stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
44248482836423b62d07e1e00d78de38a7e3bcad
git.stella-ops.org/docs/modules/evidence-locker/portable-audit-pack-parquet-profile.md
master cf5b72974f save checkpoint
2026-02-11 01:32:14 +02:00

1.5 KiB
Raw Blame History

Portable Audit Pack Parquet Profile (Optional)

Status: Optional profile contract for implementation handoff (2026-02-10).

Positioning

components.parquet is optional and must not be required for baseline pack verification.

Manifest integration

When present, manifest.files["components.parquet"] must include:

  • sha256
  • size
  • content_type = application/x-parquet
  • compression = snappy
  • schema_fingerprint

Recommended schema columns

  • package_name (STRING)
  • package_version (STRING)
  • purl (STRING)
  • license (STRING)
  • component_hash_sha256 (STRING)
  • artifact_digest_sha256 (STRING)
  • cve_id (STRING, nullable)
  • vex_status (STRING, nullable)
  • introduced_range (STRING, nullable)
  • fixed_version (STRING, nullable)
  • source_bom_sha256 (STRING)

Determinism rules

  • Stable row ordering: (artifact_digest_sha256, package_name, package_version, purl).
  • Stable column ordering exactly as listed above.
  • Stable Parquet writer settings pinned by version and compression codec.
  • schema_fingerprint must be reproducible from logical schema definition.

Feature gating

  • Default profile: disabled.
  • Enable only with explicit profile flag.
  • Verification ignores Parquet content when absent.
  • Verification fails with ERR_PARQUET_FINGERPRINT_MISMATCH when present but invalid.

Operator guidance

  • Use Parquet profile for fleet-level offline analytics.
  • Keep analytics ingestion separate from baseline release gate verification.