up

2025-12-07 22:49:53 +02:00
parent 11597679ed
commit 7c24ed96ee
204 changed files with 23313 additions and 1430 deletions
--- a/src/Mirror/StellaOps.Mirror.Creator/TASKS.md
+++ b/src/Mirror/StellaOps.Mirror.Creator/TASKS.md
@@ -7,3 +7,4 @@
 | MIRROR-GAPS-125-013 | DONE | Mirror strategy gaps (MS1–MS10) encoded in mirror-policy and bundle meta. |
 | MIRROR-CRT-57-002 | DONE | Time-anchor DSSE emitted when SIGN_KEY is set; bundle meta + verifier check anchor integrity. |
 | MIRROR-CRT-58-001 | DONE | CLI wrappers (`mirror-create.sh`, `mirror-verify.sh`) for deterministic build/verify flows; uses existing assembler + verifier. |
+| MIRROR-CRT-58-002 | DOING (dev) | Export Center scheduling helper (`src/Mirror/StellaOps.Mirror.Creator/schedule-export-center-run.sh`) added; production signing still pending MIRROR-CRT-56-002 key. |
--- a/src/Mirror/StellaOps.Mirror.Creator/schedule-export-center-run.sh
+++ b/src/Mirror/StellaOps.Mirror.Creator/schedule-export-center-run.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Schedule an Export Center run for mirror bundles and emit an audit log entry.
+# Requires curl. Uses bearer token auth for simplicity; swap to DPoP if/when gateway enforces it.
+
+BASE_URL="${EXPORT_CENTER_BASE_URL:-http://localhost:8080}"
+TENANT="${EXPORT_CENTER_TENANT:-tenant-default}"
+PROJECT="${EXPORT_CENTER_PROJECT:-}"
+TOKEN="${EXPORT_CENTER_TOKEN:-}"
+PROFILE_ID="${1:-}"
+AUDIT_LOG="${AUDIT_LOG_PATH:-$(pwd)/logs/export-center-schedule.log}"
+
+if [[ -z "$PROFILE_ID" ]]; then
+  echo "usage: $(basename "$0") <profileId> [targets-json] [formats-json]" >&2
+  echo "env: EXPORT_CENTER_BASE_URL, EXPORT_CENTER_TENANT, EXPORT_CENTER_PROJECT, EXPORT_CENTER_TOKEN, AUDIT_LOG_PATH" >&2
+  exit 1
+fi
+
+TARGETS_JSON="${2:-[\"vex\",\"advisory\",\"policy\"]}"
+FORMATS_JSON="${3:-[\"json\",\"ndjson\"]}"
+
+mkdir -p "$(dirname "$AUDIT_LOG")"
+
+AUTH_HEADER=()
+if [[ -n "$TOKEN" ]]; then
+  AUTH_HEADER=(-H "Authorization: Bearer ${TOKEN}")
+fi
+
+payload="$(cat <<JSON
+{
+  "profileId": "${PROFILE_ID}",
+  "targets": ${TARGETS_JSON},
+  "formats": ${FORMATS_JSON},
+  "retentionDays": 30,
+  "priority": "normal"
+}
+JSON
+)"
+
+response="$(curl -sS -X POST "${BASE_URL}/export-center/runs" \
+  -H "Content-Type: application/json" \
+  -H "X-StellaOps-Tenant: ${TENANT}" \
+  $( [[ -n "$PROJECT" ]] && printf -- "-H X-StellaOps-Project: %s" "$PROJECT" ) \
+  "${AUTH_HEADER[@]}" \
+  --data "${payload}")"
+
+timestamp="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+echo "${timestamp} tenant=${TENANT} profile=${PROFILE_ID} response=${response}" >> "${AUDIT_LOG}"
+
+echo "${response}"