# Zastava Wave Prep — PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS

Status: **Ready for implementation** (2025-11-20)
Owners: Zastava Observer/Webhook Guilds · Surface Guild
Scope: Document Surface.FS cache drop plan and Surface.Env helper ownership/unseal steps to unblock Zastava runtime work.

## Decisions captured
- Surface.FS cache drop cadence: daily at 02:00 UTC with retention of last 3 snapshots; manual invalidate via `/admin/cache/drop` with DSSE auth.
- Surface.Env helper ownership: Surface Guild maintains helper; Zastava consumers read via sealed secret `SURFACE_ENV_CONFIG` injected per-tenant.
- Secrets rotation: quarterly or on incident; DSSE-signed env bundle stored in sealed S3 bucket `surface-env-bundles/tenant/{id}`.

## Deliverables for implementation teams
- Publish cache drop runbook under `docs/modules/zastava/runbooks/surface-fs-cache-drop.md` (owner Surface Guild).
- Publish env helper schema & sample at `docs/modules/zastava/surface-env-helper.sample.yaml` with hash file.
- Add checklist to Zastava admission hooks to verify `SURFACE_ENV_CONFIG` exists and DSSE signature matches Surface root.

## Acceptance criteria
- Written runbook + sample helper schema available at the paths above.
- Cache drop schedule and manual invalidate command documented with DSSE requirement.
- Zastava tasks can consume helper without requiring further schema decisions.