artifact refs and manifest fingerprinting

This commit is contained in:
2026-05-07 13:11:29 +02:00
parent 12ab9c88cb
commit 0b90004a6e
8 changed files with 177 additions and 8 deletions

View File

@@ -337,6 +337,10 @@ Stores run artifacts by reference and checksum:
- profile snapshots,
- source lockfiles.
The first implementation builds the assessment package artifact manifest from
runner-emitted artifact refs and computes checksums for files inside the run
directory.
### Normalizer
Converts extension output into guide-board evidence records.

View File

@@ -135,6 +135,10 @@ Result fields:
- `facts`: structured facts extracted by the runner.
- `artifact_refs`: references to raw artifacts written by the runner.
Artifact refs must be paths relative to the run directory. After runner
execution, the core fingerprints existing artifact refs into the assessment
package `artifact_manifest`.
If a Python runner raises an exception, the core converts that failure into
`infrastructure_error` evidence so the assessment package remains complete.
@@ -163,7 +167,6 @@ Initial statuses:
## Next SDK Steps
- Add artifact helper APIs for extension-generated raw files.
- Add normalizer and mapping plug-in contracts.
- Add extension-owned schema validation for domain-specific target profile
fields.