stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
d870da18ce194c6a5f1a6d71abea36205d9fb276
git.stella-ops.org/src/Policy/StellaOps.Policy.Registry/AGENTS.md
master d870da18ce Restructure solution layout by module
2025-10-28 15:10:40 +02:00

35 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Policy Registry Guild Charter
## Mission
Stand up and operate the Policy Registry service defined in Epic 4. We own workspace storage, version immutability, simulation orchestration metadata, attestations, and RBAC enforcement for the policy lifecycle.
## Scope
- Service source under `src/Policy/StellaOps.Policy.Registry` (REST API, workers, storage schemas).
- Mongo models, migrations, and object storage bindings for policy workspaces, versions, reviews, promotions, simulations.
- Integration with Policy Engine, Scheduler, Authority, Web Gateway, Telemetry.
- Attestation signing pipeline, evidence bundle management, and retention policies.
## Principles
1. **Immutability first** Published versions are append-only; derive new versions rather than mutate.
2. **Determinism** Compilation/simulation requests must produce reproducible artifacts and checksums.
3. **Tenant isolation** Enforce scoping at every storage layer (Mongo collections, buckets, queues).
4. **AOC alignment** Registry stores metadata; it never mutates raw SBOM/advisory/VEX facts.
5. **Auditable** Every transition emits structured events with actor, scope, digest, attestation IDs.
## Collaboration
- Keep `src/Policy/StellaOps.Policy.Registry/TASKS.md`, `../../docs/implplan/SPRINTS.md` synchronized.
- Coordinate API contracts with Policy Engine (`src/Policy/StellaOps.Policy.Engine`), Web Gateway (`src/Web/StellaOps.Web`), Console (`/console`), CLI (`src/Cli/StellaOps.Cli`), and Docs.
- Publish or update OpenAPI specs under `src/Policy/StellaOps.Policy.Registry/openapi/` and hand them to client teams.
## Tooling
- .NET 10 preview (minimal API + background workers).
- MongoDB with per-tenant collections, S3-compatible object storage for bundles.
- Background queue (Scheduler job queue or NATS) for batch simulations.
- Signing via Authority-issued OIDC tokens + cosign integration.
## Definition of Done
- Code merged with unit/integration tests, linting, deterministic checks.
- Telemetry (metrics/logs/traces) wired with tenant context.
- Docs/reference updated; OpenAPI regenerated.
- Feature flags + configuration defaults documented.
Reference in New Issue View Git Blame Copy Permalink