Part of the 1.0 release-readiness push.
Context
PR #355 added typed project-authoring schemas, and PR #364 added typed Notary PostgreSQL authoring. The remaining drift risk is the complete runtime configuration accepted by Registry Relay and Registry Notary. Hand-maintained references can diverge from strict deserializers and create avoidable implementer failures.
Scope
- Generate a product-owned JSON Schema for the complete Relay configuration and a separate product-owned JSON Schema for the complete Notary configuration.
- Include shared platform types only through the product schema that embeds them. Do not create one shared Relay/Notary configuration model.
- Commit
schemas/registry-relay.config.schema.json and schemas/registry-notary.config.schema.json as reproducible artifacts with bit-for-bit CI checks.
- Check schema key paths against the product configuration reference documentation in both directions.
- Make registryctl schema output consume the same product artifacts or prove it cannot drift from them.
- Keep secrets represented as references or redacted examples, never concrete values.
Acceptance criteria
- CI fails when a Relay or Notary runtime config type changes without regenerating its product schema.
- CI fails when a product schema and its configuration reference disagree on supported key paths.
- A documented command reproduces each committed artifact.
- An implementer can validate generated or hand-authored product configuration locally and receives a product-specific path and error.
- Project-authoring schemas remain separate and are not duplicated as a second runtime config model.
Related work
Security note
Schema generation must preserve strict parsing and secret redaction. Suspected vulnerabilities belong in SECURITY.md, not this issue.
Part of the 1.0 release-readiness push.
Context
PR #355 added typed project-authoring schemas, and PR #364 added typed Notary PostgreSQL authoring. The remaining drift risk is the complete runtime configuration accepted by Registry Relay and Registry Notary. Hand-maintained references can diverge from strict deserializers and create avoidable implementer failures.
Scope
schemas/registry-relay.config.schema.jsonandschemas/registry-notary.config.schema.jsonas reproducible artifacts with bit-for-bit CI checks.Acceptance criteria
Related work
Security note
Schema generation must preserve strict parsing and secret redaction. Suspected vulnerabilities belong in
SECURITY.md, not this issue.