git.stella-ops.org/ops/devops/rules/contracts-anchor.md

# DevOps Rules Anchor (DEVOPS-RULES-33-001)

Canonical guardrails for platform builds:

1) Gateway proxies only; Policy Engine composes overlays/simulations.  
2) AOC ingestion is lossless-only; no merge semantics permitted.  
3) Single graph platform: Graph Indexer + Graph API; Cartographer retired.

Implications
- Service teams must front external ingress with the gateway; no direct service exposure.
- AOC import pipelines must validate canonicalization and reject lossy merges.
- Graph workstreams target Indexer + API; no new Cartographer deployments or dependencies.

Enforcement
- Add lint/checks in CI to flag direct service ingress configs and Cartographer references.
- AOC pipelines ship with canonicalization tests and forbid lossy transforms.
- Architecture reviews use this anchor as baseline; deviations require design review + ADR.

Status: Adopted 2025-11-25.