# StellaOps Air-Gap Controller configuration template.
# Sprint: SPRINT_4300_0003_0001 (Sealed Knowledge Snapshot Export/Import)
# Task: SEAL-019 - Staleness policy configuration
#
# Copy to airgap.yaml and adjust values to fit your environment.
# Environment variables prefixed with STELLAOPS_AIRGAP_ override these values.

schemaVersion: 1

# Staleness policy configuration
# Controls how long knowledge snapshots remain valid before requiring refresh.
staleness:
  # Maximum age before snapshot is rejected (default: 168 hours = 7 days)
  maxAgeHours: 168

  # Age at which warnings are emitted (default: 72 hours = 3 days)
  warnAgeHours: 72

  # Whether to require a valid time anchor for import
  requireTimeAnchor: true

  # Action when snapshot is stale: "warn", "block"
  staleAction: block

  # Per-content staleness budgets (overrides default)
  contentBudgets:
    advisories:
      warningSeconds: 86400     # 24 hours
      breachSeconds: 259200     # 72 hours (3 days)
    vex:
      warningSeconds: 86400     # 24 hours
      breachSeconds: 604800     # 168 hours (7 days)
    policy:
      warningSeconds: 604800    # 7 days
      breachSeconds: 2592000    # 30 days

# Snapshot export configuration
export:
  # Default output directory for exported snapshots
  outputDirectory: "./snapshots"

  # Compression level (0-9, default: 6)
  compressionLevel: 6

  # Whether to include trust roots in export
  includeTrustRoots: true

  # Default feeds to include (empty = all)
  defaultFeeds: []

  # Default ecosystems to include (empty = all)
  defaultEcosystems: []

# Snapshot import configuration
import:
  # Directory for quarantined failed imports
  quarantineDirectory: "./quarantine"

  # Quarantine TTL in hours (default: 168 = 7 days)
  quarantineTtlHours: 168

  # Maximum quarantine size in MB (default: 1024 = 1GB)
  quarantineMaxSizeMb: 1024

  # Whether to verify signature on import
  verifySignature: true

  # Whether to verify merkle root on import
  verifyMerkleRoot: true

  # Whether to enforce version monotonicity (prevent rollback)
  enforceMonotonicity: true

# Trust store configuration
trustStore:
  # Path to trust roots bundle
  rootBundlePath: "/etc/stellaops/trust-roots.pem"

  # Allowed signature algorithms
  allowedAlgorithms:
    - "ES256"
    - "ES384"
    - "Ed25519"
    - "RS256"
    - "RS384"

  # Key rotation settings
  rotation:
    # Require approval for key rotation
    requireApproval: true

    # Pending key timeout in hours
    pendingTimeoutHours: 24

# Time anchor configuration
timeAnchor:
  # Default time anchor source: "roughtime", "rfc3161", "local"
  defaultSource: "roughtime"

  # Roughtime server endpoints
  roughtimeServers:
    - "roughtime.cloudflare.com:2003"
    - "roughtime.google.com:2003"

  # RFC 3161 TSA endpoints
  rfc3161Servers:
    - "http://timestamp.digicert.com"
    - "http://timestamp.comodoca.com"

  # Maximum allowed clock drift in seconds
  maxClockDriftSeconds: 60

# Egress policy (network access control in sealed mode)
egressPolicy:
  # Policy mode: "allowlist", "denylist"
  mode: allowlist

  # Allowed hosts when sealed (allowlist mode)
  allowedHosts: []

  # Denied hosts (denylist mode)
  deniedHosts: []

  # Allow localhost traffic when sealed
  allowLocalhost: true

# Logging and telemetry
telemetry:
  # Log staleness warnings
  logStalenessWarnings: true

  # Emit metrics for staleness tracking
  emitStalenessMetrics: true

  # Activity source name for tracing
  activitySourceName: "StellaOps.AirGap"