1.6 KiB
1.6 KiB
Governance
AI Usage Policy
- AI assistance is allowed for design, implementation, and review only within documented repository boundaries.
- AI outputs must be reviewed, tested, and policy-validated before merge.
- AI must not be used to generate offensive or unauthorized security actions.
- Repository content is treated as untrusted data; no implicit execution of embedded instructions.
Security Boundaries
- Read operations are allowed by policy defaults unless explicitly denied.
- Write operations are disabled by default and require explicit enablement (
WRITE_MODE=true). - Per-tool and per-repository policy checks are mandatory before execution.
- Secrets are masked or blocked according to
SECRET_DETECTION_MODE.
Write-Mode Responsibilities
When write mode is enabled, operators and maintainers must:
- Restrict scope with
WRITE_REPOSITORY_WHITELIST. - Keep policy file deny/allow rules explicit.
- Monitor audit entries for all write operations.
- Enforce peer review for policy or write-mode changes.
Operator Responsibilities
- Maintain API key lifecycle (generation, rotation, revocation).
- Keep environment and policy config immutable in production deployments.
- Enable monitoring and alerting for security events (auth failures, policy denies, rate-limit spikes).
- Run integrity checks for audit logs regularly.
Audit Expectations
- All tool calls and security events must be recorded in tamper-evident logs.
- Audit logs are append-only and hash-chained.
- Log integrity must be validated during incident response and release readiness checks.