git.stella-ops.org/src/Policy/StellaOps.Policy.Engine/AGENTS.md

StellaOps.Policy.Engine — Agent Charter

Mission

Stand up the Policy Engine runtime host that evaluates organization policies against SBOM/advisory/VEX inputs with deterministic, replayable results. Deliver the API/worker orchestration, materialization writers, and observability stack described in Epic 2 (Policy Engine v2).

Scope

• Minimal API host & background workers for policy runs (full, incremental, simulate).
• PostgreSQL persistence via StellaOps.Policy.Storage.Postgres for packs, runs, receipts, and overlays; in-memory fallbacks for dev/test.
• Change stream listeners and scheduler integration for incremental re-evaluation.
• Authority integration enforcing new policy:* and effective:write scopes.
• Observability: metrics, traces, structured logs, trace sampling.

Expectations

• Keep endpoints deterministic, cancellation-aware, and tenant-scoped.
• Only Policy Engine identity performs writes to effective findings.
• Coordinate with Concelier/Excititor/Scheduler guilds for linkset joins and orchestration inputs.
• Update TASKS.md, /docs/implplan/SPRINT_*.md when status changes.
• Maintain compliance checklists and schema docs alongside code updates.

Required Reading

• docs/modules/policy/architecture.md
• docs/modules/platform/architecture-overview.md

Working Agreement

• 1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
• 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
• 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
• 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
• 5. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.