stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
efaf3cb7899907a8d18840fa6af146795f3c3bf9
git.stella-ops.org/docs/implplan/archived/2025-11-24-airgap-time-contract-1501.md
StellaOps Bot efaf3cb789
Some checks failed
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Details
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Details
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Details
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
up
2025-12-12 09:35:37 +02:00

1.5 KiB
Raw Blame History

AirGap Time Contract — AIRGAP-TIME-CONTRACT-1501

Date: 2025-11-24 Owners: AirGap Time Guild · Mirror Creator Guild Scope: Define time-anchor fields and freshness calculation for mirror bundles used by air-gapped imports (Excititor/ExportCenter/CLI).

Contract

  • Fields (mirror manifest root):
  • generatedAt: ISO-8601 UTC timestamp when manifest was produced.
  • sourceClock: optional string describing clock source (e.g., ntp:chrony, hw:tcxo).
  • validForSeconds: optional TTL; if absent, default freshness budget = 24h.
  • Staleness computation: stalenessSeconds = nowUtc - generatedAt; import rejects when stalenessSeconds > validForSeconds (or 24h default) plus ±5s skew.
  • Determinism: timestamps in generatedAt rounded to whole milliseconds; no leap-second smoothing; manifests sorted by path.
  • Surface mapping: Excititor airgap import records store generatedAt and computed stalenessSeconds; timeline events include staleness for Advisory AI.

Actions

  • Mirror Creator Guild: include generatedAt, sourceClock, validForSeconds in thin/portable manifests; align with DSSE header from MIRROR-DSSE-REV-1501.
  • ExportCenter: propagate fields into portable bundle notifications.
  • CLI: display staleness budget and remaining seconds on stella airgap import --describe.

Risks/Notes

  • If ExportCenter manifest v1.1 renames fields, keep aliases for older bundles.
  • Offline installs rely on hardware clock accuracy; recommend chrony sync during bundle generation; import side only trusts manifest timestamp.