//! DevOps task-class rules — scaffold for the long-horizon phase. //! //! Phase 42 PRD: "Terraform/Ansible rule shapes are scaffolded but //! unpopulated until the long-horizon phase. Keeps the dispatcher //! signature stable so no refactor needed later." //! //! This module is intentionally minimal. It registers no rules yet. //! The `devops_rules` function exists so callers can compose it onto //! a store (e.g. `devops_rules(staffing_rules(TruthStore::new()))`) //! without branching on whether the DevOps phase has landed. //! //! When the long-horizon phase fleshes out the DevOps rule set, the //! implementations drop in here — same `RuleCondition` primitives, same //! `TruthStore::evaluate` contract, zero upstream refactor. use crate::TruthStore; /// Register DevOps rules on the store. Currently a no-op scaffold — /// no rules are added. Safe to compose with other rule-set functions. /// /// Planned task classes (not yet populated): /// - `devops.terraform_plan` — `terraform validate` + pre-plan /// sanity checks (no destroys without confirm flag, etc.) /// - `devops.ansible_playbook` — `ansible-lint` + privileged-task /// gates (no `become: true` on untagged hosts) /// - `devops.shell_command` — whitelist / blocklist for /// AI-generated shell invocations (covers what Phase 42 /// queryd SQL gate does for SQL — same idea, shell surface) pub fn devops_rules(store: TruthStore) -> TruthStore { // Intentionally empty. See module-level doc for the phased rollout. store } #[cfg(test)] mod tests { use super::*; #[test] fn devops_rules_is_a_noop_for_now() { // Scaffold guarantee: composing devops_rules onto an empty // store must not add any rules. Future long-horizon work will // populate this and the assertion shifts to counting the // expected additions. let store = devops_rules(TruthStore::new()); assert_eq!(store.get_rules("devops.terraform_plan").len(), 0); assert_eq!(store.get_rules("devops.ansible_playbook").len(), 0); assert_eq!(store.get_rules("devops.shell_command").len(), 0); } }