# Downloads workspace

Purpose
- Centralize signed artifacts, export bundles, and offline kit parity checks.
- Provide CLI parity commands for reproducible artifact acquisition.

Access and dependencies
- Route: /console/downloads with /console/downloads/:artifactId detail drawer.
- Scopes: downloads.read; downloads.manage for cancel or expire exports.
- Depends on downloads manifest, offline kit metadata, and export orchestrator.
- Feature flags: downloads.workspace.enabled, downloads.exportQueue, downloads.offlineParity.

Workspace layout
- Header shows manifest version, generatedAt, and signature status.
- Cards for latest release, offline kit parity, export queue depth.
- Tabs: artifacts, exports, offline kits, webhooks.
- Filter bar: channel, kind, architecture, tags.

Artifact catalog
- Core containers, helm charts, compose bundles, offline kits, evidence exports, webhook configs.
- Detail drawer shows metadata, provenance, commands, and history.
- Digest-only pulls are the default; commands include arch hints.

Manifest structure
- version: monotonically increasing release integer.
- generatedAt: ISO-8601 UTC timestamp.
- signature: detached signature for manifest.json.
- artifacts: ordered entries with id, kind, channel, version, digest, sizeBytes, downloadUrl, signatureUrl, sbomUrl, attestationUrl, docs, tags.
- Console caches the manifest hash and highlights version changes.

Download statuses
- Ready: immutable artifacts with verified digests.
- Pending export: queued bundles with owner and ETA.
- Processing: stages collecting, compressing, signing.
- Delivered: download links and resume tokens.
- Expired: retention exceeded, regenerate via CLI.

CLI parity
- Copy buttons produce docker pull and oras copy commands with digests.
- Helm and compose commands include values and env file hints.
- Offline kit verification sequence includes cosign verify-blob.
- Export entries include stella runs export or stella findings export commands.
- Webhook tab provides curl subscription snippets.

Offline and air-gap workflow
- Offline users import offline-manifest.json with detached signature.
- UI warns when offline manifest lags online by more than a week.
- Mirror commands copy images to internal registries with custom trust roots.
- Parity checks highlight diff between offline kit contents and manifest digests.
- Audit logs record ui.download.commandCopied with artifact ID and digest.

Observability and quotas
- ui_download_manifest_refresh_seconds for manifest fetch and verify.
- ui_download_export_queue_depth from the downloads API.
- ui_download_command_copied_total from console logs.
- downloads.export.duration histograms for export generation.
- downloads.quota.remaining warns on quota saturation.