master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
1.3 KiB
1.3 KiB
Aggregation-Only Contract (AOC) Guardrails
The Aggregation-Only Contract keeps ingestion services deterministic and policy-neutral. Use these checkpoints whenever you add or modify backlog items:
- Ingestion writes raw facts only. Concelier and Excititor append immutable observations/linksets. No precedence, severity, suppression, or "safe fix" hints may be computed at ingest time.
- Derived semantics live elsewhere. Policy Engine overlays, Vuln Explorer composition, and downstream reporting layers attach severity, precedence, policy verdicts, and UI hints.
- Provenance is mandatory. Every ingestion write must include original source metadata, digests, and signing/provenance evidence when available. Reject writes lacking provenance.
- Deterministic outputs. Given the same inputs, ingestion must produce identical documents, hashes, and event payloads across reruns.
- Guardrails everywhere. Roslyn analyzers, schema validators, and CI smoke tests should fail builds that attempt forbidden writes.
For detailed roles and ownership boundaries, see AGENTS.md at the repo root and the module-specific dossiers under docs/modules/<module>/architecture.md.
Need the full contract? Read the Aggregation-Only Contract reference for schemas, error codes, and migration guidance.