9f6e6f7fb3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
SDK Publish & Sign / sdk-publish (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
880 B
880 B
DevOps Rules Anchor (DEVOPS-RULES-33-001)
Canonical guardrails for platform builds:
- Gateway proxies only; Policy Engine composes overlays/simulations.
- AOC ingestion is lossless-only; no merge semantics permitted.
- Single graph platform: Graph Indexer + Graph API; Cartographer retired.
Implications
- Service teams must front external ingress with the gateway; no direct service exposure.
- AOC import pipelines must validate canonicalization and reject lossy merges.
- Graph workstreams target Indexer + API; no new Cartographer deployments or dependencies.
Enforcement
- Add lint/checks in CI to flag direct service ingress configs and Cartographer references.
- AOC pipelines ship with canonicalization tests and forbid lossy transforms.
- Architecture reviews use this anchor as baseline; deviations require design review + ADR.
Status: Adopted 2025-11-25.