stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6
git.stella-ops.org/docs/features/checked/airgap/deterministic-replay-and-verification-in-air-gap-mode.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

2.8 KiB
Raw Blame History

Deterministic Replay and Verification in Air-Gap Mode

Module

AirGap

Status

VERIFIED

Description

Replay manifests capturing input artifacts, verification results, and media types for deterministic reproducibility. Replay verification service for air-gapped environments. Covers offline cryptography plugins and importer validation.

Implementation Details

  • Replay verification service: src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs
  • Replay contracts: src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs, ReplayDepth.cs
  • Attestor replay: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Replay/ReplayInputArtifact.cs, ReplayResult.cs, ReplayStatus.cs, ReplayVerificationResult.cs, ReplayPromptTemplate.cs
  • Offline crypto: src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs and plugin implementations (GOST, eIDAS, SM, FIPS, HSM)
  • Evidence reconciliation: src/AirGap/StellaOps.AirGap.Importer/Reconciliation/ -- EvidenceReconciler, EvidenceGraph, JSON normalizer, attestation/SBOM parsers
  • Importer validation: src/AirGap/StellaOps.AirGap.Importer/Validation/ -- bundle validation
  • Source: Feature matrix scan

E2E Test Plan

  • Verify replay manifests capture all input artifacts with media types
  • Test replay verification produces identical results from same inputs
  • Test evidence reconciliation correctly builds evidence graph
  • Verify offline crypto plugin signing/verification works without network

Verification

  • Verified on 2026-02-11 with run-001.
  • Tier 0 source/declaration checks passed for replay service/contracts, proof-chain replay models, offline crypto plugin base/implementations, evidence reconciliation surfaces, and importer validators.
  • Tier 1 build/tests passed across AirGap controller/importer, cryptography plugin/test surfaces, and attestor replay/sign-verify suite (27/27 controller, 154/154 importer, 108/108 cryptography, 80/80 attestor types).
  • Tier 2 behavioral checks passed with live /system/airgap/verify API transactions proving deterministic repeated responses for identical inputs, deterministic policy-freeze replay behavior after seal, and expected negative-path failures for hash drift and stale manifests.
  • Additional Tier 2 integration evidence covers evidence reconciliation and offline crypto plugin behavior without network access.
  • Evidence:
    • docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier0-source-check.json
    • docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier1-build-check.json
    • docs/qa/feature-checks/runs/airgap/deterministic-replay-and-verification-in-air-gap-mode/run-001/tier2-api-check.json