stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/signals/provenance-24-003.md
master 10212d67c0
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.
2025-11-20 07:50:52 +02:00

1.4 KiB
Raw Permalink Blame History

SIGNALS-24-003 · Provenance appendix checklist (v1)

Purpose: unblock provenance enrichment for runtime facts so SIGNALS-24-003 can advance once CAS promotion is approved.

Required fields (per runtime fact)

  • callgraph_id (matches CAS manifest id)
  • ingested_at (UTC ISO-8601), received_at
  • tenant
  • source (host/service emitting facts)
  • pipeline_version (git SHA or build ID)
  • provenance_hash (sha256 of raw fact blob)
  • signer (key id) and optional rekor_uuid or skip_reason: offline

Steps

  1. Freeze provenance JSON schema (provenance.runtime.fact.v1).
  2. Add enrichment stage writing provenance into CAS alongside runtime facts.
  3. Emit DSSE attestation per batch of runtime facts; store in CAS.
  4. Update /signals/runtime-facts/ndjson handler to return provenance_hash and callgraph_id when available.
  5. Add validation tests to ensure add-only evolution and deterministic ordering.

Deliverables

  • Schema file: docs/signals/provenance-24-003.md (this file) with field list and invariants.
  • Test fixtures: reuse tests/reachability/corpus/*/vex.openvex.json provenance anchors; add provenance_hash coverage to ReachabilityLatticeTests when available.

Owners

  • Signals Guild (implementation)
  • Runtime Guild (schema review)
  • Authority Guild (signing/attestation)

Status

  • Checklist published 2025-11-19; awaiting schema/signing approval to proceed.