# Replay PostgreSQL Schema

Status: draft · applies to net10 replay pipeline (Sprint 0185)

## Tables

### replay_runs
- **id**: scan UUID (string, primary key)
- **manifest_hash**: `sha256:<hex>` (unique)
- **status**: `pending|verified|failed|replayed`
- **created_at / updated_at**: UTC ISO-8601
- **signatures**: JSONB `[{ profile, verified }]` (multi-profile DSSE verification)
- **outputs**: JSONB `{ sbom, findings, vex?, log? }` (all SHA-256 digests)

**Indexes**
- `runs_manifest_hash_unique`: `(manifest_hash)` (unique)
- `runs_status_created_at`: `(status, created_at DESC)`

### replay_bundles
- **id**: bundle digest hex (no `sha256:` prefix)
- **type**: `input|output|rootpack|reachability`
- **size**: bytes
- **location**: CAS URI `cas://replay/<prefix>/<digest>.tar.zst`
- **created_at**: UTC ISO-8601

**Indexes**
- `bundles_type`: `(type, created_at DESC)`
- `bundles_location`: `(location)`

### replay_subjects
- **id**: OCI image digest (`sha256:<hex>`)
- **layers**: JSONB `[{ layer_digest, merkle_root, leaf_count }]`

**Indexes**
- `subjects_layer_digest`: GIN index on `layers` for layer_digest lookups

## Determinism & constraints
- All timestamps stored as UTC.
- Digests are lowercase hex; CAS URIs must follow `cas://<prefix>/<shard>/<digest>.tar.zst` where `<shard>` = first two hex chars.
- No external references; embed minimal metadata only (feed/policy hashes live in replay manifest).

## Client models
- Implemented in `src/__Libraries/StellaOps.Replay.Core/ReplayPostgresModels.cs` with matching index name constants (`ReplayIndexes`).
- Serialization uses System.Text.Json with snake_case property naming; field names match table schema above.