stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 14 Releases Wiki Activity
Files
f43e828b4e21957636ce35cdaf50bb29da5d4e1d
git.stella-ops.org/docs/modules/excititor/prep/2025-11-22-airgap-56-58-prep.md
StellaOps Bot f43e828b4e
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement MongoDB orchestrator storage with registry, commands, and heartbeats 
- Added NullAdvisoryObservationEventTransport for handling advisory observation events.
- Created IOrchestratorRegistryStore interface for orchestrator registry operations.
- Implemented MongoOrchestratorRegistryStore for MongoDB interactions with orchestrator data.
- Defined OrchestratorCommandDocument and OrchestratorCommandRecord for command handling.
- Added OrchestratorHeartbeatDocument and OrchestratorHeartbeatRecord for heartbeat tracking.
- Created OrchestratorRegistryDocument and OrchestratorRegistryRecord for registry management.
- Developed tests for orchestrator collections migration and MongoOrchestratorRegistryStore functionality.
- Introduced AirgapImportRequest and AirgapImportValidator for air-gapped VEX bundle imports.
- Added incident mode rules sample JSON for notifier configuration.
2025-11-22 12:35:38 +02:00

2.5 KiB
Raw Blame History

Excititor Air-Gap Prep (56-001, 57-001, 58-001)

Status: Ready for implementation (2025-11-22) Owners: Excititor Core Guild · AirGap Policy Guild · Evidence Locker Guild Scope: Define ingestion/egress contracts for Excititor when operating in sealed/offline environments and align with mirror bundle + Evidence Locker artifacts.

Inputs

  • Mirror bundle schema (thin) from docs/modules/mirror/assembler.md.
  • Evidence Locker attestation contract: docs/modules/evidence-locker/attestation-contract.md.
  • Link-Not-Merge schema for advisory evidence: docs/modules/concelier/link-not-merge-schema.md.

Deliverables

  • Ingestion envelope for POST /airgap/vex/import:
    • Fields: bundleId, mirrorGeneration, signedAt, publisher, payloadHash, payloadUrl? (offline tar path), signature, transparencyLog?.
    • Validation: deterministic hash of NDJSON payloads; must reject mixed tenants; clock-skew tolerance ±5s.
  • Sealed-mode error catalog (57-001): AIRGAP_EGRESS_BLOCKED, AIRGAP_PAYLOAD_STALE, AIRGAP_SIGNATURE_MISSING, AIRGAP_SOURCE_UNTRUSTED; each with HTTP 4xx mapping and remediation text.
  • Notification hooks (58-001): timeline events airgap.import.started/completed/failed with attributes {tenantId,bundleId,generation,stalenessSeconds}; link to Evidence Locker bundle ID for audit.
  • Determinism rules: sort imported observations by advisoryKey then productKey; write timeline events in the same order; all timestamps UTC ISO-8601.
  • Connector trust (CONN-TRUST-01-001):
    • Trusted signer manifests reuse docs/modules/excititor/schemas/connector-signer-metadata.schema.json; require fingerprint, issuer, validFrom/To, allowedProfiles, bundleHash.
    • Validation: fail import with AIRGAP_SOURCE_UNTRUSTED when signer fingerprint not in manifest, signature algorithm not in {rsa-pss-sha256, ecdsa-p256-sha256, gost-r3410-2012-256}, or bundle hash mismatch.
    • Offline parity: store signer manifests alongside mirror bundle under mirror/signers/ and include SHA256 in SHA256SUMS.dsse.

Acceptance Criteria

  • API shapes captured in this prep are referenced from Sprint 0119 Delivery Tracker; no further blockers for Excititor AirGap tasks.
  • Error catalog and timeline events documented and consumed by downstream Policy/AirGap controller work.
  • Import path validated against mirror bundle schema; mismatch should raise AIRGAP_PAYLOAD_STALE.

Notes

  • Satisfies PREP-EXCITITOR-AIRGAP-56-001, PREP-EXCITITOR-AIRGAP-57-001, and PREP-EXCITITOR-AIRGAP-58-001.