# Remediation plan for AG1–AG12 (Air‑gap deployment playbook gaps) Source: `31-Nov-2025 FINDINGS.md` (AG1–AG12). Scope: sprint `SPRINT_0510_0001_0001_airgap`. ## Summary of actions - **AG1 Trust roots & key custody:** Define per-profile root hierarchy (FIPS/eIDAS/GOST/SM + optional PQ). Require M-of-N custody for offline signer keys; dual-sign (ECDSA+PQ) where regionally allowed. Add rotation cadence (quarterly PQ, annual classical) and HSM/offline signer paths. Manifest fields: `trustRoots[] {id, profile, algo, fingerprint, rotationDue}`. - **AG2 Rekor mirror integrity:** Standardize mirror format as DSSE-signed CAR with `mirror.manifest` (root hash, start/end index, freshness ts, signature). Include staleness window hours and reconciliation steps (prefer upstream Rekor if available, else fail closed when stale > window). - **AG3 Feed freezing & provenance:** Extend offline kit manifest with `feeds[] {name, source, snapshotId, sha256, validFrom, validTo, dsse}`. Replay must refuse newer/older feeds unless override DSSE is supplied. - **AG4 Deterministic tooling versions:** Add `tools[] {name, version, sha256, imageDigest}` to manifest; CLI verifies before replay. Require `--offline`/`--disable-telemetry` flags in runner scripts. - **AG5 Size/resource limits:** Add kit chunking spec (`zstd` chunks, 256 MiB max, per-chunk SHA256) and max kit size (10 GiB). Provide streaming verifier script path (`scripts/verify-kit.sh`) and fail on missing/invalid chunks. - **AG6 Malware/content scanning:** Require pre-publish AV/YARA scan with signed report hash in manifest (`scans[] {tool, version, result, reportSha256}`) and post-ingest scan before registry load. Scanner defaults to offline sigs. - **AG7 Policy/graph alignment:** Manifest must carry policy bundle hash and graph revision hash (DSSE references). Replay fails closed on mismatch. Controller status surfaces hashes and drift seconds. - **AG8 Tenant/env scoping:** Manifest includes `tenant`, `environment`; importer enforces equality and tenant-scoped storage paths. DSSE annotations must carry tenant/env; reject mismatches. - **AG9 Ingress/egress audit trail:** Add signed ingress/egress receipts (`ingress_receipt.dsse`, `egress_receipt.dsse`) capturing kit hash, operator ID, decision, timestamp. Store in Proof Graph (or local CAS mirror when offline). - **AG10 Replay validation depth:** Define levels: `hash-only`, `recompute`, `recompute+policy-freeze`. Manifest states required level; replay script enforces and emits evidence bundle (`replay_evidence.dsse`) with success criteria. - **AG11 Observability in air-gap:** Provide OTLP-to-file/SQLite exporter in kit; default retention 7d/5 GiB cap; redaction allowlist documented. No external sinks. Controller/Importer log to local file + optional JSON lines. - **AG12 Operational runbooks:** Add `docs/airgap/runbooks/` covering: signature failure, missing gateway headers, stale mirror, policy mismatch, chunk verification failure. Include required approvals and fail-closed guidance. ## Files to update (next steps) - Offline kit manifest schema (`docs/airgap/offline-kit-manifest.schema.json`, new) with fields above. - Runner scripts: `scripts/verify-kit.sh`, `scripts/replay-kit.sh` (enforce hash/tool checks, replay levels). - Add AV/YARA guidance to `docs/airgap/offline-kit/README.md` and integrate into CI. - Update controller/importer status APIs to surface policy/graph hash and scan results. - Add ingress/egress receipt DSSE templates (`docs/airgap/templates/receipt.ingress.json`). ## Owners & timelines - Schema & manifest updates: AirGap Importer Guild (due 2025-12-05). - Key custody/rotation doc + dual-sign flows: Authority Guild (due 2025-12-06). - Mirror/feeds/tool hashing + scripts: DevOps Guild (due 2025-12-06). - Runbooks + observability defaults: Ops Guild (due 2025-12-07). ## Acceptance - All new schema fields documented with examples; DSSE signatures validated in CI. - Replay and verify scripts fail-closed on mismatch/staleness; tests cover chunking and hash drift. - Ingress/egress receipts produced during CI dry-run and verified against Proof Graph mirror.