Skip to main content

Crate vanta_lock

Crate vanta_lock 

Source
Expand description

vanta-lock — the vanta.lock model, canonical serialization, and the manifest↔lock reconcile.

The lock pins exact versions and per-platform artifact hashes for every target so a single committed file reproduces on any OS. See docs/11-reproducibility.md and docs/31-lockfile-and-manifest-reference.md. Serialization is canonical (sorted tools, sorted platform keys) so the file diffs cleanly in VCS.

Structs§

Lock
A vanta.lock file.
LockedTool
A locked tool: the resolution plus a per-platform artifact pin.
PlatformPin
The per-platform artifact pin recorded in the lock.
Reconcile
The difference between what a manifest declares and what the lock pins.

Constants§

LOCK_VERSION
The current lock format version.

Functions§

reconcile
Compare the manifest’s declared tool names against the lock. Tool-name level only; deeper drift (a changed constraint a pin no longer satisfies) is checked during resolution (docs/06-resolution.md).