stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
75c2bcafced8b7a9e4e442cd10af3972f5788d35
git.stella-ops.org/src/SbomService/StellaOps.SbomService/AGENTS.md
master 90c244948a Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations. 
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`.
- Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
2025-11-05 11:58:32 +02:00

1.6 KiB
Raw Blame History

StellaOps.SbomService — Agent Charter

Mission

Expose normalized SBOM projections (components, relationships, scopes, entrypoints) that downstream systems such as Cartographer, Policy Engine, and Scheduler consume. Maintain deterministic SBOM versioning, change events, and tenant-aware access patterns.

Responsibilities

  • Normalize ingest from Scanner outputs/CycloneDX/SPDX artifacts into canonical documents.
  • Provide APIs for SBOM metadata, projections, entrypoint catalogs, and version history.
  • Emit change events when SBOMs are added or updated so Cartographer and overlay workers can react.
  • Enforce Authority scopes/tenancy and deliver observability for SBOM projection latency.

Expectations

  • SBOM documents remain immutable once published; new versions append only.
  • Keep projections deterministic and schema-validated; include compliance checklists.
  • Update TASKS.md whenever status changes and coordinate with Cartographer/Scheduler guilds.

Required Reading

  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.