dave/storkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

storkit: create 361_story_remove_deprecated_manual_qa_front_matter_field

Browse Source
This commit is contained in:
Timmy
2026-03-21 19:59:52 +00:00
parent 02b481ee4c
commit 1f4152c894
2 changed files with 20 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md
View File

@@ -1,26 +0,0 @@
---
name: "Harden Docker setup for security"
---
# Story 359: Harden Docker setup for security
## User Story
As a storkit operator, I want the Docker container to run with hardened security settings, so that a compromised agent or malicious codebase cannot escape the container or affect the host.
## Acceptance Criteria
- [ ] Container runs as a non-root user
- [ ] Root filesystem is read-only with only necessary paths writable (e.g. /tmp, cargo cache, claude state volumes)
- [ ] Linux capabilities dropped to minimum required (cap_drop: ALL, add back only what's needed)
- [ ] no-new-privileges flag is set
- [ ] Resource limits (CPU and memory) are configured in docker-compose.yml
- [ ] Outbound network access is restricted where possible
- [ ] ANTHROPIC_API_KEY is passed via Docker secrets or .env file, not hardcoded in compose
- [ ] Image passes a CVE scan with no critical vulnerabilities
- [ ] Port binding uses 127.0.0.1 instead of 0.0.0.0 (e.g. "127.0.0.1:3001:3001") so the web UI is not exposed on all interfaces
- [ ] Git identity is configured via explicit GIT_USER_NAME and GIT_USER_EMAIL env vars; container fails loudly on startup if either is missing (note: multi-user/distributed case where different users need different identities is out of scope and will require a different solution)
## Out of Scope
- TBD

20
.storkit/work/1_backlog/361_story_remove_deprecated_manual_qa_front_matter_field.md Normal file
View File

@@ -0,0 +1,20 @@
---
name: "Remove deprecated manual_qa front matter field"
---
# Story 361: Remove deprecated manual_qa front matter field
## User Story
As a developer, I want the deprecated manual_qa boolean field removed from the codebase, so that the front matter schema stays clean and doesn't accumulate legacy boolean flags alongside the more expressive qa: server|agent|human field that replaced it.
## Acceptance Criteria
- [ ] manual_qa field is removed from the FrontMatter and StoryMetadata structs in story_metadata.rs
- [ ] Legacy mapping from manual_qa: true → qa: human is removed
- [ ] Any existing story files using manual_qa are migrated to qa: human
- [ ] Codebase compiles cleanly with no references to manual_qa remaining
## Out of Scope
- TBD