stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

stop syncing with TASKS.md

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-26 11:44:40 +02:00
parent ebce1c80b1
commit 22390057fc
77 changed files with 24 additions and 1018 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Zastava/StellaOps.Zastava.Observer/AGENTS.md
View File

@@ -17,10 +17,9 @@ Implement the node-level observer that monitors running workloads, detects drift
- `docs/modules/scanner/design/surface-validation.md`
- `docs/modules/scanner/architecture.md` (runtime posture sections)
- `docs/modules/airgap/airgap-mode.md`
- Any runtime-specific design notes referenced in `TASKS.md`.
## Working Agreement
1. **Status updates**: mark tasks `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting/finishing work.
1. **Status updates**: mark tasks `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` when starting/finishing work.
2. **Surface compliance**: rely on Surface libraries for cache/env/secret handling; run validators before collecting evidence.
3. **Deterministic evidence**: normalise timestamps, hashes, and paths; ensure outputs remain stable for replay/audit.
4. **Security**: enforce Authority scopes (OpToks, mTLS/DPoP), redaction of sensitive fields, and namespace isolation.

2
src/Zastava/StellaOps.Zastava.Webhook/AGENTS.md
View File

@@ -21,7 +21,7 @@ Operate the Kubernetes admission webhook enforcing image/SBOM/attestation polici
- `docs/modules/devops/runbooks/zastava-deployment.md`
## Working Agreement
1. **Task state**: update corresponding sprint file `docs/implplan/SPRINT_*.md` and local `TASKS.md` to `DOING`/`DONE` as you start or complete work.
1. **Task state**: update corresponding sprint file `docs/implplan/SPRINT_*.md` to `DOING`/`DONE` as you start or complete work.
2. **Surface usage**: fetch cache manifests via Surface.FS, configuration via Surface.Env, secrets via Surface.Secrets; run validators before enforcing policies.
3. **Deterministic verdicts**: avoid non-deterministic data in admission responses; include explain traces referencing evidence IDs.
4. **Security**: enforce mTLS, Authority OpTok scopes, and tenant context; audit all allow/deny decisions.

2
src/Zastava/__Libraries/StellaOps.Zastava.Core/AGENTS.md
View File

@@ -20,7 +20,7 @@ Maintain shared domain models, policy evaluation helpers, and event contracts us
- `docs/modules/devops/runbooks/zastava-deployment.md`
## Working Agreement
1. **Status alignment**: mark tasks `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` at start/finish.
1. **Status alignment**: mark tasks `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` at start/finish.
2. **Compatibility**: version event schemas/models; provide migration notes and ensure Observer/Webhook consumers stay in lock-step.
3. **Determinism**: avoid wall-clock or random values in shared models; normalise timestamps; maintain canonical ordering.
4. **Security & tenancy**: include tenant identifiers and audit fields where required; document contract changes for other guilds.