stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/airgap/air-gap-epistemic-mode-with-sealed-startup-and-feed-snapshots.md

1.4 KiB
Raw Blame History

Air-Gap Epistemic Mode with Sealed Startup and Feed Snapshots

Module

AirGap

Status

IMPLEMENTED

Description

Full epistemic completeness for air-gapped environments: sealed startup validation, feed snapshot repositories, signed mirror connectors, cryptographic binding of knowledge state to scan results, snapshot management, and sealed install enforcement.

Implementation Details

  • Sealed startup: src/AirGap/StellaOps.AirGap.Controller/Services/AirGapStartupDiagnosticsHostedService.cs -- validates sealed state at startup
  • Startup options: src/AirGap/StellaOps.AirGap.Controller/Options/AirGapStartupOptions.cs -- sealed startup configuration
  • State management: src/AirGap/StellaOps.AirGap.Controller/Domain/AirGapState.cs, Services/AirGapStateService.cs
  • State stores: src/AirGap/StellaOps.AirGap.Controller/Stores/IAirGapStateStore.cs, InMemoryAirGapStateStore.cs
  • Feed snapshots: src/AirGap/__Libraries/StellaOps.AirGap.Bundle/ -- snapshot management in bundle library
  • Offline verification: src/AirGap/StellaOps.AirGap.Importer/Policy/OfflineVerificationPolicy.cs, OfflineVerificationPolicyLoader.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify sealed startup validation prevents operation with incomplete knowledge state
  • Test feed snapshot loading and cryptographic binding
  • Verify state transitions in air-gap controller
  • Test offline verification policy enforcement