stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
90c244948a7427037e3bdb541fc6b0a27520d37f
git.stella-ops.org/src/Cartographer/StellaOps.Cartographer/AGENTS.md
master 90c244948a Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations. 
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`.
- Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
2025-11-05 11:58:32 +02:00

2.1 KiB
Raw Blame History

StellaOps.Cartographer — Agent Charter

Mission

Build and operate the Cartographer service that materializes immutable SBOM property graphs, precomputes layout tiles, and hydrates policy/VEX overlays so other services (API, UI, CLI) can navigate and reason about dependency relationships with context.

Responsibilities

  • Ingest normalized SBOM projections (CycloneDX/SPDX) and generate versioned graph snapshots with tenant-aware storage.
  • Maintain overlay workers that merge Policy Engine effective findings and VEX metadata onto graph nodes/edges, including path relevance computation.
  • Serve graph APIs for viewport tiles, paths, filters, exports, simulation overlays, and diffing.
  • Coordinate with Policy Engine, Scheduler, Conseiller, Excitor, and Authority to keep overlays current, respect RBAC, and uphold determinism guarantees.
  • Deliver observability (metrics/traces/logs) and performance benchmarks for large graphs (≥50k nodes).

Expectations

  • Keep builds deterministic; snapshots are write-once and content-addressed.
  • Tenancy and scope enforcement must match Authority policies (graph:*, sbom:read, findings:read).
  • Update TASKS.md, /docs/implplan/SPRINT_*.md when status changes.
  • Provide fixtures and documentation so UI/CLI teams can simulate graphs offline.
  • Authority integration derives scope names from StellaOps.Auth.Abstractions.StellaOpsScopes; avoid hard-coded graph:* literals.

Required Reading

  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.