491e883653
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
1.4 KiB
1.4 KiB
Console Airgap UI (Airgap 57-002)
Describes console surfaces for sealed-mode imports, staleness, and user guidance.
Surfaces
- Airgap status badge: shows
sealedstate,mirrorGeneration, last import time, and staleness indicator. - Import wizard: stepper to upload/verify mirror bundle, show manifest hash, and emit timeline event upon success.
- Staleness dashboard: charts staleness by bundle/component; highlights tenants nearing expiry.
Staleness logic
- Use time anchors from
docs/airgap/staleness-and-time.md. - Staleness = now -
bundle.createdAt; color bands: green (<24h), amber (24–72h), red (>72h) or missing anchor.
Guidance banners
- When sealed: banner text "Sealed mode: egress denied. Only registered bundles allowed." Include current
mirrorGenerationand bundle hash. - On staleness red: prompt operators to import next bundle or reapply time anchor.
Events
- Successful import emits timeline event with bundleId, mirrorGeneration, manifest hash, actor.
- Failed import emits event with error code; do not expose stack traces in UI.
Security/guardrails
- Require admin scope to import bundles; read-only users can view status only.
- Never display raw hashes without tenant context; prefix with tenant and generation.
TODOs
- Wire to backend once mirror bundle schema and timeline events are exposed (blocked until backend readiness).