4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`. - Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs. - Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details. - Enhanced evidence entries with expiration dates and hashes for better integrity checks. - Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
2.3 KiB
2.3 KiB
AGENTS · Documentation Working Directory
Scope & Roles
- Working directory:
docs/(includesdocs/assets/**fixtures anddocs/api/console/samples/**). - Roles: Documentation author (primary), QA/fixtures reviewer, module SMEs (Console/UI, Advisory AI, Policy/Airgap) for accuracy checks.
- Only documentation and fixture assets live here; code changes belong to module repos and must be coordinated via the owning sprint.
Required Reading (treat as read before DOING)
docs/README.mdanddocs/07_HIGH_LEVEL_ARCHITECTURE.md.- Module dossiers relevant to the document being edited (e.g.,
docs/modules/advisory-ai/architecture.md,docs/modules/ui/architecture.md,docs/modules/airgap/architecture.md,docs/modules/platform/architecture-overview.md). - Active sprint file:
docs/implplan/SPRINT_0301_0001_0001_docs_md_i.md(Docs Tasks Md.I).
Working Agreements
- Determinism: Keep fixtures and captures reproducible. Store payload JSON alongside SVG/PNG captures; record sha256 hashes in the doc and verify with
sha256sumbefore publishing. - Offline posture: Use sealed/fixture data only; no external fonts/CDNs or live calls in regeneration scripts. Capture timestamps in UTC.
- Status discipline: Update task status in the sprint Delivery Tracker (
TODO → DOING → DONE/BLOCKED) and log changes in the sprint Execution Log. - Cross-links: When documentation applies a design/advisory change, update the relevant module doc and link it from the sprint’s Decisions & Risks.
- Testing: For regeneration scripts, keep them self-contained (stdlib-only) and record expected hashes so QA can diff outputs deterministically.
Boundaries
- Do not edit source code outside
docs/without an explicit sprint note. - Asset placement: use
docs/assets/<area>/for captures anddocs/api/<area>/samples/for JSON fixtures. Name capturesyyyyMMdd-HHmmss-<view>-<build>.<ext>in UTC.
Escalation / Blockers
- Missing fixtures or conflicting contracts → mark the task
BLOCKEDin the sprint file, describe the needed artifact or contract in Decisions & Risks, then continue with other unblocked work. - If new advisories land, run the advisory-sync workflow: update high-level docs, deep area docs, add sprint tasks, and carry code samples into fixtures/tests immediately.