git.stella-ops.org/ops/devops/ledger/oas-infrastructure.md

# Findings Ledger OpenAPI Infrastructure

## Scope
Infrastructure for Ledger OAS lint, publish, SDK generation, and deprecation governance.

## Tasks Covered
- DEVOPS-LEDGER-OAS-61-001-REL: Lint/diff/publish gates
- DEVOPS-LEDGER-OAS-61-002-REL: `.well-known/openapi` validation
- DEVOPS-LEDGER-OAS-62-001-REL: SDK generation/signing
- DEVOPS-LEDGER-OAS-63-001-REL: Deprecation governance

## File Structure
```
ops/devops/ledger/
├── oas-infrastructure.md (this file)
├── validate-oas.sh        # Lint + validate OAS spec
├── generate-sdk.sh        # Generate and sign SDK
├── publish-oas.sh         # Publish to .well-known
└── deprecation-policy.yaml # Deprecation rules

.gitea/workflows/
├── ledger-oas-ci.yml      # OAS lint/validate/diff
├── ledger-sdk-release.yml # SDK generation
└── ledger-oas-publish.yml # Publish spec
```

## Prerequisites
- Findings Ledger OpenAPI spec at `api/ledger/openapi.yaml`
- Version info in spec metadata
- Examples for each endpoint

## Usage

### Validate OAS
```bash
./ops/devops/ledger/validate-oas.sh api/ledger/openapi.yaml
```

### Generate SDK
```bash
# Dev mode
COSIGN_ALLOW_DEV_KEY=1 ./ops/devops/ledger/generate-sdk.sh

# Production
./ops/devops/ledger/generate-sdk.sh
```

### Publish to .well-known
```bash
./ops/devops/ledger/publish-oas.sh --environment staging
```

## Outputs
- `out/ledger/sdk/` - Generated SDK packages
- `out/ledger/oas/` - Validated spec + diff reports
- `out/ledger/deprecation/` - Deprecation reports