up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
This commit is contained in:
StellaOps Bot
23
docs/dev/airgap-contracts.md
Normal file
23
docs/dev/airgap-contracts.md
Normal file
@@ -0,0 +1,23 @@
|
||||
# Airgap Contracts (DOCS-AIRGAP-58-003)
|
||||
|
||||
Contracts developers must follow for sealed/constrained deployments.
|
||||
|
||||
## EgressPolicy usage
|
||||
- Services read `EgressPolicy` config and must fail fast on disallowed hosts.
|
||||
- All HTTP clients must pass through allowlist resolver; no raw `HttpClient` with arbitrary URLs.
|
||||
|
||||
## Sealed-mode tests
|
||||
- Add integration tests that set `sealed=true` and assert outbound calls are blocked/mocked.
|
||||
- Validate mirror bundle imports succeed under deny-all network by using local fixtures.
|
||||
|
||||
## Linting
|
||||
- Static check to ban `DateTime.Now`, `Guid.NewGuid`, and direct `HttpClient` when `sealed=true` flag is present.
|
||||
- CI rule: fail if new external domains appear outside allowlist file.
|
||||
|
||||
## Logging
|
||||
- Log `sealed` flag, `mirrorGeneration`, and bundle hash on relevant API calls.
|
||||
- Avoid emitting secrets or trust roots in logs.
|
||||
|
||||
## Config determinism
|
||||
- All configs should be overridable via env vars; default to sealed-compatible settings.
|
||||
- Use stable ordering in generated manifests and responses.
|
||||
Reference in New Issue
Block a user