49922dff5a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Risk Bundle CI / risk-bundle-build (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Risk Bundle CI / risk-bundle-offline-kit (push) Has been cancelled
Risk Bundle CI / publish-checksums (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
24 lines
1.5 KiB
Markdown
24 lines
1.5 KiB
Markdown
# AirGap Time Contract — AIRGAP-TIME-CONTRACT-1501
|
|
|
|
Date: 2025-11-24
|
|
Owners: AirGap Time Guild · Mirror Creator Guild
|
|
Scope: Define time-anchor fields and freshness calculation for mirror bundles used by air-gapped imports (Excititor/ExportCenter/CLI).
|
|
|
|
## Contract
|
|
- **Fields** (mirror manifest root):
|
|
- `generatedAt`: ISO-8601 UTC timestamp when manifest was produced.
|
|
- `sourceClock`: optional string describing clock source (e.g., `ntp:chrony`, `hw:tcxo`).
|
|
- `validForSeconds`: optional TTL; if absent, default freshness budget = 24h.
|
|
- **Staleness computation:** stalenessSeconds = `nowUtc - generatedAt`; import rejects when stalenessSeconds > `validForSeconds` (or 24h default) plus ±5s skew.
|
|
- **Determinism:** timestamps in `generatedAt` rounded to whole milliseconds; no leap-second smoothing; manifests sorted by `path`.
|
|
- **Surface mapping:** Excititor airgap import records store `generatedAt` and computed `stalenessSeconds`; timeline events include staleness for Advisory AI.
|
|
|
|
## Actions
|
|
- Mirror Creator Guild: include `generatedAt`, `sourceClock`, `validForSeconds` in thin/portable manifests; align with DSSE header from MIRROR-DSSE-REV-1501.
|
|
- ExportCenter: propagate fields into portable bundle notifications.
|
|
- CLI: display staleness budget and remaining seconds on `stella airgap import --describe`.
|
|
|
|
## Risks/Notes
|
|
- If ExportCenter manifest v1.1 renames fields, keep aliases for older bundles.
|
|
- Offline installs rely on hardware clock accuracy; recommend chrony sync during bundle generation; import side only trusts manifest timestamp.
|