feat(scanner): Complete PoE implementation with Windows compatibility fix
- Fix namespace conflicts (Subgraph → PoESubgraph) - Add hash sanitization for Windows filesystem (colon → underscore) - Update all test mocks to use It.IsAny<>() - Add direct orchestrator unit tests - All 8 PoE tests now passing (100% success rate) - Complete SPRINT_3500_0001_0001 documentation Fixes compilation errors and Windows filesystem compatibility issues. Tests: 8/8 passing Files: 8 modified, 1 new test, 1 completion report 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
master
22
docs2/security-and-governance.md
Normal file
22
docs2/security-and-governance.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# Security and governance
|
||||
|
||||
## Security policy
|
||||
- Coordinated disclosure with a defined SLA and published keys.
|
||||
- Security fixes are prioritized for supported release lines.
|
||||
|
||||
## Hardening guidance
|
||||
- Non-root containers and read-only filesystems.
|
||||
- TLS for all external traffic, optional mTLS internally.
|
||||
- DPoP or mTLS sender constraints for tokens.
|
||||
- Signed artifacts and verified plugin signatures.
|
||||
- No mandatory outbound traffic for core verification paths.
|
||||
|
||||
## Governance
|
||||
- Lazy consensus with maintainer review for non-trivial changes.
|
||||
- Explicit security review for sensitive changes.
|
||||
- Contribution rules and code of conduct apply to all repos.
|
||||
|
||||
## Compliance and evidence
|
||||
- Evidence is content-addressed, signed, and replayable.
|
||||
- Audit packages include decision traces, inputs, and signatures.
|
||||
- Unknowns are preserved and surfaced, not hidden.
|
||||
Reference in New Issue
Block a user