stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint: save features

Browse Source
This commit is contained in:
master
2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
docs/features/checked/airgap/air-gap-bundle-system.md Normal file
View File

@@ -0,0 +1,38 @@
# Air-Gap Bundle System (DSSE-Signed Bundle Format with Import/Export)
## Module
AirGap
## Status
VERIFIED
## Description
Comprehensive air-gap bundle system with DSSE signing and verification, bundle format with schemas/validation/trust snapshots, controller for state management, importer with quarantine-on-failure, atomic feed activation with rollback, file-based and router-based delivery transport, and offline kit validation (monotonicity checking, telemetry metrics). Covers offline update kits (OUK), replay packs, and audit pack export/import.
## Implementation Details
- **Controller**: `src/AirGap/StellaOps.AirGap.Controller/` -- state management (`AirGapState.cs`, `AirGapStateService.cs`), endpoints (`AirGapEndpoints.cs` with seal/verify), startup options, telemetry
- **Importer**: `src/AirGap/StellaOps.AirGap.Importer/` -- bundle planning (`BundleImportPlanner.cs`), quarantine on failure (`FileSystemQuarantineService.cs`, `IQuarantineService.cs`), evidence reconciliation (`EvidenceReconciler.cs`, `EvidenceGraph.cs`), SBOM/DSSE parsers, version monotonicity, trust root config, replay verification
- **Bundle library**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- bundle format, schema validation, trust snapshot management
- **Sync library**: `src/AirGap/__Libraries/StellaOps.AirGap.Sync/` -- synchronization for bundle delivery
- **Persistence**: `src/AirGap/__Libraries/StellaOps.AirGap.Persistence/` and `src/AirGap/StellaOps.AirGap.Storage.Postgres/`
- **Policy**: `src/AirGap/StellaOps.AirGap.Policy/` -- offline verification policy, analyzers
- **Tests**: Controller, Importer, Persistence, Sync, Time, and Policy tests under `src/AirGap/__Tests/`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Test bundle import with valid DSSE-signed bundle, verify state transition
- [ ] Test quarantine behavior on invalid bundle signature
- [ ] Test monotonicity check rejects older bundle version
- [ ] Test evidence reconciliation correctly parses CycloneDx, DSSE attestations
- [ ] Test atomic feed activation and rollback on failure
- [ ] Verify bundle import planning produces correct plan
## Verification
- Verified on 2026-02-11 with `run-001`.
- Tier 0 source checks passed for controller state/endpoints, importer planner/quarantine/reconciliation, and bundle library surfaces.
- Tier 1 build and focused behavior tests passed (`13/13` importer-focused, `12/12` controller endpoint/state, plus full suites for importer/controller/bundle).
- Tier 2 behavioral verification passed via HTTP endpoint integration tests over `/system/airgap/seal`, `/system/airgap/status`, and `/system/airgap/verify` including positive and negative paths.
- Evidence:
- `docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier0-source-check.json`
- `docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier1-build-check.json`
- `docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier2-integration-check.json`