93e1b452fb
Added protection headers to 9 critical files: JSON Files (x-immutable-notice field): - .dss/schema/api.schema.json - .dss/schema/tokens.schema.json - .dss/schema/components.schema.json - .dss/schema/workflows.schema.json - .dss/schema/guardrails.schema.json - dss-claude-plugin/.mcp.json YAML File (comment header): - .dss-boundaries.yaml Markdown File (HTML comment): - API_SPECIFICATION_IMMUTABLE.md Python File (docstring header): - dss-mvp1/dss/validators/schema.py Each header includes: - Protection notice - Reason for immutability - Last modified date - Bypass instructions (DSS_IMMUTABLE_BYPASS=1) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
117 lines
3.5 KiB
JSON
117 lines
3.5 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://dss.overbits.luz.uy/schemas/guardrails.schema.json",
|
|
"title": "DSS Guardrails Schema",
|
|
"description": "AI boundary rules and enforcement policies",
|
|
"version": "2.0.0",
|
|
"x-immutable-notice": {
|
|
"protected": true,
|
|
"reason": "Boundary enforcement policies - critical for AI guardrails integrity",
|
|
"lastModified": "2025-12-09",
|
|
"bypassMethod": "Use 'DSS_IMMUTABLE_BYPASS=1 git commit' or commit message '[IMMUTABLE-UPDATE] reason'"
|
|
},
|
|
"type": "object",
|
|
"required": ["immutableFiles", "boundaries", "tempFolderPolicy"],
|
|
"properties": {
|
|
"immutableFiles": {
|
|
"type": "array",
|
|
"description": "Files that cannot be modified without authorization",
|
|
"items": {
|
|
"type": "object",
|
|
"required": ["pattern", "reason"],
|
|
"properties": {
|
|
"pattern": {
|
|
"type": "string",
|
|
"description": "File path pattern (glob)"
|
|
},
|
|
"reason": {
|
|
"type": "string",
|
|
"description": "Why this file is immutable"
|
|
},
|
|
"bypassMethod": {
|
|
"type": "string",
|
|
"enum": ["commit-message", "environment-variable", "admin-approval"],
|
|
"description": "How to bypass protection"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"boundaries": {
|
|
"type": "object",
|
|
"description": "External API and operation boundaries",
|
|
"properties": {
|
|
"blockedAPIs": {
|
|
"type": "array",
|
|
"description": "External APIs that cannot be accessed directly",
|
|
"items": {
|
|
"type": "object",
|
|
"properties": {
|
|
"domain": {"type": "string"},
|
|
"reason": {"type": "string"},
|
|
"requiredTool": {
|
|
"type": "string",
|
|
"description": "DSS tool that must be used instead"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"blockedImports": {
|
|
"type": "array",
|
|
"description": "Python modules that cannot be imported directly",
|
|
"items": {
|
|
"type": "object",
|
|
"properties": {
|
|
"module": {"type": "string"},
|
|
"reason": {"type": "string"},
|
|
"alternative": {"type": "string"}
|
|
}
|
|
}
|
|
},
|
|
"enforcementMode": {
|
|
"type": "string",
|
|
"enum": ["strict", "warn", "disabled"],
|
|
"description": "How strictly to enforce boundaries"
|
|
}
|
|
}
|
|
},
|
|
"tempFolderPolicy": {
|
|
"type": "object",
|
|
"description": "Temporary file management rules",
|
|
"required": ["location", "autoCleanup"],
|
|
"properties": {
|
|
"location": {
|
|
"type": "string",
|
|
"description": "Where temp files must be created"
|
|
},
|
|
"autoCleanup": {
|
|
"type": "boolean",
|
|
"description": "Whether to auto-delete old temp files"
|
|
},
|
|
"maxAge": {
|
|
"type": "integer",
|
|
"description": "Max age in hours before auto-cleanup"
|
|
},
|
|
"maxSize": {
|
|
"type": "string",
|
|
"description": "Max total size (e.g., '1GB')"
|
|
}
|
|
}
|
|
},
|
|
"toolRequirements": {
|
|
"type": "object",
|
|
"description": "Operations that require specific DSS tools",
|
|
"additionalProperties": {
|
|
"type": "object",
|
|
"properties": {
|
|
"operation": {"type": "string"},
|
|
"requiredTools": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
},
|
|
"rationale": {"type": "string"}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|