Files
yao-meta-skill/security/script_policy.md
T
2026-06-13 18:00:32 +08:00

14 lines
640 B
Markdown

# Script Policy
Scripts should be deterministic, non-destructive by default, and reviewable.
Minimum expectations:
- expose a command-line entrypoint or clear function boundary
- prefer `argparse` and `--help` for operator-facing scripts
- keep `python3 scripts/name.py --help` safe, non-mutating, and fast enough for trust smoke checks
- avoid hidden interactive prompts unless the command is explicitly interactive
- state network or filesystem side effects in nearby docs or trust metadata
- declare allowed network hosts in `security/network_policy.json` before team distribution
- emit structured JSON when used by `scripts/yao.py`