# Air-Gap (No-Egress) Test Enforcement

## Module
__Tests

## Status
IMPLEMENTED

## Description
Network-isolated test base classes and docker container builders that enforce no-egress in CI, with dedicated offline E2E tests.

## Implementation Details
- **Network Isolated Test Base**: `src/__Tests/__Libraries/StellaOps.Testing.AirGap/NetworkIsolatedTestBase.cs` -- xUnit test base class that runs tests in a network-isolated environment, verifying no outbound network calls are made during test execution.
- **Isolated Container Builder**: `src/__Tests/__Libraries/StellaOps.Testing.AirGap/Docker/IsolatedContainerBuilder.cs` -- builds Docker containers with network isolation (no-egress) for air-gap integration tests using Testcontainers.
- **Offline E2E Tests**: `src/__Tests/offline/` -- dedicated offline end-to-end test suite that runs the full platform stack without network access.

## E2E Test Plan
- [ ] Run a test inheriting from `NetworkIsolatedTestBase` and verify it completes without making any outbound network requests
- [ ] Build an isolated container via `IsolatedContainerBuilder` and verify it has no network connectivity (e.g., DNS resolution fails, HTTP requests time out)
- [ ] Run the offline E2E test suite and verify all tests pass without network access
- [ ] Verify detection: add a test that makes an outbound HTTP call while using `NetworkIsolatedTestBase` and confirm the test fails with a network isolation violation
- [ ] Verify the isolated container runs the full platform stack (web service, database) in air-gap mode