Some checks failed
secret-scan / scan (push) Has been cancelled
The project begins with architecture, data governance, reproducible evaluation, deployment boundaries, and secret-handling contracts so later code has measurable acceptance criteria. Constraint: Real provider credentials, workspace identities, and restricted geological data must never enter Git Rejected: Add placeholder runnable services in the design commit | would imply unverified implementation readiness Confidence: high Scope-risk: narrow Reversibility: clean Directive: Run make verify before every commit and update ADRs when architecture boundaries change Tested: Secret scan, Markdown links, YAML parse, shell syntax, and staged diff validation Not-tested: Application runtime is intentionally deferred to the implementation stage
398 B
398 B
Operations
本目录保存部署和数据库初始化等运维资产,不保存任何凭证。
postgres/init/:实现阶段加入仅在全新数据卷执行的角色、扩展和 schema 初始化脚本;- 迁移由后端 Alembic 管理,初始化脚本不得代替版本化迁移;
- 所有密码通过
secrets/挂载,脚本只能读取*_FILE路径,不得打印其内容。