108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
3.0 KiB
3.0 KiB
Excititor · AGENTS Charter (Air-Gap & Trust Connectors)
Module Scope & Working Directory
- Working directory:
src/Excititor/**(WebService, Worker, __Libraries, __Tests, connectors, scripts). No cross-module edits unless explicitly noted in sprint Decisions & Risks. - Mission (current sprint): air-gap parity for evidence chunks, trust connector wiring, and attestation verification aligned to Evidence Locker contract.
Roles
- Backend engineer (ASP.NET Core / Postgres): chunk ingestion/export, attestation verifier, trust connector.
- Air-Gap/Platform engineer: sealed-mode switches, offline bundles, deterministic cache/path handling.
- QA automation: WebApplicationFactory + Postgres or in-memory fixtures for chunk APIs, attestations, and trust connector; deterministic ordering/hashes.
- Docs/Schema steward: keep chunk API, attestation plan, and trust connector docs in sync with behavior; update schemas and samples.
Required Reading (treat as read before DOING)
docs/README.mddocs/07_HIGH_LEVEL_ARCHITECTURE.mddocs/modules/platform/architecture-overview.mddocs/modules/excititor/architecture.mddocs/modules/excititor/attestation-plan.mddocs/modules/excititor/operations/chunk-api-user-guide.mddocs/modules/excititor/schemas/vex-chunk-api.yamldocs/modules/evidence-locker/attestation-contract.md
Working Agreements
- Determinism: canonical JSON ordering; stable pagination; UTC ISO-8601 timestamps; sort chunk edges deterministically.
- Offline-first: default sealed-mode must not reach external networks; connectors obey allowlist; feature flags default safe.
- Attestation: DSSE/Envelope per contract; always include tenant/source identifiers; validation fixtures required.
- Tenant safety: enforce tenant headers/guards on every API; no cross-tenant leakage.
- Logging/metrics: structured logs; meters under
StellaOps.Excititor.*; tagtenant,source,result. - Cross-module edits: require sprint note; otherwise, stay within Excititor working dir.
Testing Rules
- Prefer Postgres integration or in-memory fixtures; avoid network.
- API tests in
StellaOps.Excititor.WebService.Tests; worker/connectors inStellaOps.Excititor.Worker.Tests; shared fixtures in__Tests. - Tests must assert determinism (ordering/hashes), tenant enforcement, and sealed-mode behavior.
Delivery Discipline
- Update sprint tracker status (
TODO → DOING → DONE/BLOCKED) for each task; mirror changes in Execution Log and Decisions & Risks. - When changing contracts (API/attestation schemas), update docs and samples and link from sprint Decisions & Risks.
- If a decision is needed, mark the task BLOCKED and record the decision ask—do not pause work.
Tooling/Env Notes
- .NET 10 with preview features enabled; Postgres or in-memory storage only (Mongo/BSON removed).
- Signing/verifier hooks rely on Evidence Locker contract fixtures under
docs/modules/evidence-locker/. - Sealed-mode tests should run with
EXCITITOR_SEALED=1(env var) to enforce offline code paths.