# Deterministic Replay and Verification in Air-Gap Mode

## Module
AirGap

## Status
VERIFIED

## Description
Replay manifests capturing input artifacts, verification results, and media types for deterministic reproducibility. Replay verification service for air-gapped environments. Covers offline cryptography plugins and importer validation.

## Implementation Details
- **Replay verification service**: `src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs`
- **Replay contracts**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs`, `ReplayDepth.cs`
- **Attestor replay**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Replay/ReplayInputArtifact.cs`, `ReplayResult.cs`, `ReplayStatus.cs`, `ReplayVerificationResult.cs`, `ReplayPromptTemplate.cs`
- **Offline crypto**: `src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs` and plugin implementations (GOST, eIDAS, SM, FIPS, HSM)
- **Evidence reconciliation**: `src/AirGap/StellaOps.AirGap.Importer/Reconciliation/` -- EvidenceReconciler, EvidenceGraph, JSON normalizer, attestation/SBOM parsers
- **Importer validation**: `src/AirGap/StellaOps.AirGap.Importer/Validation/` -- bundle validation
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Verify replay manifests capture all input artifacts with media types
- [ ] Test replay verification produces identical results from same inputs
- [ ] Test evidence reconciliation correctly builds evidence graph
- [ ] Verify offline crypto plugin signing/verification works without network

## Verification
- Verified on 2026-02-11 with `run-001`.
- Tier 0 source/declaration checks passed for replay service/contracts, proof-chain replay models, offline crypto plugin base/implementations, evidence reconciliation surfaces, and importer validators.
- Tier 1 build/tests passed across AirGap controller/importer, cryptography plugin/test surfaces, and attestor replay/sign-verify suite (`27/27` controller, `154/154` importer, `108/108` cryptography, `80/80` attestor types).
- Tier 2 behavioral checks passed with live `/system/airgap/verify` API transactions proving deterministic repeated responses for identical inputs, deterministic policy-freeze replay behavior after seal, and expected negative-path failures for hash drift and stale manifests.
- Additional Tier 2 integration evidence covers evidence reconciliation and offline crypto plugin behavior without network access.
- Evidence:
  - `docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier0-source-check.json`
  - `docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier1-build-check.json`
  - `docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier2-api-check.json`