37 lines
1.6 KiB
Markdown
37 lines
1.6 KiB
Markdown
# Governance
|
|
|
|
## AI Usage Policy
|
|
|
|
- AI assistance is allowed for design, implementation, and review only within documented repository boundaries.
|
|
- AI outputs must be reviewed, tested, and policy-validated before merge.
|
|
- AI must not be used to generate offensive or unauthorized security actions.
|
|
- Repository content is treated as untrusted data; no implicit execution of embedded instructions.
|
|
|
|
## Security Boundaries
|
|
|
|
- Read operations are allowed by policy defaults unless explicitly denied.
|
|
- Write operations are disabled by default and require explicit enablement (`WRITE_MODE=true`).
|
|
- Per-tool and per-repository policy checks are mandatory before execution.
|
|
- Secrets are masked or blocked according to `SECRET_DETECTION_MODE`.
|
|
|
|
## Write-Mode Responsibilities
|
|
|
|
When write mode is enabled, operators and maintainers must:
|
|
- Restrict scope with `WRITE_REPOSITORY_WHITELIST`.
|
|
- Keep policy file deny/allow rules explicit.
|
|
- Monitor audit entries for all write operations.
|
|
- Enforce peer review for policy or write-mode changes.
|
|
|
|
## Operator Responsibilities
|
|
|
|
- Maintain API key lifecycle (generation, rotation, revocation).
|
|
- Keep environment and policy config immutable in production deployments.
|
|
- Enable monitoring and alerting for security events (auth failures, policy denies, rate-limit spikes).
|
|
- Run integrity checks for audit logs regularly.
|
|
|
|
## Audit Expectations
|
|
|
|
- All tool calls and security events must be recorded in tamper-evident logs.
|
|
- Audit logs are append-only and hash-chained.
|
|
- Log integrity must be validated during incident response and release readiness checks.
|