34 lines
1.2 KiB
C#
34 lines
1.2 KiB
C#
using System.Collections.Generic;
|
|
|
|
namespace StellaOps.Excititor.WebService.Options;
|
|
|
|
internal sealed class AirgapOptions
|
|
{
|
|
public const string SectionName = "Excititor:Airgap";
|
|
|
|
/// <summary>
|
|
/// Enables sealed-mode enforcement for air-gapped imports.
|
|
/// When true, external payload URLs are rejected and publisher allowlist is applied.
|
|
/// </summary>
|
|
public bool SealedMode { get; set; } = false;
|
|
|
|
/// <summary>
|
|
/// When true, imports must originate from mirror/offline sources (no HTTP/HTTPS URLs).
|
|
/// </summary>
|
|
public bool MirrorOnly { get; set; } = true;
|
|
|
|
/// <summary>
|
|
/// Optional allowlist of publishers that may submit bundles while sealed mode is enabled.
|
|
/// Empty list means allow all.
|
|
/// </summary>
|
|
public List<string> TrustedPublishers { get; } = new();
|
|
|
|
/// <summary>
|
|
/// Optional root path for locally stored locker artefacts (portable manifest, evidence NDJSON).
|
|
/// When set, /evidence/vex/locker/* endpoints will attempt to read files from this root to
|
|
/// compute deterministic hashes and sizes; otherwise only stored hashes are returned.
|
|
/// </summary>
|
|
public string? LockerRootPath { get; set; }
|
|
= null;
|
|
}
|