stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
0987cd6ac81edc2540d8abce362e822e2f0ecef3
git.stella-ops.org/docs/implplan/archived/2025-11-24-export-mirror-orch-1501.md
StellaOps Bot 49922dff5a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Details
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Details
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Details
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Risk Bundle CI / risk-bundle-build (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Risk Bundle CI / risk-bundle-offline-kit (push) Has been cancelled
Details
Risk Bundle CI / publish-checksums (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
up the blokcing tasks
2025-12-11 02:32:18 +02:00

1.3 KiB
Raw Blame History

Export / Orchestrator Mirror Hook — EXPORT-MIRROR-ORCH-1501

Date: 2025-11-24 Owners: Exporter Guild · CLI Guild Scope: Define orchestration/export hook payload when mirror bundles become ready so CLI/automation can consume without Ops backlog leakage.

Hook payload

Event: mirror.ready Fields (deterministic, lower-case keys):

  • bundleId (string)
  • generation (string/number-as-string, matches mirrorGeneration)
  • generatedAt (ISO-8601 UTC)
  • manifestDigest (sha256:… of mirror.json)
  • dsseDigest (sha256:… of mirror.dsse payload)
  • location (URI or offline path where bundle is staged)
  • rekorUUID (optional; present when transparency entry exists)

Behavior

  • Emitted by ExportCenter/Orchestrator when mirror bundle artifacts land in staging.
  • At-least-once; consumers must de-dup by (bundleId,generation).
  • No external fetches; payload entirely local/offline friendly.

Actions

  • Exporter Guild: add hook emission to bundle pipeline; include mirror.dsse.json header path in payload for CLI verification.
  • CLI Guild: subscribe to mirror.ready; surface manifest/dsse digests and location in stella mirror status.

Risks

  • Field names may shift with ExportCenter manifest v1.1; keep aliasing if needed.
  • Rekor optional; CLI should warn when absent but proceed with local verification.