stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
822a92faeebbceea6fa005b7eddb7572a8b29b41
git.stella-ops.org/docs/features/checked/airgap/trust-profile-management.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

34 lines
2.0 KiB
Markdown
Raw Blame History

# Trust Profile Management (CLI and Bundle)
## Module
AirGap
## Status
VERIFIED
## Description
Named trust profiles (global, eu-eidas, us-fips, bg-gov) for configuring TSA chains, signing algorithms, and verification policies per deployment context. Includes CLI commands (stella trust-profile list/apply/show) and bundle-level profile loading. Distinct from the known "Trust Anchor Management" and "Regional Crypto Profiles" which are about crypto algorithms, not deployment-context trust configuration profiles.
## Implementation Details
- **Bundle trust profiles**: `src/AirGap/__Libraries/StellaOps.AirGap.Bundle/` -- named trust profile definitions and loading
- **Trust root config**: `src/AirGap/StellaOps.AirGap.Importer/Contracts/TrustRootConfig.cs` -- trust root configuration for import verification
- **AirGap policy**: `src/AirGap/StellaOps.AirGap.Policy/` -- policy enforcement for trust profiles, includes analyzers and tests
- **Offline verification policy**: `src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicy.cs`, `OfflineVerificationPolicyLoader.cs`
- **Trust anchor verification**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/TrustAnchorVerificationStep.cs`
- **Source**: SPRINT_20260120_029_AirGap_offline_bundle_contract.md
## E2E Test Plan
- [ ] Verify CLI `stella trust-profile list` shows available profiles
- [ ] Test `stella trust-profile apply` switches active profile
- [ ] Test `stella trust-profile show` displays profile configuration
- [ ] Verify trust profiles configure correct TSA chains and signing algorithms
- [ ] Test bundle-level profile loading from bundle metadata
## Verification
- Run: `docs/qa/feature-checks/runs/airgap/trust-profile-management/run-002`
- Date (UTC): `2026-02-11`
- Tier 0: pass (source references resolved)
- Tier 1: pass (build/test surfaces for AirGap trust profile and CLI command wiring)
- Tier 2: pass (CLI list/show/apply + missing-profile negative path + loader behavior suites)
Reference in New Issue View Git Blame Copy Permalink