45 lines
1.6 KiB
Markdown
45 lines
1.6 KiB
Markdown
# Replay Mongo Schema
|
|
|
|
Status: draft · applies to net10 replay pipeline (Sprint 0185)
|
|
|
|
## Collections
|
|
|
|
### replay_runs
|
|
- **_id**: scan UUID (string, primary key)
|
|
- **manifestHash**: `sha256:<hex>` (unique)
|
|
- **status**: `pending|verified|failed|replayed`
|
|
- **createdAt / updatedAt**: UTC ISO-8601
|
|
- **signatures[]**: `{ profile, verified }` (multi-profile DSSE verification)
|
|
- **outputs**: `{ sbom, findings, vex?, log? }` (all SHA-256 digests)
|
|
|
|
**Indexes**
|
|
- `runs_manifestHash_unique`: `{ manifestHash: 1 }` (unique)
|
|
- `runs_status_createdAt`: `{ status: 1, createdAt: -1 }`
|
|
|
|
### replay_bundles
|
|
- **_id**: bundle digest hex (no `sha256:` prefix)
|
|
- **type**: `input|output|rootpack|reachability`
|
|
- **size**: bytes
|
|
- **location**: CAS URI `cas://replay/<prefix>/<digest>.tar.zst`
|
|
- **createdAt**: UTC ISO-8601
|
|
|
|
**Indexes**
|
|
- `bundles_type`: `{ type: 1, createdAt: -1 }`
|
|
- `bundles_location`: `{ location: 1 }`
|
|
|
|
### replay_subjects
|
|
- **_id**: OCI image digest (`sha256:<hex>`)
|
|
- **layers[]**: `{ layerDigest, merkleRoot, leafCount }`
|
|
|
|
**Indexes**
|
|
- `subjects_layerDigest`: `{ "layers.layerDigest": 1 }`
|
|
|
|
## Determinism & constraints
|
|
- All timestamps stored as UTC.
|
|
- Digests are lowercase hex; CAS URIs must follow `cas://<prefix>/<shard>/<digest>.tar.zst` where `<shard>` = first two hex chars.
|
|
- No external references; embed minimal metadata only (feed/policy hashes live in replay manifest).
|
|
|
|
## Client models
|
|
- Implemented in `src/__Libraries/StellaOps.Replay.Core/ReplayMongoModels.cs` with matching index name constants (`ReplayIndexes`).
|
|
- Serialization uses MongoDB.Bson defaults; camelCase field names match collection schema above.
|