semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/features/unchecked/airgap/air-gap-bundle-system.md
+++ b/docs/features/unchecked/airgap/air-gap-bundle-system.md
@@ -0,0 +1,28 @@
+# Air-Gap Bundle System (DSSE-Signed Bundle Format with Import/Export)
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Comprehensive air-gap bundle system with DSSE signing and verification, bundle format with schemas/validation/trust snapshots, controller for state management, importer with quarantine-on-failure, atomic feed activation with rollback, file-based and router-based delivery transport, and offline kit validation (monotonicity checking, telemetry metrics). Covers offline update kits (OUK), replay packs, and audit pack export/import.
+
+## Implementation Details
+- **Controller**: `src/AirGap/StellaOps.AirGap.Controller/` -- state management (`AirGapState.cs`, `AirGapStateService.cs`), endpoints (`AirGapEndpoints.cs` with seal/verify), startup options, telemetry
+- **Importer**: `src/AirGap/StellaOps.AirGap.Importer/` -- bundle planning (`BundleImportPlanner.cs`), quarantine on failure (`FileSystemQuarantineService.cs`, `IQuarantineService.cs`), evidence reconciliation (`EvidenceReconciler.cs`, `EvidenceGraph.cs`), SBOM/DSSE parsers, version monotonicity, trust root config, replay verification
+- **Bundle library**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- bundle format, schema validation, trust snapshot management
+- **Sync library**: `src/AirGap/__Libraries/StellaOps.AirGap.Sync/` -- synchronization for bundle delivery
+- **Persistence**: `src/AirGap/__Libraries/StellaOps.AirGap.Persistence/` and `src/AirGap/StellaOps.AirGap.Storage.Postgres/`
+- **Policy**: `src/AirGap/StellaOps.AirGap.Policy/` -- offline verification policy, analyzers
+- **Tests**: Controller, Importer, Persistence, Sync, Time, and Policy tests under `src/AirGap/__Tests/`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Test bundle import with valid DSSE-signed bundle, verify state transition
+- [ ] Test quarantine behavior on invalid bundle signature
+- [ ] Test monotonicity check rejects older bundle version
+- [ ] Test evidence reconciliation correctly parses CycloneDx, DSSE attestations
+- [ ] Test atomic feed activation and rollback on failure
+- [ ] Verify bundle import planning produces correct plan
--- a/docs/features/unchecked/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots.md
+++ b/docs/features/unchecked/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots.md
@@ -0,0 +1,25 @@
+# Air-Gap Epistemic Mode with Sealed Startup and Feed Snapshots
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Full epistemic completeness for air-gapped environments: sealed startup validation, feed snapshot repositories, signed mirror connectors, cryptographic binding of knowledge state to scan results, snapshot management, and sealed install enforcement.
+
+## Implementation Details
+- **Sealed startup**: `src/AirGap/StellaOps.AirGap.Controller/Services/AirGapStartupDiagnosticsHostedService.cs` -- validates sealed state at startup
+- **Startup options**: `src/AirGap/StellaOps.AirGap.Controller/Options/AirGapStartupOptions.cs` -- sealed startup configuration
+- **State management**: `src/AirGap/StellaOps.AirGap.Controller/Domain/AirGapState.cs`, `Services/AirGapStateService.cs`
+- **State stores**: `src/AirGap/StellaOps.AirGap.Controller/Stores/IAirGapStateStore.cs`, `InMemoryAirGapStateStore.cs`
+- **Feed snapshots**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- snapshot management in bundle library
+- **Offline verification**: `src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicy.cs`, `OfflineVerificationPolicyLoader.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify sealed startup validation prevents operation with incomplete knowledge state
+- [ ] Test feed snapshot loading and cryptographic binding
+- [ ] Verify state transitions in air-gap controller
+- [ ] Test offline verification policy enforcement
--- a/docs/features/unchecked/airgap/deterministic-rekor-receipts-with-offline-verification.md
+++ b/docs/features/unchecked/airgap/deterministic-rekor-receipts-with-offline-verification.md
@@ -0,0 +1,25 @@
+# Deterministic Rekor Receipts with Offline Verification
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Offline Rekor receipt verifier validates checkpoint signatures (ECDSA/Ed25519), Merkle inclusion proofs per RFC 6962, and root hash consistency without live transparency log access. Includes TileProxy for local tile-based transparency log proxy, and mirror snapshot resolution for air-gapped deployments.
+
+## Implementation Details
+- **Rekor proof builder**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.Build.cs`, `EnhancedRekorProofBuilder.Validate.cs`, `EnhancedRekorProofBuilder.cs`
+- **Rekor inclusion proof**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/RekorInclusionProof.cs`
+- **Rekor verification step**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/RekorInclusionVerificationStep.cs`
+- **Replay verification**: `src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs`
+- **Importer replay**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs`, `ReplayDepth.cs`
+- **Merkle proofs**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Merkle/DeterministicMerkleTreeBuilder.Proof.cs`, `MerkleProof.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify Rekor receipt offline verification validates checkpoint signatures (ECDSA/Ed25519)
+- [ ] Test Merkle inclusion proof verification per RFC 6962
+- [ ] Test root hash consistency verification without live transparency log
+- [ ] Verify replay verification service works in air-gapped mode
--- a/docs/features/unchecked/airgap/deterministic-replay-and-verification-in-air-gap-mode.md
+++ b/docs/features/unchecked/airgap/deterministic-replay-and-verification-in-air-gap-mode.md
@@ -0,0 +1,25 @@
+# Deterministic Replay and Verification in Air-Gap Mode
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Replay manifests capturing input artifacts, verification results, and media types for deterministic reproducibility. Replay verification service for air-gapped environments. Covers offline cryptography plugins and importer validation.
+
+## Implementation Details
+- **Replay verification service**: `src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs`
+- **Replay contracts**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs`, `ReplayDepth.cs`
+- **Attestor replay**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Replay/ReplayInputArtifact.cs`, `ReplayResult.cs`, `ReplayStatus.cs`, `ReplayVerificationResult.cs`, `ReplayPromptTemplate.cs`
+- **Offline crypto**: `src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs` and plugin implementations (GOST, eIDAS, SM, FIPS, HSM)
+- **Evidence reconciliation**: `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/` -- EvidenceReconciler, EvidenceGraph, JSON normalizer, attestation/SBOM parsers
+- **Importer validation**: `src/AirGap/StellaOps.AirGap.Importer/Validation/` -- bundle validation
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify replay manifests capture all input artifacts with media types
+- [ ] Test replay verification produces identical results from same inputs
+- [ ] Test evidence reconciliation correctly builds evidence graph
+- [ ] Verify offline crypto plugin signing/verification works without network
--- a/docs/features/unchecked/airgap/deterministic-test-harness.md
+++ b/docs/features/unchecked/airgap/deterministic-test-harness.md
@@ -0,0 +1,24 @@
+# Deterministic Test Harness (Frozen Time, Seeded RNG, Network Isolation)
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Deterministic testing infrastructure with frozen time providers, deterministic fixtures, and Testcontainers for PostgreSQL isolation across backend and frontend.
+
+## Implementation Details
+- **Test infrastructure**: `src/__Tests/__Libraries/StellaOps.Testing.Chaos/Models.cs` -- chaos/deterministic testing models
+- **AirGap tests**: `src/AirGap/__Tests/` -- Controller, Importer, Persistence, Sync, Time tests
+- **Frozen time**: `src/AirGap/StellaOps.AirGap.Time/` -- time anchor services with frozen time providers, staleness calculation
+- **Time fixtures**: `src/AirGap/StellaOps.AirGap.Time/fixtures/` -- deterministic time test fixtures
+- **Testcontainers**: PostgreSQL isolation via `src/AirGap/StellaOps.AirGap.Storage.Postgres.Tests/`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify frozen time providers produce deterministic timestamps
+- [ ] Test seeded RNG produces reproducible results
+- [ ] Verify Testcontainers PostgreSQL isolation works correctly
+- [ ] Test deterministic fixtures produce identical outputs across runs
--- a/docs/features/unchecked/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows.md
+++ b/docs/features/unchecked/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows.md
@@ -0,0 +1,25 @@
+# DSSE/Receipt Schema for Authority/Sbomer/Vexer Flows
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+DSSE envelope signing/verification across multiple modules with schema types, SPDX3 integration, and air-gap bundle signing. The receipt schema supports Authority, Sbomer, and Vexer flows.
+
+## Implementation Details
+- **DSSE signing**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/DsseEnvelope.cs`, `DsseSignature.cs`, `ProofChainSigner.Verification.cs`
+- **DSSE SPDX3**: `src/Attestor/__Libraries/StellaOps.Attestor.Spdx3/DsseSpdx3Envelope.cs`, `DsseSpdx3Signature.cs`, `DsseSpdx3Signer.SignAsync.cs`, `DsseSpdx3Signer.Verify.cs`
+- **DSSE verification**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/DsseSignatureVerificationStep.cs`
+- **Importer DSSE parsing**: `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs`
+- **Receipt models**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs`, `VerificationResult.cs`, `VerificationCheck.cs`, `VerificationContext.cs`
+- **Signing profiles**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/SigningKeyProfile.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify DSSE envelope creation for Authority/Sbomer/Vexer flows
+- [ ] Test DSSE signature verification with multiple key profiles
+- [ ] Verify receipt schema captures all required verification checks
+- [ ] Test SPDX3 DSSE integration
--- a/docs/features/unchecked/airgap/mirror-time-anchor-contract.md
+++ b/docs/features/unchecked/airgap/mirror-time-anchor-contract.md
@@ -0,0 +1,29 @@
+# Mirror Time Anchor Contract
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Defines canonical time-anchor fields (generatedAt UTC ISO-8601, optional sourceClock hint) and staleness computation (now - generatedAt with +/-5s tolerance) for mirror bundles in air-gapped environments.
+
+## Implementation Details
+- **Time anchor module**: `src/AirGap/StellaOps.AirGap.Time/` -- full module with controllers, services, parsing, models, stores, config, hooks, health checks
+- **Time anchor parsing**: `src/AirGap/StellaOps.AirGap.Time/Parsing/` -- token parsing for time anchor extraction
+- **Staleness calculation**: services compute `now - generatedAt` with tolerance handling
+- **HLC merge services**: `src/AirGap/StellaOps.AirGap.Time/Services/` -- Hybrid Logical Clock for multi-node sync
+- **Deterministic time fixtures**: `src/AirGap/StellaOps.AirGap.Time/fixtures/`
+- **Bundle integration**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/` -- TimeAnchorContent, SnapshotBundleWriter.Sections.TimeAnchor, SnapshotBundleReader.Verify.TimeAnchor
+- **Attestor timestamping**: `src/Attestor/__Libraries/StellaOps.Attestor.Timestamping/TimeCorrelationValidator.Validate.cs`, `TimeCorrelationStatus.cs`
+- **Tests**: `src/AirGap/__Tests/StellaOps.AirGap.Time.Tests/` (TimeAnchorLoaderTests, StalenessCalculatorTests, TimeVerificationServiceTests, TimeTokenParserTests, etc.)
+
+## E2E Test Plan
+- [ ] Verify time anchor is embedded in air-gap bundle with correct ISO-8601 format
+- [ ] Verify staleness calculation correctly computes age with +/-5s tolerance
+- [ ] Verify time anchor verification rejects bundles with tampered timestamps
+- [ ] Verify HLC merge produces consistent ordering across multiple nodes
+
+## Related Documentation
+- Source: SPRINT_0150_0001_0002_mirror_time.md
--- a/docs/features/unchecked/airgap/offline-kit-metrics-and-diagnostics.md
+++ b/docs/features/unchecked/airgap/offline-kit-metrics-and-diagnostics.md
@@ -0,0 +1,24 @@
+# Offline Kit Metrics and Diagnostics
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Offline kit metrics, telemetry, and startup diagnostics for monitoring air-gap bundle health.
+
+## Implementation Details
+- **Telemetry**: `src/AirGap/StellaOps.AirGap.Controller/Services/AirGapTelemetry.cs` -- air-gap specific telemetry
+- **Telemetry options**: `src/AirGap/StellaOps.AirGap.Controller/Options/AirGapTelemetryOptions.cs` -- telemetry configuration
+- **Startup diagnostics**: `src/AirGap/StellaOps.AirGap.Controller/Services/AirGapStartupDiagnosticsHostedService.cs` -- diagnostics at startup
+- **Importer telemetry**: `src/AirGap/StellaOps.AirGap.Importer/Telemetry/` -- import-specific metrics
+- **Status endpoints**: `src/AirGap/StellaOps.AirGap.Controller/Endpoints/Contracts/AirGapStatusResponse.cs` -- status reporting
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify AirGap status endpoint returns correct metrics
+- [ ] Test startup diagnostics detect and report issues
+- [ ] Verify telemetry captures bundle import/export operations
+- [ ] Test importer telemetry tracks import duration and outcomes
--- a/docs/features/unchecked/airgap/time-anchoring-for-offline-environments.md
+++ b/docs/features/unchecked/airgap/time-anchoring-for-offline-environments.md
@@ -0,0 +1,32 @@
+# Time Anchoring for Offline Environments
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Time anchoring module with anchor loader, token parser, staleness calculator, and sealed startup validation for air-gapped environments. Includes HLC (Hybrid Logical Clock) merge services for multi-node sync.
+
+## Implementation Details
+- **Time module**: `src/AirGap/StellaOps.AirGap.Time/` -- dedicated time anchoring service
+- **Controllers**: `src/AirGap/StellaOps.AirGap.Time/Controllers/` -- time anchor API controllers
+- **Services**: `src/AirGap/StellaOps.AirGap.Time/Services/` -- HLC merge, staleness calculation, anchor loading
+- **Parsing**: `src/AirGap/StellaOps.AirGap.Time/Parsing/` -- time anchor token parsing
+- **Models**: `src/AirGap/StellaOps.AirGap.Time/Models/` -- time anchor data models
+- **Stores**: `src/AirGap/StellaOps.AirGap.Time/Stores/` -- time anchor state stores
+- **Config**: `src/AirGap/StellaOps.AirGap.Time/Config/` -- time anchor configuration
+- **Hooks**: `src/AirGap/StellaOps.AirGap.Time/Hooks/` -- time-related event hooks
+- **Health**: `src/AirGap/StellaOps.AirGap.Time/Health/` -- time health checks
+- **Fixtures**: `src/AirGap/StellaOps.AirGap.Time/fixtures/` -- deterministic time test data
+- **Tests**: `src/AirGap/__Tests/StellaOps.AirGap.Time.Tests/`
+- **Attestor timestamping**: `src/Attestor/__Libraries/StellaOps.Attestor.Timestamping/TimeCorrelationValidator.Validate.cs`, `TimeCorrelationStatus.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify time anchor loading from sealed bundles
+- [ ] Test token parsing extracts correct anchor timestamps
+- [ ] Test staleness calculator produces correct durations
+- [ ] Verify HLC merge service handles multi-node sync correctly
+- [ ] Test health checks report time anchor status
--- a/docs/features/unchecked/airgap/trust-profile-management.md
+++ b/docs/features/unchecked/airgap/trust-profile-management.md
@@ -0,0 +1,25 @@
+# Trust Profile Management (CLI and Bundle)
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Named trust profiles (global, eu-eidas, us-fips, bg-gov) for configuring TSA chains, signing algorithms, and verification policies per deployment context. Includes CLI commands (stella trust-profile list/apply/show) and bundle-level profile loading. Distinct from the known "Trust Anchor Management" and "Regional Crypto Profiles" which are about crypto algorithms, not deployment-context trust configuration profiles.
+
+## Implementation Details
+- **Bundle trust profiles**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- named trust profile definitions and loading
+- **Trust root config**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/TrustRootConfig.cs` -- trust root configuration for import verification
+- **AirGap policy**: `src/AirGap/StellaOps.AirGap.Policy/` -- policy enforcement for trust profiles, includes analyzers and tests
+- **Offline verification policy**: `src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicy.cs`, `OfflineVerificationPolicyLoader.cs`
+- **Trust anchor verification**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/TrustAnchorVerificationStep.cs`
+- **Source**: SPRINT_20260120_029_AirGap_offline_bundle_contract.md
+
+## E2E Test Plan
+- [ ] Verify CLI `stella trust-profile list` shows available profiles
+- [ ] Test `stella trust-profile apply` switches active profile
+- [ ] Test `stella trust-profile show` displays profile configuration
+- [ ] Verify trust profiles configure correct TSA chains and signing algorithms
+- [ ] Test bundle-level profile loading from bundle metadata