# Findings Ledger Offline Kit Manifest
# Version: 2025.11.0
# Generated: 2025-12-07

apiVersion: stellaops.io/v1
kind: OfflineKitManifest
metadata:
  name: findings-ledger
  version: "2025.11.0"
  description: Findings Ledger service for event-sourced findings storage with Merkle anchoring

spec:
  components:
    - name: findings-ledger
      type: service
      image: stellaops/findings-ledger:2025.11.0
      digest: "" # Populated at build time

    - name: findings-ledger-migrations
      type: job
      image: stellaops/findings-ledger-migrations:2025.11.0
      digest: "" # Populated at build time

  dependencies:
    - name: postgresql
      version: ">=14.0"
      type: database
      required: true

    - name: otel-collector
      version: ">=0.80.0"
      type: service
      required: false
      description: Optional for telemetry export

  migrations:
    - version: "001"
      file: migrations/001_initial_schema.sql
      checksum: "" # Populated at build time
    - version: "002"
      file: migrations/002_merkle_tables.sql
      checksum: ""
    - version: "003"
      file: migrations/003_attachments.sql
      checksum: ""
    - version: "004"
      file: migrations/004_projections.sql
      checksum: ""
    - version: "005"
      file: migrations/005_airgap_imports.sql
      checksum: ""
    - version: "006"
      file: migrations/006_evidence_snapshots.sql
      checksum: ""
    - version: "007"
      file: migrations/007_timeline_events.sql
      checksum: ""
    - version: "008"
      file: migrations/008_attestation_pointers.sql
      checksum: ""

  dashboards:
    - name: findings-ledger
      file: dashboards/findings-ledger.json
      checksum: ""

  alerts:
    - name: findings-ledger-alerts
      file: alerts/findings-ledger-alerts.yaml
      checksum: ""

  configuration:
    required:
      - key: LEDGER__DB__CONNECTIONSTRING
        description: PostgreSQL connection string
        secret: true
      - key: LEDGER__ATTACHMENTS__ENCRYPTIONKEY
        description: AES-256 encryption key for attachments (base64)
        secret: true

    optional:
      - key: LEDGER__MERKLE__SIGNINGKEY
        description: Signing key for Merkle root attestations
        secret: true
      - key: LEDGER__OBSERVABILITY__OTLPENDPOINT
        description: OpenTelemetry collector endpoint
        default: http://otel-collector:4317
      - key: LEDGER__MERKLE__ANCHORINTERVAL
        description: Merkle anchor interval (TimeSpan)
        default: "00:05:00"
      - key: LEDGER__AIRGAP__ADVISORYSTALETHRESHOLD
        description: Advisory staleness threshold in seconds
        default: "604800"

  verification:
    healthEndpoint: /health/ready
    metricsEndpoint: /metrics
    expectedMetrics:
      - ledger_write_latency_seconds
      - ledger_projection_lag_seconds
      - ledger_merkle_anchor_duration_seconds
      - ledger_events_total

  checksums:
    algorithm: sha256
    manifest: "" # Populated at build time