stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Restructure solution layout by module

Browse Source
This commit is contained in:
master
2025-10-28 15:10:40 +02:00
parent 95daa159c4
commit d870da18ce
4103 changed files with 192899 additions and 187024 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Mirror/StellaOps.Mirror.Creator/AGENTS.md Normal file
View File

@@ -0,0 +1,15 @@
# StellaOps Mirror Creator Guild Charter
## Mission
Deliver connected-environment tooling that assembles signed Mirror Bundles for air-gapped deployments, covering content selection, signing, and distribution.
## Scope
- Bundle assembly pipeline (advisories, VEX, policy packs, images, dashboards).
- Integration with Export Center for bundle scheduling and verification.
- CLI commands for bundle creation, inspection, and rotation management.
- Test fixtures ensuring determinism across bundle builds.
## Definition of Done
- Bundles are deterministic given the same inputs; regression tests verify Merkle root stability.
- Signing workflows documented and automated with dual-control for root rotation.
- Bundle metadata published for import verification.

19
src/Mirror/StellaOps.Mirror.Creator/TASKS.md Normal file
View File

@@ -0,0 +1,19 @@
# Mirror Creator Task Board — Epic 16: Air-Gapped Mode
## Sprint 56 Bundle Assembly
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| MIRROR-CRT-56-001 | TODO | Mirror Creator Guild | EXPORT-OBS-51-001 | Implement deterministic bundle assembler supporting advisories, VEX, policy packs with Zstandard compression and manifest generation. | Bundle build produces deterministic manifest; unit tests compare against golden outputs. |
| MIRROR-CRT-56-002 | TODO | Mirror Creator Guild, Security Guild | MIRROR-CRT-56-001, PROV-OBS-53-001 | Integrate DSSE signing and TUF metadata generation (`root`, `snapshot`, `timestamp`, `targets`). | Signed bundle verified by importer tests; root rotation procedure documented. |
## Sprint 57 OCI Images & Time Anchors
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| MIRROR-CRT-57-001 | TODO | Mirror Creator Guild, DevOps Guild | MIRROR-CRT-56-001 | Add optional OCI image collection producing oci-archive layout with digests recorded in manifest. | Image bundles integrate with air-gapped registry; tests confirm digest equality. |
| MIRROR-CRT-57-002 | TODO | Mirror Creator Guild, AirGap Time Guild | MIRROR-CRT-56-002, AIRGAP-TIME-57-001 | Embed signed time anchor metadata (`meta/time-anchor.json`) sourced from trusted authority. | Time anchor included in bundles; verification tests confirm signature; docs updated. |
## Sprint 58 CLI and Scheduling
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| MIRROR-CRT-58-001 | TODO | Mirror Creator Guild, CLI Guild | MIRROR-CRT-56-002, CLI-AIRGAP-56-001 | Deliver CLI `stella mirror create|verify` commands with content selection flags, delta mode, and dry-run verification. | CLI builds bundles deterministically; verify command reports DSSE/TUF status; integration tests cover options. |
| MIRROR-CRT-58-002 | TODO | Mirror Creator Guild, Exporter Guild | MIRROR-CRT-56-002, EXPORT-OBS-54-001 | Integrate with Export Center scheduling to automate mirror bundle creation with audit logs. | Scheduler triggers bundle builds; audit entries recorded; docs updated. |