stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
ba4c935182406c64d22111f005ecd9528bc27250
git.stella-ops.org/docs/implplan/SPRINT_510_airgap.md
master ae69b1a8a1 feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline 
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
2025-11-08 23:18:28 +02:00

4.2 KiB
Raw Blame History

Sprint 510 - Ops & Offline · 190.E) AirGap

Active items only. Completed/historic work now resides in docs/implplan/archived_sprints_tasks.md (updated 2025-11-08).

[Ops & Offline] 190.E) AirGap Depends on: Sprint 100.A - Attestor, Sprint 110.A - AdvisoryAI, Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph, Sprint 150.A - Orchestrator, Sprint 160.A - EvidenceLocker, Sprint 170.A - Notifier, Sprint 180.A - Cli Summary: Ops & Offline focus on AirGap).

Task ID State Task description Owners (Source)
AIRGAP-CTL-56-001 TODO Implement airgap_state persistence, seal/unseal state machine, and Authority scope checks (airgap:seal, airgap:status:read). AirGap Controller Guild (src/AirGap/StellaOps.AirGap.Controller/TASKS.md)
AIRGAP-CTL-56-002 TODO Expose GET /system/airgap/status, POST /system/airgap/seal, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. AirGap Controller Guild, DevOps Guild (src/AirGap/StellaOps.AirGap.Controller/TASKS.md)
AIRGAP-CTL-57-001 TODO Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. AirGap Controller Guild (src/AirGap/StellaOps.AirGap.Controller/TASKS.md)
AIRGAP-CTL-57-002 TODO Instrument seal/unseal events with trace/log fields and timeline emission (airgap.sealed, airgap.unsealed). Dependencies: AIRGAP-CTL-57-001. AirGap Controller Guild, Observability Guild (src/AirGap/StellaOps.AirGap.Controller/TASKS.md)
AIRGAP-CTL-58-001 TODO Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. AirGap Controller Guild, AirGap Time Guild (src/AirGap/StellaOps.AirGap.Controller/TASKS.md)
AIRGAP-IMP-56-001 TODO Implement DSSE verification helpers, TUF metadata parser (root.json, snapshot.json, timestamp.json), and Merkle root calculator. AirGap Importer Guild (src/AirGap/StellaOps.AirGap.Importer/TASKS.md)
AIRGAP-IMP-56-002 TODO Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. AirGap Importer Guild, Security Guild (src/AirGap/StellaOps.AirGap.Importer/TASKS.md)
AIRGAP-IMP-57-001 TODO Write bundle_catalog and bundle_items repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. AirGap Importer Guild (src/AirGap/StellaOps.AirGap.Importer/TASKS.md)
AIRGAP-IMP-57-002 TODO Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. AirGap Importer Guild, DevOps Guild (src/AirGap/StellaOps.AirGap.Importer/TASKS.md)
AIRGAP-IMP-58-001 TODO Implement API (POST /airgap/import, /airgap/verify) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. AirGap Importer Guild, CLI Guild (src/AirGap/StellaOps.AirGap.Importer/TASKS.md)
AIRGAP-IMP-58-002 TODO Emit timeline events (`airgap.import.started. Dependencies: AIRGAP-IMP-58-001. AirGap Importer Guild, Observability Guild (src/AirGap/StellaOps.AirGap.Importer/TASKS.md)
AIRGAP-TIME-57-001 TODO Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. AirGap Time Guild (src/AirGap/StellaOps.AirGap.Time/TASKS.md)
AIRGAP-TIME-57-002 TODO Add telemetry counters for time anchors (airgap_time_anchor_age_seconds) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. AirGap Time Guild, Observability Guild (src/AirGap/StellaOps.AirGap.Time/TASKS.md)
AIRGAP-TIME-58-001 TODO Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. AirGap Time Guild (src/AirGap/StellaOps.AirGap.Time/TASKS.md)
AIRGAP-TIME-58-002 TODO Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time/TASKS.md)