# Sealing and Egress (Airgap 56-002)

Guidance for enforcing deny-all egress and validating sealed-mode posture.

## Network policies
- Kubernetes: apply namespace-scoped `NetworkPolicy` with default deny; allow only:
  - DNS to internal resolver
  - Object storage/mirror endpoints on allowlist
  - OTLP/observability endpoints if permitted for sealed monitoring
- Docker Compose: use firewall rules or `extra_hosts` to block outbound except mirrors; ship `iptables` template in ops bundle.

## EgressPolicy facade
- Services MUST read `Excititor:Network:EgressPolicy` (or module equivalent) to decide runtime behavior:
  - `sealed` → deny outbound HTTP/S except allowlist; fail fast on unexpected hosts.
  - `constrained` → allow allowlist + time/NTP if required.
- Log policy decisions and surface `X-Sealed-Mode: true|false` on HTTP responses for diagnostics.

## Verification checklist
1. Confirm policy manifests applied (kubectl/compose diff) and pods restarted.
2. Run connectivity probe from each pod:
   - Allowed endpoints respond (200/OK or 403 expected).
   - Disallowed domains return immediate failure.
3. Attempt bundle import; verify timeline event emitted with `sealed=true`.
4. Check observability: counters for denied egress should increment (export or console log).
5. Record mirrorGeneration + manifest hash in audit log.

## Determinism & offline posture
- No external CRLs/OCSP in sealed mode; rely on bundled trust roots.
- Keep allowlist minimal and declared in config; no implicit fallbacks.
- All timestamps UTC; avoid calling external time APIs.