150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
1.7 KiB
1.7 KiB
Excititor Timeline Events (OBS-52-001)
Defines the event envelope for evidence timelines emitted by Excititor. All fields are aggregation-only; no consensus/merge logic.
Envelope
{
"type": "excititor.timeline.v1",
"tenant": "default",
"eventId": "urn:uuid:...",
"timestamp": "2025-11-23T23:10:00Z",
"traceId": "beefcafe...",
"spanId": "deadb33f...",
"source": "excititor.web",
"kind": "observation|linkset",
"action": "ingest|update|backfill|replay",
"observationId": "vex:obs:sha256:...",
"linksetId": "CVE-2024-0001:pkg:maven/org.demo/app@1.2.3",
"justifications": ["component_not_present"],
"conflicts": [
{"providerId": "suse-csaf", "status": "fixed", "justification": null}
],
"evidenceHash": "sha256:...", // content-addressed payload hash
"dsseEnvelopeHash": "sha256:...", // if attested (see OBS-54-001)
"metadata": {"connector": "ubuntu-csaf", "mirrorGeneration": 12}
}
Semantics
eventIdis stable per write; retries reuse the same ID.timestampmust be UTC; derive from TimeProvider.traceId/spanIdpropagate ingestion traces; if tracing is disabled, set both tonull.kind+actiondrive downstream storage and alerting.evidenceHashis the raw document hash;dsseEnvelopeHashappears only when OBS-54-001 is enabled.
Determinism
- Sort
justificationsandconflictsascending by providerId/status before emit. - Emit at-most-once per storage write; idempotent consumers rely on
(eventId, tenant).
Transport
- Default topic:
excititor.timeline.v1(NATS/Redis). Subject includes tenant:excititor.timeline.v1.<tenant>. - Payload size should stay <32 KiB; truncate conflict arrays with
truncated=trueflag if needed (keep hash counts deterministic).