Add new features and tests for AirGap and Time modules
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced `SbomService` tasks documentation. - Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`. - Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace. - Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories. - Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests. - Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace. - Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
This commit is contained in:
master
46
docs/modules/policy/design/policy-mirror-bundle-schema.md
Normal file
46
docs/modules/policy/design/policy-mirror-bundle-schema.md
Normal file
@@ -0,0 +1,46 @@
|
||||
# Policy Mirror Bundle Schema (Draft) — PREP-POLICY-AIRGAP-56-001
|
||||
|
||||
Status: Draft (2025-11-20)
|
||||
Owners: Policy Guild · Cartographer Guild
|
||||
Scope: Define sealed/offline-ready mirror bundle schema for policy packs to unblock air-gap ingestion (Mirror Bundles v1).
|
||||
|
||||
## 1) Bundle container
|
||||
- Format: tar.gz with deterministic ordering, UTC mtime `1970-01-01T00:00:00Z`.
|
||||
- Root: `mirror.manifest.json` plus optional `mirror.manifest.dsse` (post-quantum ready profile TBD).
|
||||
|
||||
## 2) Manifest fields
|
||||
- `bundle_id` (string, required): ULID.
|
||||
- `schema_version` (string): `policy.mirror.v1`.
|
||||
- `created_at` (RFC3339 UTC).
|
||||
- `producer` (object): `{name, version, build}` of the mirror tool.
|
||||
- `provenance` (object): `{source_registry, source_digest, fetch_time, trust_roots[]}`.
|
||||
- `policies` (array) of policy pack descriptors:
|
||||
- `pack_id` (string): content-addressed ID of the pack archive.
|
||||
- `version` (string): semver or commit hash.
|
||||
- `sha256` (string): hash of pack bytes.
|
||||
- `signatures[]` (optional): detached signatures (Sigstore/DSSE) with key hints.
|
||||
- `metadata` (object): `{rules_count, dependencies, min_engine_version}`.
|
||||
- `attestations` (optional array): references to DSSE statements covering manifest or pack artefacts.
|
||||
- `integrity` (object): `{merkle_root, entries[]}` mirroring file tree for audit.
|
||||
|
||||
## 3) File layout
|
||||
- `packs/{pack_id}.tar.gz`: raw policy pack.
|
||||
- `signatures/{pack_id}.sig`: detached signature per pack (optional).
|
||||
- `notes/compliance.md`: optional compliance notes per pack.
|
||||
|
||||
## 4) Sealed-mode rules
|
||||
- Whole-bundle DSSE signature required when `sealed=true` (header flag in manifest).
|
||||
- No post-fetch mutation; ingest must verify merkle root and DSSE before unpack.
|
||||
- Trust roots pinned per bundle (`provenance.trust_roots[]`), defaulting to org-configured roots when absent.
|
||||
|
||||
## 5) Determinism & validation
|
||||
- All arrays sorted; use lowercase hex for hashes.
|
||||
- Validation checklist: bundle hash matches manifest; merkle root recomputes; DSSE signer authorized; engine version compatibility enforced before import.
|
||||
|
||||
## 6) Open decisions
|
||||
- Final DSSE profile (FIPS/eIDAS/GOST) depending on deployment region.
|
||||
- Retention/GC policy for stale mirror bundles in sealed mode.
|
||||
- Whether to embed policy docs or keep external references; draft assumes external docs are excluded for air-gap safety.
|
||||
|
||||
## 7) Handoff
|
||||
Treat this file as the publishable artefact for PREP-POLICY-AIRGAP-56-001. Update when Authority/Platform finalize DSSE and trust-root policies.
|
||||
Reference in New Issue
Block a user