AGENTS.md

Overview

This repository implements a production-ready, cross-organization IR orchestration MVP called GuardRailOps. It targets offline/partitioned networks with eventual reconciliation and auditable governance.

Tech stack (Python-based MVP)

Architecture components

LocalIRTask, SharedTelemetry, PlanDelta: core DSL primitives implemented as dataclasses
DeltaSyncEngine: simple offline delta propagation and deterministic replay
GovernanceLedger: append-only, cryptographically-signed entries (simulated)
GoCRegistry: skeleton registry for Graph-of-Contracts, to be extended
Adapters: SIEMAdapter, EDRAdapter with TLS mutual authentication hooks (simulated)

Development and testing workflow

Run tests with test.sh (located in root)
Packaging: build w/ python -m build via test.sh
Use AGENTS.md guidelines to extend; avoid breaking the contract DSL unless explicitly required

Contribution rules

Minimal, atomic changes preferred
Add tests for new features; ensure all tests pass before merging
Do not push to remote unless explicitly requested
Notes
This is a multi-organization, highway-to-production project. The MVP emphasizes determinism, data locality, and governance transparency.
Architecture augmentation for GuardRailOps MVP (federated IR):
1. Governance scaffolds: GovernanceLedger, PrivacyBudget, and a minimal AuditLog flow for provenance.
1. Graph-of-Contracts skeleton: GoCRegistry for contract/adaptor metadata with a tiny in-memory store.
1. Adapters marketplace: AdapterMarketplace container to register and discover adapters (e.g., SIEM/EDR).
1. Existing core primitives (LocalIRTask, SharedTelemetry, PlanDelta) remain the core DSL, extended for privacy-preserving telemetry and deterministic delta-reconciliation.