Artifact Object Pointer v1¶

Source schema: doc/schemas/artifact-object-pointer.v1.schema.json

Small Artifact Delivery control artifact pointing to a host-owned object-store payload. The pointer is not authority: receivers MUST fetch the object, verify digest, size, expiry, and local transport policy, then admit the original artifact through normal Artifact Delivery admission.

Governing Basis¶

doc/project/60-solutions/023-artifact-delivery/023-artifact-delivery.md

Project Lineage¶

Fields¶

Field	Required	Shape	Description
`schema`	`yes`	const: `artifact-object-pointer.v1`
`schema/v`	`yes`	const: `1`
`pointer/id`	`yes`	string
`artifact/schema`	`yes`	string
`artifact/content-type`	`yes`	string
`artifact/digest`	`yes`	string
`artifact/size-bytes`	`yes`	integer
`store/scheme`	`yes`	enum: `daemon-object-store`
`store/ref`	`yes`	string
`fetch/url`	`no`	string	Receiver-side HTTPS or loopback fetch URL for the bounded object fetch endpoint. The URL is transport metadata; receivers MUST still verify digest, size, expiry, and local policy before admission.
`fetch/token-ref`	`no`	string	Optional bounded fetch-token reference. The token value itself MUST NOT be embedded when the pointer is visible to logs or untrusted intermediaries.
`payload/security`	`no`	enum: `sealed`, `integrity-only`
`expires/at`	`yes`	string
`issued/at`	`yes`	string
## Field Semantics

`schema`¶

Required: yes
Shape: const: artifact-object-pointer.v1

`schema/v`¶

Required: yes
Shape: const: 1

`pointer/id`¶

Required: yes
Shape: string

`artifact/schema`¶

Required: yes
Shape: string

`artifact/content-type`¶

Required: yes
Shape: string

`artifact/digest`¶

Required: yes
Shape: string

`artifact/size-bytes`¶

Required: yes
Shape: integer

`store/scheme`¶

Required: yes
Shape: enum: daemon-object-store

`store/ref`¶

Required: yes
Shape: string

`fetch/url`¶

Required: no
Shape: string

Receiver-side HTTPS or loopback fetch URL for the bounded object fetch endpoint. The URL is transport metadata; receivers MUST still verify digest, size, expiry, and local policy before admission.

`fetch/token-ref`¶

Required: no
Shape: string

Optional bounded fetch-token reference. The token value itself MUST NOT be embedded when the pointer is visible to logs or untrusted intermediaries.

`payload/security`¶

Required: no
Shape: enum: sealed, integrity-only

`expires/at`¶

Required: yes
Shape: string

`issued/at`¶

Required: yes
Shape: string

Artifact Object Pointer v1¶

Governing Basis¶

Project Lineage¶

Fields¶

schema¶

schema/v¶

pointer/id¶

artifact/schema¶

artifact/content-type¶

artifact/digest¶

artifact/size-bytes¶

store/scheme¶

store/ref¶

fetch/url¶

fetch/token-ref¶

payload/security¶

expires/at¶

issued/at¶