/** * MongoDB indexes for DSSE provenance queries on the events collection. * Run with: mongosh stellaops_db < events_provenance_indices.js * * These indexes support: * - Proven VEX/SBOM/SCAN lookup by subject digest * - Compliance gap queries (unverified events) * - Rekor log index lookups * - Backfill service queries * * Created: 2025-11-27 (PROV-INDEX-401-030) * C# equivalent: src/StellaOps.Events.Mongo/MongoIndexes.cs */ // Switch to the target database (override via --eval "var dbName='custom'" if needed) const targetDb = typeof dbName !== 'undefined' ? dbName : 'stellaops'; db = db.getSiblingDB(targetDb); print(`Creating provenance indexes on ${targetDb}.events...`); // Index 1: Lookup proven events by subject digest + kind db.events.createIndex( { "subject.digest.sha256": 1, "kind": 1, "provenance.dsse.rekor.logIndex": 1 }, { name: "events_by_subject_kind_provenance", background: true } ); print(" - events_by_subject_kind_provenance"); // Index 2: Find unproven evidence by kind (compliance gap queries) db.events.createIndex( { "kind": 1, "trust.verified": 1, "provenance.dsse.rekor.logIndex": 1 }, { name: "events_unproven_by_kind", background: true } ); print(" - events_unproven_by_kind"); // Index 3: Direct Rekor log index lookup db.events.createIndex( { "provenance.dsse.rekor.logIndex": 1 }, { name: "events_by_rekor_logindex", background: true } ); print(" - events_by_rekor_logindex"); // Index 4: Envelope digest lookup (for backfill deduplication) db.events.createIndex( { "provenance.dsse.envelopeDigest": 1 }, { name: "events_by_envelope_digest", background: true, sparse: true } ); print(" - events_by_envelope_digest"); // Index 5: Timestamp + kind for compliance reporting time ranges db.events.createIndex( { "ts": -1, "kind": 1, "trust.verified": 1 }, { name: "events_by_ts_kind_verified", background: true } ); print(" - events_by_ts_kind_verified"); print("\nProvenance indexes created successfully."); print("Run 'db.events.getIndexes()' to verify.");