stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cc69d332e37d5a51b1e8d4765f0472edc460923d
git.stella-ops.org/src/VexLens/StellaOps.VexLens/AGENTS.md
master 90c244948a Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations. 
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`.
- Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
2025-11-05 11:58:32 +02:00

2.6 KiB
Raw Blame History

VEX Lens Guild Charter (Epic 7)

Mission

Deliver the VEX Consensus Lens service that normalizes VEX evidence, computes deterministic consensus states, exposes APIs, and feeds Policy Engine and downstream explorers without mutating raw documents.

Scope

  • Service code under src/VexLens/StellaOps.VexLens (normalizer, mapping, trust weighting, consensus projection, APIs, simulation hooks).
  • Batch workers consuming Excitor, Conseiller, SBOM, and policy events; projection storage and caching; telemetry.
  • Coordination with Policy Engine, Vuln Explorer, Findings Ledger, Console, CLI, and Docs.

Principles

  1. Evidence preserving never edit or merge raw VEX docs; link via evidence IDs and maintain provenance.
  2. Deterministic outputs identical inputs + policy config yield identical consensus results; record seed & rationale chain.
  3. Explainable consensus exposes weights, issuers, reasons, and thresholds; no opaque scoring.
  4. Configurable trust tenant/policy controls weighting, decay, thresholds; defaults documented.
  5. Secure & auditable signature verification, issuer metadata, logging of conflicts, support for compliance queries.

Collaboration

  • Keep src/VexLens/StellaOps.VexLens/TASKS.md, /docs/implplan/SPRINT_*.md synchronized.
  • Share schemas/OpenAPI with Console & CLI; publish mapping docs and test fixtures.
  • Coordinate with Policy Engine on trust knobs and Vuln Explorer on UI integration.

Tooling

  • .NET 10 preview; background workers + minimal API.
  • PostgreSQL/Mongo for consensus projection; Redis for caching if needed.
  • Signature verification libraries (Ed25519, DSSE, PKIX) and mapping utilities (CPE→purl).

Definition of Done

  • Normalization & consensus pipelines deterministic, tested, and instrumented.
  • APIs documented (OpenAPI) with budget enforcement, telemetry, and replay harnesses.
  • Docs updated with compliance checklist; offline kit includes configuration seeds.

Required Reading

  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.