stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-11 01:32:14 +02:00
parent 5593212b41
commit cf5b72974f
2316 changed files with 68799 additions and 3808 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/modules/airgap/README.md
View File

@@ -55,6 +55,7 @@ Key settings:
- Offline Kit: `../../OFFLINE_KIT.md`
- Mirror: `../mirror/`
- ExportCenter: `../export-center/`
- Promotion Rekor tile runbook: `./guides/promotion-rekor-tile-verification.md`
## Evidence Bundles for Air-Gapped Verification

75
docs/modules/airgap/guides/promotion-rekor-tile-verification.md Normal file
View File

@@ -0,0 +1,75 @@
# Promotion Rekor Tile Verification (Air-Gap)
## Purpose
Operational runbook for using Rekor tile material in air-gapped promotion gates.
## Preconditions
- Offline bundle includes tile/proof artifacts and trust roots.
- Promotion gate is configured to consume offline proof references.
- Operator has tenant-scoped Authority credentials.
## Inputs
- Promotion identifier
- Evidence bundle identifier
- Rekor tile/proof bundle from offline sync
- Trust root set (Fulcio/KMS roots and Rekor checkpoint material)
## Procedure
1. Validate bundle integrity.
2. Import tile/proof files into the local Attestor cache.
3. Run offline verification for referenced DSSE envelopes.
4. Attach verification outputs to promotion gate input payload.
5. Execute promotion gate evaluation.
6. Persist decision record with proof references.
## Example Commands
```bash
# 1) verify portable evidence bundle
stella evidence verify --bundle portable-evidence-bundle.tgz --offline
# 2) import tile material
stella rekor tiles import --bundle rekor-tiles.tgz
# 3) verify inclusion proofs offline
stella rekor verify --offline --evidence-bundle-id <bundle-id>
# 4) run promotion gate preview with offline verification enabled
stella promotion preview-gates --promotion <promotion-id> --offline-rekor
```
## Failure Modes
| Failure mode | Expected gate behavior | Operator action |
| --- | --- | --- |
| Missing tile/proof files | Fail closed (deny or pending per policy) | Re-sync offline bundle and retry verification |
| Invalid proof chain | Fail closed | Rotate trust roots or investigate tampering |
| Expired trust roots | Fail closed | Import updated trust bundle from connected zone |
| Break-glass enabled | Explicitly auditable non-standard path | Record reason/ticket and time-bound override |
## Offline QA Matrix (Deterministic)
1. Valid tile/proof bundle produces identical verification output hash across repeated runs.
2. Missing tile segment fails closed with stable reason code.
3. Tampered inclusion proof fails closed with stable reason code.
4. Expired trust root fails closed with stable reason code.
5. Break-glass path emits explicit marker and does not masquerade as standard verification.
## Audit Outputs
- Promotion decision record id
- Policy decision digest
- Evidence bundle id
- Rekor verification report reference
- Break-glass marker (if used)
## Related References
- `docs/modules/airgap/README.md`
- `docs/modules/airgap/guides/proof-chain-verification.md`
- `docs/modules/evidence-locker/promotion-evidence-contract.md`
- `docs/modules/release-orchestrator/promotion-runtime-gap-closure-plan.md`