Files
2026-06-13 18:00:32 +08:00

640 B

Script Policy

Scripts should be deterministic, non-destructive by default, and reviewable.

Minimum expectations:

  • expose a command-line entrypoint or clear function boundary
  • prefer argparse and --help for operator-facing scripts
  • keep python3 scripts/name.py --help safe, non-mutating, and fast enough for trust smoke checks
  • avoid hidden interactive prompts unless the command is explicitly interactive
  • state network or filesystem side effects in nearby docs or trust metadata
  • declare allowed network hosts in security/network_policy.json before team distribution
  • emit structured JSON when used by scripts/yao.py