note to split into multiple files

docs/plans/phase2-step2-semgrep.md

@@ -15,3 +15,4 @@ Implement the Semgrep SAST (Static Application Security Testing) scanning step a
 ## Agent Instructions
 1. Add the `scan-semgrep` template to the `ClusterWorkflowTemplate`.
 2. Wire it into the DAG alongside the other scanners.
+3. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase2-step3-kics.md

@@ -15,3 +15,4 @@ Implement the KICS (Keeping Infrastructure as Code Secure) scanning step as a pa
 ## Agent Instructions
 1. Add the `scan-kics` template to the `ClusterWorkflowTemplate`.
 2. Wire it into the DAG alongside the other scanners.
+3. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase2-step4-socketdev.md

@@ -17,3 +17,4 @@ Implement the Socket.dev supply chain security scanning step as a parallel task
 1. Add the `scan-socketdev` template to the `ClusterWorkflowTemplate`.
 2. Configure the Infisical initContainer logic for this specific step to wait for the API key.
 3. Wire it into the DAG alongside the other scanners.
+4. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase2-step5-syft-grype.md

@@ -16,3 +16,4 @@ Implement the SBOM generation (Syft) and vulnerability scanning (Grype) step as
 ## Agent Instructions
 1. Add the `scan-syft-grype` template to the `ClusterWorkflowTemplate`.
 2. Wire it into the DAG alongside the other scanners.
+3. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase2-step6-crossguard.md

@@ -16,3 +16,4 @@ Implement the Pulumi Crossguard policy enforcement step as a parallel task in th
 1. Add the `scan-crossguard` template to the `ClusterWorkflowTemplate`.
 2. Configure the Infisical initContainer to wait for Pulumi and Cloud credentials.
 3. Wire it into the DAG alongside the other scanners.
+4. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase3-step1-storage.md

@@ -14,3 +14,4 @@ Implement an aggregation task that uploads all generated reports from the PVC to
 1. Add the `upload-storage` template to the `ClusterWorkflowTemplate`.
 2. Configure the DAG dependencies so it waits for all scanners.
 3. Configure the Infisical initContainer to wait for the storage credentials.
+4. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase3-step2-defectdojo.md

@@ -15,3 +15,4 @@ Implement a task that pushes all SARIF/JSON reports from the PVC to DefectDojo v
 1. Add the `upload-defectdojo` template to the `ClusterWorkflowTemplate`.
 2. Write the API upload script (Python, curl, or a dedicated CLI) in the task template.
 3. Configure the Infisical initContainer to wait for the DefectDojo credentials.
+4. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase3-step3-enforcement.md

@@ -16,3 +16,4 @@ Implement the final task that parses the aggregated results and decides whether
 1. Add the `enforce-policy` template to the `ClusterWorkflowTemplate`.
 2. Write the parsing logic inside the task (e.g., extracting CVSS scores from SARIF and JSON formats).
 3. Ensure this step acts as the final gatekeeper for the pipeline.
+4. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.

docs/plans/phase4-step1-renovate-preset.md

@@ -14,3 +14,4 @@ Create a centralized `renovate.json` (or `default.json`) preset in this reposito
 ## Agent Instructions
 1. Create the base Renovate configuration file.
 2. Add a `README.md` to the `renovate-preset` directory explaining how to use it.
+3. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your JSON configurations or manifests into separate, smaller files to prevent exhausting the context window.

docs/plans/phase4-step2-renovate-cronjob.md

@@ -15,3 +15,4 @@ Create the Kubernetes manifests to deploy Renovate Bot as a cluster-level servic
 2. Add the `CronJob`, `ServiceAccount`, and necessary RBAC manifests.
 3. Configure the Infisical annotations for secrets injection.
 4. Provide an `Application` manifest for ArgoCD to deploy it easily.
+5. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.