# App Non-OCI Artifact Lifecycle v1

As of: March 9, 2026

## Purpose
Define the baseline lifecycle for non-OCI artifacts used by app-platform workloads.

Examples:
1. model weights,
2. checkpoints,
3. tarballs,
4. scheduler configuration bundles,
5. large private blobs referenced by runtime operators.

## Scope
In scope:
1. canonical source model,
2. lifecycle states shared with OCI artifacts,
3. digest verification rules,
4. source allowlist and credential direction,
5. audit and IAM invariants.

Out of scope:
1. full provider implementation for every blob source,
2. final storage backend decision for every environment,
3. runtime adapter-specific staging logic.

## Core Model
Non-OCI artifacts do not get a separate ownership or IAM system.

They must use the same artifact control-plane object shape as OCI artifacts, with:
1. `artifact_kind=blob`
2. explicit `source_type`
3. immutable digest
4. the same lifecycle and trust states
5. the same project ownership and audit model

## Source Types
Reserved source types:
1. `s3`
2. `gcs`
3. `azure_blob`
4. `https`
5. `huggingface`
6. `artifact_store`

The source type must be explicit in artifact metadata and subject to policy allowlists.

## Source Descriptor
Every non-OCI artifact registration must preserve a structured source descriptor.

Minimum fields:
1. `source_type`
2. `uri`
3. optional `source_ref`
4. optional `size_bytes`
5. optional `content_encoding`

The URI may be redacted or normalized in user-facing responses where necessary, but the control plane must retain enough metadata for audit and staged retrieval.

## Verification Rules
Mandatory:
1. immutable digest
2. digest algorithm declared
3. source type declared
4. source allowlist decision

Recommended:
1. size metadata
2. resumable transfer support in runtime paths
3. optional attestation or signature evidence when available

## Credential Model
Non-OCI artifact access must follow the same secret baseline as OCI publish and pull:
1. credentials are short-lived,
2. credentials are scoped to the specific source and artifact intent,
3. credentials are delivered by platform-controlled paths,
4. app teams do not hardcode long-lived provider tokens in runtime config.

## Runtime Direction
Runtime staging remains a separate execution concern.

The control plane owns:
1. artifact registration,
2. source policy,
3. credential direction,
4. lifecycle metadata,
5. audit.

Node and runtime paths own:
1. transfer execution,
2. resumable download behavior,
3. final digest verification before use.

This aligns with:
1. `artifact.pull_blob`
2. `artifact.verify`
from `Node_Operations_and_Agent_Lifecycle_v1.md`.

## Lifecycle and Promotion
Non-OCI artifacts use the same:
1. lifecycle states,
2. trust states,
3. promotion channels

as OCI artifacts.

The platform must not force app teams to learn one promotion model for OCI and another for blobs.

## Non-Negotiable Invariants
1. digest verification remains mandatory,
2. source allowlists remain policy-governed,
3. non-OCI support must not fork IAM or audit,
4. runtime consumers must not bypass control-plane registration,
5. non-OCI artifacts are first-class app artifacts, not side-channel files.

## Related Docs
1. `doc/architecture/App_Platform_OCI_Registry_Baseline_v1.md`
2. `doc/architecture/App_Artifact_Trust_and_Promotion_v1.md`
3. `doc/architecture/Node_Operations_and_Agent_Lifecycle_v1.md`
4. `doc/architecture/Platform_Vault_Secrets_Baseline_v1.md`