stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
ab22181e8b375c5e3eacf4438fb41a34ca989533
git.stella-ops.org/src/AirGap/AGENTS.md
StellaOps Bot ea970ead2a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
up
2025-11-27 07:46:56 +02:00

2.6 KiB
Raw Blame History

AirGap Module · AGENTS Charter

Working Directory

  • src/AirGap/** (Controller, Importer, Time). Do not edit other modules without sprint note.

Roles

  • Controller engineer (ASP.NET Core): seal/unseal state machine, status APIs, Authority scope enforcement.
  • Importer engineer: bundle verification (TUF/DSSE), catalog repositories, object-store loaders.
  • Time engineer: time anchor parsing/verification (Roughtime, RFC3161), staleness calculators.
  • QA/Automation: API + storage tests (Mongo2Go/in-memory), deterministic ordering, sealed/offline paths.
  • Docs/Runbooks: keep air-gap ops guides, scaffolds, and schemas aligned with behavior.

Required Reading (treat as read before DOING)

  • docs/README.md, docs/07_HIGH_LEVEL_ARCHITECTURE.md, docs/modules/platform/architecture-overview.md
  • docs/modules/airgap/airgap-mode.md (if present)
  • Prep/Scaffold docs:
    • docs/airgap/controller-scaffold.md
    • docs/airgap/prep/2025-11-20-controller-scaffold-prep.md
    • docs/airgap/importer-scaffold.md
    • docs/airgap/time-anchor-scaffold.md
    • docs/airgap/prep/2025-11-20-staleness-drift-prep.md
    • docs/airgap/sealed-startup-diagnostics.md
    • docs/airgap/bundle-repositories.md
    • docs/airgap/time-api.md, docs/airgap/time-config-sample.json

Working Agreements

  • Offline-first: no egress in sealed mode; fixtures use local files only.
  • Determinism: stable ordering, UTC ISO-8601 timestamps, fixed seeds for tests, deterministic hashing.
  • Tenancy/scopes: enforce Authority scopes (airgap:seal, airgap:status:read, importer scopes) on every API.
  • Validation: prefer $jsonSchema/FluentValidation; fail closed on trust-root mismatch.
  • Logging/Telemetry: structured logs; counters/histograms prefixed airgap.*; tag tenant, sealed, result.
  • Cross-module edits require sprint note; otherwise stay within src/AirGap.

Testing Rules

  • Use Mongo2Go/in-memory stores; no network.
  • Cover sealed/unsealed transitions, staleness budgets, trust-root failures, deterministic ordering.
  • API tests via WebApplicationFactory; importer tests use local fixture bundles (no downloads).
  • If Mongo2Go fails to start (OpenSSL 1.1 missing), see tests/AirGap/README.md for the shim note.

Delivery Discipline

  • Update sprint tracker statuses (TODO → DOING → DONE/BLOCKED); log decisions in Execution Log and Decisions & Risks.
  • When contracts/schemas change, update docs under docs/airgap/** and link from sprint Decisions & Risks.
  • If a decision is needed, mark BLOCKED in the sprint and record the decision ask; continue with other unblocked work.