up

docs/airgap/controller-scaffold.md

@@ -8,6 +8,7 @@ Scope: Define the baseline project skeleton, APIs, telemetry, and staleness fiel
 - Project: `src/AirGap/StellaOps.AirGap.Controller` (net10.0, minimal API host).
 - Tests: `tests/AirGap/StellaOps.AirGap.Controller.Tests` with xunit + deterministic time provider.
 - Shared contracts: DTOs under `Endpoints/Contracts`, domain state under `Domain/AirGapState.cs`.
+- Persistence: in-memory store by default; Mongo store activates when `AirGap:Mongo:ConnectionString` is set.
 
 ## 2) State model
 - Persistent document `airgap_state` (Mongo):
@@ -15,6 +16,22 @@ Scope: Define the baseline project skeleton, APIs, telemetry, and staleness fiel
   - Index on `{tenant_id}`; unique on `singleton` within tenant.
 - In-memory cache with monotonic timestamp to avoid stale reads; cache invalidated on transitions.
 
+### Mongo wiring (opt‑in)
+- Config section:
+
+```json
+"AirGap": {
+  "Mongo": {
+    "ConnectionString": "mongodb://localhost:27017",
+    "Database": "stellaops_airgap",
+    "Collection": "airgap_state"
+  }
+}
+```
+
+- The DI extension `AddAirGapController` chooses Mongo when `ConnectionString` is present; otherwise falls back to in-memory.
+- Collection index: unique on `{tenant_id, id}` to enforce singleton per tenant.
+
 ## 3) Endpoints (56-002 baseline)
 - `GET /system/airgap/status` → returns current state + staleness summary:
   - `{sealed, policy_hash, time_anchor:{source, anchored_at, drift_seconds}, staleness:{seconds_remaining?, budget_seconds?}, last_transition_at}`.