feat(bundle): air-gapped signing with --tlog-upload=false for restricted networks

## Problem

Fully disconnected (air-gapped) environments cannot upload to any transparency log—public or private. Currently there is no way to sign bundles without network connectivity to a Rekor instance.

## Proposal

Add a `--tlog-upload` flag (default `true`) to `aicr bundle` (and/or `aicr bundle-sign`) that disables transparency log uploads when set to `false`. Combined with KMS-backed signing (#407), this enables fully offline bundle attestation.

### New Flag

| Flag | Type | Default |
|------|------|---------|
| `--tlog-upload` | bool | `true` |

### Behavior

- When `--tlog-upload=false`, AICR skips the Rekor transparency log upload during signing
- Must be combined with `--signing-key <kms-uri>` (keyless signing requires Fulcio, which requires network)
- No operational metadata leaves the network perimeter
- The resulting bundle is still a valid cosign bundle, verifiable with `--insecure-ignore-tlog` or offline verification

### Validation Combinations

| Signing Method | tlog-upload | Valid? | Use Case |
|----------------|-------------|--------|----------|
| Keyless (OIDC) | true | Yes | Default public Sigstore |
| Keyless (OIDC) | false | **No** | Keyless requires Fulcio network access |
| KMS key | true | Yes | KMS + public/private transparency log |
| KMS key | false | Yes | **Air-gapped**: fully offline signing |

AICR should reject the invalid combination (keyless + no tlog) at flag validation time with a clear error message.

### Verification in Air-Gapped Environments

Verification uses the KMS public key and skips tlog verification:
```bash
cosign verify --key <kms-uri> --insecure-ignore-tlog <bundle>
```

## Implementation Notes

- Cosign supports `--tlog-upload=false` natively
- Pass through to cosign signing options alongside the existing signing path
- Depends on KMS-backed signing support (see related issue)

## Dependencies

- Requires: #407 (KMS-backed signing — `--signing-key` flag)
- Complementary: #408 (Private Sigstore infrastructure — `--fulcio-url` / `--rekor-url`)

## Success Criteria

- `aicr bundle --signing-key gcpkms://... --tlog-upload=false` produces a valid signed bundle with no network calls to Rekor
- Invalid combination `--tlog-upload=false` without `--signing-key` is rejected with a clear error
- Bundle is verifiable offline with the KMS public key
- `make test` and `make lint` pass with no regressions


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(bundle): air-gapped signing with --tlog-upload=false for restricted networks #409

Problem

Proposal

New Flag

Behavior

Validation Combinations

Verification in Air-Gapped Environments

Implementation Notes

Dependencies

Success Criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Signing Method	tlog-upload	Valid?	Use Case
Keyless (OIDC)	true	Yes	Default public Sigstore
Keyless (OIDC)	false	No	Keyless requires Fulcio network access
KMS key	true	Yes	KMS + public/private transparency log
KMS key	false	Yes	Air-gapped: fully offline signing

feat(bundle): air-gapped signing with --tlog-upload=false for restricted networks #409

Description

Problem

Proposal

New Flag

Behavior

Validation Combinations

Verification in Air-Gapped Environments

Implementation Notes

Dependencies

Success Criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions