docs: add deterministic artifact guidelines

2025-09-08 07:18:47 +00:00 · 2025-08-20 18:19:20 -04:00
parent d6e03d5e7a
commit b451097c65
1 changed files with 5 additions and 0 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -39,6 +39,11 @@ This project is written in **Python**. Follow these instructions when working wi

 Following these practices helps keep the code base consistent and secure.

+## Deterministic Artifact Generation
+
+- All generated artifacts (passwords, keys, TOTP secrets, etc.) must be fully deterministic across runs and platforms.
+- Randomness is only permitted for security primitives (e.g., encryption nonces, in-memory keys) and must never influence derived artifacts.
+
 ## Legacy Index Migration

 - Always provide a migration path for index archives and import/export routines.