stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
417ef832025fb0ee05099479c3b0a7b685753c42
git.stella-ops.org/docs/data/replay_schema.md
master 417ef83202
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
Add unit and integration tests for VexCandidateEmitter and SmartDiff repositories 
- Implemented comprehensive unit tests for VexCandidateEmitter to validate candidate emission logic based on various scenarios including absent and present APIs, confidence thresholds, and rate limiting.
- Added integration tests for SmartDiff PostgreSQL repositories, covering snapshot storage and retrieval, candidate storage, and material risk change handling.
- Ensured tests validate correct behavior for storing, retrieving, and querying snapshots and candidates, including edge cases and expected outcomes.
2025-12-16 19:00:09 +02:00

1.6 KiB
Raw Blame History

Replay PostgreSQL Schema

Status: draft · applies to net10 replay pipeline (Sprint 0185)

Tables

replay_runs

  • id: scan UUID (string, primary key)
  • manifest_hash: sha256:<hex> (unique)
  • status: pending|verified|failed|replayed
  • created_at / updated_at: UTC ISO-8601
  • signatures: JSONB [{ profile, verified }] (multi-profile DSSE verification)
  • outputs: JSONB { sbom, findings, vex?, log? } (all SHA-256 digests)

Indexes

  • runs_manifest_hash_unique: (manifest_hash) (unique)
  • runs_status_created_at: (status, created_at DESC)

replay_bundles

  • id: bundle digest hex (no sha256: prefix)
  • type: input|output|rootpack|reachability
  • size: bytes
  • location: CAS URI cas://replay/<prefix>/<digest>.tar.zst
  • created_at: UTC ISO-8601

Indexes

  • bundles_type: (type, created_at DESC)
  • bundles_location: (location)

replay_subjects

  • id: OCI image digest (sha256:<hex>)
  • layers: JSONB [{ layer_digest, merkle_root, leaf_count }]

Indexes

  • subjects_layer_digest: GIN index on layers for layer_digest lookups

Determinism & constraints

  • All timestamps stored as UTC.
  • Digests are lowercase hex; CAS URIs must follow cas://<prefix>/<shard>/<digest>.tar.zst where <shard> = first two hex chars.
  • No external references; embed minimal metadata only (feed/policy hashes live in replay manifest).

Client models

  • Implemented in src/__Libraries/StellaOps.Replay.Core/ReplayPostgresModels.cs with matching index name constants (ReplayIndexes).
  • Serialization uses System.Text.Json with snake_case property naming; field names match table schema above.