150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
1.5 KiB
1.5 KiB
Airgap Operations (DOCS-AIRGAP-57-004)
Runbooks for imports, failure recovery, and auditing in sealed/constrained modes.
Imports
- Verify bundle hash/DSSE (see
mirror-bundles.md). stella airgap import --bundle ... --generation N --dry-run(optional).- Apply network policy: ensure sealed/constrained mode set correctly.
- Import with
stella airgap import ...and watch logs. - Confirm timeline event emitted (bundleId, mirrorGeneration, actor).
Failure recovery
- Hash/signature mismatch: reject bundle; re-request export; log incident.
- Partial import: rerun with
--forceafter cleaning registry/cache; keep previous generation for rollback. - Staleness breach: if imports unavailable, raise amber alert; if >72h, go red and halt new ingest until refreshed.
- Time anchor expired: apply new anchor from trusted media before continuing operations.
Auditing
- Record every import in audit log:
{tenant, mirrorGeneration, manifestHash, actor, sealed}. - Preserve manifests and hashes for at least two generations.
- Periodically (daily) run
stella airgap list --format jsonand archive output. - Ensure logs are immutable (append-only) in sealed environments.
Observability
- Monitor counters for denied egress, import success/failure, and staleness alerts.
- Expose
/obs/airgap/status(if available) to scrape bundle freshness.
Checklist (per import)
- Hash/DSSE verified
- Sealed/constrained mode configured
- Registry/cache reachable
- Import succeeded
- Timeline/audit recorded
- Staleness dashboard updated