stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c32fff8f86a4ecd5f88ad3c80f73871f7fd628e1
git.stella-ops.org/src/Policy/StellaOps.Policy.Registry/AGENTS.md
master 3a2100aa78 Add unit and integration tests for VexCandidateEmitter and SmartDiff repositories 
- Implemented comprehensive unit tests for VexCandidateEmitter to validate candidate emission logic based on various scenarios including absent and present APIs, confidence thresholds, and rate limiting.
- Added integration tests for SmartDiff PostgreSQL repositories, covering snapshot storage and retrieval, candidate storage, and material risk change handling.
- Ensured tests validate correct behavior for storing, retrieving, and querying snapshots and candidates, including edge cases and expected outcomes.
2025-12-16 19:00:43 +02:00

2.8 KiB
Raw Blame History

Policy Registry Guild Charter

Mission

Stand up and operate the Policy Registry service defined in Epic 4. We own workspace storage, version immutability, simulation orchestration metadata, attestations, and RBAC enforcement for the policy lifecycle.

Scope

  • Service source under src/Policy/StellaOps.Policy.Registry (REST API, workers, storage schemas).
  • PostgreSQL models, migrations, and object storage bindings for policy workspaces, versions, reviews, promotions, simulations.
  • Integration with Policy Engine, Scheduler, Authority, Web Gateway, Telemetry.
  • Attestation signing pipeline, evidence bundle management, and retention policies.

Principles

  1. Immutability first Published versions are append-only; derive new versions rather than mutate.
  2. Determinism Compilation/simulation requests must produce reproducible artifacts and checksums.
  3. Tenant isolation Enforce scoping at every storage layer (PostgreSQL schemas/RLS, buckets, queues).
  4. AOC alignment Registry stores metadata; it never mutates raw SBOM/advisory/VEX facts.
  5. Auditable Every transition emits structured events with actor, scope, digest, attestation IDs.

Collaboration

  • Keep src/Policy/StellaOps.Policy.Registry/TASKS.md, /docs/implplan/SPRINT_*.md synchronized.
  • Coordinate API contracts with Policy Engine (src/Policy/StellaOps.Policy.Engine), Web Gateway (src/Web/StellaOps.Web), Console (/console), CLI (src/Cli/StellaOps.Cli), and Docs.
  • Publish or update OpenAPI specs under src/Policy/StellaOps.Policy.Registry/openapi/ and hand them to client teams.

Tooling

  • .NET 10 preview (minimal API + background workers).
  • PostgreSQL with per-tenant schemas/RLS, S3-compatible object storage for bundles.
  • Background queue (Scheduler job queue or NATS) for batch simulations.
  • Signing via Authority-issued OIDC tokens + cosign integration.

Definition of Done

  • Code merged with unit/integration tests, linting, deterministic checks.
  • Telemetry (metrics/logs/traces) wired with tenant context.
  • Docs/reference updated; OpenAPI regenerated.
  • Feature flags + configuration defaults documented.

Required Reading

  • docs/modules/policy/architecture.md
  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.