feat: Implement MongoDB orchestrator storage with registry, commands, and heartbeats
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added NullAdvisoryObservationEventTransport for handling advisory observation events. - Created IOrchestratorRegistryStore interface for orchestrator registry operations. - Implemented MongoOrchestratorRegistryStore for MongoDB interactions with orchestrator data. - Defined OrchestratorCommandDocument and OrchestratorCommandRecord for command handling. - Added OrchestratorHeartbeatDocument and OrchestratorHeartbeatRecord for heartbeat tracking. - Created OrchestratorRegistryDocument and OrchestratorRegistryRecord for registry management. - Developed tests for orchestrator collections migration and MongoOrchestratorRegistryStore functionality. - Introduced AirgapImportRequest and AirgapImportValidator for air-gapped VEX bundle imports. - Added incident mode rules sample JSON for notifier configuration.
This commit is contained in:
StellaOps Bot
30
docs/modules/excititor/prep/2025-11-22-airgap-56-58-prep.md
Normal file
30
docs/modules/excititor/prep/2025-11-22-airgap-56-58-prep.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# Excititor Air-Gap Prep (56-001, 57-001, 58-001)
|
||||
|
||||
Status: **Ready for implementation** (2025-11-22)
|
||||
Owners: Excititor Core Guild · AirGap Policy Guild · Evidence Locker Guild
|
||||
Scope: Define ingestion/egress contracts for Excititor when operating in sealed/offline environments and align with mirror bundle + Evidence Locker artifacts.
|
||||
|
||||
## Inputs
|
||||
- Mirror bundle schema (thin) from `docs/modules/mirror/assembler.md`.
|
||||
- Evidence Locker attestation contract: `docs/modules/evidence-locker/attestation-contract.md`.
|
||||
- Link-Not-Merge schema for advisory evidence: `docs/modules/concelier/link-not-merge-schema.md`.
|
||||
|
||||
## Deliverables
|
||||
- Ingestion envelope for `POST /airgap/vex/import`:
|
||||
- Fields: `bundleId`, `mirrorGeneration`, `signedAt`, `publisher`, `payloadHash`, `payloadUrl?` (offline tar path), `signature`, `transparencyLog?`.
|
||||
- Validation: deterministic hash of NDJSON payloads; must reject mixed tenants; clock-skew tolerance ±5s.
|
||||
- Sealed-mode error catalog (57-001): `AIRGAP_EGRESS_BLOCKED`, `AIRGAP_PAYLOAD_STALE`, `AIRGAP_SIGNATURE_MISSING`, `AIRGAP_SOURCE_UNTRUSTED`; each with HTTP 4xx mapping and remediation text.
|
||||
- Notification hooks (58-001): timeline events `airgap.import.started/completed/failed` with attributes `{tenantId,bundleId,generation,stalenessSeconds}`; link to Evidence Locker bundle ID for audit.
|
||||
- Determinism rules: sort imported observations by `advisoryKey` then `productKey`; write timeline events in the same order; all timestamps UTC ISO-8601.
|
||||
- Connector trust (CONN-TRUST-01-001):
|
||||
- Trusted signer manifests reuse `docs/modules/excititor/schemas/connector-signer-metadata.schema.json`; require `fingerprint`, `issuer`, `validFrom/To`, `allowedProfiles`, `bundleHash`.
|
||||
- Validation: fail import with `AIRGAP_SOURCE_UNTRUSTED` when signer fingerprint not in manifest, signature algorithm not in `{rsa-pss-sha256, ecdsa-p256-sha256, gost-r3410-2012-256}`, or bundle hash mismatch.
|
||||
- Offline parity: store signer manifests alongside mirror bundle under `mirror/signers/` and include SHA256 in `SHA256SUMS.dsse`.
|
||||
|
||||
## Acceptance Criteria
|
||||
- API shapes captured in this prep are referenced from Sprint 0119 Delivery Tracker; no further blockers for Excititor AirGap tasks.
|
||||
- Error catalog and timeline events documented and consumed by downstream Policy/AirGap controller work.
|
||||
- Import path validated against mirror bundle schema; mismatch should raise `AIRGAP_PAYLOAD_STALE`.
|
||||
|
||||
## Notes
|
||||
- Satisfies PREP-EXCITITOR-AIRGAP-56-001, PREP-EXCITITOR-AIRGAP-57-001, and PREP-EXCITITOR-AIRGAP-58-001.
|
||||
@@ -0,0 +1,27 @@
|
||||
# Attestation Verifier Rehearsal — Excititor
|
||||
|
||||
Status: **Ready for implementation** (2025-11-22)
|
||||
Owners: Excititor Attestation Guild · Evidence Locker Guild
|
||||
Scope: Dry-run `IVexAttestationVerifier` against current Evidence Locker bundles to ensure Excititor attestation endpoints ship with deterministic verification.
|
||||
|
||||
## Test Matrix
|
||||
- Inputs: Evidence Bundle v1 sample (`docs/samples/evidence-bundle/*`), mirror bundle thin sample (`out/mirror/thin/mirror-thin-m0-sample.tar.gz`).
|
||||
- Verification steps:
|
||||
1. Validate DSSE envelope signature and Rekor entry (if present); offline mode skips transparency but records `rekorSkipped=true`.
|
||||
2. Verify manifest hash tree against payload NDJSON files; fail on first mismatch.
|
||||
3. Assert policy hash matches Policy Engine overlay hash (placeholder `policyHash` captured for now).
|
||||
4. Emit structured result JSON: `{bundleId, verified, dsseVerified, transparencyChecked, manifestRoot, failures[]}`.
|
||||
- Determinism: sorted failure list, timestamps set to supplied `--as-of` flag.
|
||||
|
||||
## Deliverables
|
||||
- Harness entry point: `tools/attestation/verifier-rehearsal.sh` (script stub path reserved).
|
||||
- Sample output recorded at `docs/modules/excititor/prep/artifacts/2025-11-22-attestation-rehearsal.json` (to be produced in implementation).
|
||||
- Logging fields to surface in Excititor: `attestationBundleId`, `evidenceBundleId`, `verified`, `failureCode`, `tenantId`.
|
||||
|
||||
## Acceptance Criteria
|
||||
- Rehearsal script runs offline using bundled samples and exits non-zero on any verification failure.
|
||||
- Output schema above is referenced by Excititor API tests and Policy attest replay tasks.
|
||||
- Downstream tasks EXCITITOR-GRAPH-21-00x and attestation endpoints can rely on this contract.
|
||||
|
||||
## Notes
|
||||
- Satisfies PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR.
|
||||
Reference in New Issue
Block a user