Artifact kinds

An artifact is one signed, versioned unit of update payload. Every artifact is named, versioned, hashed, and recorded in the update metadata before it can be shipped — there is no unsigned path. The platform tracks metadata about your payload; it never inspects or exports the payload's contents.

Today the platform publishes three kinds of artifact, plus a fourth that arrives through the operating-system update path.

Model

A machine-learning model packaged for the fleet — for example an ONNX, TensorRT, or TFLite file. A model artifact carries a manifest describing it:

• framework — onnx, tensorrt, tflite, and so on
• input specification — what the model expects
• evaluation metrics — how it scored
• target hardware profile — the device class it is built for (for example a specific Jetson profile)

That manifest is metadata you supply alongside the file. It is what lets the platform reason about whether a model fits a given device before sending it.

Container

A container artifact is a signed, digest-pinned reference to an OCI image — not a copy of the image bytes. When you publish, you give a registry reference (a tag or an explicit sha256: digest); the platform resolves the tag to an immutable digest at publish time and freezes it. The device runs exactly that digest. A later tag move in the upstream registry surfaces as a new version you choose to publish, never a silent swap under a running rollout. See Registry connections.

Config

A configuration artifact ships a file to devices. In its simplest form it is a signed file the agent retains. A config artifact can also carry a delivery profile that tells the agent where to place the file and how to apply it:

• destination — a clean, absolute path on the device
• mode — the file's octal permissions
• reload — what to do after placing it: nothing, restart a systemd unit, or run an allowlisted command

The delivery instructions are signed as part of the artifact, and the agent re-validates them against its own allowlist before acting. Nothing in a config artifact grants an arbitrary command channel onto the device.

OS bundle

Full operating-system images (A/B, rollback-safe at the boot layer) are delivered through the platform's OS-update path rather than the direct publish API above. This rides on a proven A/B update engine and is wrapped in the same signed update metadata as every other artifact.

Lifecycle

Every artifact has a status (active or archived) and a release channel (stable, beta, or canary). Archiving and channel changes touch catalog metadata only — they never alter the signed content. Each change is written to the append-only audit trail.

Related

• Registry connections
• Publishing & signing
• Bundles & compatibility
• Push a model bundle