pub fn get(
store: &LocalFsStore,
flags: &OpFlags,
payload: Option<UpdatesGetPayload>,
) -> Result<OpOutcome, OpError>Expand description
op updates get — pull a signed update plan (over the enrolled mTLS channel
or from a local file), verify it against the env trust root, run the
downgrade + compatibility gates, and admit it to the update staging tree.
Read-only with respect to the environment store — the only writes are into
the update staging tree, which keeps its own audit ledger — so this verb is
not wrapped in audit_and_record (like status).
The gates run before any staging write, so a rejected plan leaves nothing
half-staged. Declared artifacts are then fetched into the staging tree
(through the content-addressed DistClient, with put_artifact re-verifying
each digest fail-closed) and the plan is promoted downloading → inbox → staged; a plan with no artifacts promotes straight away. The outcome’s
stage field reports where the plan landed.