# Policy AirGap 56-001 Prep — Mirror Bundle Schema

Status: **Ready for implementation** (2025-11-22)
Owners: Policy Guild · AirGap Policy Guild
Scope: Lock the mirror bundle schema required for policy pack distribution in sealed mode.

## Bundle Schema
- Envelope: `bundleId`, `schemaVersion` (`policy-mirror-v1`), `createdAt`, `publisher`, `signature`, `transparencyLog?`.
- Contents array entries:
  - `policyHash`, `policyName`, `version`, `targetProducts[]`, `scope` (tenant/portfolio), `dependencies[]` (other bundleIds), `config` (immutable), `evidenceBundleId?`.
- Hashing: manifest sha256 over sorted file list (`policies/*.rego`, `overlays/*.json`), recorded as `manifestSha256`.
- Staleness: `validUntil` and `timeAnchor` fields; sealed-mode must reject if `now > validUntil` or time drift > 300s.

## Determinism & Transport
- Files stored in tarball with POSIX mtime `2025-01-01T00:00:00Z` and uid/gid 0.
- Manifest path fixed to `MANIFEST.json`; entries sorted alphabetically.
- No external fetches permitted during import.

## Acceptance Criteria
- Schema above referenced by Policy AirGap tasks and aligns with Mirror bundle contract (`docs/modules/mirror/assembler.md`).
- Import validators know failure codes: `POLICY_BUNDLE_STALE`, `POLICY_BUNDLE_SIGNATURE_INVALID`, `POLICY_BUNDLE_SCHEMA_MISMATCH`.

## Notes
- Completes PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM.