# AirGap Time Anchor Scaffold (prep for AIRGAP-TIME-57-001) ## Scope for prep - Provide a deterministic parsing surface for signed time tokens (Roughtime, RFC3161) so staleness calculations and telemetry wiring can start without full crypto yet. ## What landed (2025-11-20) - New project: `src/AirGap/StellaOps.AirGap.Time/StellaOps.AirGap.Time.csproj` (net10.0), BCL-only. - Model: `TimeAnchor` canonical record (anchor time, source, format, signature fingerprint placeholder, token digest). - Parser: `TimeTokenParser` with deterministic SHA-256 digest derivation and structured success/failure reasons. - Result envelope: `TimeAnchorValidationResult` and `TimeTokenFormat` enum. - Tests: `tests/AirGap/StellaOps.AirGap.Time.Tests` cover empty-token failure and digest production for Roughtime tokens. ## Updates (2025-11-20) - Added staleness calculator (`StalenessCalculator`) and budgets/evaluation models to derive warning/breach states deterministically. - Added `TimeAnchorLoader` to ingest hex-encoded tokens from fixtures; sample tokens placed under `src/AirGap/StellaOps.AirGap.Time/fixtures/`. - Added `TimeStatusService` + `InMemoryTimeAnchorStore` for per-tenant anchor/budget status + staleness; tests in `TimeStatusServiceTests`. - Added verification pipeline (`TimeVerificationService`) with stub Roughtime/RFC3161 verifiers requiring trust roots; loader now verifies using trust roots. - Added API surface `/api/v1/time/status` (plus POST `/api/v1/time/anchor`) via `TimeStatusController` and web host wiring. ## Next implementation hooks - Plug real Roughtime and RFC3161 decoders, verifying against trust roots supplied via sealed-mode config. - Persist `TimeAnchor` rows under controller/importer once schema is final; emit telemetry counters/alerts. - Replace placeholder signature fingerprint with actual signer fingerprint post-verification. ## Determinism/air-gap posture - Parser avoids wall-clock; anchor time derived deterministically from token digest until real parser is wired. - No network calls; uses cached NuGet (`local-nugets/`) for tests. ## How to consume ```bash DOTNET_NOLOGO=1 dotnet test tests/AirGap/StellaOps.AirGap.Time.Tests/StellaOps.AirGap.Time.Tests.csproj --no-build ``` ## Owners - AirGap Time Guild (per sprint 0510).