stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d519782a8f0b30f425c9b6ae0f316b19259972a2
git.stella-ops.org/docs/modules/evidence-locker/replay-payload-contract.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

1.1 KiB
Raw Blame History

Replay Payload Contract (Prep for PREP-EVID-REPLAY-187-001)

Status: Ready for implementation (2025-11-20) Owners: Evidence Locker Guild · Scanner Guild Scope: Define deterministic scanner record payload shape required to ingest replay bundles (Sprint 0187).

Payload shape

  • NDJSON per record; sorted by recordedAtUtc then scanId.
  • Fields:
    • scanId (GUID), tenantId, subjectDigest (sha256:...), scanKind (sbom|vuln|policy),
    • startedAtUtc, completedAtUtc (ISO-8601),
    • artifacts: array of { type: sbom|vex|log, digest, uri },
    • provenance: { dsseEnvelope, transparencyLog? } (base64 DSSE; optional Rekor entry),
    • summary: { findings: int, advisories: int, policies: int }.
  • Determinism: no wall-clock except the recorded timestamps above; DSSE envelope copied verbatim from scanner output.

Acceptance criteria

  • Scanner Guild provides sample NDJSON (10 records) with DSSE envelope redacted allowed.
  • Evidence Locker can ingest and store bundle with deterministic ordering and hash (SHA256) across runs.
  • Contract published here and referenced in Sprint 0187 P1/P2/P3.