4.0 KiB
4.0 KiB
Remediation plan for AG1–AG12 (Air‑gap deployment playbook gaps)
Source: 31-Nov-2025 FINDINGS.md (AG1–AG12). Scope: sprint SPRINT_0510_0001_0001_airgap.
Summary of actions
- AG1 Trust roots & key custody: Define per-profile root hierarchy (FIPS/eIDAS/GOST/SM + optional PQ). Require M-of-N custody for offline signer keys; dual-sign (ECDSA+PQ) where regionally allowed. Add rotation cadence (quarterly PQ, annual classical) and HSM/offline signer paths. Manifest fields:
trustRoots[] {id, profile, algo, fingerprint, rotationDue}. - AG2 Rekor mirror integrity: Standardize mirror format as DSSE-signed CAR with
mirror.manifest(root hash, start/end index, freshness ts, signature). Include staleness window hours and reconciliation steps (prefer upstream Rekor if available, else fail closed when stale > window). - AG3 Feed freezing & provenance: Extend offline kit manifest with
feeds[] {name, source, snapshotId, sha256, validFrom, validTo, dsse}. Replay must refuse newer/older feeds unless override DSSE is supplied. - AG4 Deterministic tooling versions: Add
tools[] {name, version, sha256, imageDigest}to manifest; CLI verifies before replay. Require--offline/--disable-telemetryflags in runner scripts. - AG5 Size/resource limits: Add kit chunking spec (
zstdchunks, 256 MiB max, per-chunk SHA256) and max kit size (10 GiB). Provide streaming verifier script path (scripts/verify-kit.sh) and fail on missing/invalid chunks. - AG6 Malware/content scanning: Require pre-publish AV/YARA scan with signed report hash in manifest (
scans[] {tool, version, result, reportSha256}) and post-ingest scan before registry load. Scanner defaults to offline sigs. - AG7 Policy/graph alignment: Manifest must carry policy bundle hash and graph revision hash (DSSE references). Replay fails closed on mismatch. Controller status surfaces hashes and drift seconds.
- AG8 Tenant/env scoping: Manifest includes
tenant,environment; importer enforces equality and tenant-scoped storage paths. DSSE annotations must carry tenant/env; reject mismatches. - AG9 Ingress/egress audit trail: Add signed ingress/egress receipts (
ingress_receipt.dsse,egress_receipt.dsse) capturing kit hash, operator ID, decision, timestamp. Store in Proof Graph (or local CAS mirror when offline). - AG10 Replay validation depth: Define levels:
hash-only,recompute,recompute+policy-freeze. Manifest states required level; replay script enforces and emits evidence bundle (replay_evidence.dsse) with success criteria. - AG11 Observability in air-gap: Provide OTLP-to-file/SQLite exporter in kit; default retention 7d/5 GiB cap; redaction allowlist documented. No external sinks. Controller/Importer log to local file + optional JSON lines.
- AG12 Operational runbooks: Add
docs/airgap/runbooks/covering: signature failure, missing gateway headers, stale mirror, policy mismatch, chunk verification failure. Include required approvals and fail-closed guidance.
Files to update (next steps)
- Offline kit manifest schema (
docs/airgap/offline-kit-manifest.schema.json, new) with fields above. - Runner scripts:
scripts/verify-kit.sh,scripts/replay-kit.sh(enforce hash/tool checks, replay levels). - Add AV/YARA guidance to
docs/airgap/offline-kit/README.mdand integrate into CI. - Update controller/importer status APIs to surface policy/graph hash and scan results.
- Add ingress/egress receipt DSSE templates (
docs/airgap/templates/receipt.ingress.json).
Owners & timelines
- Schema & manifest updates: AirGap Importer Guild (due 2025-12-05).
- Key custody/rotation doc + dual-sign flows: Authority Guild (due 2025-12-06).
- Mirror/feeds/tool hashing + scripts: DevOps Guild (due 2025-12-06).
- Runbooks + observability defaults: Ops Guild (due 2025-12-07).
Acceptance
- All new schema fields documented with examples; DSSE signatures validated in CI.
- Replay and verify scripts fail-closed on mismatch/staleness; tests cover chunking and hash drift.
- Ingress/egress receipts produced during CI dry-run and verified against Proof Graph mirror.