|
| 1 | +# Project objective |
| 2 | + |
| 3 | +See [README](./README.md##trusted-execution-cluster-operator-trusted-cluster-operator). |
| 4 | + |
| 5 | +- **Success looks like**: With the operator deployed, all nodes in the cluster are attested from hardware to software. |
| 6 | +- **Non-goals**: Rely on OpenShift, see the [confidential-clusters](https://github.com/confidential-clusters/operator) downstream. |
| 7 | + |
| 8 | +# Architecture |
| 9 | + |
| 10 | +- Entry points: see [README](./README.md#repository-structure). |
| 11 | +- Integrations: [Trustee](https://github.com/confidential-containers/trustee), [compute-pcrs](https://github.com/trusted-execution-clusters/compute-pcrs), [clevis-pin-trustee](https://github.com/latchset/clevis-pin-trustee) |
| 12 | + |
| 13 | +# Conventions |
| 14 | + |
| 15 | +- See [CONTRIBUTING](./CONTRIBUTING.md). |
| 16 | +- Use `Assisted-by:` or `Generated-by`: in commit messages for AI-supported contributions. |
| 17 | +- Never commit real credentials; use env vars and local `.env` (gitignored) with synthetic values in docs. |
| 18 | + |
| 19 | +# Things that human users of agents should do |
| 20 | + |
| 21 | +and agents should suggest when they detect |
| 22 | + |
| 23 | +- Have a coherent goal per session |
| 24 | +- Read architecture, security-sensitive paths, performance-critical design, ambiguous product trade-offs |
| 25 | + |
| 26 | +# Things agents should do, but can get wrong |
| 27 | + |
| 28 | +- The operator's crate name is `operator`. |
| 29 | +- Use MCPs when available |
| 30 | + - Prefer the MCP LSP over `grep` |
| 31 | + - Prefer the k8s LSP over `kubectl`. |
| 32 | +- Reuse, and check for other uses of a similar pattern. When functionality can be moved out of a function for reuse, commit the generalization before the new use. |
| 33 | +- Include lint-compatible code style when writing, not as an afterthought. |
0 commit comments