90c244948a
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`. - Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
1.4 KiB
1.4 KiB
Attestation Bundle Export Guild Charter
Mission
Enable offline transfer and verification of attestations by building signed bundles containing envelopes, issuer metadata, and optional transparency log segments.
Scope
- Bundle construction via Export Center, including manifest, checksums, DSSE signatures.
- CLI tooling for bundle verification and import.
- Coordination with risk/attestor services for air-gap workflows.
Definition of Done
- Bundles build reproducibly with manifest + signatures and pass verification tooling.
- Importer applies bundles to air-gapped Attestor Store safely.
- Documentation covers offline workflows with imposed rule banner.
Required Reading
docs/modules/export-center/architecture.mddocs/modules/platform/architecture-overview.md
Working Agreement
-
- Update task status to
DOING/DONEin both correspoding sprint file/docs/implplan/SPRINT_*.mdand the localTASKS.mdwhen you start or finish work.
- Update task status to
-
- Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
-
- Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
-
- Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
-
- Revert to
TODOif you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
- Revert to