Seed postbox workflow and concept docs
This commit is contained in:
31
AGENTS.md
Normal file
31
AGENTS.md
Normal file
@@ -0,0 +1,31 @@
|
||||
# GovOPlaN Postbox Codex Guide
|
||||
|
||||
## Scope
|
||||
|
||||
This repository owns the `postbox` module: in-platform postboxes, role-organization-bound access, postbox messages, postbox directory APIs, internal and portal postbox surfaces, campaign postbox integration, postbox-owned migrations, and future `@govoplan/postbox-webui`.
|
||||
|
||||
Postboxes are not login-bound mailboxes. They are platform-owned communication and access containers whose visibility is derived from organizational role assignments, explicit postbox bindings, and capability contracts.
|
||||
|
||||
## Local Commands
|
||||
|
||||
Install and run through core:
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-core
|
||||
./.venv/bin/python -m pip install -r requirements-dev.txt
|
||||
```
|
||||
|
||||
For combined checks once implementation starts, run:
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-core
|
||||
./scripts/check-focused.sh
|
||||
```
|
||||
|
||||
## Working Rules
|
||||
|
||||
- Keep postbox behavior in this module, not core.
|
||||
- Derive role-organization access through core/access contracts; do not duplicate RBAC membership logic locally.
|
||||
- Do not import mail, files, campaign, or portal internals. Use manifests, capabilities, events, API routes, and typed DTOs.
|
||||
- Treat postbox access changes as auditable security events, especially when access changes because a role assignment changes.
|
||||
- Keep campaign delivery, file evidence, and portal usage optional behind capability boundaries.
|
||||
Reference in New Issue
Block a user