From 5732947458d507c97d9677342842014dd60111fa Mon Sep 17 00:00:00 2001
From: Conan Scott <conanscott@gmail.com>
Date: Wed, 4 Mar 2026 10:14:39 +0000
Subject: [PATCH] Add specs/compress-pgp-passthrough.yaml

---
 specs/compress-pgp-passthrough.yaml | 91 +++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 specs/compress-pgp-passthrough.yaml

diff --git a/specs/compress-pgp-passthrough.yaml b/specs/compress-pgp-passthrough.yaml
new file mode 100644
index 0000000..7a42fd2
--- /dev/null
+++ b/specs/compress-pgp-passthrough.yaml
@@ -0,0 +1,91 @@
+# ST Flow Spec — Compress + PGP Encrypt + Pass-through
+# Version: 1.0
+# Description: Reference 3-step AR flow.
+#   - .txt files → ZIP compressed
+#   - .md files  → PGP encrypted (binary, recipient's public key)
+#   - all others → pass-through unchanged
+# Canonical test suite: st-flow-tests (this repo)
+
+version: "1.0"
+
+meta:
+  name: compress-pgp-passthrough
+  description: >
+    Compress .txt to ZIP, PGP-encrypt .md, pass all other files through unchanged
+    to a partner destination.
+
+application:
+  name: skill-test-ar
+  type: AdvancedRouting
+
+subscription:
+  account: conan
+  folder: /skill-test
+  application: skill-test-ar
+  post_transmission_actions:
+    ptaOnSuccessDoInAdvancedRoutingWildcardPull: true
+    submitFilenamePatternExpression: "*"
+    submitFilterType: FILENAME_PATTERN
+    triggerFileOption: fail
+    triggerOnSuccessfulWildcardPull: true
+
+routes:
+  simple:
+    name: skill-test-simple
+    conditionType: ALWAYS
+    steps:
+      - type: Compress
+        conditionType: ALWAYS
+        actionOnStepFailure: PROCEED
+        fileFilterExpression: "*.txt"
+        fileFilterExpressionType: GLOB
+        usePrecedingStepFiles: false
+        singleArchiveEnabled: false
+        compressionMode: ZIP
+
+      - type: PgpEncryption
+        conditionType: ALWAYS
+        actionOnStepFailure: PROCEED
+        fileFilterExpression: "*.md"
+        fileFilterExpressionType: GLOB
+        usePrecedingStepFiles: false
+        encryptKeyExpression: test-pgp-public       # cert name = ALIAS
+        encryptKeyExpressionType: ALIAS             # only ALIAS or EXPRESSION_WILDCARD valid
+        encryptKeyOwnerExpression: conan            # account that owns the cert
+        encryptKeyOwnerExpressionType: NAME
+        compressionType: "0"                        # no PGP internal compression
+        useAsciiArmour: false                       # binary output
+
+      - type: SendToPartner
+        conditionType: ALWAYS
+        actionOnStepFailure: FAIL
+        fileFilterExpression: "*"
+        fileFilterExpressionType: GLOB
+        usePrecedingStepFiles: false
+        partnerName: clawdbox_partner
+        partnerSite: clawdbox-partner-site-1771557836
+
+  template:
+    name: skill-test-template
+    conditionType: MATCH_ALL
+
+  composite:
+    name: skill-test-composite
+    conditionType: MATCH_ALL
+
+# Prerequisites (validated by st_env_snapshot.py before deploy)
+prerequisites:
+  accounts:
+    - name: conan
+      type: individual
+  partner_accounts:
+    - name: clawdbox_partner
+  partner_sites:
+    - name: clawdbox-partner-site-1771557836
+      partner: clawdbox_partner
+  certificates:
+    - name: test-pgp-public
+      type: pgp
+      usage: partner
+      account: conan
+      accessLevel: PUBLIC