{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://stellaops.io/schemas/export-center/export-manifest.schema.json", "title": "StellaOps Export Manifest", "description": "Schema for run manifests, attestations, integrity headers, and quota/backpressure metadata (EC2–EC9).", "type": "object", "required": [ "schema", "version", "exportId", "profile", "tenant", "selectors", "generatedAt", "contents" ], "properties": { "schema": { "type": "string", "const": "https://stellaops.io/export-center/manifest/v1alpha2" }, "version": { "type": "string", "pattern": "^1\\.1\\.[0-9]+$" }, "exportId": { "type": "string", "pattern": "^[a-z0-9-]{6,64}$" }, "runId": { "type": "string", "pattern": "^[a-z0-9-]{6,64}$" }, "profile": { "type": "object", "required": ["kind", "variant", "name"], "properties": { "kind": { "type": "string", "enum": ["json", "trivy", "mirror", "devportal", "attestation"] }, "variant": { "type": "string", "enum": ["raw", "policy", "db", "java-db", "full", "delta", "offline", "bundle"] }, "name": { "type": "string", "pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$" }, "revision": { "type": "string", "pattern": "^r[0-9]+$" } }, "additionalProperties": false }, "tenant": { "type": "string", "pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$" }, "selectors": { "$ref": "#/$defs/selectors" }, "generatedAt": { "type": "string", "format": "date-time" }, "rerunHash": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" }, "contents": { "type": "array", "items": { "type": "object", "required": ["path", "digest", "bytes"], "properties": { "path": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" }, "digest": { "$ref": "#/$defs/digest" }, "bytes": { "type": "integer", "minimum": 0 }, "records": { "type": "integer", "minimum": 0 }, "contentType": { "type": "string" } }, "additionalProperties": false } }, "delta": { "type": "object", "required": ["baseExportId", "baseManifestDigest", "tombstones"], "properties": { "baseExportId": { "type": "string", "pattern": "^[a-z0-9-]{6,64}$" }, "baseManifestDigest": { "$ref": "#/$defs/digest" }, "tombstones": { "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" } }, "added": { "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" } }, "removed": { "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9._/-]+$" } } }, "additionalProperties": false }, "integrity": { "type": "object", "required": ["httpHeaders", "oci"], "properties": { "httpHeaders": { "type": "object", "required": ["Digest", "X-Stella-Signature"], "properties": { "Digest": { "type": "string", "pattern": "^sha-256=[A-Za-z0-9+/=]+$" }, "X-Stella-Signature": { "type": "string" }, "X-Stella-Immutability": { "type": "string" } }, "additionalProperties": false }, "oci": { "type": "object", "required": ["annotations"], "properties": { "annotations": { "type": "object", "required": [ "io.stellaops.export.profile", "io.stellaops.export.run", "io.stellaops.export.manifest-digest", "io.stellaops.export.provenance-ref" ], "properties": { "io.stellaops.export.profile": { "type": "string" }, "io.stellaops.export.run": { "type": "string" }, "io.stellaops.export.manifest-digest": { "$ref": "#/$defs/digest" }, "io.stellaops.export.provenance-ref": { "type": "string" }, "org.opencontainers.image.ref.name": { "type": "string" } } } }, "additionalProperties": false } }, "additionalProperties": false }, "attestations": { "type": "object", "required": ["provenanceRef", "dsseEnvelope", "slsaLevel", "log"], "properties": { "provenanceRef": { "type": "string" }, "dsseEnvelope": { "type": "string" }, "slsaLevel": { "type": "string" }, "log": { "type": "object", "required": ["kind", "logId", "logIndex", "entryDigest", "timestamp"], "properties": { "kind": { "type": "string", "enum": ["hashedrekord", "rekor"] }, "logId": { "type": "string" }, "logIndex": { "type": "integer", "minimum": 0 }, "entryDigest": { "$ref": "#/$defs/digest" }, "timestamp": { "type": "string", "format": "date-time" } }, "additionalProperties": false } }, "additionalProperties": false }, "distribution": { "type": "object", "properties": { "http": { "type": "object", "properties": { "enabled": { "type": "boolean" }, "retentionDays": { "type": "integer", "minimum": 1, "maximum": 3650 }, "etag": { "type": "string" }, "rangeRequests": { "type": "boolean" } }, "additionalProperties": false }, "oci": { "type": "object", "properties": { "enabled": { "type": "boolean" }, "reference": { "type": "string" } }, "additionalProperties": false }, "object": { "type": "object", "properties": { "enabled": { "type": "boolean" }, "bucket": { "type": "string" }, "prefix": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false }, "encryption": { "type": "object", "properties": { "mode": { "type": "string", "enum": ["age", "aes-gcm"] }, "recipients": { "type": "array", "items": { "type": "object", "required": ["keyId", "fingerprint"], "properties": { "keyId": { "type": "string" }, "fingerprint": { "type": "string" }, "wrappedKey": { "type": "string" } }, "additionalProperties": false } }, "strict": { "type": "boolean" } }, "additionalProperties": false }, "approval": { "type": "object", "properties": { "required": { "type": "boolean" }, "reason": { "type": "string" }, "approvedBy": { "type": "string" }, "ticket": { "type": "string" } }, "additionalProperties": false }, "quotas": { "type": "object", "properties": { "maxActiveRuns": { "type": "integer", "minimum": 1, "maximum": 32 }, "maxQueuedRuns": { "type": "integer", "minimum": 1, "maximum": 512 }, "backpressureMode": { "type": "string", "enum": ["reject", "defer", "throttle"] }, "cpuThrottlePercent": { "type": "integer", "minimum": 1, "maximum": 100 } }, "additionalProperties": false } }, "additionalProperties": false, "$defs": { "digest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" }, "selectors": { "type": "object", "properties": { "tenants": { "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9*.-]+$" }, "uniqueItems": true }, "products": { "type": "array", "items": { "type": "string", "pattern": "^pkg:[A-Za-z0-9.+\\-_/:@*]+$" } }, "timeWindow": { "oneOf": [ { "type": "string", "pattern": "^[0-9]+d$" }, { "type": "string", "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}/[0-9]{4}-[0-9]{2}-[0-9]{2}$" } ] }, "severities": { "type": "array", "items": { "type": "string", "enum": ["critical", "high", "medium", "low", "info"] }, "uniqueItems": true }, "ecosystems": { "type": "array", "items": { "type": "string", "enum": ["npm", "maven", "pypi", "nuget", "go", "cargo", "rpm", "deb", "apk", "java"] }, "uniqueItems": true } }, "additionalProperties": false } } }