35c8f9216f
- Introduced `BinaryReachabilityLifterTests` to validate binary lifting functionality. - Created `PackRunWorkerOptions` for configuring worker paths and execution persistence. - Added `TimelineIngestionOptions` for configuring NATS and Redis ingestion transports. - Implemented `NatsTimelineEventSubscriber` for subscribing to NATS events. - Developed `RedisTimelineEventSubscriber` for reading from Redis Streams. - Added `TimelineEnvelopeParser` to normalize incoming event envelopes. - Created unit tests for `TimelineEnvelopeParser` to ensure correct field mapping. - Implemented `TimelineAuthorizationAuditSink` for logging authorization outcomes.
Link-Not-Merge v1 Fixtures
Status: Awaiting drop (2025-11-22)
Expected contents (all JSON, canonicalized, UTF-8):
projections.json— canonical SBOM projection payloads keyed by snapshot ID.assets.json— asset metadata overlays (tenant-scoped, append-only).paths.json— ordered dependency paths with runtime flags and blast-radius hints.events.json—sbom.version.createdenvelopes aligned to CAS/provenance fields.schema-version.txt— git SHA / semantic version of the frozen projection schema.SHA256SUMS— checksums for all files above.
Drop instructions:
- Place files in this directory and update
SHA256SUMSviasha256sum *.json *.txt > SHA256SUMS. - Keep ordering stable; prefer NDJSON converted to JSON arrays only if deterministic sorting is applied.
- Record drop commit in sprint 0140/0142 Execution Logs and link here.
Consumers:
- SBOM-SERVICE-21-001..004 implementation and tests.
- Advisory AI and Console replay suites.
- AirGap parity review (
docs/modules/sbomservice/runbooks/airgap-parity-review.md).