Air-Gapped Audit Bundle Exchange
Portable, self-contained evidence bundles for environments where network connectivity is unavailable, restricted, or untrusted. Complete cryptographic verification without external dependencies.
1. Target System
Disconnected, Denied, Intermittent, or Limited (DDIL) environments including classified networks, forward-deployed military systems, critical infrastructure with network isolation, and regulated environments requiring air-gapped audit trails.
2. Threat Model
3. Integration Points
Bundle Export API
POST /v1/evidence/{run_id} → ZIP stream
Offline Verifier
verify.js bundle.zip → PASS/FAIL
Manifest Validation
SHA-256 checksums for all artifacts
Signature Verification
Ed25519 over canonical bytes
┌─────────────────────────────────────────────────────────────────┐
│ CONNECTED ENVIRONMENT │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Policy │───▶│ Sentinel │───▶│ Evidence │ │
│ │ Artifact │ │ Runtime │ │ Bundler │ │
│ └──────────────┘ └──────────────┘ └──────┬───────┘ │
│ │ │
│ bundle.zip │
│ │ │
└──────────────────────────────────────────────────┼───────────────┘
│
═══════════════════════════════════
PHYSICAL TRANSFER
═══════════════════════════════════
│
┌──────────────────────────────────────────────────┼───────────────┐
│ AIR-GAPPED ENVIRONMENT │ │
│ ▼ │
│ ┌──────────────┐ │
│ │ Offline │ │
│ │ Verifier │ │
│ └──────┬───────┘ │
│ │ │
│ PASS / FAIL │
│ │ │
│ ┌──────▼───────┐ │
│ │ Audit │ │
│ │ Record │ │
│ └──────────────┘ │
└──────────────────────────────────────────────────────────────────┘4. Artifacts Produced
5. Offline Verification Workflow
Transfer bundle to air-gapped system
USB, optical media, or secure file transfer
Verify bundle checksums
SHA-256 manifest validation
Run offline verifier
node verify.js bundle.zip
Record deterministic verdict
PASS / PASS_WITH_CAVEATS / FAIL with report_hash
6. Measurable Outcomes
Sample Bundle
Air-gapped audit variant with verification transcript