实现示例type Artifact = { name: string; sha256: string; sig?: { alg: string; kid: string; b64: string } }
function hex64(h: string): boolean {
return /^[A-Fa-f0-9]{64}$/.test(h)
}
function valid(a: Artifact): boolean {
return !!a.name && hex64(a.sha256) && (!a.sig || (a.sig.alg === 'RS256' && !!a.sig.kid && /^[A-Za-z0-9+/=]+$/.test(a.sig.b64)))
}
function immutableWrite(store: Map<string, Artifact>, a: Artifact): boolean {
if (!valid(a)) return false
if (store.has(a.name)) return false
store.set(a.name, a)
return true
}
审计与运行治理存储策略不可变:写入后禁止覆盖;异常需新版本与审计记录。发布前后校验哈希与签名;不一致阻断并回滚到最近可信版本。
发表评论 取消回复