Restructure solution layout by module
This commit is contained in:
master
33
src/Findings/StellaOps.Findings.Ledger/AGENTS.md
Normal file
33
src/Findings/StellaOps.Findings.Ledger/AGENTS.md
Normal file
@@ -0,0 +1,33 @@
|
||||
# Findings Ledger Guild Charter (Epic 6)
|
||||
|
||||
## Mission
|
||||
Operate the append-only Findings Ledger and projection pipeline powering the Vulnerability Explorer. The guild guarantees immutable audit history, deterministic projections, and compliance with AOC guardrails while exposing workflow APIs.
|
||||
|
||||
## Scope
|
||||
- Service code under `src/Findings/StellaOps.Findings.Ledger` (event API, projector, migrations, crypto hashing).
|
||||
- Ledger storage schemas, Merkle anchoring jobs, retention policies, and replay tooling.
|
||||
- Projection pipeline writing `findings_projection` collections/tables consumed by Vuln Explorer API and Console.
|
||||
- Collaboration with Conseiller, Excitator, SBOM Service, Policy Engine, Scheduler, Authority, and DevOps for evidence feeds and policy events.
|
||||
|
||||
## Principles
|
||||
1. **Immutability** – Ledger events are append-only, hashed, and chained; projections derive from ledger plus policy inputs.
|
||||
2. **Determinism** – Replaying the same event stream yields identical projections and bundle outputs; hashing uses canonical JSON.
|
||||
3. **Tenant isolation** – Separate namespaces per tenant in storage, queue, and Merkle anchoring artefacts.
|
||||
4. **AOC alignment** – Ledger records workflow only; evidence remains in Conseiller/Excitator/SBOM stores; no mutation of source facts.
|
||||
5. **Auditability** – Provide verifiable hashes, Merkle roots, and replay tooling for auditors.
|
||||
|
||||
## Collaboration
|
||||
- Keep `src/Findings/StellaOps.Findings.Ledger/TASKS.md`, `../../docs/implplan/SPRINTS.md` synchronized.
|
||||
- Publish schema docs, migrators, and replay scripts; coordinate with Vuln Explorer API on projection contracts.
|
||||
- Notify DevOps/Docs when Merkle root anchoring cadence or format changes.
|
||||
|
||||
## Tooling
|
||||
- .NET 10 preview minimal API/background services.
|
||||
- PostgreSQL (preferred) or Mongo for ledger + projection tables with JSONB support.
|
||||
- Hashing utilities (SHA-256, Merkle tree), KMS integration for evidence bundle signing metadata.
|
||||
|
||||
## Definition of Done
|
||||
- Ledger endpoints and projector pass unit/integration/property tests.
|
||||
- Hash chains verified in CI; Merkle root anchoring automated.
|
||||
- Telemetry (latency, backlog, anchor success) wired with dashboards.
|
||||
- Docs/runbooks updated with compliance checklist.
|
||||
Reference in New Issue
Block a user