Expand description
Stateless distributor for pre-signed rollout manifests; CP holds no signing key.
Structs§
Functions§
- derive_
terminal π - Map a host_rollout_records row to the CLIβs (terminal_state, terminal_at)
pair. Open =
None. - events π
GET /v1/rollouts/{rolloutId}/eventsβ chronological event-log stream for a rollout (RFC-0005 Β§10.5 + Plan 04 Β§βEvent log schemaβ).- hosts π
GET /v1/rollouts/{rolloutId}/hostsβ per-host summary for a rollout.- lifecycle π
GET /v1/rollouts/{rolloutId}/lifecycle- supersession state for the rollout, sourced solely from the rollouts table. Returns 404 for any rid not tracked there.- list_
active π GET /v1/rollouts- enumerate active (non-superseded) rollouts with per-host state pulled fromhost_rollout_state(DB-authoritative, independent of the journal event window).- load_
pair π - looks_
like_ πrollout_ id - LOADBEARING: validates the canonical RFC-0008 Β§6.3 RolloutId shape
"{channel}@{channel_ref}"and blocks path-traversal smuggling (/,.., whitespace, multi-@all fail the character classes). Channel is locked to lowercase ASCII to match the cycleβs convention and avoid case-insensitive-filesystem collisions on macOS hosts; the ref tracks the git SHA shape upstream of the producer. - manifest π
GET /v1/rollouts/{rolloutId}- manifest bytes; mTLS via router-levelrequire_cn_layer.- manifest_
paths π - signature π
GET /v1/rollouts/{rolloutId}/sig- raw signature bytes.- try_
load_ πfrom_ dir
Type Aliases§
- Manifest
Pair π