# Policy Mirror Bundle Schema (Draft) — PREP-POLICY-AIRGAP-56-001

Status: Draft (2025-11-20)
Owners: Policy Guild · Cartographer Guild
Scope: Define sealed/offline-ready mirror bundle schema for policy packs to unblock air-gap ingestion (Mirror Bundles v1).

## 1) Bundle container
- Format: tar.gz with deterministic ordering, UTC mtime `1970-01-01T00:00:00Z`.
- Root: `mirror.manifest.json` plus optional `mirror.manifest.dsse` (post-quantum ready profile TBD).

## 2) Manifest fields
- `bundle_id` (string, required): ULID.
- `schema_version` (string): `policy.mirror.v1`.
- `created_at` (RFC3339 UTC).
- `producer` (object): `{name, version, build}` of the mirror tool.
- `provenance` (object): `{source_registry, source_digest, fetch_time, trust_roots[]}`.
- `policies` (array) of policy pack descriptors:
  - `pack_id` (string): content-addressed ID of the pack archive.
  - `version` (string): semver or commit hash.
  - `sha256` (string): hash of pack bytes.
  - `signatures[]` (optional): detached signatures (Sigstore/DSSE) with key hints.
  - `metadata` (object): `{rules_count, dependencies, min_engine_version}`.
- `attestations` (optional array): references to DSSE statements covering manifest or pack artefacts.
- `integrity` (object): `{merkle_root, entries[]}` mirroring file tree for audit.

## 3) File layout
- `packs/{pack_id}.tar.gz`: raw policy pack.
- `signatures/{pack_id}.sig`: detached signature per pack (optional).
- `notes/compliance.md`: optional compliance notes per pack.

## 4) Sealed-mode rules
- Whole-bundle DSSE signature required when `sealed=true` (header flag in manifest).
- No post-fetch mutation; ingest must verify merkle root and DSSE before unpack.
- Trust roots pinned per bundle (`provenance.trust_roots[]`), defaulting to org-configured roots when absent.

## 5) Determinism & validation
- All arrays sorted; use lowercase hex for hashes.
- Validation checklist: bundle hash matches manifest; merkle root recomputes; DSSE signer authorized; engine version compatibility enforced before import.

## 6) Open decisions
- Final DSSE profile (FIPS/eIDAS/GOST) depending on deployment region.
- Retention/GC policy for stale mirror bundles in sealed mode.
- Whether to embed policy docs or keep external references; draft assumes external docs are excluded for air-gap safety.

## 7) Handoff
Treat this file as the publishable artefact for PREP-POLICY-AIRGAP-56-001. Update when Authority/Platform finalize DSSE and trust-root policies.