stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-11-25 22:09:44 +02:00
parent 6bee1fdcf5
commit 9f6e6f7fb3
116 changed files with 4495 additions and 730 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ops/devops/rules/contracts-anchor.md Normal file
View File

@@ -0,0 +1,19 @@
# DevOps Rules Anchor (DEVOPS-RULES-33-001)
Canonical guardrails for platform builds:
1) Gateway proxies only; Policy Engine composes overlays/simulations.
2) AOC ingestion is lossless-only; no merge semantics permitted.
3) Single graph platform: Graph Indexer + Graph API; Cartographer retired.
Implications
- Service teams must front external ingress with the gateway; no direct service exposure.
- AOC import pipelines must validate canonicalization and reject lossy merges.
- Graph workstreams target Indexer + API; no new Cartographer deployments or dependencies.
Enforcement
- Add lint/checks in CI to flag direct service ingress configs and Cartographer references.
- AOC pipelines ship with canonicalization tests and forbid lossy transforms.
- Architecture reviews use this anchor as baseline; deviations require design review + ADR.
Status: Adopted 2025-11-25.