stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
491e8836535ab3daa30eff7a77f76f5b00331a74
git.stella-ops.org/docs/_archive/console/airgap.md
master 491e883653 Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-24 00:36:14 +02:00

28 lines
1.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Console Airgap UI (Airgap 57-002)
Describes console surfaces for sealed-mode imports, staleness, and user guidance.
## Surfaces
- **Airgap status badge**: shows `sealed` state, `mirrorGeneration`, last import time, and staleness indicator.
- **Import wizard**: stepper to upload/verify mirror bundle, show manifest hash, and emit timeline event upon success.
- **Staleness dashboard**: charts staleness by bundle/component; highlights tenants nearing expiry.
## Staleness logic
- Use time anchors from `docs/airgap/staleness-and-time.md`.
- Staleness = now - `bundle.createdAt`; color bands: green (<24h), amber (2472h), red (>72h) or missing anchor.
## Guidance banners
- When sealed: banner text "Sealed mode: egress denied. Only registered bundles allowed." Include current `mirrorGeneration` and bundle hash.
- On staleness red: prompt operators to import next bundle or reapply time anchor.
## Events
- Successful import emits timeline event with bundleId, mirrorGeneration, manifest hash, actor.
- Failed import emits event with error code; do not expose stack traces in UI.
## Security/guardrails
- Require admin scope to import bundles; read-only users can view status only.
- Never display raw hashes without tenant context; prefix with tenant and generation.
## TODOs
- Wire to backend once mirror bundle schema and timeline events are exposed (blocked until backend readiness).
Reference in New Issue View Git Blame Copy Permalink