stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d519782a8f0b30f425c9b6ae0f316b19259972a2
git.stella-ops.org/docs/airgap/time-anchor-scaffold.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

2.9 KiB
Raw Blame History

AirGap Time Anchor Scaffold (prep for AIRGAP-TIME-57-001)

Scope for prep

  • Provide a deterministic parsing surface for signed time tokens (Roughtime, RFC3161) so staleness calculations and telemetry wiring can start without full crypto yet.

What landed (2025-11-20)

  • New project: src/AirGap/StellaOps.AirGap.Time/StellaOps.AirGap.Time.csproj (net10.0), BCL-only.
  • Model: TimeAnchor canonical record (anchor time, source, format, signature fingerprint placeholder, token digest).
  • Parser: TimeTokenParser with deterministic SHA-256 digest derivation and structured success/failure reasons.
  • Result envelope: TimeAnchorValidationResult and TimeTokenFormat enum.
  • Tests: tests/AirGap/StellaOps.AirGap.Time.Tests cover empty-token failure and digest production for Roughtime tokens.

Updates (2025-11-20)

  • Added staleness calculator (StalenessCalculator) and budgets/evaluation models to derive warning/breach states deterministically.
  • Added TimeAnchorLoader to ingest hex-encoded tokens from fixtures; sample tokens placed under src/AirGap/StellaOps.AirGap.Time/fixtures/.
  • Added TimeStatusService + InMemoryTimeAnchorStore for per-tenant anchor/budget status + staleness; tests in TimeStatusServiceTests.
  • Added verification pipeline (TimeVerificationService) with stub Roughtime/RFC3161 verifiers requiring trust roots; loader now verifies using trust roots.
  • Added API surface /api/v1/time/status (plus POST /api/v1/time/anchor) via TimeStatusController and web host wiring.
  • Added sealed startup hook (StartupValidationExtensions) to block app start when anchor missing/stale; uses budgets and returns structured reasons.
  • Upgraded Roughtime verifier to real Ed25519 signature check + RFC3161 verifier using SignedCms; failures now return roughtime-* / rfc3161-* reasons.
  • Added config binding (AirGap:*) for tenant and staleness budgets; startup validation pulls from config.
  • Added config sample at docs/airgap/time-config-sample.json for sealed-mode deployments.
  • Documented endpoints and payloads at docs/airgap/time-api.md.
  • Health check: /healthz/ready reports degraded/healthy based on staleness; consumers should scrape for sealed-mode readiness.

Next implementation hooks

  • Plug real Roughtime and RFC3161 decoders, verifying against trust roots supplied via sealed-mode config.
  • Persist TimeAnchor rows under controller/importer once schema is final; emit telemetry counters/alerts.
  • Replace placeholder signature fingerprint with actual signer fingerprint post-verification.

Determinism/air-gap posture

  • Parser avoids wall-clock; anchor time derived deterministically from token digest until real parser is wired.
  • No network calls; uses cached NuGet (local-nugets/) for tests.

How to consume

DOTNET_NOLOGO=1 dotnet test tests/AirGap/StellaOps.AirGap.Time.Tests/StellaOps.AirGap.Time.Tests.csproj --no-build

Owners

  • AirGap Time Guild (per sprint 0510).