0de92144d2
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
mock-dev-release / package-mock-release (push) Has been cancelled
- Added ConsoleExportClient for managing export requests and responses. - Introduced ConsoleExportRequest and ConsoleExportResponse models. - Implemented methods for creating and retrieving exports with appropriate headers. feat(crypto): Add Software SM2/SM3 Cryptography Provider - Implemented SmSoftCryptoProvider for software-only SM2/SM3 cryptography. - Added support for signing and verification using SM2 algorithm. - Included hashing functionality with SM3 algorithm. - Configured options for loading keys from files and environment gate checks. test(crypto): Add unit tests for SmSoftCryptoProvider - Created comprehensive tests for signing, verifying, and hashing functionalities. - Ensured correct behavior for key management and error handling. feat(api): Enhance Console Export Models - Expanded ConsoleExport models to include detailed status and event types. - Added support for various export formats and notification options. test(time): Implement TimeAnchorPolicyService tests - Developed tests for TimeAnchorPolicyService to validate time anchors. - Covered scenarios for anchor validation, drift calculation, and policy enforcement.
2.7 KiB
2.7 KiB
Export Center Gateway Contract (draft placeholder)
Status: Draft v0.2 · owner-proposed
Scope
- Profile, run, download, and distribution routes proxied via Web gateway.
- Tenant scoping, RBAC/ABAC, streaming limits, retention/encryption parameters, signed URL policy.
Endpoints
GET /export-center/profiles— list export profiles (tenant-scoped).POST /export-center/runs— start an export run.GET /export-center/runs/{runId}— run status and artifacts.GET /export-center/runs/{runId}/events— SSE for run progress.GET /export-center/distributions/{id}— fetch signed URLs for OCI/object storage distribution.
Security / headers
Authorization: DPoP <token>;DPoP: <proof>X-StellaOps-Tenant: <tenantId>(required)X-StellaOps-Project: <projectId>(optional)Idempotency-Key(recommended for POST)- Required scopes (proposal):
export:read,export:write.
Request: POST /export-center/runs
{
"profileId": "export-profile::tenant-default::daily-vex",
"targets": ["vex", "advisory", "policy"],
"formats": ["json", "ndjson"],
"distribution": {
"type": "oci",
"ref": "registry.local/exports/daily",
"signing": { "enabled": true, "keyRef": "k8s://secrets/eks/oci-signer" }
},
"retentionDays": 30,
"encryption": { "enabled": true, "kmsKey": "kms://tenant-default/key1" },
"priority": "normal"
}
Response: 202 Accepted
runId,status: queued|running|succeeded|failed|expired,estimateSeconds,retryAfter.
Response: GET run
{
"runId": "export-run::tenant-default::2025-12-06::0003",
"status": "running",
"profileId": "export-profile::tenant-default::daily-vex",
"startedAt": "2025-12-06T10:00:00Z",
"outputs": [
{ "type": "manifest", "format": "json", "url": "https://exports.local/.../manifest.json?sig=...", "sha256": "...", "expiresAt": "2025-12-06T16:00:00Z" }
],
"progress": { "percent": 35, "itemsCompleted": 70, "itemsTotal": 200 },
"errors": []
}
SSE events
started,progress,artifact_ready(url, sha256, type),completed,failed(code, message).
Limits (proposal)
- Max request body 256 KiB; max targets 50; default timeout 60 minutes.
- Idle SSE timeout 60s; backoff with
Retry-After.
Error codes (proposal)
ERR_EXPORT_PROFILE_NOT_FOUNDERR_EXPORT_REQUEST_INVALIDERR_EXPORT_TOO_LARGEERR_EXPORT_RATE_LIMITERR_EXPORT_DISTRIBUTION_FAILED
Samples
- Profile list sample: todo
- Run request/response: see above snippets.
- Events NDJSON: todo
Outstanding (for finalization)
- Confirm scopes, limits, distribution signing rules, and manifest checksum requirements.
- Provide full OpenAPI/JSON schema and sample artifacts for OCI/object storage distributions.