stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5d5e80b2e443d61f74451920405b4e894ef28b4e
git.stella-ops.org/src/Policy/StellaOps.Policy.Gateway/AGENTS.md
master 5d5e80b2e4 stabilize tests
2026-02-01 21:37:40 +02:00

1.7 KiB
Raw Blame History

StellaOps.Policy.Gateway ??? AGENTS Charter

Working Directory & Mission

  • Working directory: src/Policy/StellaOps.Policy.Gateway/**.
  • Mission: expose policy APIs (incl. CVSS v4.0 receipt endpoints) with tenant-safe, deterministic responses, DSSE-backed receipts, and offline-friendly defaults.

Roles

  • Backend engineer (.NET 10 / ASP.NET Core minimal API): endpoints, auth scopes, persistence wiring.
  • QA engineer: WebApplicationFactory integration slices; deterministic contract tests (status codes, schema, ordering, hashes).

Required Reading (treat as read before DOING)

  • docs/modules/policy/architecture.md
  • docs/modules/platform/architecture-overview.md
  • docs/modules/policy/cvss-v4.md
  • docs-archived/product/advisories/27-Nov-2025-superseded/
  • Sprint tracker: docs-archived/implplan/SPRINT_0190_0001_0001_cvss_v4_receipts.md

Working Agreements

  • Enforce tenant isolation and policy:*/cvss:*/effective:write scopes on all endpoints.
  • Determinism: stable ordering, UTC ISO-8601 timestamps, canonical JSON for receipts and exports; include scorer version/hash in responses.
  • Offline-first: no outbound calls beyond configured internal services; feature flags default to offline-safe.
  • DSSE: receipt create/amend routes must emit DSSE (stella.ops/cvssReceipt@v1) and persist references.
  • Schema governance: keep OpenAPI/JSON schemas in sync with models; update docs and sprint Decisions & Risks when contracts change.

Testing

  • Prefer integration tests via WebApplicationFactory (in a StellaOps.Policy.Gateway.Tests project) covering auth, tenancy, determinism, DSSE presence, and schema validation.
  • No network; seed deterministic fixtures; assert consistent hashes across runs.