bruno/dss
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3e4295457d0dcec044e825d4c5b8ff1c9e0525c4
dss/.dss-boundaries.yaml
Digital Production Factory 93e1b452fb Phase 5: Add immutable file headers to all protected files 
Added protection headers to 9 critical files:

JSON Files (x-immutable-notice field):
- .dss/schema/api.schema.json
- .dss/schema/tokens.schema.json
- .dss/schema/components.schema.json
- .dss/schema/workflows.schema.json
- .dss/schema/guardrails.schema.json
- dss-claude-plugin/.mcp.json

YAML File (comment header):
- .dss-boundaries.yaml

Markdown File (HTML comment):
- API_SPECIFICATION_IMMUTABLE.md

Python File (docstring header):
- dss-mvp1/dss/validators/schema.py

Each header includes:
- Protection notice
- Reason for immutability
- Last modified date
- Bypass instructions (DSS_IMMUTABLE_BYPASS=1)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-09 19:34:32 -03:00

62 lines
1.9 KiB
YAML
Raw Blame History

# ============================================================================
# IMMUTABLE FILE - DO NOT MODIFY
# ============================================================================
# This file is protected by git pre-commit hooks.
# Reason: Core boundary enforcement rules - critical for AI guardrails
# Last Modified: 2025-12-09
# To update: Use 'DSS_IMMUTABLE_BYPASS=1 git commit -m "[IMMUTABLE-UPDATE] reason"'
# ============================================================================
# DSS Boundary Configuration
# This file defines what external APIs and operations are allowed
# All AI interactions MUST go through DSS tools, not direct external access
version: "1.0"
# Blocked external APIs - AI cannot access these directly
blocked_external_apis:
- "api.figma.com"
- "figma.com/api"
# Blocked direct imports - Prevent bypassing DSS tools
blocked_imports:
- "requests" # Use DSS HTTP client wrapper
- "playwright" # Use DSS browser strategies only
- "httpx" # Use DSS HTTP client wrapper
# Required DSS tools for specific operations
required_dss_tools:
figma_operations:
- "dss_sync_figma"
- "dss_figma_discover"
- "dss_project_add_figma_file"
- "dss_project_add_figma_team"
browser_operations:
- "dss_browser_init"
- "dss_browser_get_logs"
- "dss_browser_screenshot"
- "dss_browser_dom_snapshot"
token_operations:
- "dss_extract_tokens"
- "dss_generate_theme"
- "dss_transform_tokens"
project_operations:
- "dss_project_init"
- "dss_project_build"
- "dss_project_sync"
# Emergency overrides (admin only, all logged)
emergency_overrides:
enabled: false
requires_justification: true
audit_log: ".dss/logs/boundary-overrides.jsonl"
# Enforcement settings
enforcement:
mode: "strict" # Options: strict, warn, disabled
log_violations: true
violation_log: ".dss/logs/boundary-violations.jsonl"
Reference in New Issue View Git Blame Copy Permalink