2d08f52715
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps. - Added example JSON schemas for observer events and webhook admissions. - Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control. - Created alert rules for Vuln Explorer to monitor API latency and projection errors. - Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails. - Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization. - Added expected projection SHA256 for vulnerability events. - Created k6 load testing script for Vuln Explorer API. - Added sample projection and replay event data for testing. - Implemented ReplayInputsLock for deterministic replay inputs management. - Developed tests for ReplayInputsLock to ensure stable hash computation. - Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity. - Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality. - Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
1.6 KiB
1.6 KiB
Implementor Guidelines (checklist draft)
Reference: docs/product-advisories/30-Nov-2025 - Implementor Guidelines for Stella Ops.md (IG1–IG10) and Sprint 300 task IMPLEMENTOR-GAPS-300-018.
CI lint & docs linkage (IG7)
- Require PRs to either touch referenced docs or set
docs: n/awith justification. - Sample hook (to implement):
.git/hooks/pre-commitinvokingscripts/lint-docs-touch.sh. - Fail CI if sprint/AGENTS references are missing for the module being changed.
Determinism & offline posture (IG2, IG3)
- Default to offline/no-network; flag any outbound calls in tests.
- Set deterministic env vars (
TZ=UTC,LC_ALL=C,PYTHONHASHSEED=0, etc.). - Enforce pinned tool/DB versions and stable ordering in outputs.
Secrets & provenance (IG5, IG9)
- Run secret scan pre-commit/CI; forbid committing
.env/keys. - DSSE/provenance required where predicates exist; verify signatures in CI when fixtures are present.
Schema/versioning control (IG1)
- Any schema change requires version bump + changelog entry; add canonical serialization tests.
- Store schemas alongside fixtures where practical.
Performance/quota (IG6)
- Define perf budget per service (P95 latency/CPU/memory) and add smoke tests on reference profile.
Boundaries & shared libs (IG8)
- Document allowed shared libraries per module; add codeowners/analyzer rules to block cross-boundary calls.
Evidence & documentation sync (IG10)
- AGENTS files and sprint docs must link to this checklist; update both when rules change.
Replace this draft with full scripts and enforcement once IMPLEMENTOR-GAPS-300-018 is executed.