Software Requirements Specification

Introduction

Purpose

This Software Requirements Specification (SRS) describes the functional and non-functional requirements for AirGap Deploy, a command-line tool for packaging applications and their dependencies for deployment on air-gapped systems.

This document is intended for:

  • Developers implementing AirGap Deploy

  • Release engineers using AirGap Deploy to package applications

  • Technical reviewers evaluating the tool’s capabilities

Scope

Product Name: AirGap Deploy

Product Purpose: Simplify the packaging and installation of software on air-gapped systems

Benefits:

  • Declarative manifest-based packaging (no custom scripts)

  • Cross-platform support (Linux, macOS, Windows)

  • Automated dependency collection and vendoring

  • Generated installation scripts for air-gapped deployment

Goals:

  • Enable developers to package any application for air-gap deployment with a single TOML manifest

  • Reduce manual effort in preparing air-gap packages from days to minutes

  • Ensure reproducible, verifiable deployments

Out of Scope:

  • GUI interface (CLI only)

  • Network-based distribution mechanisms

  • Digital signature/verification (future enhancement)

  • Automatic updates (contradicts air-gap philosophy)

  • Plugin system (deferred to future version)

Definitions, Acronyms, and Abbreviations

Term

Definition

Air-gap

Physical isolation from networks, especially the internet

Component

A deployable unit (application, binary, model, package)

Manifest

TOML file defining deployment requirements (AirGapDeploy.toml)

Package

Final output archive (.tar.gz or .zip) ready for air-gap transfer

Vendor

Process of including all dependencies within a package

Prep

Preparation phase on connected machine

Install

Installation phase on air-gapped machine

TOML

Tom’s Obvious Minimal Language (configuration format)

SHA-256

Cryptographic hash function for checksums

Overall Description

Product Perspective

AirGap Deploy is a standalone developer tool that integrates into existing software development workflows. It operates in two distinct phases:

Phase 1 - Preparation (Connected System):

  • Developer creates AirGapDeploy.toml manifest

  • AirGap Deploy collects application source, dependencies, models, binaries

  • Generates deployment package (.tar.gz or .zip)

  • Generates installation scripts (install.sh, install.ps1)

Phase 2 - Installation (Air-Gapped System):

  • User transfers package via USB or other physical media

  • User executes generated installation script

  • Script builds/installs application from vendored dependencies

  • No network access required

Relationship to Other Systems:

  • AirGap Transfer: Optional integration for large packages (see Meta-Architecture)

  • Cleanroom Whisper: Reference implementation and primary use case

  • CI/CD pipelines: Integrates with GitHub Actions, GitLab CI for automated package generation

Product Functions

AirGap Deploy provides the following major functions:

Manifest Parsing - Parse and validate AirGapDeploy.toml files

Component Collection - Download and collect required components:

  • Rust applications with vendored dependencies

  • External binaries from Git repositories

  • Model files from URLs with checksum verification

  • System packages (Linux distributions)

Packaging - Create compressed archives with all components

Install Script Generation - Generate platform-specific installation scripts

CLI Interface - User-friendly command-line tool with progress reporting

User Characteristics

Primary Users: Application Developers / Release Engineers

  • Technical expertise: High (familiar with command-line tools, build systems)

  • Domain knowledge: Understands air-gap deployment constraints

  • Frequency of use: Occasional (during release cycles)

  • Environment: Development machine with internet access

Secondary Users: End Users / IT Staff

  • Technical expertise: Medium (can run installation scripts)

  • Domain knowledge: Works with air-gapped systems

  • Frequency of use: Rare (only during installations/updates)

  • Environment: Air-gapped production system

Constraints

Regulatory Constraints:

  • Must comply with open-source licensing (AGPL-3.0)

Technical Constraints:

  • Requires Rust toolchain for building AirGap Deploy itself

  • Preparation phase requires internet access (by design)

  • Installation phase must work completely offline

  • Package size limited by available storage media

Design Constraints:

  • Command-line interface only (no GUI)

  • Declarative manifest format (TOML)

  • Cross-platform compatibility (Linux, macOS, Windows)

Assumptions and Dependencies

Assumptions:

  • Developer has internet access during package preparation

  • Target air-gapped system has basic build tools (C compiler, make)

  • Users can physically transfer files via USB or similar media

Dependencies:

  • External: Git, cargo, platform-specific package managers

  • Rust crates: See Roadmap (Dependencies Summary) for complete list

Functional Requirements

Manifest Parsing and Validation

Requirement: Parse TOML Manifest Files FR-DEPLOY-001
status: approved
tags: deploy, manifest, parsing
priority: must
release: v1.0
is tested by: TC-MAN-001

The system SHALL parse AirGapDeploy.toml files using TOML syntax.
Requirement: Validate Manifest Structure FR-DEPLOY-002
status: approved
tags: deploy, manifest, validation
priority: must
release: v1.0
is tested by: TC-MAN-002, TC-MAN-003, TC-MAN-004

The system SHALL validate manifest structure and required fields before processing.
Requirement: Support Manifest Sections FR-DEPLOY-003
status: approved
tags: deploy, manifest, structure
priority: must
release: v1.0
is tested by: TC-MAN-001

The system SHALL support the following manifest sections: [package], [targets], [install], [[components]]
Requirement: Clear Manifest Error Messages FR-DEPLOY-004
status: approved
tags: deploy, manifest, validation, error-handling
priority: must
release: v1.0
is tested by: TC-MAN-002, TC-MAN-003, TC-MAN-004

The system SHALL provide clear error messages for invalid manifests, including line numbers and expected values.
Requirement: Manifest Schema Versioning FR-DEPLOY-005
status: approved
tags: deploy, manifest, versioning
priority: should
release: v1.0
is tested by: TC-MAN-005

The system SHALL support schema versioning to enable future manifest evolution.

Component Collection

Rust Application Component

Requirement: Collect Rust Application Source FR-DEPLOY-006
status: approved
tags: deploy, rust, component
priority: must
release: v1.0
is tested by: TC-RUST-003

The system SHALL collect Rust application source code from local directories.
Requirement: Vendor Cargo Dependencies FR-DEPLOY-007
status: approved
tags: deploy, rust, vendor, dependencies
priority: must
release: v1.0
is tested by: TC-RUST-001, TC-RUST-004

The system SHALL execute cargo vendor to download and vendor all Cargo dependencies.
Requirement: Include Rust Toolchain Installer FR-DEPLOY-008
status: approved
tags: deploy, rust, toolchain
priority: should
release: v1.0
is tested by: TC-RUST-002

The system SHALL optionally include Rust toolchain installer for offline builds.
Requirement: Generate Cargo Config FR-DEPLOY-009
status: approved
tags: deploy, rust, configuration
priority: must
release: v1.0
is tested by: TC-RUST-001

The system SHALL generate .cargo/config.toml to configure vendored dependency usage.
Requirement: Rust Component Configuration Options FR-DEPLOY-010
status: approved
tags: deploy, rust, configuration
priority: must
release: v1.0
is tested by: TC-DEPLOY-CFG-001

The system SHALL support configuration options: source, vendor, include_toolchain, prebuild

External Binary Component

Requirement: Clone Git Repositories FR-DEPLOY-011
status: approved
tags: deploy, git, external-binary
priority: must
release: v1.0
is tested by: TC-GIT-001, TC-GIT-003

The system SHALL clone Git repositories for external binaries.
Requirement: Specify Git Version FR-DEPLOY-012
status: approved
tags: deploy, git, versioning
priority: must
release: v1.0
is tested by: TC-GIT-001, TC-GIT-002

The system SHALL support specifying Git branch, tag, or commit.
Requirement: Include Build Instructions FR-DEPLOY-013
status: approved
tags: deploy, installation, build
priority: must
release: v1.0

The system SHALL include build instructions in installation scripts.
Requirement: External Binary Configuration Options FR-DEPLOY-014
status: approved
tags: deploy, external-binary, configuration
priority: must
release: v1.0
is tested by: TC-DEPLOY-CFG-002

The system SHALL support configuration options: name, repo, branch/tag/commit, build_instructions

Model File Component

Requirement: Download Model Files FR-DEPLOY-015
status: approved
tags: deploy, model, download
priority: must
release: v1.0
is tested by: TC-MODEL-001

The system SHALL download model files from HTTPS URLs.
Requirement: Verify File Checksums FR-DEPLOY-016
status: approved
tags: deploy, model, verification, security
priority: must
release: v1.0
is tested by: TC-MODEL-001, TC-MODEL-002, TC-MODEL-003, TC-MODEL-006

The system SHALL verify downloaded files using SHA-256 checksums.
Requirement: Display Download Progress FR-DEPLOY-017
status: approved
tags: deploy, model, download, ui
priority: must
release: v1.0
is tested by: TC-MODEL-005

The system SHALL display download progress with progress bars.
Requirement: Resume Interrupted Downloads FR-DEPLOY-018
status: approved
tags: deploy, model, download, reliability
priority: should
release: v1.0
is tested by: TC-MODEL-004

The system SHALL support resume capability for interrupted downloads.
Requirement: Model File Configuration Options FR-DEPLOY-019
status: approved
tags: deploy, model, configuration
priority: must
release: v1.0
is tested by: TC-DEPLOY-CFG-003

The system SHALL support configuration options: name, url, checksum, required, install_path

System Package Component

Requirement: Detect Linux Distribution FR-DEPLOY-020
status: approved
tags: deploy, system-package, linux
priority: could
release: v1.0
is tested by: TC-DEPLOY-SYSPKG-001

The system SHALL detect Linux distribution (Debian, Fedora, Arch).
Requirement: Download System Packages FR-DEPLOY-021
status: approved
tags: deploy, system-package, dependencies
priority: could
release: v1.0

The system SHALL download system packages (.deb, .rpm, etc.) with dependencies.
Requirement: Include System Packages in Archive FR-DEPLOY-022
status: approved
tags: deploy, system-package, packaging
priority: could
release: v1.0

The system SHALL include system packages in deployment archive.
Requirement: Configure System Package Installation FR-DEPLOY-023
status: approved
tags: deploy, system-package, installation
priority: could
release: v1.0
is tested by: TC-DEPLOY-SYSPKG-002

The system SHALL configure installation scripts to install system packages.

Note: SystemPackageComponent is marked as optional for MVP and may be deferred.

Packaging

Requirement: Create Tar.gz Archives FR-DEPLOY-024
status: approved
tags: deploy, packaging, archive
priority: must
release: v1.0
is tested by: TC-PKG-001

The system SHALL create tar.gz archives for Linux and macOS deployments.
Requirement: Create Zip Archives FR-DEPLOY-025
status: approved
tags: deploy, packaging, archive, windows
priority: must
release: v1.0
is tested by: TC-PKG-002

The system SHALL create zip archives for Windows deployments.
Requirement: Organize Package Directory Structure FR-DEPLOY-026
status: approved
tags: deploy, packaging, structure
priority: must
release: v1.0
is tested by: TC-PKG-001, TC-PKG-002

The system SHALL organize package contents with standardized directory structure.
Requirement: Generate Package Metadata FR-DEPLOY-027
status: approved
tags: deploy, packaging, metadata
priority: must
release: v1.0
is tested by: TC-PKG-003

The system SHALL generate airgap-deploy-metadata.json with package information.
Requirement: Generate Package Checksum FR-DEPLOY-028
status: approved
tags: deploy, packaging, verification, security
priority: must
release: v1.0
is tested by: TC-PKG-004

The system SHALL generate SHA-256 checksum for the entire package.
Requirement: Configurable Compression Levels FR-DEPLOY-029
status: approved
tags: deploy, packaging, compression
priority: should
release: v1.0
is tested by: TC-PKG-006

The system SHALL support configurable compression levels.

Installation Script Generation

Requirement: Generate Bash Installation Scripts FR-DEPLOY-030
status: approved
tags: deploy, installation, bash, linux, macos
priority: must
release: v1.0
is tested by: TC-INSTALL-001

The system SHALL generate Bash installation scripts (install.sh) for Linux/macOS.
Requirement: Generate PowerShell Installation Scripts FR-DEPLOY-031
status: approved
tags: deploy, installation, powershell, windows
priority: must
release: v1.0
is tested by: TC-INSTALL-002

The system SHALL generate PowerShell installation scripts (install.ps1) for Windows.
Requirement: Installation Script Steps FR-DEPLOY-032
status: approved
tags: deploy, installation, workflow
priority: must
release: v1.0
is tested by: TC-INSTALL-001, TC-INSTALL-002, TC-INSTALL-005, TC-INSTALL-006

Installation scripts SHALL perform dependency checks, display plan, prompt for location, execute builds, configure files, set permissions, and log actions.
Requirement: Installation Script Modes FR-DEPLOY-033
status: approved
tags: deploy, installation, modes
priority: must
release: v1.0
is tested by: TC-INSTALL-003, TC-INSTALL-004

Installation scripts SHALL support interactive mode and automatic (unattended) mode.
Requirement: Detect Existing Installations FR-DEPLOY-034
status: approved
tags: deploy, installation, upgrade
priority: should
release: v1.0
is tested by: TC-DEPLOY-UPG-001

Installation scripts SHALL detect existing installations and offer upgrade path.
Requirement: Verify Disk Space FR-DEPLOY-035
status: approved
tags: deploy, installation, validation
priority: must
release: v1.0
is tested by: TC-ERR-002

Installation scripts SHALL verify sufficient disk space before proceeding.
Requirement: Installation Error Messages FR-DEPLOY-036
status: approved
tags: deploy, installation, error-handling
priority: must
release: v1.0
is tested by: TC-INSTALL-006

Installation scripts SHALL provide clear error messages and recovery instructions.

Command-Line Interface

Requirement: CLI Commands FR-DEPLOY-037
status: approved
tags: deploy, cli, commands
priority: must
release: v1.0
is tested by: TC-CLI-001, TC-CLI-002, TC-CLI-003, TC-CLI-004, TC-CLI-005, TC-CLI-006

The system SHALL provide commands: prep, validate, init, list-components with appropriate arguments.
Requirement: Colored CLI Output FR-DEPLOY-038
status: approved
tags: deploy, cli, ui
priority: should
release: v1.0
is tested by: TC-DEPLOY-CLI-001

The system SHALL display colored output for improved readability.
Requirement: Progress Bars FR-DEPLOY-039
status: approved
tags: deploy, cli, ui, progress
priority: must
release: v1.0
is tested by: TC-DEPLOY-CLI-002

The system SHALL display progress bars for long-running operations (downloads, compression).
Requirement: Verbose Logging Flag FR-DEPLOY-040
status: approved
tags: deploy, cli, logging
priority: must
release: v1.0
is tested by: TC-DEPLOY-CLI-003

The system SHALL support –verbose flag for detailed logging.
Requirement: Help Flag FR-DEPLOY-041
status: approved
tags: deploy, cli, help
priority: must
release: v1.0
is tested by: TC-CLI-007

The system SHALL support –help flag for all commands.

Configuration Management

Requirement: Global Configuration File FR-DEPLOY-042
status: approved
tags: deploy, configuration
priority: should
release: v1.0
is tested by: TC-DEPLOY-GLOBALCFG-001

The system SHALL support global configuration file at ~/.airgap-deploy/config.toml.
Requirement: Global Configuration Options FR-DEPLOY-043
status: approved
tags: deploy, configuration
priority: should
release: v1.0
is tested by: TC-DEPLOY-GLOBALCFG-002

The system SHALL support global configuration options: default_target, cache_dir, proxy.
Requirement: CLI Overrides Configuration FR-DEPLOY-044
status: approved
tags: deploy, configuration, cli
priority: must
release: v1.0
is tested by: TC-DEPLOY-GLOBALCFG-003

Command-line arguments SHALL override global configuration.

Error Handling and Recovery

Requirement: Clear Error Messages FR-DEPLOY-045
status: approved
tags: deploy, error-handling
priority: must
release: v1.0
is tested by: TC-RUST-003, TC-RUST-004, TC-GIT-003, TC-GIT-004, TC-MODEL-003, TC-ERR-002, TC-ERR-003, TC-ERR-004

The system SHALL provide clear, actionable error messages for all failure modes.
Requirement: Suggest Error Recovery Steps FR-DEPLOY-046
status: approved
tags: deploy, error-handling, recovery
priority: should
release: v1.0
is tested by: TC-ERR-001

The system SHALL suggest recovery steps for common errors: missing dependencies, network failures, disk space issues, invalid manifests.
Requirement: Non-Zero Exit Codes FR-DEPLOY-047
status: approved
tags: deploy, error-handling, cli
priority: must
release: v1.0
is tested by: TC-DEPLOY-ERR-005

The system SHALL exit with non-zero status codes on errors.
Requirement: Operation Logging FR-DEPLOY-048
status: approved
tags: deploy, logging, debugging
priority: must
release: v1.0
is tested by: TC-DEPLOY-CLI-003, TC-DEPLOY-ERR-006

The system SHALL log all operations to enable debugging.

Non-Functional Requirements

Performance

Non-Functional Requirement: Package Preparation Performance NFR-DEPLOY-001
status: approved
tags: deploy, performance
priority: should
release: v1.0
is tested by: TC-PERF-001

Package preparation SHALL complete in less than 5 minutes for typical applications (<1GB components).
Non-Functional Requirement: Large Download Handling NFR-DEPLOY-002
status: approved
tags: deploy, performance, download
priority: must
release: v1.0
is tested by: TC-MODEL-005, TC-PERF-002

Large model downloads (1-10GB) SHALL display progress and support resume.
Non-Functional Requirement: Parallel Component Collection NFR-DEPLOY-003
status: approved
tags: deploy, performance, parallelism
priority: should
release: v1.0
is tested by: TC-PERF-003

Parallel component collection SHALL be used where possible to reduce preparation time.
Non-Functional Requirement: Installation Performance NFR-DEPLOY-004
status: approved
tags: deploy, performance, installation
priority: should
release: v1.0
is tested by: TC-PERF-004

Installation scripts SHALL complete in less than 20 minutes for typical applications (including build time).

Reliability

Non-Functional Requirement: Checksum Verification NFR-DEPLOY-005
status: approved
tags: deploy, reliability, security, verification
priority: must
release: v1.0
is tested by: TC-MODEL-002, TC-MODEL-003, TC-PKG-004

The system SHALL verify all downloaded files using SHA-256 checksums.
Non-Functional Requirement: Network Operation Retry NFR-DEPLOY-006
status: approved
tags: deploy, reliability, network
priority: must
release: v1.0
is tested by: TC-GIT-004, TC-ERR-001

The system SHALL retry failed network operations up to 3 times with exponential backoff.
Non-Functional Requirement: Idempotent Installation NFR-DEPLOY-007
status: approved
tags: deploy, reliability, installation
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-001

Installation scripts SHALL be idempotent (safe to run multiple times).
Non-Functional Requirement: Graceful Interruption Handling NFR-DEPLOY-008
status: approved
tags: deploy, reliability, error-handling
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-002

The system SHALL handle interruptions gracefully (Ctrl+C, system shutdown).

Usability

Non-Functional Requirement: First-Time User Experience NFR-DEPLOY-009
status: approved
tags: deploy, usability
priority: should
release: v1.0
is tested by: TC-DEPLOY-NFR-003

First-time users SHALL be able to create a deployment package within 10 minutes using provided examples.
Non-Functional Requirement: Detailed Error Messages NFR-DEPLOY-010
status: approved
tags: deploy, usability, error-handling
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-004

Error messages SHALL include specific details about the failure and suggested fixes.
Non-Functional Requirement: Command Help Text NFR-DEPLOY-011
status: approved
tags: deploy, usability, cli, help
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-005

The CLI SHALL provide help text accessible via –help for all commands.
Non-Functional Requirement: Progress Indicators NFR-DEPLOY-012
status: approved
tags: deploy, usability, ui
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-006

Progress indicators SHALL be shown for all operations taking longer than 2 seconds.

Maintainability

Non-Functional Requirement: Test Coverage NFR-DEPLOY-013
status: approved
tags: deploy, maintainability, testing
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-007

The codebase SHALL achieve at least 80% test coverage.
Non-Functional Requirement: API Documentation NFR-DEPLOY-014
status: approved
tags: deploy, maintainability, documentation
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-008

All public APIs SHALL have rustdoc documentation.
Non-Functional Requirement: Clippy Compliance NFR-DEPLOY-015
status: approved
tags: deploy, maintainability, code-quality
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-009

The code SHALL pass cargo clippy with zero warnings.
Non-Functional Requirement: Code Formatting NFR-DEPLOY-016
status: approved
tags: deploy, maintainability, code-quality
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-010

The code SHALL be formatted with rustfmt.

Portability

Non-Functional Requirement: Linux Platform Support NFR-DEPLOY-017
status: approved
tags: deploy, portability, linux
priority: must
release: v1.0
is tested by: TC-E2E-003

The system SHALL run on Linux (Ubuntu 20.04+, Fedora 35+, Debian 11+).
Non-Functional Requirement: macOS Platform Support NFR-DEPLOY-018
status: approved
tags: deploy, portability, macos
priority: must
release: v1.0
is tested by: TC-E2E-003

The system SHALL run on macOS (10.15+, both Intel and Apple Silicon).
Non-Functional Requirement: Windows Platform Support NFR-DEPLOY-019
status: approved
tags: deploy, portability, windows
priority: must
release: v1.0
is tested by: TC-E2E-003

The system SHALL run on Windows (Windows 10/11).
Non-Functional Requirement: Installation Script Compatibility NFR-DEPLOY-020
status: approved
tags: deploy, portability, installation
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-011

Generated installation scripts SHALL be compatible with Bash 4.0+ (Linux/macOS) and PowerShell 5.1+ (Windows).

Security

Non-Functional Requirement: Verify All Checksums NFR-DEPLOY-021
status: approved
tags: deploy, security, verification
priority: must
release: v1.0
is tested by: TC-DEPLOY-SEC-001

The system SHALL verify checksums for all downloaded files.
Non-Functional Requirement: No Arbitrary Code Execution NFR-DEPLOY-022
status: approved
tags: deploy, security
priority: must
release: v1.0
is tested by: TC-DEPLOY-SEC-002

The system SHALL NOT execute arbitrary code from manifests.
Non-Functional Requirement: Confirm Destructive Operations NFR-DEPLOY-023
status: approved
tags: deploy, security, installation
priority: must
release: v1.0
is tested by: TC-DEPLOY-NFR-012

Installation scripts SHALL require explicit confirmation before destructive operations.
Non-Functional Requirement: HTTPS for Network Operations NFR-DEPLOY-024
status: approved
tags: deploy, security, network
priority: must
release: v1.0
is tested by: TC-DEPLOY-SEC-003

The system SHALL use HTTPS for all network operations.
Non-Functional Requirement: Restrictive File Permissions NFR-DEPLOY-025
status: approved
tags: deploy, security, filesystem
priority: must
release: v1.0
is tested by: TC-DEPLOY-SEC-004

Temporary files SHALL be created with restrictive permissions (user-only).

Scalability

Non-Functional Requirement: Large Package Support NFR-DEPLOY-026
status: approved
tags: deploy, scalability
priority: should
release: v1.0
is tested by: TC-PKG-005, TC-E2E-002

The system SHALL handle packages up to 50GB in size.
Non-Functional Requirement: Multi-Component Manifests NFR-DEPLOY-027
status: approved
tags: deploy, scalability
priority: should
release: v1.0
is tested by: TC-DEPLOY-NFR-013

The system SHALL support manifests with up to 100 components.
Non-Functional Requirement: CPU-Scalable Parallelism NFR-DEPLOY-028
status: approved
tags: deploy, scalability, performance
priority: should
release: v1.0
is tested by: TC-DEPLOY-NFR-014

Parallel collection SHALL scale with available CPU cores.
Non-Functional Requirement: Platform-Specific Install Paths NFR-DEPLOY-029
status: approved
tags: deploy, portability, installation
priority: must
release: v1.0
is tested by: TC-DEPLOY-INST-012

Install scripts SHALL use platform-specific default paths (user: ~/.local on Linux/macOS, %LOCALAPPDATA% on Windows; system: /usr/local on Linux/macOS, C:Program Files on Windows)

External Interface Requirements

User Interfaces

Requirement: Command-Line Interface with ANSI Color Support FR-DEPLOY-049
status: approved
tags: deploy, external-interface, ui, cli
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-001

The system SHALL provide a command-line interface with ANSI color support.
Requirement: Progress Bars for Long-Running Operations FR-DEPLOY-050
status: approved
tags: deploy, external-interface, ui, progress
priority: must
release: v1.0
is tested by: TC-DEPLOY-CLI-002

The system SHALL display progress bars for long-running operations (using indicatif crate).
Requirement: Interactive Prompts in Installation Scripts FR-DEPLOY-051
status: approved
tags: deploy, external-interface, ui, installation
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-002

The system SHALL provide interactive prompts in generated installation scripts.

Hardware Interfaces

Requirement: Standard Filesystem I/O FR-DEPLOY-052
status: approved
tags: deploy, external-interface, hardware, filesystem
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-003

The system SHALL use standard filesystem I/O (no special hardware requirements).
Requirement: Network Interface for Component Downloads FR-DEPLOY-053
status: approved
tags: deploy, external-interface, hardware, network
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-004

The system SHALL use network interface for downloading components during prep phase.
Requirement: Removable Media Support FR-DEPLOY-054
status: approved
tags: deploy, external-interface, hardware, usb
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-005

The system SHALL support removable media (USB drives) for package transfer (OS-provided).

Software Interfaces

Requirement: Cargo Integration for Dependency Vendoring FR-DEPLOY-055
status: approved
tags: deploy, external-interface, software, cargo, rust
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-006

The system SHALL integrate with cargo for Rust dependency vendoring.
Requirement: Git Integration for Repository Cloning FR-DEPLOY-056
status: approved
tags: deploy, external-interface, software, git
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-007

The system SHALL integrate with git for cloning external repositories.
Requirement: HTTP/HTTPS Clients for Downloads FR-DEPLOY-057
status: approved
tags: deploy, external-interface, software, http
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-008

The system SHALL use HTTP/HTTPS clients for downloading models and packages.
Requirement: System Package Manager Integration FR-DEPLOY-058
status: approved
tags: deploy, external-interface, software, package-manager
priority: should
release: v1.0
is tested by: TC-DEPLOY-EXTIF-009

The system SHALL integrate with system package managers (apt, dnf, pacman) for SystemPackageComponent.
Requirement: AirGap Transfer Integration FR-DEPLOY-059
status: approved
tags: deploy, external-interface, software, airgap-transfer
priority: could
release: v1.0
is tested by: TC-DEPLOY-EXTIF-010

The system SHALL integrate with AirGap Transfer for large package chunking (workflow level, not code level).

Communications Interfaces

Requirement: HTTP/HTTPS for Component Downloads FR-DEPLOY-060
status: approved
tags: deploy, external-interface, communications, http, network
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-004

The system SHALL use HTTP/HTTPS for downloading components (preparation phase only).
Requirement: No Network During Installation FR-DEPLOY-061
status: approved
tags: deploy, external-interface, communications, air-gap, offline
priority: must
release: v1.0
is tested by: TC-DEPLOY-EXTIF-011

The system SHALL NOT use network communication during installation phase (enforced by air-gap).

Enhanced Installation Features

The following requirements address gaps identified in use case analysis.

Component Selection

Requirement: Optional Component Declaration FR-DEPLOY-062
status: approved
tags: deploy, components, configuration
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-001

Components SHALL support required field to mark components as optional
Requirement: Component Selection at Prep Time FR-DEPLOY-063
status: approved
tags: deploy, cli, components
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-002

The CLI SHALL support --include flag to select optional components during prep

Configuration Generation

Requirement: Config File Generation FR-DEPLOY-064
status: approved
tags: deploy, installation, configuration
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-003

Install scripts SHALL generate configuration files from templates
Requirement: Config Template Support FR-DEPLOY-065
status: approved
tags: deploy, installation, configuration
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-004

Manifests SHALL support [install.config] section with config_file and config_template fields
Requirement: Custom Installation Steps FR-DEPLOY-066
status: approved
tags: deploy, installation, customization
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-005

Manifests SHALL support [install.steps] section for component-specific installation commands

Installation Modes

Requirement: Interactive Installation Mode FR-DEPLOY-067
status: approved
tags: deploy, installation, usability
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-006

Install scripts SHALL support interactive mode with user prompts
Requirement: Automatic Installation Mode FR-DEPLOY-068
status: approved
tags: deploy, installation, automation
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-007

Install scripts SHALL support automatic mode with environment variables (MODE=automatic)
Requirement: Installation Prompts FR-DEPLOY-069
status: approved
tags: deploy, installation, usability
priority: could
release: v1.0
is tested by: TC-DEPLOY-INST-008

Manifests COULD support [install.prompts] section for interactive prompt configuration

Dependency Management

Requirement: Dependency Declaration FR-DEPLOY-070
status: approved
tags: deploy, dependencies, configuration
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-009

Manifests SHALL support [install.dependencies] section to declare required tools
Requirement: Dependency Verification FR-DEPLOY-071
status: approved
tags: deploy, dependencies, installation
priority: must
release: v1.0
is tested by: TC-DEPLOY-INST-010

Install scripts SHALL verify dependencies before building components
Requirement: Disk Space Verification FR-DEPLOY-072
status: approved
tags: deploy, dependencies, installation
priority: should
release: v1.0
is tested by: TC-DEPLOY-INST-011

Install scripts SHALL verify sufficient disk space before installation

Note

This requirement covers disk space verification at install time. For disk space verification during the prep phase, see Verify Disk Space (FR-DEPLOY-035).

v1.1 — Bill of Materials and Vulnerability Scanning

The following requirements are planned for v1.1 and are not in scope for the MVP release.

SBOM Generation

Requirement: Generate CycloneDX SBOM FR-DEPLOY-073
status: proposed
tags: deploy, v1.1, sbom, cyclonedx
priority: should
release: v1.1

The system SHALL generate a CycloneDX JSON SBOM during the prep phase, output alongside the deployment package as sbom.cdx.json.
Requirement: Parse Cargo.lock for Dependency Graph FR-DEPLOY-074
status: proposed
tags: deploy, v1.1, sbom, dependencies
priority: should
release: v1.1

The system SHALL parse Cargo.lock to extract the full transitive dependency graph, including crate names, versions, and dependency relationships.
Requirement: Extract License Information FR-DEPLOY-075
status: proposed
tags: deploy, v1.1, sbom, licensing
priority: should
release: v1.1

The system SHALL extract license information for each dependency from Cargo.toml license fields and include it in the SBOM.
Requirement: Include Component Metadata in SBOM FR-DEPLOY-076
status: proposed
tags: deploy, v1.1, sbom, metadata
priority: should
release: v1.1

The SBOM SHALL include component metadata: package name, version, supplier/source URL, and SHA-256 checksums for all collected components.
Requirement: Include SBOM in Deployment Archive FR-DEPLOY-077
status: proposed
tags: deploy, v1.1, sbom, packaging
priority: should
release: v1.1

The system SHALL include the generated SBOM in the deployment archive by default.

CBOM Generation

Requirement: Detect Cryptographic Dependencies FR-DEPLOY-078
status: proposed
tags: deploy, v1.1, cbom, cryptography
priority: should
release: v1.1

The system SHALL scan Cargo.lock for known cryptographic crates (e.g., ring, rustls, aws-lc-rs, openssl-sys, chacha20, aes-gcm, sha2, ed25519-dalek) and record them as CycloneDX CBOM cryptographic asset entries.
Requirement: Document Internal Cryptographic Usage FR-DEPLOY-079
status: proposed
tags: deploy, v1.1, cbom, cryptography
priority: should
release: v1.1

The CBOM SHALL document hash algorithms used by AirGap Deploy itself (e.g., SHA-256 for checksum verification).
Requirement: Unified SBOM/CBOM Document FR-DEPLOY-080
status: proposed
tags: deploy, v1.1, sbom, cbom, cyclonedx
priority: should
release: v1.1

The CBOM data SHALL be included in the CycloneDX SBOM document as a single unified file, per the CycloneDX specification.

Vulnerability Scanning

Requirement: Scan Subcommand FR-DEPLOY-081
status: proposed
tags: deploy, v1.1, vulnerability, cli
priority: could
release: v1.1

The system SHALL provide an airgap-deploy scan subcommand that accepts a CycloneDX SBOM file as input and reports known vulnerabilities.
Requirement: Offline Vulnerability Database FR-DEPLOY-082
status: proposed
tags: deploy, v1.1, vulnerability, offline
priority: could
release: v1.1

The scan subcommand SHALL support an offline vulnerability database provided by the user (e.g., a pre-downloaded Grype or Trivy database), requiring no network access.
Requirement: Vulnerability Report Output FR-DEPLOY-083
status: proposed
tags: deploy, v1.1, vulnerability, reporting
priority: could
release: v1.1

The scan subcommand SHALL generate vulnerability reports in both JSON (machine-readable) and human-readable formats.
Requirement: Severity Threshold Exit Code FR-DEPLOY-084
status: proposed
tags: deploy, v1.1, vulnerability, cli
priority: could
release: v1.1

The scan subcommand SHALL exit with a non-zero status code when vulnerabilities exceed a configurable severity threshold (e.g., --fail-on critical).

v1.0 — Additional Component and Configuration Support

The following requirements were identified during use case analysis (Ollama deployment) and are included in the v1.0 release.

Config File Component

Requirement: Config File Component Type FR-DEPLOY-085
status: approved
tags: deploy, component, config-file
priority: should
release: v1.0

The system SHALL support a config-file component type for deploying configuration files (e.g., systemd units, config templates) with inline content and install_path fields.

GitHub Release Source

Requirement: GitHub Release Source Type FR-DEPLOY-086
status: approved
tags: deploy, external-binary, github-release
priority: should
release: v1.0

The system SHALL support a github-release source type for external-binary components, specifying repo (owner/name), tag, and asset_pattern (glob pattern for selecting platform-specific release assets).

Extended Install Section

Requirement: Extended Install Section Fields FR-DEPLOY-087
status: approved
tags: deploy, installation, configuration
priority: should
release: v1.0

The system SHALL support [install] section fields: prefix (installation root directory), user (system user for service), group (system group for service).

Configuration Management Output

Requirement: Configuration Management Output Format FR-DEPLOY-088
status: approved
tags: deploy, cli, configuration-management
priority: could
release: v1.0

The system SHALL support a --format flag on the prep command to generate configuration management output (e.g., --format ansible for Ansible playbooks).

Nested Source Fields

Requirement: Nested Source Field Support FR-DEPLOY-089
status: approved
tags: deploy, manifest, configuration
priority: should
release: v1.0

Component configuration SHALL support nested source.* fields (e.g., source.type, source.url, source.checksum) as an alternative to flat field layout for components with polymorphic source types.

Appendices

Example Manifest

[package]
name = "example-app"
version = "1.0.0"
description = "Example application for air-gap deployment"

[targets]
platforms = ["linux-x86_64", "macos-aarch64"]
default = "linux-x86_64"

[[components]]
type = "rust-app"
source = "."
vendor = true
include_toolchain = true

[[components]]
type = "external-binary"
name = "dependency"
repo = "https://github.com/example/dependency.git"
tag = "v1.0.0"
build_instructions = "make"

[[components]]
type = "model-file"
name = "model"
url = "https://example.com/model.bin"
checksum = "sha256:abc123..."
required = true

[install]
method = "build-from-source"
install_to = "user"
mode = "interactive"