RFC 0001 — Bundle spec v1
Goal
Define the proof object everything else revolves around.
Artifacts
bundle_manifest_v1.jsonreceipts/directory (receipt JSON files referenced by digest)blobs/(or external blob store) holding content addressed by sha256
Manifest fields (bundle_manifest_v1)
schema: "helix.bundle.manifest.v1"
bundle_digest_algo: "sha256"
canonicalization_id: "json.c14n.v1"
created_at_utc: RFC3339 string
producer:
tool: "helix"
tool_version: string
runner_id: string
backend_fingerprint_digest: "sha256:…"
inputs:
policy_digest: "sha256:…"
config_digest: "sha256:…"
plugin_digests: ["sha256:…", ...]
outputs:
primary_artifacts: [{path, sha256, media_type, byte_len}, ...]
aux_artifacts: [{path, sha256, media_type, byte_len}, ...]
review (optional):
approval_surface_artifacts: [{path, sha256, media_type, byte_len}, ...]
receipts:
run_receipt_digest: "sha256:…"
approval_receipt_digests: ["sha256:…", ...]
retention_receipt_digest: optional "sha256:…"
links:
job_id: string
run_id: string
Bundle digest definition
Define two digests to avoid self-reference cycles:
bundle_core_digest:sha256(canonical_json(manifest_core)), wheremanifest_coreisbundle_manifest_v1withreceiptsandreviewomitted.bundle_digest:sha256(canonical_json(bundle_manifest_v1))includingreceipts.
Receipts (run/approval/retention) MUST bind to bundle_core_digest (not bundle_digest) so the manifest can list receipt digests without creating circular dependencies.
The manifest references all artifacts and receipt digests. Verification fails if any referenced blob is missing.
Reference schema
schemas/hub/bundle_manifest_v1.schema.jsonsrc/helix/schema/hub/bundle_manifest_v1.schema.json