stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
08006100a5b609e53d9b3ff01aa12a180bc3d360
git.stella-ops.org/docs/features/checked/airgap/air-gap-bundle-system.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

2.9 KiB
Raw Blame History

Air-Gap Bundle System (DSSE-Signed Bundle Format with Import/Export)

Module

AirGap

Status

VERIFIED

Description

Comprehensive air-gap bundle system with DSSE signing and verification, bundle format with schemas/validation/trust snapshots, controller for state management, importer with quarantine-on-failure, atomic feed activation with rollback, file-based and router-based delivery transport, and offline kit validation (monotonicity checking, telemetry metrics). Covers offline update kits (OUK), replay packs, and audit pack export/import.

Implementation Details

  • Controller: src/AirGap/StellaOps.AirGap.Controller/ -- state management (AirGapState.cs, AirGapStateService.cs), endpoints (AirGapEndpoints.cs with seal/verify), startup options, telemetry
  • Importer: src/AirGap/StellaOps.AirGap.Importer/ -- bundle planning (BundleImportPlanner.cs), quarantine on failure (FileSystemQuarantineService.cs, IQuarantineService.cs), evidence reconciliation (EvidenceReconciler.cs, EvidenceGraph.cs), SBOM/DSSE parsers, version monotonicity, trust root config, replay verification
  • Bundle library: src/AirGap/__Libraries/StellaOps.AirGap.Bundle/ -- bundle format, schema validation, trust snapshot management
  • Sync library: src/AirGap/__Libraries/StellaOps.AirGap.Sync/ -- synchronization for bundle delivery
  • Persistence: src/AirGap/__Libraries/StellaOps.AirGap.Persistence/ and src/AirGap/StellaOps.AirGap.Storage.Postgres/
  • Policy: src/AirGap/StellaOps.AirGap.Policy/ -- offline verification policy, analyzers
  • Tests: Controller, Importer, Persistence, Sync, Time, and Policy tests under src/AirGap/__Tests/
  • Source: Feature matrix scan

E2E Test Plan

  • Test bundle import with valid DSSE-signed bundle, verify state transition
  • Test quarantine behavior on invalid bundle signature
  • Test monotonicity check rejects older bundle version
  • Test evidence reconciliation correctly parses CycloneDx, DSSE attestations
  • Test atomic feed activation and rollback on failure
  • Verify bundle import planning produces correct plan

Verification

  • Verified on 2026-02-11 with run-001.
  • Tier 0 source checks passed for controller state/endpoints, importer planner/quarantine/reconciliation, and bundle library surfaces.
  • Tier 1 build and focused behavior tests passed (13/13 importer-focused, 12/12 controller endpoint/state, plus full suites for importer/controller/bundle).
  • Tier 2 behavioral verification passed via HTTP endpoint integration tests over /system/airgap/seal, /system/airgap/status, and /system/airgap/verify including positive and negative paths.
  • Evidence:
    • docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier0-source-check.json
    • docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier1-build-check.json
    • docs/qa/feature-checks/runs/airgap/air-gap-bundle-system/run-001/tier2-integration-check.json