save checkpoint: save features

2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
--- a/docs/features/checked/airgap/air-gap-bundle-system.md
+++ b/docs/features/checked/airgap/air-gap-bundle-system.md
@@ -0,0 +1,38 @@
+# Air-Gap Bundle System (DSSE-Signed Bundle Format with Import/Export)
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+Comprehensive air-gap bundle system with DSSE signing and verification, bundle format with schemas/validation/trust snapshots, controller for state management, importer with quarantine-on-failure, atomic feed activation with rollback, file-based and router-based delivery transport, and offline kit validation (monotonicity checking, telemetry metrics). Covers offline update kits (OUK), replay packs, and audit pack export/import.
+
+## Implementation Details
+- **Controller**: `src/AirGap/StellaOps.AirGap.Controller/` -- state management (`AirGapState.cs`, `AirGapStateService.cs`), endpoints (`AirGapEndpoints.cs` with seal/verify), startup options, telemetry
+- **Importer**: `src/AirGap/StellaOps.AirGap.Importer/` -- bundle planning (`BundleImportPlanner.cs`), quarantine on failure (`FileSystemQuarantineService.cs`, `IQuarantineService.cs`), evidence reconciliation (`EvidenceReconciler.cs`, `EvidenceGraph.cs`), SBOM/DSSE parsers, version monotonicity, trust root config, replay verification
+- **Bundle library**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- bundle format, schema validation, trust snapshot management
+- **Sync library**: `src/AirGap/__Libraries/StellaOps.AirGap.Sync/` -- synchronization for bundle delivery
+- **Persistence**: `src/AirGap/__Libraries/StellaOps.AirGap.Persistence/` and `src/AirGap/StellaOps.AirGap.Storage.Postgres/`
+- **Policy**: `src/AirGap/StellaOps.AirGap.Policy/` -- offline verification policy, analyzers
+- **Tests**: Controller, Importer, Persistence, Sync, Time, and Policy tests under `src/AirGap/__Tests/`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Test bundle import with valid DSSE-signed bundle, verify state transition
+- [ ] Test quarantine behavior on invalid bundle signature
+- [ ] Test monotonicity check rejects older bundle version
+- [ ] Test evidence reconciliation correctly parses CycloneDx, DSSE attestations
+- [ ] Test atomic feed activation and rollback on failure
+- [ ] Verify bundle import planning produces correct plan
+
+## Verification
+- Verified on 2026-02-11 with `run-001`.
+- Tier 0 source checks passed for controller state/endpoints, importer planner/quarantine/reconciliation, and bundle library surfaces.
+- Tier 1 build and focused behavior tests passed (`13/13` importer-focused, `12/12` controller endpoint/state, plus full suites for importer/controller/bundle).
+- Tier 2 behavioral verification passed via HTTP endpoint integration tests over `/system/airgap/seal`, `/system/airgap/status`, and `/system/airgap/verify` including positive and negative paths.
+- Evidence:
+  - `docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier0-source-check.json`
+  - `docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier1-build-check.json`
+  - `docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier2-integration-check.json`
--- a/docs/features/checked/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots.md
+++ b/docs/features/checked/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots.md
@@ -0,0 +1,40 @@
+# Air-Gap Epistemic Mode with Sealed Startup and Feed Snapshots
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+Full epistemic completeness for air-gapped environments: sealed startup validation, feed snapshot repositories, signed mirror connectors, cryptographic binding of knowledge state to scan results, snapshot management, and sealed install enforcement.
+
+## Implementation Details
+- **Sealed startup**: `src/AirGap/StellaOps.AirGap.Controller/Services/AirGapStartupDiagnosticsHostedService.cs` -- validates sealed state at startup
+- **Startup options**: `src/AirGap/StellaOps.AirGap.Controller/Options/AirGapStartupOptions.cs` -- sealed startup configuration
+- **State management**: `src/AirGap/StellaOps.AirGap.Controller/Domain/AirGapState.cs`, `Services/AirGapStateService.cs`
+- **State stores**: `src/AirGap/StellaOps.AirGap.Controller/Stores/IAirGapStateStore.cs`, `InMemoryAirGapStateStore.cs`
+- **Feed snapshots**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- snapshot management in bundle library
+- **Offline verification**: `src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicy.cs`, `OfflineVerificationPolicyLoader.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify sealed startup validation prevents operation with incomplete knowledge state
+- [ ] Test feed snapshot loading and cryptographic binding
+- [ ] Verify state transitions in air-gap controller
+- [ ] Test offline verification policy enforcement
+
+## Verification
+- Verified on 2026-02-11 with `run-001`.
+- Tier 0 source/declaration checks passed for sealed-startup diagnostics, controller state store/service, snapshot bundle writer, and offline verification policy loader surfaces.
+- Tier 1 build/tests passed across controller/importer/bundle projects (`27/27` controller, `154/154` importer with new policy-loader tests, `150/150` bundle).
+- Tier 2 behavioral API checks passed for `/system/airgap/status`, `/system/airgap/seal`, and `/system/airgap/verify` with both positive and negative paths; status confirmed `sealed=true` after successful seal.
+- Additional Tier 2 integration evidence covers offline policy parsing/canonicalization via `OfflineVerificationPolicyLoaderTests`.
+- Revalidated on 2026-02-11 with `run-002` to capture fresh Tier 0/1/2 evidence in this execution lane.
+- Evidence:
+  - `docs/qa/feature-checks/runs/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots/run-001/tier0-source-check.json`
+  - `docs/qa/feature-checks/runs/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots/run-001/tier1-build-check.json`
+  - `docs/qa/feature-checks/runs/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots/run-001/tier2-api-check.json`
+  - `docs/qa/feature-checks/runs/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots/run-002/tier0-source-check.json`
+  - `docs/qa/feature-checks/runs/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots/run-002/tier1-build-check.json`
+  - `docs/qa/feature-checks/runs/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots/run-002/tier2-integration-check.json`
--- a/docs/features/checked/airgap/deterministic-rekor-receipts-with-offline-verification.md
+++ b/docs/features/checked/airgap/deterministic-rekor-receipts-with-offline-verification.md
@@ -0,0 +1,35 @@
+# Deterministic Rekor Receipts with Offline Verification
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+Offline Rekor receipt verifier validates checkpoint signatures (ECDSA/Ed25519), Merkle inclusion proofs per RFC 6962, and root hash consistency without live transparency log access. Includes TileProxy for local tile-based transparency log proxy, and mirror snapshot resolution for air-gapped deployments.
+
+## Implementation Details
+- **Rekor proof builder**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.Build.cs`, `EnhancedRekorProofBuilder.Validate.cs`, `EnhancedRekorProofBuilder.cs`
+- **Rekor inclusion proof**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/RekorInclusionProof.cs`
+- **Rekor verification step**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/RekorInclusionVerificationStep.cs`
+- **Replay verification**: `src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs`
+- **Importer replay**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs`, `ReplayDepth.cs`
+- **Merkle proofs**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Merkle/DeterministicMerkleTreeBuilder.Proof.cs`, `MerkleProof.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify Rekor receipt offline verification validates checkpoint signatures (ECDSA/Ed25519)
+- [ ] Test Merkle inclusion proof verification per RFC 6962
+- [ ] Test root hash consistency verification without live transparency log
+- [ ] Verify replay verification service works in air-gapped mode
+
+## Verification
+- Verified on 2026-02-11 with `run-002`.
+- Tier 0 source/declaration checks passed for Rekor proof builder surfaces, inclusion proof/verification classes, replay verification contracts, and deterministic Merkle proof primitives.
+- Tier 1 build/tests passed across proof-chain, controller, importer, and Attestor/AirGap test suites (`76/76` offline verifier, `80/80` attestor types, `27/27` controller, `154/154` importer).
+- Tier 2 behavioral checks passed for offline receipt verification, offline verifier Rekor-proof path handling, and replay verification behavior in both controller and importer paths.
+- Evidence:
+  - `docs/qa/feature-checks/runs/airgap/deterministic-rekor-receipts-with-offline-verification/run-002/tier0-source-check.json`
+  - `docs/qa/feature-checks/runs/airgap/deterministic-rekor-receipts-with-offline-verification/run-002/tier1-build-check.json`
+  - `docs/qa/feature-checks/runs/airgap/deterministic-rekor-receipts-with-offline-verification/run-002/tier2-integration-check.json`
--- a/docs/features/checked/airgap/deterministic-replay-and-verification-in-air-gap-mode.md
+++ b/docs/features/checked/airgap/deterministic-replay-and-verification-in-air-gap-mode.md
@@ -0,0 +1,36 @@
+# Deterministic Replay and Verification in Air-Gap Mode
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+Replay manifests capturing input artifacts, verification results, and media types for deterministic reproducibility. Replay verification service for air-gapped environments. Covers offline cryptography plugins and importer validation.
+
+## Implementation Details
+- **Replay verification service**: `src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs`
+- **Replay contracts**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs`, `ReplayDepth.cs`
+- **Attestor replay**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Replay/ReplayInputArtifact.cs`, `ReplayResult.cs`, `ReplayStatus.cs`, `ReplayVerificationResult.cs`, `ReplayPromptTemplate.cs`
+- **Offline crypto**: `src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs` and plugin implementations (GOST, eIDAS, SM, FIPS, HSM)
+- **Evidence reconciliation**: `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/` -- EvidenceReconciler, EvidenceGraph, JSON normalizer, attestation/SBOM parsers
+- **Importer validation**: `src/AirGap/StellaOps.AirGap.Importer/Validation/` -- bundle validation
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify replay manifests capture all input artifacts with media types
+- [ ] Test replay verification produces identical results from same inputs
+- [ ] Test evidence reconciliation correctly builds evidence graph
+- [ ] Verify offline crypto plugin signing/verification works without network
+
+## Verification
+- Verified on 2026-02-11 with `run-001`.
+- Tier 0 source/declaration checks passed for replay service/contracts, proof-chain replay models, offline crypto plugin base/implementations, evidence reconciliation surfaces, and importer validators.
+- Tier 1 build/tests passed across AirGap controller/importer, cryptography plugin/test surfaces, and attestor replay/sign-verify suite (`27/27` controller, `154/154` importer, `108/108` cryptography, `80/80` attestor types).
+- Tier 2 behavioral checks passed with live `/system/airgap/verify` API transactions proving deterministic repeated responses for identical inputs, deterministic policy-freeze replay behavior after seal, and expected negative-path failures for hash drift and stale manifests.
+- Additional Tier 2 integration evidence covers evidence reconciliation and offline crypto plugin behavior without network access.
+- Evidence:
+  - `docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier0-source-check.json`
+  - `docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier1-build-check.json`
+  - `docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier2-api-check.json`
--- a/docs/features/checked/airgap/deterministic-test-harness.md
+++ b/docs/features/checked/airgap/deterministic-test-harness.md
@@ -0,0 +1,34 @@
+# Deterministic Test Harness (Frozen Time, Seeded RNG, Network Isolation)
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+Deterministic testing infrastructure with frozen time providers, deterministic fixtures, and Testcontainers for PostgreSQL isolation across backend and frontend.
+
+## Implementation Details
+- **Test infrastructure**: `src/__Tests/__Libraries/StellaOps.Testing.Chaos/Models.cs` -- chaos/deterministic testing models
+- **AirGap tests**: `src/AirGap/__Tests/` -- Controller, Importer, Persistence, Sync, Time tests
+- **Frozen time**: `src/AirGap/StellaOps.AirGap.Time/` -- time anchor services with frozen time providers, staleness calculation
+- **Time fixtures**: `src/AirGap/StellaOps.AirGap.Time/fixtures/` -- deterministic time test fixtures
+- **Testcontainers**: PostgreSQL isolation via `src/AirGap/StellaOps.AirGap.Storage.Postgres.Tests/`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify frozen time providers produce deterministic timestamps
+- [ ] Test seeded RNG produces reproducible results
+- [ ] Verify Testcontainers PostgreSQL isolation works correctly
+- [ ] Test deterministic fixtures produce identical outputs across runs
+
+## Verification
+- Verified on 2026-02-11 with `run-001`.
+- Tier 0 source/declaration checks passed for deterministic harness surfaces across AirGap time fixtures/services, sync fixed-time utilities, persistence postgres fixture/tests, and testing replay/chaos libraries.
+- Tier 1 build/tests passed across time/sync/persistence plus testing-chaos/testing-replay projects (`48/48` time tests, `40/40` sync tests, `23/23` persistence tests, `51/51` chaos tests, `20/20` replay tests).
+- Tier 2 behavioral checks passed with live `/system/airgap/verify` repeated requests returning byte-identical pass payloads for identical inputs, plus integration evidence for postgres testcontainer isolation and replay harness execution.
+- Evidence:
+  - `docs/qa/feature-checks/runs/airgap/deterministic-test-harness/run-001/tier0-source-check.json`
+  - `docs/qa/feature-checks/runs/airgap/deterministic-test-harness/run-001/tier1-build-check.json`
+  - `docs/qa/feature-checks/runs/airgap/deterministic-test-harness/run-001/tier2-api-check.json`
--- a/docs/features/checked/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows.md
+++ b/docs/features/checked/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows.md
@@ -0,0 +1,32 @@
+# DSSE/Receipt Schema for Authority/Sbomer/Vexer Flows
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+DSSE envelope signing/verification across multiple modules with schema types, SPDX3 integration, and air-gap bundle signing. The receipt schema supports Authority, Sbomer, and Vexer flows.
+
+## Implementation Details
+- **DSSE signing**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/DsseEnvelope.cs`, `DsseSignature.cs`, `ProofChainSigner.Verification.cs`
+- **DSSE SPDX3**: `src/Attestor/__Libraries/StellaOps.Attestor.Spdx3/DsseSpdx3Envelope.cs`, `DsseSpdx3Signature.cs`, `DsseSpdx3Signer.SignAsync.cs`, `DsseSpdx3Signer.Verify.cs`
+- **DSSE verification**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/DsseSignatureVerificationStep.cs`
+- **Importer DSSE parsing**: `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs`
+- **Receipt models**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs`, `VerificationResult.cs`, `VerificationCheck.cs`, `VerificationContext.cs`
+- **Signing profiles**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/SigningKeyProfile.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify DSSE envelope creation for Authority/Sbomer/Vexer flows
+- [ ] Test DSSE signature verification with multiple key profiles
+- [ ] Verify receipt schema captures all required verification checks
+- [ ] Test SPDX3 DSSE integration
+
+## Verification
+- Run ID: `run-001`
+- Date (UTC): `2026-02-11`
+- Tier 0: `docs/qa/feature-checks/runs/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows/run-001/tier0-source-check.json` (`verdict=pass`)
+- Tier 1: `docs/qa/feature-checks/runs/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows/run-001/tier1-build-check.json` (`buildResult=pass`, `testResult=pass`)
+- Tier 2: `docs/qa/feature-checks/runs/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows/run-001/tier2-integration-check.json` (`verdict=pass`)
--- a/docs/features/checked/airgap/mirror-time-anchor-contract.md
+++ b/docs/features/checked/airgap/mirror-time-anchor-contract.md
@@ -0,0 +1,34 @@
+# Mirror Time Anchor Contract
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+Defines canonical time-anchor fields (generatedAt UTC ISO-8601, optional sourceClock hint) and staleness computation (now - generatedAt with +/-5s tolerance) for mirror bundles in air-gapped environments.
+
+## Implementation Details
+- **Time anchor module**: `src/AirGap/StellaOps.AirGap.Time/` -- full module with controllers, services, parsing, models, stores, config, hooks, health checks
+- **Time anchor parsing**: `src/AirGap/StellaOps.AirGap.Time/Parsing/` -- token parsing for time anchor extraction
+- **Staleness calculation**: services compute `now - generatedAt` with tolerance handling
+- **HLC merge services**: `src/AirGap/StellaOps.AirGap.Time/Services/` -- Hybrid Logical Clock for multi-node sync
+- **Deterministic time fixtures**: `src/AirGap/StellaOps.AirGap.Time/fixtures/`
+- **Bundle integration**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/` -- TimeAnchorContent, SnapshotBundleWriter.Sections.TimeAnchor, SnapshotBundleReader.Verify.TimeAnchor
+- **Attestor timestamping**: `src/Attestor/__Libraries/StellaOps.Attestor.Timestamping/TimeCorrelationValidator.Validate.cs`, `TimeCorrelationStatus.cs`
+- **Tests**: `src/AirGap/__Tests/StellaOps.AirGap.Time.Tests/` (TimeAnchorLoaderTests, StalenessCalculatorTests, TimeVerificationServiceTests, TimeTokenParserTests, etc.)
+
+## E2E Test Plan
+- [ ] Verify time anchor is embedded in air-gap bundle with correct ISO-8601 format
+- [ ] Verify staleness calculation correctly computes age with +/-5s tolerance
+- [ ] Verify time anchor verification rejects bundles with tampered timestamps
+- [ ] Verify HLC merge produces consistent ordering across multiple nodes
+
+## Related Documentation
+- Source: SPRINT_0150_0001_0002_mirror_time.md
+
+## Verification
+- Run: `docs/qa/feature-checks/runs/airgap/mirror-time-anchor-contract/run-001/`
+- Date (UTC): 2026-02-11
+
--- a/docs/features/checked/airgap/offline-kit-metrics-and-diagnostics.md
+++ b/docs/features/checked/airgap/offline-kit-metrics-and-diagnostics.md
@@ -0,0 +1,24 @@
+# Offline Kit Metrics and Diagnostics
+
+## Module
+AirGap
+
+## Status
+IMPLEMENTED
+
+## Description
+Offline kit metrics, telemetry, and startup diagnostics for monitoring air-gap bundle health.
+
+## Implementation Details
+- **Telemetry**: `src/AirGap/StellaOps.AirGap.Controller/Services/AirGapTelemetry.cs` -- air-gap specific telemetry
+- **Telemetry options**: `src/AirGap/StellaOps.AirGap.Controller/Options/AirGapTelemetryOptions.cs` -- telemetry configuration
+- **Startup diagnostics**: `src/AirGap/StellaOps.AirGap.Controller/Services/AirGapStartupDiagnosticsHostedService.cs` -- diagnostics at startup
+- **Importer telemetry**: `src/AirGap/StellaOps.AirGap.Importer/Telemetry/` -- import-specific metrics
+- **Status endpoints**: `src/AirGap/StellaOps.AirGap.Controller/Endpoints/Contracts/AirGapStatusResponse.cs` -- status reporting
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify AirGap status endpoint returns correct metrics
+- [ ] Test startup diagnostics detect and report issues
+- [ ] Verify telemetry captures bundle import/export operations
+- [ ] Test importer telemetry tracks import duration and outcomes
--- a/docs/features/checked/airgap/time-anchoring-for-offline-environments.md
+++ b/docs/features/checked/airgap/time-anchoring-for-offline-environments.md
--- a/docs/features/checked/airgap/trust-profile-management.md
+++ b/docs/features/checked/airgap/trust-profile-management.md
@@ -0,0 +1,33 @@
+# Trust Profile Management (CLI and Bundle)
+
+## Module
+AirGap
+
+## Status
+VERIFIED
+
+## Description
+Named trust profiles (global, eu-eidas, us-fips, bg-gov) for configuring TSA chains, signing algorithms, and verification policies per deployment context. Includes CLI commands (stella trust-profile list/apply/show) and bundle-level profile loading. Distinct from the known "Trust Anchor Management" and "Regional Crypto Profiles" which are about crypto algorithms, not deployment-context trust configuration profiles.
+
+## Implementation Details
+- **Bundle trust profiles**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- named trust profile definitions and loading
+- **Trust root config**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/TrustRootConfig.cs` -- trust root configuration for import verification
+- **AirGap policy**: `src/AirGap/StellaOps.AirGap.Policy/` -- policy enforcement for trust profiles, includes analyzers and tests
+- **Offline verification policy**: `src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicy.cs`, `OfflineVerificationPolicyLoader.cs`
+- **Trust anchor verification**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/TrustAnchorVerificationStep.cs`
+- **Source**: SPRINT_20260120_029_AirGap_offline_bundle_contract.md
+
+## E2E Test Plan
+- [ ] Verify CLI `stella trust-profile list` shows available profiles
+- [ ] Test `stella trust-profile apply` switches active profile
+- [ ] Test `stella trust-profile show` displays profile configuration
+- [ ] Verify trust profiles configure correct TSA chains and signing algorithms
+- [ ] Test bundle-level profile loading from bundle metadata
+
+## Verification
+- Run: `docs/qa/feature-checks/runs/airgap/trust-profile-management/run-002`
+- Date (UTC): `2026-02-11`
+- Tier 0: pass (source references resolved)
+- Tier 1: pass (build/test surfaces for AirGap trust profile and CLI command wiring)
+- Tier 2: pass (CLI list/show/apply + missing-profile negative path + loader behavior suites)
+