build_id`
- `kernel_release`
- `probe_id`
- `policy_run_id`
Offline replay validation is bundle-contained: `trace.json`, `trace.dsse.json`, and `trace.sigstore.json` are validated together without external lookups.
## Export Options
### CLI Command