stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

part #2

Browse Source
This commit is contained in:
master
2026-02-04 19:59:20 +02:00
parent 557feefdc3
commit 5548cf83bf
1479 changed files with 53557 additions and 40339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Models/BundleManifest.cs
View File

@@ -1,4 +1,4 @@
using System.Collections.Immutable;
using System.Collections.Immutable;
namespace StellaOps.AirGap.Bundle.Models;
@@ -71,200 +71,3 @@ public sealed record BundleManifest
/// </summary>
public ImmutableArray<RekorProofEntry> RekorProofs { get; init; } = [];
}
/// <summary>
/// Artifact entry in a bundle (v2.0.0).
/// Sprint: SPRINT_20260118_018 (TASK-018-001)
/// </summary>
public sealed record BundleArtifact(
/// <summary>Relative path within the bundle.</summary>
string? Path,
/// <summary>Artifact type: sbom, vex, dsse, rekor-proof, oci-referrers, etc.</summary>
string Type,
/// <summary>Content type (MIME).</summary>
string? ContentType,
/// <summary>SHA-256 digest of the artifact.</summary>
string? Digest,
/// <summary>Size in bytes.</summary>
long? SizeBytes);
/// <summary>
/// Verification section for bundle validation (v2.0.0).
/// Sprint: SPRINT_20260118_018 (TASK-018-001)
/// </summary>
public sealed record BundleVerifySection
{
/// <summary>
/// Trusted signing keys for verification.
/// Formats: kms://..., file://..., sigstore://...
/// </summary>
public ImmutableArray<string> Keys { get; init; } = [];
/// <summary>
/// Verification expectations.
/// </summary>
public BundleVerifyExpectations? Expectations { get; init; }
/// <summary>
/// Optional: path to trust root certificate.
/// </summary>
public string? TrustRoot { get; init; }
/// <summary>
/// Optional: Rekor checkpoint for offline proof verification.
/// </summary>
public string? RekorCheckpointPath { get; init; }
}
/// <summary>
/// Verification expectations (v2.0.0).
/// Sprint: SPRINT_20260118_018 (TASK-018-001)
/// </summary>
public sealed record BundleVerifyExpectations
{
/// <summary>
/// Expected payload types in DSSE envelopes.
/// Example: ["application/vnd.cyclonedx+json;version=1.6", "application/vnd.openvex+json"]
/// </summary>
public ImmutableArray<string> PayloadTypes { get; init; } = [];
/// <summary>
/// Whether Rekor proof is required for verification.
/// </summary>
public bool RekorRequired { get; init; } = true;
/// <summary>
/// Minimum number of signatures required.
/// </summary>
public int MinSignatures { get; init; } = 1;
/// <summary>
/// Required artifact types that must be present.
/// </summary>
public ImmutableArray<string> RequiredArtifacts { get; init; } = [];
/// <summary>
/// Whether all artifacts must pass checksum verification.
/// </summary>
public bool VerifyChecksums { get; init; } = true;
}
public sealed record FeedComponent(
string FeedId,
string Name,
string Version,
string RelativePath,
string Digest,
long SizeBytes,
DateTimeOffset SnapshotAt,
FeedFormat Format);
public enum FeedFormat
{
StellaOpsNative,
TrivyDb,
GrypeDb,
OsvJson
}
public sealed record PolicyComponent(
string PolicyId,
string Name,
string Version,
string RelativePath,
string Digest,
long SizeBytes,
PolicyType Type);
public enum PolicyType
{
OpaRego,
LatticeRules,
UnknownBudgets,
ScoringWeights,
/// <summary>
/// Local RBAC policy file for Authority offline fallback.
/// Sprint: SPRINT_20260112_018_AUTH_local_rbac_fallback Task: RBAC-010
/// </summary>
LocalRbac
}
public sealed record CryptoComponent(
string ComponentId,
string Name,
string RelativePath,
string Digest,
long SizeBytes,
CryptoComponentType Type,
DateTimeOffset? ExpiresAt);
public enum CryptoComponentType
{
TrustRoot,
IntermediateCa,
TimestampRoot,
SigningKey,
FulcioRoot
}
public sealed record CatalogComponent(
string CatalogId,
string Ecosystem,
string Version,
string RelativePath,
string Digest,
long SizeBytes,
DateTimeOffset SnapshotAt);
public sealed record RekorSnapshot(
string TreeId,
long TreeSize,
string RootHash,
string RelativePath,
string Digest,
DateTimeOffset SnapshotAt);
public sealed record CryptoProviderComponent(
string ProviderId,
string Name,
string Version,
string RelativePath,
string Digest,
long SizeBytes,
ImmutableArray<string> SupportedAlgorithms);
/// <summary>
/// Component for a rule bundle (e.g., secrets detection rules).
/// </summary>
/// <param name="BundleId">Bundle identifier (e.g., "secrets.ruleset").</param>
/// <param name="BundleType">Bundle type (e.g., "secrets", "malware").</param>
/// <param name="Version">Bundle version in YYYY.MM format.</param>
/// <param name="RelativePath">Relative path to the bundle directory.</param>
/// <param name="Digest">Combined digest of all files in the bundle.</param>
/// <param name="SizeBytes">Total size of the bundle in bytes.</param>
/// <param name="RuleCount">Number of rules in the bundle.</param>
/// <param name="SignerKeyId">Key ID used to sign the bundle.</param>
/// <param name="SignedAt">When the bundle was signed.</param>
/// <param name="Files">List of files in the bundle.</param>
public sealed record RuleBundleComponent(
string BundleId,
string BundleType,
string Version,
string RelativePath,
string Digest,
long SizeBytes,
int RuleCount,
string? SignerKeyId,
DateTimeOffset? SignedAt,
ImmutableArray<RuleBundleFileComponent> Files);
/// <summary>
/// A file within a rule bundle component.
/// </summary>
/// <param name="Name">Filename (e.g., "secrets.ruleset.manifest.json").</param>
/// <param name="Digest">SHA256 digest of the file.</param>
/// <param name="SizeBytes">File size in bytes.</param>
public sealed record RuleBundleFileComponent(
string Name,
string Digest,
long SizeBytes);