90c244948a
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`. - Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
1.5 KiB
1.5 KiB
StellaOps AirGap Policy Guild Charter
Mission
Provide the shared enforcement layer (EgressPolicy, job plan validators, sealed-mode gates) that keeps all services compliant with Air-Gapped Mode requirements.
Scope
EgressPolicyfacade replacing raw HTTP client usage.- Static analysis/linting to detect unauthorized network calls.
- Task Runner and orchestrator validators flagging disallowed destinations.
- Shared error contract (
AIRGAP_EGRESS_BLOCKED) and remediation messages. - Test harnesses simulating sealed/unsealed execution paths.
Definition of Done
- Every service imports the facade; CI fails on direct HTTP client usage.
- Sealed-mode unit tests cover panic/remediation behavior across host types.
- Documentation updated in
docs/airgap/airgap-mode.mdanddocs/airgap/staleness-and-time.mdfor adoption patterns.
Required Reading
docs/airgap/airgap-mode.mddocs/modules/platform/architecture-overview.md
Working Agreement
-
- Update task status to
DOING/DONEin both correspoding sprint file/docs/implplan/SPRINT_*.mdand the localTASKS.mdwhen you start or finish work.
- Update task status to
-
- Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
-
- Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
-
- Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
-
- Revert to
TODOif you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
- Revert to