0de92144d2
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
mock-dev-release / package-mock-release (push) Has been cancelled
- Added ConsoleExportClient for managing export requests and responses. - Introduced ConsoleExportRequest and ConsoleExportResponse models. - Implemented methods for creating and retrieving exports with appropriate headers. feat(crypto): Add Software SM2/SM3 Cryptography Provider - Implemented SmSoftCryptoProvider for software-only SM2/SM3 cryptography. - Added support for signing and verification using SM2 algorithm. - Included hashing functionality with SM3 algorithm. - Configured options for loading keys from files and environment gate checks. test(crypto): Add unit tests for SmSoftCryptoProvider - Created comprehensive tests for signing, verifying, and hashing functionalities. - Ensured correct behavior for key management and error handling. feat(api): Enhance Console Export Models - Expanded ConsoleExport models to include detailed status and event types. - Added support for various export formats and notification options. test(time): Implement TimeAnchorPolicyService tests - Developed tests for TimeAnchorPolicyService to validate time anchors. - Covered scenarios for anchor validation, drift calculation, and policy enforcement.
1.7 KiB
1.7 KiB
StellaOps.Policy.Gateway — AGENTS Charter
Working Directory & Mission
- Working directory:
src/Policy/StellaOps.Policy.Gateway/**. - Mission: expose policy APIs (incl. CVSS v4.0 receipt endpoints) with tenant-safe, deterministic responses, DSSE-backed receipts, and offline-friendly defaults.
Roles
- Backend engineer (.NET 10 / ASP.NET Core minimal API): endpoints, auth scopes, persistence wiring.
- QA engineer: WebApplicationFactory integration slices; deterministic contract tests (status codes, schema, ordering, hashes).
Required Reading (treat as read before DOING)
docs/modules/policy/architecture.mddocs/modules/platform/architecture-overview.mddocs/modules/policy/cvss-v4.mddocs/product-advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md- Sprint tracker:
docs/implplan/SPRINT_0190_0001_0001_cvss_v4_receipts.md
Working Agreements
- Enforce tenant isolation and
policy:*/cvss:*/effective:writescopes on all endpoints. - Determinism: stable ordering, UTC ISO-8601 timestamps, canonical JSON for receipts and exports; include scorer version/hash in responses.
- Offline-first: no outbound calls beyond configured internal services; feature flags default to offline-safe.
- DSSE: receipt create/amend routes must emit DSSE (
stella.ops/cvssReceipt@v1) and persist references. - Schema governance: keep OpenAPI/JSON schemas in sync with models; update docs and sprint Decisions & Risks when contracts change.
Testing
- Prefer integration tests via WebApplicationFactory (in a
StellaOps.Policy.Gateway.Testsproject) covering auth, tenancy, determinism, DSSE presence, and schema validation. - No network; seed deterministic fixtures; assert consistent hashes across runs.