stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
b1e78fe41273a80c09ca56e37f273fc64d2a0a32
git.stella-ops.org/docs/modules/scanner/AGENTS.md
master b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:04:10 +02:00

2.2 KiB
Raw Blame History

Scanner agent guide

Mission

Scanner analyses container images layer-by-layer, producing deterministic SBOM fragments, diffs, and signed reports.

Key docs

How to get started

  1. Open ../../implplan/SPRINTS.md and locate the stories referencing this module.
  2. Review ./TASKS.md for local follow-ups and confirm status transitions (TODO → DOING → DONE/BLOCKED).
  3. Read the architecture and README for domain context before editing code or docs.
  4. Coordinate cross-module changes in the main /AGENTS.md description and through the sprint plan.

Guardrails

  • Honour the Aggregation-Only Contract where applicable (see ../../ingestion/aggregation-only-contract.md).
  • Preserve determinism: sort outputs, normalise timestamps (UTC ISO-8601), and avoid machine-specific artefacts.
  • Keep Offline Kit parity in mind—document air-gapped workflows for any new feature.
  • Update runbooks/observability assets when operational characteristics change.

Required Reading

  • docs/modules/scanner/README.md
  • docs/modules/scanner/architecture.md
  • docs/modules/scanner/implementation_plan.md
  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both docs/implplan/SPRINTS.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.