stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
233873f62095794364088a497b9db63a228ceab9
git.stella-ops.org/etc/policy-engine.yaml.sample
StellaOps Bot 8768c27f30
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / sign-signals-artifacts (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / verify-signatures (push) Has been cancelled
Details
Add signal contracts for reachability, exploitability, trust, and unknown symbols 
- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.
2025-12-05 00:27:00 +02:00

47 lines
1.4 KiB
Plaintext
Raw Blame History

# StellaOps Policy Engine configuration template.
# Copy to ../etc/policy-engine.yaml (relative to the Policy Engine content root)
# and adjust values to fit your environment. Environment variables prefixed with
# STELLAOPS_POLICY_ENGINE_ override these values at runtime.
schemaVersion: 1
authority:
enabled: true
issuer: "https://authority.stella-ops.local"
clientId: "policy-engine"
clientSecret: "change-me"
scopes: [ "policy:run", "findings:read", "effective:write" ]
backchannelTimeoutSeconds: 30
storage:
connectionString: "mongodb://localhost:27017/policy-engine"
databaseName: "policy_engine"
commandTimeoutSeconds: 30
workers:
schedulerIntervalSeconds: 15
maxConcurrentEvaluations: 4
activation:
forceTwoPersonApproval: false
defaultRequiresTwoPersonApproval: false
emitAuditLogs: true
resourceServer:
authority: "https://authority.stella-ops.local"
requireHttpsMetadata: true
audiences: [ "api://policy-engine" ]
requiredScopes: [ "policy:run" ]
requiredTenants: [ ]
bypassNetworks:
- "127.0.0.1/32"
- "::1/128"
# Rate limiting for simulation endpoints (WEB-POLICY-20-004)
rateLimiting:
enabled: true
simulationPermitLimit: 100 # Maximum requests per window
windowSeconds: 60 # Window duration in seconds
queueLimit: 10 # Requests queued when limit reached
tenantPartitioning: true # Enable per-tenant rate limits
Reference in New Issue View Git Blame Copy Permalink