90c244948a
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`. - Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
1.7 KiB
1.7 KiB
Vulnerability Explorer agent guide
Mission
Vulnerability Explorer delivers policy-aware triage, investigation, and reporting surfaces for effective findings.
Key docs
How to get started
- Review ./architecture.md for ledger schema, workflow states, and export requirements.
- Open sprint file
/docs/implplan/SPRINT_*.mdand locate stories for this component. - Check ./TASKS.md and update status before/after work.
- Read README/architecture for design context and update as the implementation evolves.
Guardrails
- Uphold Aggregation-Only Contract boundaries when consuming ingestion data.
- Preserve determinism and provenance in all derived outputs.
- Document offline/air-gap pathways for any new feature.
- Update telemetry/observability assets alongside feature work.
Required Reading
docs/modules/vuln-explorer/README.mddocs/modules/vuln-explorer/architecture.mddocs/modules/vuln-explorer/implementation_plan.mddocs/modules/platform/architecture-overview.md
Working Agreement
-
- Update task status to
DOING/DONEin both correspoding sprint file/docs/implplan/SPRINT_*.mdand the localTASKS.mdwhen you start or finish work.
- Update task status to
-
- Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
-
- Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
-
- Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
-
- Revert to
TODOif you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
- Revert to