22 lines
1.1 KiB
Markdown
22 lines
1.1 KiB
Markdown
# Policy AirGap Import Prep — PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B
|
|
|
|
Status: Draft (2025-11-20)
|
|
Owners: Policy Guild · Policy Studio Guild
|
|
Scope: Define policy bundle import and DSSE signing expectations once mirror bundle schema (56-001) is fixed.
|
|
|
|
## Dependencies
|
|
- Mirror bundle schema from 56-001 (fields: bundle_id, provenance, policy_hash, trust_roots, retained_at).
|
|
- DSSE signing profile and RootPack mapping.
|
|
|
|
## Expected contract
|
|
- Import endpoint: `POST /policy/airgap/import` accepting mirror bundle (file) + metadata.
|
|
- Validation: verify DSSE, trust roots, policy hashes; reject on staleness over budget.
|
|
- Response: `{bundle_id, policy_hash, imported_at, staleness_seconds}` ordered deterministically.
|
|
|
|
## Acceptance
|
|
- Once 56-001 schema is frozen, record hash+version here and in sprint Decisions.
|
|
- Add sample request/response to `docs/modules/policy/design/policy-mirror-bundle-schema.md` and samples folder.
|
|
|
|
## Handoff
|
|
Use this doc as the prep artefact for PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B. Update with schema hash and DSSE profile when available, then move sprint task to DONE.
|