stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
79b8e53441e92dbc63684f42072434d40b80275f
git.stella-ops.org/docs/airgap/sealed-startup-diagnostics.md
master 79b8e53441
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add new features and tests for AirGap and Time modules 
- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
2025-11-20 23:29:54 +02:00

1.8 KiB
Raw Blame History

AirGap Sealed-Mode Startup Diagnostics (prep for AIRGAP-CTL-57-001/57-002)

Goal

Prevent services from running when sealed-mode requirements are unmet and emit auditable diagnostics + telemetry.

Pre-flight checks

  1. airgap_state indicates sealed=true.
  2. Egress allowlist configured (non-empty or explicitly []).
  3. Trust root bundle + TUF metadata present and unexpired.
  4. Time anchor available (see TimeAnchor schema) and staleness budget not exceeded.
  5. Pending root rotations either applied or flagged with approver IDs.

On failure

  • Abort host startup with structured error code: AIRGAP_STARTUP_MISSING_<ITEM>.
  • Emit structured log fields: airgap.startup.check, status=failure, reason, bundlePath, trustRootVersion, timeAnchorDigest.
  • Increment counter airgap_startup_blocked_total{reason} and gauge airgap_time_anchor_age_seconds if anchor missing/stale.

Telemetry hooks

  • Trace event airgap.startup.validation with attributes: sealed, allowlist.count, trust_roots.count, time_anchor.age_seconds, rotation.pending.
  • Timeline events (for 57-002): airgap.sealed and airgap.unsealed include startup validation results and pending rotations.

Integration points

  • Controller: run checks during IHostApplicationLifetime.ApplicationStarted before exposing endpoints.
  • Importer: reuse ImportValidator to ensure bundles + trust rotation are valid before proceeding.
  • Time component: provide anchor + staleness calculations to the controller checks.

Artefacts

  • This document (deterministic guardrails for startup diagnostics).
  • Code references: src/AirGap/StellaOps.AirGap.Importer/Validation/* for trust + bundle validation primitives; src/AirGap/StellaOps.AirGap.Time/* for anchors.

Owners

  • AirGap Controller Guild · Observability Guild.