Skip to main content

Event Contracts

Every platform event uses the standard envelope in specs/events/oneprotect.event.schema.json.

Required fields:

  • event_id
  • event_type
  • schema_version
  • tenant_id
  • source
  • timestamp
  • correlation_id
  • causation_id
  • payload

Rules:

  • Validate JSON Schema before publishing.
  • Keep internal persistence metadata such as received_at out of transport envelopes.
  • Update JSON Schema, AsyncAPI, tests, and docs together.
  • Asset Discovery v1 event contracts project into storage/read models, but collector/agent/command runtime is not implemented yet.
  • Agent enrollment and mTLS identity lifecycle events are contract-designed. They cover enrollment token issuance/revocation, failed enrollment, enrollment success, certificate rotation, and agent revocation.
  • Identity-bound agent telemetry is implemented by projecting accepted enrolled-agent heartbeats into the existing asset event contracts. It does not add a second telemetry envelope and does not imply CA/mTLS enforcement is complete.
  • Discovery authorization lifecycle events are implemented by OP-035R. They cover tenant/site policy configuration, authorization grants and denials, and source-confidence observation metadata before asset projection. Scanner and passive-ingest execution remain future work.
  • Minimal SIEM lifecycle events are contract-designed. They cover log source registration, raw log receipt into the tenant boundary, normalized searchable events, and SIEM-specific deterministic detections through security.alert.created. Existing alert.created remains the generic platform alert projection.
  • Internal ticketing lifecycle events are implemented by the ticketing runtime. They cover ticket creation, status changes, assignment, comments, and links. ticket.delivery.* remains outbound integration delivery, not internal ticket lifecycle.
  • SCIM provisioning lifecycle events are implemented by OP-034R. They cover SCIM connection configuration, role mapping changes, user/group lifecycle, group membership changes, fail-closed deprovisioning, and provisioning failures.
  • Auditor export lifecycle events are contract-designed. They cover export request and completion facts, including redaction policy references, metadata/hash expectations, watermark flags, object references, and audit references.
  • Compliance policy lifecycle events are implemented by OP-038R. They cover baseline fork creation, tenant policy updates, and immutable version creation.
  • Browser SSH lifecycle events are contract-designed. They cover session start, command logging, session end, encrypted recording references, timeouts, audit/evidence linkage, and redaction expectations.
  • macOS/Intune lifecycle events cover macOS 13+ enrollment through ADR-0009 and Intune device posture sync completion. OP-056 now emits integration.intune.sync_completed from the Intune posture runtime.

Run:

make validate-contracts