# AirGap Parity Review — SBOM Service runtime/signals (Sprint 0140/0142)

Status: Template published (2025-11-22)
Owners: Observability Guild · SBOM Service Guild · Cartographer Guild · Runtime & Signals coordination (0140) · Concelier Core (schema fidelity)

## Purpose
Document a repeatable AirGap parity review for `/sbom/paths`, `/sbom/versions`, and SBOM event streams so SBOM-SERVICE-21-001..004 can move from BLOCKED to DOING once fixtures land.

## Prerequisites
- Link-Not-Merge v1 fixtures available under `docs/modules/sbomservice/fixtures/lnm-v1/` with `SHA256SUMS`.
- Projection schema frozen (record SHA/commit).
- Mock surface bundle hash and real scanner cache ETA published in sprint 0140 tracker.
- CAS/provenance appendices (signals) frozen: `docs/signals/cas-promotion-24-002.md`, `docs/signals/provenance-24-003.md`.
- Test environment with offline toggle enabled; mirrored packages only.

## Checklist
- Verify fixture integrity: run `sha256sum -c SHA256SUMS` in `fixtures/lnm-v1`.
- Replay fixtures in offline mode; capture latency/p95/p99 for `/sbom/paths` and `/sbom/versions` with deterministic seeds.
- Confirm tenant scoping and add-only evolution (no in-place updates) using two-tenant replay script.
- Validate event envelopes (`sbom.version.created`) against CAS/provenance requirements; ensure DSSE fields present or `skip_reason: offline`.
- Check orchestrator backpressure behavior with AirGap throttling; record SLO thresholds.
- Capture logs/traces snapshots (if enabled) and redact secrets before attaching.

## Outputs
- Minutes + decisions appended to this file (Execution Notes section) with timestamps and owners.
- Metrics table with p50/p95/p99 latency, error rate, and cache hit ratio.
- Actions list with owners and due dates; blockers mirrored to sprint 0140/0142 Decisions & Risks.
- Fixture hash list appended (from `SHA256SUMS`) with date and signer.

## Data capture templates

### Metrics
| Metric | p50 | p95 | p99 | Error rate | Notes |
| --- | --- | --- | --- | --- | --- |
| `/sbom/paths` latency (ms) |  |  |  |  |  |
| `/sbom/versions` latency (ms) |  |  |  |  |  |
| Event ingest → emit (ms) |  |  |  |  |  |
| Cache hit ratio |  |  |  |  |  |

### Decisions & follow-ups
| Decision / Action | Owner | Due | Status | Notes |
| --- | --- | --- | --- | --- |
|  |  |  |  |  |

## Execution Notes
- 2025-11-22: Template published; awaiting fixtures and review scheduling.