coulomb/artifact-store
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4762125d8e54886dcc821facd67f5dbb81c1e75
artifact-store/workplans/ARTIFACT-STORE-WP-0002-ingestion-api.md
tegwick 747afc27a6 docs+plans: reconcile blueprint with ambition, add ADRs, sequence workplans 
Aligns the v1 architecture with the longer-horizon platform thesis so we can
start implementation without the schema-level inconsistencies the prior
review surfaced.

ADRs (docs/adr/0001..0006): content-addressed dual-digest storage, append-only
event log as source of truth, canonical CBOR manifests, control/data-plane
contract, v1 tech stack (Python 3.12 / uv / FastAPI / SQLAlchemy Core +
asyncpg / Alembic / cbor2 / blake3 / ruff / mypy / pytest / typer), OCI
compatibility kept reachable.

Architecture blueprint rewritten to v2: library-first (ffmpeg-shaped) module
layout, materialised-view data model over the event log, upload-session and
event-stream endpoints pinned, retrieval tiering promoted into the schema.

Roadmap added (docs/ROADMAP.md) with three phases. WP-0001 rewritten as the
Foundation plan (scaffold + kernels + local FS + minimal app). WP-0002..0005
created carrying the existing state_hub_task_ids forward semantically:
ingestion API (T004), retention lifecycle (T005), S3-compatible backend
(T006), guide-board pilot (T007). T001/T002/T003/T008 remain in WP-0001
with refined acceptance.

README and AGENTS.md refreshed to reflect the new repo shape.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-15 21:16:17 +02:00

4.1 KiB
Raw Blame History

id, type, title, repo, domain, status, owner, topic_slug, planning_priority, planning_order, created, updated
id type title repo domain status owner topic_slug planning_priority planning_order created updated
ARTIFACT-STORE-WP-0002 workplan Ingestion API And Manifest Surface artifact-store stack planned codex stack high 2 2026-05-15 2026-05-15

ARTIFACT-STORE-WP-0002: Ingestion API And Manifest Surface

Purpose

Expose the WP-0001 library as a complete HTTP API. Producers can create packages, ingest files (single-shot or via the upload-session resource shape), finalise to produce a manifest, list and search packages, download files, and tail the event stream.

Constraints

  • ADR-0001, ADR-0002, ADR-0003, ADR-0004, ADR-0005, ADR-0006.
  • docs/ARCHITECTURE-BLUEPRINT.md API shape section.
  • All handlers must be thin: translate transport → registry.* calls.

Prerequisites

  • WP-0001 done (library is functional against local backend).

D2.1 - Package CRUD Endpoints

id: ARTIFACT-STORE-WP-0002-T001
status: todo
priority: high
state_hub_task_id: "e3879111-4be9-4731-8aea-15abb874f960"

Acceptance:

  • POST /packages, GET /packages (filterable by producer / subject / retention_class / metadata key), GET /packages/{id}, POST /packages/{id}/files (single-shot multipart), POST /packages/{id}/finalize.
  • GET /packages/{id}/manifest (Accept: application/cbor) and GET /packages/{id}/manifest.json (JCS projection).
  • Validation errors return RFC 7807 problem documents.
  • OpenAPI is generated automatically (FastAPI default) and served at /openapi.json + /docs.

D2.2 - File Download And Range Reads

id: ARTIFACT-STORE-WP-0002-T002
status: todo
priority: high

Acceptance:

  • GET /files/{file_id} returns metadata.
  • GET /files/{file_id}/download streams bytes; supports Range request headers (single contiguous range; multi-range is out of scope for v1).
  • ETag is the file's primary content address; If-None-Match returns 304.
  • Streaming uses AsyncIterator[bytes] end-to-end; no full-file buffering.

D2.3 - Upload Session Resource (Wire Shape Pinned)

id: ARTIFACT-STORE-WP-0002-T003
status: todo
priority: medium

Acceptance:

  • POST /uploads opens a session, returns an upload id and content upload URL.
  • PATCH /uploads/{upload_id} accepts a body with Content-Range; v1 implementation may accept the whole body in one call.
  • POST /uploads/{upload_id}/complete promotes the upload into a file under a given package id and relative path.
  • Implementation is allowed to be single-shot internally; the wire shape and resource lifecycle must be the final one (per PLATFORM-AMBITION A6).

D2.4 - Event Stream Long-Poll

id: ARTIFACT-STORE-WP-0002-T004
status: todo
priority: medium

Acceptance:

  • GET /events?since=<sequence>&limit=N returns events in order with a long-poll wait when the tail is reached.
  • Events are CBOR by default; Accept: application/json returns the JCS projection of each event payload.
  • Test: a consumer that tails from sequence 1 never misses an event produced during the test.

D2.5 - Auth Scaffolding (Shared-Secret Bearer)

id: ARTIFACT-STORE-WP-0002-T005
status: todo
priority: medium

Acceptance:

  • Bearer token auth on all mutating endpoints; configurable per-tenant token list via env / config file.
  • Read endpoints are also gated by default; an explicit ARTIFACTSTORE_ANON_READ=true opt-in for dev.
  • Health endpoint remains anonymous.

D2.6 - Integration Tests Through The Full HTTP Surface

id: ARTIFACT-STORE-WP-0002-T006
status: todo
priority: high

Acceptance:

  • httpx-based test suite exercises every endpoint.
  • A scripted test ingests a 50-file package, finalises it, downloads every file, verifies digests, and tails events.
  • A property-based test fuzzes the upload session lifecycle.

Success criteria

  • A producer can run the full ingest-and-retrieve flow against make dev with curl.
  • All blueprint endpoints in the v1 native surface are implemented.
  • The CLI gains artifactstore push <dir> and artifactstore manifest <package_id> subcommands as thin clients over the HTTP API.
Reference in New Issue View Git Blame Copy Permalink