1.6 KiB
1.6 KiB
Replay PostgreSQL Schema
Status: draft · applies to net10 replay pipeline (Sprint 0185)
Tables
replay_runs
- id: scan UUID (string, primary key)
- manifest_hash:
sha256:<hex>(unique) - status:
pending|verified|failed|replayed - created_at / updated_at: UTC ISO-8601
- signatures: JSONB
[{ profile, verified }](multi-profile DSSE verification) - outputs: JSONB
{ sbom, findings, vex?, log? }(all SHA-256 digests)
Indexes
runs_manifest_hash_unique:(manifest_hash)(unique)runs_status_created_at:(status, created_at DESC)
replay_bundles
- id: bundle digest hex (no
sha256:prefix) - type:
input|output|rootpack|reachability - size: bytes
- location: CAS URI
cas://replay/<prefix>/<digest>.tar.zst - created_at: UTC ISO-8601
Indexes
bundles_type:(type, created_at DESC)bundles_location:(location)
replay_subjects
- id: OCI image digest (
sha256:<hex>) - layers: JSONB
[{ layer_digest, merkle_root, leaf_count }]
Indexes
subjects_layer_digest: GIN index onlayersfor layer_digest lookups
Determinism & constraints
- All timestamps stored as UTC.
- Digests are lowercase hex; CAS URIs must follow
cas://<prefix>/<shard>/<digest>.tar.zstwhere<shard>= first two hex chars. - No external references; embed minimal metadata only (feed/policy hashes live in replay manifest).
Client models
- Implemented in
src/__Libraries/StellaOps.Replay.Core/ReplayPostgresModels.cswith matching index name constants (ReplayIndexes). - Serialization uses System.Text.Json with snake_case property naming; field names match table schema above.