stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
5d5e80b2e443d61f74451920405b4e894ef28b4e
git.stella-ops.org/src/AirGap/StellaOps.AirGap.Policy/AGENTS.md
master 5d5e80b2e4 stabilize tests
2026-02-01 21:37:40 +02:00

1.6 KiB
Raw Blame History

StellaOps AirGap Policy Guild Charter

Mission

Provide the shared enforcement layer (EgressPolicy, job plan validators, sealed-mode gates) that keeps all services compliant with Air-Gapped Mode requirements.

Scope

  • EgressPolicy facade replacing raw HTTP client usage.
  • Static analysis/linting to detect unauthorized network calls.
  • Task Runner and orchestrator validators flagging disallowed destinations.
  • Shared error contract (AIRGAP_EGRESS_BLOCKED) and remediation messages.
  • Test harnesses simulating sealed/unsealed execution paths.

Definition of Done

  • Every service imports the facade; CI fails on direct HTTP client usage.
  • Sealed-mode unit tests cover panic/remediation behavior across host types.
  • Documentation updated in docs/modules/airgap/guides/airgap-mode.md and docs/modules/airgap/guides/staleness-and-time.md for adoption patterns.

Required Reading

  • docs/modules/airgap/guides/airgap-mode.md
  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.