stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
768386fc62cb5891c8d8213b26feaefd0c9ec1f5
git.stella-ops.org/docs/features/checked/taskrunner/sealed-mode-install-enforcer.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.3 KiB
Raw Blame History

Sealed-Mode Install Enforcer (Air-Gap Support)

Module

TaskRunner

Status

IMPLEMENTED

Description

Enforcer for sealed/air-gap mode that ensures task pack installations comply with offline constraints and logs all install actions for audit.

Implementation Details

  • Enforcer interface: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/ISealedInstallEnforcer.cs -- sealed mode enforcement contract
  • Enforcer implementation: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedInstallEnforcer.cs -- validates installations comply with offline constraints
  • Enforcement result: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedInstallEnforcementResult.cs -- result model for enforcement checks
  • Sealed mode status: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedModeStatus.cs -- current sealed mode state
  • Sealed requirements: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedRequirements.cs -- requirements for sealed mode compliance
  • Audit logger: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/ISealedInstallAuditLogger.cs -- audit logging for install actions
  • Air-gap status provider: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/IAirGapStatusProvider.cs -- checks if system is in air-gap mode
  • HTTP status provider: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/AirGap/HttpAirGapStatusProvider.cs -- HTTP-based air-gap status check
  • Bundle ingestion executor: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/BundleIngestionStepExecutor.cs -- air-gap bundle ingestion step
  • Tests: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/SealedInstallEnforcerTests.cs, BundleIngestionStepExecutorTests.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify enforcer blocks network-dependent installations in sealed mode
  • Test sealed mode status detection via HTTP provider
  • Verify audit logger records all install actions in sealed mode
  • Test bundle ingestion step works in offline environment
  • Verify enforcement result reports compliance violations