# Policy AirGap Sealed-Mode Prep — PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD

Status: Draft (2025-11-20)
Owners: Policy Guild · AirGap Policy Guild
Scope: Define sealed-mode policy behaviour and error envelopes after mirror import (56-002).

## Inputs needed
- Sealed-mode error envelope standard (WEB-OAS-61-002) for consistency with Concelier/Web.
- Staleness metadata fields from 56-002 (bundle provenance / time anchor).

## Proposed behavior
- When sealed mode active and non-mirror source requested, return error `POLICY_AIRGAP_EGRESS_BLOCKED` with remediation list and `staleness_seconds_remaining` if available.
- Determinism: sorted remediation items; canonical JSON ordering.
- Telemetry: counter `policy_airgap_egress_blocked_total{tenant,endpoint}` and event `policy.airgap.egress_blocked` with `{tenant_id, bundle_id?, policy_hash}`.

## Acceptance
- Envelope finalized in line with WEB-OAS-61-002; fields confirmed with AirGap Policy Guild.
- Sample response stored at `docs/modules/policy/samples/policy-airgap-sealed@draft.json`.

## Handoff
Prep artefact for PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD. Update once error envelope and staleness fields are frozen; then mark task DONE and start implementation.