150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
24 lines
1023 B
Markdown
24 lines
1023 B
Markdown
# Airgap Contracts (DOCS-AIRGAP-58-003)
|
|
|
|
Contracts developers must follow for sealed/constrained deployments.
|
|
|
|
## EgressPolicy usage
|
|
- Services read `EgressPolicy` config and must fail fast on disallowed hosts.
|
|
- All HTTP clients must pass through allowlist resolver; no raw `HttpClient` with arbitrary URLs.
|
|
|
|
## Sealed-mode tests
|
|
- Add integration tests that set `sealed=true` and assert outbound calls are blocked/mocked.
|
|
- Validate mirror bundle imports succeed under deny-all network by using local fixtures.
|
|
|
|
## Linting
|
|
- Static check to ban `DateTime.Now`, `Guid.NewGuid`, and direct `HttpClient` when `sealed=true` flag is present.
|
|
- CI rule: fail if new external domains appear outside allowlist file.
|
|
|
|
## Logging
|
|
- Log `sealed` flag, `mirrorGeneration`, and bundle hash on relevant API calls.
|
|
- Avoid emitting secrets or trust roots in logs.
|
|
|
|
## Config determinism
|
|
- All configs should be overridable via env vars; default to sealed-compatible settings.
|
|
- Use stable ordering in generated manifests and responses.
|