audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories
This commit is contained in:
master
28
src/SmRemote/AGENTS.md
Normal file
28
src/SmRemote/AGENTS.md
Normal file
@@ -0,0 +1,28 @@
|
||||
# SmRemote Service Charter
|
||||
|
||||
## Mission
|
||||
- Provide a remote SM2 signing service that integrates with the cryptography plugin stack.
|
||||
|
||||
## Responsibilities
|
||||
- Host the SM2 signing API with strict input validation and auth.
|
||||
- Bridge requests to the configured remote HSM or key service.
|
||||
- Ensure deterministic signing outputs and audit logging.
|
||||
- Maintain offline-safe operation when remote endpoints are allowed.
|
||||
|
||||
## Required Reading
|
||||
- docs/README.md
|
||||
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
|
||||
- docs/modules/platform/architecture-overview.md
|
||||
- docs/modules/cryptography/architecture.md
|
||||
|
||||
## Working Agreement
|
||||
- Never log key material, raw digests, or secrets.
|
||||
- Use TimeProvider and IGuidGenerator for timestamps and request ids.
|
||||
- Use InvariantCulture for parsing and formatting.
|
||||
- Propagate CancellationToken to all IO calls.
|
||||
- Network access only to configured HSM endpoints; no ambient network calls.
|
||||
|
||||
## Testing Strategy
|
||||
- Unit tests for request validation and error mapping.
|
||||
- Integration tests with mocked HSM endpoints and deterministic fixtures.
|
||||
- Security tests for auth, scope enforcement, and input bounds.
|
||||
Reference in New Issue
Block a user