stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b9f71fc7e9e1fb9b1c366ebd75f92483b2f94b67
git.stella-ops.org/docs/console/airgap.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

1.9 KiB
Raw Blame History

Console Air-Gap UX (Sealed Mode)

This document describes the Console surfaces and operator expectations when running against Offline Kit snapshots or in sealed/air-gapped deployments.

Goals

  • Make offline operation explicit (never “pretend online”).
  • Show snapshot identity and staleness budgets so operators can reason about freshness.
  • Keep import workflows auditable and tenant-scoped.

Required Surfaces

Offline / Sealed Status Badge

The Console should surface:

  • Whether the site is operating in sealed/offline mode.
  • The current snapshot identity (bundle ID / generation / content digest).
  • The last import time and configured freshness/staleness budgets.

Import Workflow

When imports are supported via Console:

  • Use a clear stepper flow: select bundle → verify → apply → confirm.
  • Display verification results (signature status, digest) without exposing secrets.
  • Emit an auditable event: who imported what, when, and which snapshot became active.

Staleness Dashboard

Operators need a quick view of:

  • Advisory/VEX/policy ages relative to configured budgets
  • Tenants/environments nearing expiry thresholds
  • “Why stale?” explanations (missing time anchor, expired bundle, etc.)

Staleness Rules

  • Treat staleness as a first-class signal: show it prominently when it affects decision confidence.
  • Use UTC timestamps; avoid local time ambiguity.
  • When a time anchor is missing, surface “unknown staleness” instead of silently defaulting.

Security and Guardrails

  • Import is an admin operation (scoped and audited).
  • Always display tenant context for imports and status surfaces.
  • Avoid displaying long hashes without context; prefer short digests with a “copy full digest” action.

References

  • Offline Kit packaging and verification: docs/24_OFFLINE_KIT.md
  • Air-gap workflows: docs/airgap/