up

src/AirGap/StellaOps.AirGap.Controller/Options/AirGapStartupOptions.cs

@@ -0,0 +1,44 @@
+namespace StellaOps.AirGap.Controller.Options;
+
+public sealed class AirGapStartupOptions
+{
+    /// <summary>
+    /// Tenant to validate at startup. Defaults to single-tenant controller deployment.
+    /// </summary>
+    public string TenantId { get; set; } = "default";
+
+    /// <summary>
+    /// Optional egress allowlist. When null, startup diagnostics consider it missing.
+    /// </summary>
+    public string[]? EgressAllowlist { get; set; }
+        = null;
+
+    /// <summary>
+    /// Trust material required to prove bundles and egress policy inputs are present.
+    /// </summary>
+    public TrustMaterialOptions Trust { get; set; } = new();
+
+    /// <summary>
+    /// Pending root rotation metadata; validated when pending keys exist.
+    /// </summary>
+    public RotationOptions Rotation { get; set; } = new();
+}
+
+public sealed class TrustMaterialOptions
+{
+    public string RootJsonPath { get; set; } = string.Empty;
+    public string SnapshotJsonPath { get; set; } = string.Empty;
+    public string TimestampJsonPath { get; set; } = string.Empty;
+
+    public bool IsConfigured =>
+        !string.IsNullOrWhiteSpace(RootJsonPath)
+        && !string.IsNullOrWhiteSpace(SnapshotJsonPath)
+        && !string.IsNullOrWhiteSpace(TimestampJsonPath);
+}
+
+public sealed class RotationOptions
+{
+    public Dictionary<string, string> ActiveKeys { get; set; } = new(StringComparer.Ordinal);
+    public Dictionary<string, string> PendingKeys { get; set; } = new(StringComparer.Ordinal);
+    public List<string> ApproverIds { get; set; } = new();
+}