stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
f30805ad7f5457dac581340d20d3f7a1d3afcbf6
git.stella-ops.org/docs/devops/contracts-and-rules.md
master 90c244948a Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations. 
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`.
- Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
2025-11-05 11:58:32 +02:00

3.2 KiB
Raw Blame History

DevOps Governance Rules Anchor (Sprint33)

Scope · Exit deliverable for DEVOPS-RULES-33-001
Audience · DevOps Guild, Platform leads, service owners
Related · ops/devops/TASKS.md, docs/backlog/2025-10-cleanup.md, docs/modules/platform/architecture-overview.md

This note consolidates the platform governance rules ratified on 30October2025.
Each rule captures intent, affected surfaces, enforcement actions, and references to the source-of-truth backlogs so that subsequent sprints do not reintroduce conflicting work.

Rule Intent & Rationale Enforcement & Ownership Follow-ups
Gateway is a proxy only; Policy Engine owns overlays/simulations. Keep Gateway thin and deterministic: it authenticates, authorises, and forwards requests. All overlay composition, simulation, and policy evaluation stays inside Policy Engine so we avoid duplicated logic and time-of-check drift. Owners: BEBase Platform Guild + Policy Engine Guild.
Enforcement: Gateway PR reviews block embedded overlay code, new endpoints require Policy Engine contracts, CI parity checks compare Gateway ↔ Policy overlay schemas.		 - Update open tasks referencing “gateway overlay” work to point at POLICY-ENGINE-20-00x.
- Close or rewrite backlog items WEB-POLICY-20-00x that attempted to compute overlays in Gateway.
AOC ingestion is canonical-only; no merges at ingest. Concelier/Excititor persist upstream truth plus provenance. Derived severity, merges, or dedupe belong to downstream Policy workflows. This keeps ingestion auditable and replayable. Owners: Concelier & Excititor guilds, DevOps Guild for CI pipelines.
Enforcement: StellaOps.Aoc guard library, Mongo validators, Roslyn analyzer backlog (WEB-AOC-19-003), CI job stella aoc verify.		 - Ensure ingestion tasks reference the guard library (StellaOps.Aoc).
- Retire legacy tasks that still mention merge-at-ingest (see backlog cleanup note).
Single graph platform: Graph Indexer + Graph API (Cartographer retired). Replace the historical Cartographer service with the Graph Indexer + Graph API pairing so graph storage, overlays, and explorer flows share one platform. Owners: Graph Platform Guild, Scheduler Guild, DevOps Guild.
Enforcement: New graph work lands in docs/modules/graph/** and src/Graph/**. Gateway/UI/CLI tickets reference the Graph API endpoints only.		 - Archive Cartographer handshake docs and mark Cartographer backlog items as historical.
- Update Scheduler/SBOM/Console tickets to depend on GRAPH-* IDs instead of CARTO-*.

Tracking & documentation

  • Rules recorded in correspoding sprint file /docs/implplan/SPRINT_*.md (Sprint33) and /docs/ops/devops/TASKS.md.
  • Repository-wide references to “Cartographer as active platform” updated (see backlog note amendment and doc banner).
  • Changelog entry (docs/updates/2025-10-30-devops-governance.md) captures reviewer acknowledgement.

Future adjustments to these rules must update this file and reference DEVOPS-RULES-33-001 when proposing changes so the DevOps Guild can track history.