git.stella-ops.org/docs/features/checked/jobengine/network-intent-validator.md

Network Intent Validator (Air-Gap Orchestrator Controls)

Module

Orchestrator

Status

IMPLEMENTED

Description

NetworkIntentValidator enforces air-gap network policies on orchestrator jobs, preventing egress in sealed mode. Includes MirrorJobTypes and MirrorOperationRecorder for offline mirror operations.

Implementation Details

• Modules: src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/AirGap/, src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/AirGap/, src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/Mirror/
• Key Classes:
  • NetworkIntentValidator (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/AirGap/NetworkIntentValidator.cs) - validates job network intent against air-gap policy, blocking egress requests in sealed mode
  • StalenessValidator (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/AirGap/StalenessValidator.cs) - validates data freshness in air-gapped environments, ensuring cached data is within acceptable staleness bounds
  • NetworkIntent (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/AirGap/NetworkIntent.cs) - declares the network intent of a job (egress, ingress, local-only)
  • SealingStatus (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/AirGap/SealingStatus.cs) - enum for air-gap sealing state (Sealed, Unsealed, Transitioning)
  • StalenessConfig (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/AirGap/StalenessConfig.cs) - configuration for acceptable data staleness in air-gap mode
  • StalenessValidationResult (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/AirGap/StalenessValidationResult.cs) - result of staleness validation
  • BundleProvenance (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/AirGap/BundleProvenance.cs) - provenance tracking for air-gap bundles
  • MirrorBundle (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/Mirror/MirrorBundle.cs) - bundle model for offline mirror operations
  • MirrorJobTypes (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/Mirror/MirrorJobTypes.cs) - types of mirror jobs (sync, verify, prune)
  • MirrorOperationRecorder (src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Core/Domain/Mirror/MirrorOperationRecorder.cs) - records mirror operations for audit trail
• Interfaces: None (uses concrete implementations)
• Source: Feature matrix scan

E2E Test Plan

• Set SealingStatus to Sealed and submit a job with egress intent; verify NetworkIntentValidator rejects it
• Set SealingStatus to Unsealed and submit a job with egress intent; verify it is allowed
• Validate staleness: set StalenessConfig max staleness to 24 hours and verify data older than 24 hours is rejected by StalenessValidator
• Create a mirror job with type=sync and verify MirrorOperationRecorder records the operation
• Verify bundle provenance: create a MirrorBundle and verify BundleProvenance captures origin, sync timestamp, and hash
• Transition sealing status from Unsealed to Sealed and verify in-flight egress jobs are blocked
• Submit a local-only NetworkIntent job in sealed mode and verify it is allowed
• Verify staleness config: set different staleness thresholds per data type in StalenessConfig and verify per-type enforcement