stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
49922dff5ad4435420dac177e832ba4290ceaea9
git.stella-ops.org/docs/signals/cas-promotion-24-002.md
master 10212d67c0
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.
2025-11-20 07:50:52 +02:00

1.6 KiB
Raw Blame History

SIGNALS-24-002 · CAS promotion checklist (v1)

Purpose: unblock CAS promotion + signed manifest rollout for callgraph storage so SIGNALS-24-002 can move from BLOCKED to implementation.

Preconditions

  • CAS bucket created for signals-callgraphs with write limited to Signals service principals.
  • Surface bundle mock hash recorded; real scanner cache ETA published.
  • Signed manifest tooling available (sigstore or in-house signer) with add-only policy.

Steps

  1. Freeze manifest schema (fields: graph_id, digest, language, source, created, signer, signature).
  2. Generate manifests for existing callgraphs; store under cas://signals/manifests/{graph_id}.json.
  3. Sign each manifest; attach DSSE envelope; store under cas://signals/manifests/{graph_id}.json.dsse.
  4. Apply bucket policy: read-only for downstream, write for Signals service; deny deletes.
  5. Configure GC policy: retain manifests indefinitely; callgraph blobs keep 30d rolling unless referenced.
  6. Enable alerts for failed retrievals and missing manifest/DSSE pairs.
  7. Record hash list and signer key IDs in release notes.

Deliverables

  • Policy document + proof of applied IAM
  • Manifest schema JSON
  • Signed manifest samples (see tests)
  • Hash list of all published callgraphs (sha256)

Evidence locations (repo paths)

  • Policy & schema: docs/signals/cas-promotion-24-002.md (this file)
  • Sample manifest + DSSE: tests/reachability/corpus/manifest.json (already present) maps to expected structure.

Owners

  • Signals Guild (implementation)
  • Platform Storage Guild (policy/approvals)

Status

  • Checklist published 2025-11-19; awaiting Platform Storage approval to proceed.