# Concelier schema bundle (CI1–CI10 remediation)

This folder publishes the signed JSON Schemas for Link-Not-Merge ingestion artifacts and the offline bundle manifest used by Offline Kit builds.

- `advisory-observation.schema.json` — canonical observation shape (provenance + content hash enforced).
- `advisory-linkset.schema.json` — linkset materialization with conflict reasons and deterministic IDs.
- `offline-advisory-bundle.schema.json` — manifest for air-gapped advisory bundles, including staleness and signature metadata.
- `schema.manifest.json` — digest manifest over all schemas.
- `schema.manifest.sig` — detached ECDSA (P-256) signature over the manifest (public key: `schema-signing-pub.pem`).
- `schema.manifest.sig.b64` — base64 view of the signature for air-gapped copy/paste.
- `samples/` — deterministic sample payloads for CI fixtures (see `tests` notes below).

## Verify locally (deterministic, offline)

```bash
# 1) Validate schemas are unchanged
sha256sum -c schema.manifest.json

# 2) Verify detached signature with the published public key
openssl dgst -sha256 -verify schema-signing-pub.pem \ 
  -signature schema.manifest.sig \ 
  schema.manifest.json
```

## Test coverage

The fixtures in `samples/` are consumed by `StellaOps.Concelier.Core.Tests` to assert:
- deterministic idempotency keys and conflict ordering (`Linksets/AdvisoryLinksetIdempotencyTests`),
- tenant normalization and signature requirements for observations (`Aoc/AdvisoryObservationWriteGuardTests`),
- offline bundle manifest validation (`Schemas/OfflineBundleSchemaTests`).

Keep the manifest and signature updated whenever schema files change. Keys are dev/test-only; production signing happens in the release pipeline.