git.stella-ops.org/etc/facet-quotas.yaml.sample

# Facet Quota Configuration
# Sprint: SPRINT_20260105_002_003_FACET_perfacet_quotas
# Task: QTA-021
#
# This file defines per-facet drift quotas that control how much change
# is acceptable before triggering a policy action (warn, block, or auto-VEX).
#
# Facets represent logical groupings of files in a container image:
# - binaries: Executable files and shared libraries
# - lang-deps: Language package dependencies (npm, pip, maven, etc.)
# - os-packages: OS-level packages (rpm, dpkg, apk)
# - configs: Configuration files
# - data: Static data files

# Default quota applied when no facet-specific quota is defined
defaults:
  maxChurnPercent: 30       # Maximum percentage of files that can change
  maxChangedFiles: 100      # Maximum absolute number of changed files
  maxAddedFiles: 50         # Maximum number of new files
  maxRemovedFiles: 50       # Maximum number of removed files
  action: warn              # Action when quota exceeded: warn | block | auto-vex
  
# Per-facet quota overrides
facets:
  # Binaries facet - tight quota because binary changes are high-risk
  binaries:
    maxChurnPercent: 10
    maxChangedFiles: 20
    maxAddedFiles: 10
    maxRemovedFiles: 5
    action: block
    # Files matching these patterns are excluded from quota calculation
    allowlist:
      - "**/__pycache__/**"
      - "**/*.pyc"
      - "**/node_modules/.cache/**"
    
  # Language dependencies - moderate quota
  lang-deps:
    maxChurnPercent: 25
    maxChangedFiles: 50
    maxAddedFiles: 30
    maxRemovedFiles: 30
    action: auto-vex
    
  # OS packages - strict quota
  os-packages:
    maxChurnPercent: 15
    maxChangedFiles: 30
    maxAddedFiles: 15
    maxRemovedFiles: 15
    action: block
    
  # Configuration files - moderate quota
  configs:
    maxChurnPercent: 50
    maxChangedFiles: 100
    maxAddedFiles: 50
    maxRemovedFiles: 50
    action: warn
    
  # Data files - permissive quota
  data:
    maxChurnPercent: 80
    maxChangedFiles: 500
    maxAddedFiles: 250
    maxRemovedFiles: 250
    action: warn

# Quota profiles for quick configuration
# Use: profile: strict | moderate | permissive
profiles:
  strict:
    description: "Minimal change tolerance, blocks on most drift"
    defaults:
      maxChurnPercent: 10
      maxChangedFiles: 20
      action: block
    facets:
      binaries:
        maxChurnPercent: 5
        maxChangedFiles: 5
        action: block
      lang-deps:
        maxChurnPercent: 10
        maxChangedFiles: 20
        action: block
      os-packages:
        maxChurnPercent: 5
        maxChangedFiles: 10
        action: block
        
  moderate:
    description: "Balanced quota with auto-VEX for review"
    defaults:
      maxChurnPercent: 25
      maxChangedFiles: 50
      action: auto-vex
    facets:
      binaries:
        maxChurnPercent: 15
        maxChangedFiles: 25
        action: auto-vex
      lang-deps:
        maxChurnPercent: 30
        maxChangedFiles: 60
        action: auto-vex
      os-packages:
        maxChurnPercent: 20
        maxChangedFiles: 40
        action: auto-vex
        
  permissive:
    description: "Relaxed quota for development environments"
    defaults:
      maxChurnPercent: 50
      maxChangedFiles: 200
      action: warn
    facets:
      binaries:
        maxChurnPercent: 30
        maxChangedFiles: 100
        action: warn
      lang-deps:
        maxChurnPercent: 60
        maxChangedFiles: 200
        action: warn
      os-packages:
        maxChurnPercent: 40
        maxChangedFiles: 100
        action: warn

# Environment-specific overrides
# These are applied on top of the selected profile
environments:
  production:
    profile: strict
    overrides:
      binaries:
        action: block
  staging:
    profile: moderate
  development:
    profile: permissive