stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7503c19b8ffa7f2891e5e672f9cfbf7efa4e2efb
git.stella-ops.org/docs/airgap/overview.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

2.2 KiB
Raw Blame History

Airgap Overview

This page orients teams before diving into per-component runbooks. It summarises modes, lifecycle, and governance responsibilities for sealed deployments.

Modes

  • Sealed: deny-all egress; only preloaded bundles (mirror + bootstrap) allowed. Requires exported time anchors and offline trust roots.
  • Constrained: limited egress to allowlisted registries and NTP; mirror bundles still preferred.
  • Connected: full egress for staging; must remain policy-compatible with sealed mode.

Lifecycle

  1. Prepare bundles: export mirror + bootstrap packs (images/charts, SBOMs, DSSE metadata) signed and hashed.
  2. Stage & verify: load bundles into the offline store, verify hashes/DSSE, record mirrorGeneration.
  3. Activate: flip sealed toggle; enforce deny-all egress and policy banners; register bundles with Excititor/Export Center.
  4. Operate: run periodic staleness checks, apply time anchors, and audit imports via timeline events.
  5. Refresh/rollback: import next mirrorGeneration or roll back using previous manifest + hashes.

Responsibilities

  • AirGap Controller Guild: owns network posture (deny-all, allowlists), sealed-mode policy banners, and change control.
  • Export Center / Evidence Locker Guilds: produce and verify bundle manifests, DSSE envelopes, and Merkle roots.
  • Module owners (Excititor, Concelier, etc.): honor sealed-mode toggles, emit staleness headers, and refuse unsigned/unknown bundles.
  • Ops/Signals Guild: maintain time anchors and observability sinks compatible with sealed deployments.

Rule banner (sealed mode)

Display a top-of-console banner when sealed=true:

  • "Sealed mode: no external egress. Only registered bundles permitted. Imports logged; violations trigger audit."
  • Include current mirrorGeneration, bundle manifest hash, and time-anchor status.

Related docs

  • docs/airgap/airgap-mode.md — deeper policy shapes per mode.
  • docs/airgap/bundle-repositories.md — mirror/bootstrap bundle structure.
  • docs/airgap/staleness-and-time.md — time anchors and staleness checks.
  • docs/airgap/controller.md / docs/airgap/importer.md — controller + importer references.