2.1 KiB
2.1 KiB
Air-Gap Bundle System (DSSE-Signed Bundle Format with Import/Export)
Module
AirGap
Status
IMPLEMENTED
Description
Comprehensive air-gap bundle system with DSSE signing and verification, bundle format with schemas/validation/trust snapshots, controller for state management, importer with quarantine-on-failure, atomic feed activation with rollback, file-based and router-based delivery transport, and offline kit validation (monotonicity checking, telemetry metrics). Covers offline update kits (OUK), replay packs, and audit pack export/import.
Implementation Details
- Controller:
src/AirGap/StellaOps.AirGap.Controller/-- state management (AirGapState.cs,AirGapStateService.cs), endpoints (AirGapEndpoints.cswith seal/verify), startup options, telemetry - Importer:
src/AirGap/StellaOps.AirGap.Importer/-- bundle planning (BundleImportPlanner.cs), quarantine on failure (FileSystemQuarantineService.cs,IQuarantineService.cs), evidence reconciliation (EvidenceReconciler.cs,EvidenceGraph.cs), SBOM/DSSE parsers, version monotonicity, trust root config, replay verification - Bundle library:
src/AirGap/__Libraries/StellaOps.AirGap.Bundle/-- bundle format, schema validation, trust snapshot management - Sync library:
src/AirGap/__Libraries/StellaOps.AirGap.Sync/-- synchronization for bundle delivery - Persistence:
src/AirGap/__Libraries/StellaOps.AirGap.Persistence/andsrc/AirGap/StellaOps.AirGap.Storage.Postgres/ - Policy:
src/AirGap/StellaOps.AirGap.Policy/-- offline verification policy, analyzers - Tests: Controller, Importer, Persistence, Sync, Time, and Policy tests under
src/AirGap/__Tests/ - Source: Feature matrix scan
E2E Test Plan
- Test bundle import with valid DSSE-signed bundle, verify state transition
- Test quarantine behavior on invalid bundle signature
- Test monotonicity check rejects older bundle version
- Test evidence reconciliation correctly parses CycloneDx, DSSE attestations
- Test atomic feed activation and rollback on failure
- Verify bundle import planning produces correct plan