feat: Add guild charters and task boards for various components
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform. - Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds. - Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies. - Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.
This commit is contained in:
29
src/Scanner/StellaOps.Scanner.WebService/AGENTS.md
Normal file
29
src/Scanner/StellaOps.Scanner.WebService/AGENTS.md
Normal file
@@ -0,0 +1,29 @@
|
||||
# Scanner WebService Guild Charter
|
||||
|
||||
## Mission
|
||||
Operate the Scanner WebService API, orchestrating scan requests, queue interactions, artifact delivery, and integration with attestation, policy, and surface libraries. The service must remain deterministic, tenant-aware, and offline-ready while exposing minimal APIs and events.
|
||||
|
||||
## Scope
|
||||
- APIs, controllers, and background services in `StellaOps.Scanner.WebService`.
|
||||
- Queue producers, artifact catalog endpoints, diff/report export, and attestation hand-offs.
|
||||
- Integration with Surface.Env/Fs/Secrets/Validation and Scanner Worker.
|
||||
- Event publishing (orchestrator/Notifier) and observability instrumentation.
|
||||
|
||||
## Required Reading
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/modules/scanner/design/surface-env.md`
|
||||
- `docs/modules/scanner/design/surface-fs.md`
|
||||
- `docs/modules/scanner/design/surface-secrets.md`
|
||||
- `docs/modules/scanner/design/surface-validation.md`
|
||||
- `docs/modules/platform/architecture-overview.md` (scanner section)
|
||||
- `docs/modules/attestor/architecture.md` (handoff expectations)
|
||||
- `docs/modules/export-center/architecture.md` (report export dependencies)
|
||||
- `docs/modules/scheduler/architecture.md` (rescan interactions)
|
||||
|
||||
## Working Agreement
|
||||
1. **Status updates**: change task state to `DOING`/`DONE` in both `docs/implplan/SPRINTS.md` and local `TASKS.md` when you start/finish work.
|
||||
2. **Contract-first changes**: update OpenAPI specs/test fixtures when APIs change; coordinate with CLI/UI consumers.
|
||||
3. **Surface integration**: centralise cache/env/secret access via Surface libraries; run validators before executing handlers.
|
||||
4. **Determinism**: queue IDs, report manifests, and export metadata must remain stable; avoid wall-clock usage in response payloads.
|
||||
5. **Security & tenancy**: enforce Authority scopes, DPoP, and tenant context; audit sensitive operations.
|
||||
6. **Observability**: instrument metrics/logs/traces per design docs; ensure new endpoints include structured logging and unit/integration tests.
|
||||
@@ -2,6 +2,9 @@
|
||||
|
||||
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|
||||
|----|--------|----------|------------|-------------|---------------|
|
||||
| SCANNER-SURFACE-02 | TODO | Scanner WebService Guild | SURFACE-FS-02 | Publish Surface.FS pointers (CAS URIs, manifests) via scan/report APIs and update attestation metadata. | OpenAPI updated; clients regenerated; integration tests validate pointer presence and tenancy. |
|
||||
| SCANNER-ENV-02 | TODO | Scanner WebService Guild, Ops Guild | SURFACE-ENV-02 | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. | Service uses helper; env table documented; helm/compose templates updated. |
|
||||
| SCANNER-SECRETS-02 | TODO | Scanner WebService Guild, Security Guild | SURFACE-SECRETS-02 | Replace ad-hoc secret wiring with Surface.Secrets for report/export operations (registry and CAS tokens). | Secrets fetched through shared provider; unit/integration tests cover rotation + failure cases. |
|
||||
| SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | Scanner WebService Guild | ORCH-SVC-38-101, NOTIFY-SVC-38-001 | Emit orchestrator-compatible envelopes (`scanner.event.*`) and update integration tests to verify Notifier ingestion (no Redis queue coupling). | Tests assert envelope schema + orchestrator publish; Notifier consumer harness passes; docs updated with new event contract. Blocked by .NET 10 preview OpenAPI/Auth dependency drift preventing `dotnet test` completion. |
|
||||
| SCANNER-EVENTS-16-302 | DOING (2025-10-26) | Scanner WebService Guild | SCANNER-EVENTS-16-301 | Extend orchestrator event links (report/policy/attestation) once endpoints are finalised across gateway + console. | Links section covers UI/API targets; downstream consumers validated; docs/samples updated. |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user