up

docs/console/airgap.md

@@ -0,0 +1,27 @@
+# Console Airgap UI (Airgap 57-002)
+
+Describes console surfaces for sealed-mode imports, staleness, and user guidance.
+
+## Surfaces
+- **Airgap status badge**: shows `sealed` state, `mirrorGeneration`, last import time, and staleness indicator.
+- **Import wizard**: stepper to upload/verify mirror bundle, show manifest hash, and emit timeline event upon success.
+- **Staleness dashboard**: charts staleness by bundle/component; highlights tenants nearing expiry.
+
+## Staleness logic
+- Use time anchors from `docs/airgap/staleness-and-time.md`.
+- Staleness = now - `bundle.createdAt`; color bands: green (<24h), amber (24–72h), red (>72h) or missing anchor.
+
+## Guidance banners
+- When sealed: banner text "Sealed mode: egress denied. Only registered bundles allowed." Include current `mirrorGeneration` and bundle hash.
+- On staleness red: prompt operators to import next bundle or reapply time anchor.
+
+## Events
+- Successful import emits timeline event with bundleId, mirrorGeneration, manifest hash, actor.
+- Failed import emits event with error code; do not expose stack traces in UI.
+
+## Security/guardrails
+- Require admin scope to import bundles; read-only users can view status only.
+- Never display raw hashes without tenant context; prefix with tenant and generation.
+
+## TODOs
+- Wire to backend once mirror bundle schema and timeline events are exposed (blocked until backend readiness).