feat: harden gateway with policy engine, secure tools, and governance docs
This commit is contained in:
27
docs/automation.md
Normal file
27
docs/automation.md
Normal file
@@ -0,0 +1,27 @@
|
||||
# Automation
|
||||
|
||||
## Scope
|
||||
|
||||
Current automation capabilities:
|
||||
- Webhook ingestion endpoint (`POST /automation/webhook`).
|
||||
- On-demand scheduled-job execution endpoint (`POST /automation/jobs/run`).
|
||||
- Dependency hygiene scan job scaffold (`dependency_hygiene_scan`).
|
||||
- Stale issue detection job (`stale_issue_detection`).
|
||||
- Auto issue creation job scaffold (`auto_issue_creation`, write-mode and policy required).
|
||||
|
||||
Planned extensions:
|
||||
- Background scheduler orchestration.
|
||||
|
||||
## Control Requirements
|
||||
|
||||
All automation must be:
|
||||
- Policy-controlled.
|
||||
- Independently disableable.
|
||||
- Fully audited.
|
||||
- Explicitly documented with runbook guidance.
|
||||
|
||||
## Enablement
|
||||
|
||||
- `AUTOMATION_ENABLED=true` to allow automation endpoints.
|
||||
- `AUTOMATION_SCHEDULER_ENABLED=true` reserved for future built-in scheduler loop.
|
||||
- Policy rules must allow automation pseudo-tools (`automation_*`) per repository.
|
||||
Reference in New Issue
Block a user