stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/signals/provenance-24-003.md
master 10212d67c0
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.
2025-11-20 07:50:52 +02:00

32 lines
1.4 KiB
Markdown
Raw Permalink Blame History

# SIGNALS-24-003 · Provenance appendix checklist (v1)
Purpose: unblock provenance enrichment for runtime facts so SIGNALS-24-003 can advance once CAS promotion is approved.
## Required fields (per runtime fact)
- `callgraph_id` (matches CAS manifest id)
- `ingested_at` (UTC ISO-8601), `received_at`
- `tenant`
- `source` (host/service emitting facts)
- `pipeline_version` (git SHA or build ID)
- `provenance_hash` (sha256 of raw fact blob)
- `signer` (key id) and optional `rekor_uuid` or `skip_reason: offline`
## Steps
1) Freeze provenance JSON schema (`provenance.runtime.fact.v1`).
2) Add enrichment stage writing provenance into CAS alongside runtime facts.
3) Emit DSSE attestation per batch of runtime facts; store in CAS.
4) Update `/signals/runtime-facts/ndjson` handler to return `provenance_hash` and `callgraph_id` when available.
5) Add validation tests to ensure add-only evolution and deterministic ordering.
## Deliverables
- Schema file: `docs/signals/provenance-24-003.md` (this file) with field list and invariants.
- Test fixtures: reuse `tests/reachability/corpus/*/vex.openvex.json` provenance anchors; add `provenance_hash` coverage to `ReachabilityLatticeTests` when available.
## Owners
- Signals Guild (implementation)
- Runtime Guild (schema review)
- Authority Guild (signing/attestation)
## Status
- Checklist published 2025-11-19; awaiting schema/signing approval to proceed.
Reference in New Issue View Git Blame Copy Permalink