150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
1023 B
1023 B
Airgap Contracts (DOCS-AIRGAP-58-003)
Contracts developers must follow for sealed/constrained deployments.
EgressPolicy usage
- Services read
EgressPolicyconfig and must fail fast on disallowed hosts. - All HTTP clients must pass through allowlist resolver; no raw
HttpClientwith arbitrary URLs.
Sealed-mode tests
- Add integration tests that set
sealed=trueand assert outbound calls are blocked/mocked. - Validate mirror bundle imports succeed under deny-all network by using local fixtures.
Linting
- Static check to ban
DateTime.Now,Guid.NewGuid, and directHttpClientwhensealed=trueflag is present. - CI rule: fail if new external domains appear outside allowlist file.
Logging
- Log
sealedflag,mirrorGeneration, and bundle hash on relevant API calls. - Avoid emitting secrets or trust roots in logs.
Config determinism
- All configs should be overridable via env vars; default to sealed-compatible settings.
- Use stable ordering in generated manifests and responses.