Skip to content

App Non-OCI Artifact Lifecycle v1

As of: March 9, 2026

Purpose

Define the baseline lifecycle for non-OCI artifacts used by app-platform workloads.

Examples: 1. model weights, 2. checkpoints, 3. tarballs, 4. scheduler configuration bundles, 5. large private blobs referenced by runtime operators.

Scope

In scope: 1. canonical source model, 2. lifecycle states shared with OCI artifacts, 3. digest verification rules, 4. source allowlist and credential direction, 5. audit and IAM invariants.

Out of scope: 1. full provider implementation for every blob source, 2. final storage backend decision for every environment, 3. runtime adapter-specific staging logic.

Core Model

Non-OCI artifacts do not get a separate ownership or IAM system.

They must use the same artifact control-plane object shape as OCI artifacts, with: 1. artifact_kind=blob 2. explicit source_type 3. immutable digest 4. the same lifecycle and trust states 5. the same project ownership and audit model

Source Types

Reserved source types: 1. s3 2. gcs 3. azure_blob 4. https 5. huggingface 6. artifact_store

The source type must be explicit in artifact metadata and subject to policy allowlists.

Source Descriptor

Every non-OCI artifact registration must preserve a structured source descriptor.

Minimum fields: 1. source_type 2. uri 3. optional source_ref 4. optional size_bytes 5. optional content_encoding

The URI may be redacted or normalized in user-facing responses where necessary, but the control plane must retain enough metadata for audit and staged retrieval.

Verification Rules

Mandatory: 1. immutable digest 2. digest algorithm declared 3. source type declared 4. source allowlist decision

Recommended: 1. size metadata 2. resumable transfer support in runtime paths 3. optional attestation or signature evidence when available

Credential Model

Non-OCI artifact access must follow the same secret baseline as OCI publish and pull: 1. credentials are short-lived, 2. credentials are scoped to the specific source and artifact intent, 3. credentials are delivered by platform-controlled paths, 4. app teams do not hardcode long-lived provider tokens in runtime config.

Runtime Direction

Runtime staging remains a separate execution concern.

The control plane owns: 1. artifact registration, 2. source policy, 3. credential direction, 4. lifecycle metadata, 5. audit.

Node and runtime paths own: 1. transfer execution, 2. resumable download behavior, 3. final digest verification before use.

This aligns with: 1. artifact.pull_blob 2. artifact.verify from Node_Operations_and_Agent_Lifecycle_v1.md.

Lifecycle and Promotion

Non-OCI artifacts use the same: 1. lifecycle states, 2. trust states, 3. promotion channels

as OCI artifacts.

The platform must not force app teams to learn one promotion model for OCI and another for blobs.

Non-Negotiable Invariants

  1. digest verification remains mandatory,
  2. source allowlists remain policy-governed,
  3. non-OCI support must not fork IAM or audit,
  4. runtime consumers must not bypass control-plane registration,
  5. non-OCI artifacts are first-class app artifacts, not side-channel files.
  1. doc/architecture/App_Platform_OCI_Registry_Baseline_v1.md
  2. doc/architecture/App_Artifact_Trust_and_Promotion_v1.md
  3. doc/architecture/Node_Operations_and_Agent_Lifecycle_v1.md
  4. doc/architecture/Platform_Vault_Secrets_Baseline_v1.md