@evolith/core-domain 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/domain/services/default-workflow-definition.js +1 -1
- package/dist/domain/services/default-workflow-definition.js.map +1 -1
- package/package.json +2 -1
- package/rulesets/README.es.md +170 -0
- package/rulesets/README.md +170 -0
- package/rulesets/acl/README.es.md +41 -0
- package/rulesets/acl/README.md +41 -0
- package/rulesets/acl/anti-corruption-layer.rules.es.json +99 -0
- package/rulesets/acl/anti-corruption-layer.rules.json +99 -0
- package/rulesets/adr/ADR_COVERAGE.es.md +133 -0
- package/rulesets/adr/ADR_COVERAGE.md +133 -0
- package/rulesets/adr/README.es.md +17 -0
- package/rulesets/adr/README.md +17 -0
- package/rulesets/adr/adr-0002-hexagonal-architecture.rules.json +103 -0
- package/rulesets/adr/adr-0005-cicd-quality-gates.rules.json +102 -0
- package/rulesets/adr/adr-0010-multi-tenancy.rules.json +129 -0
- package/rulesets/adr/adr-0018-testing-pyramid.rules.json +115 -0
- package/rulesets/adr/adr-0032-protocol-selection.rules.json +134 -0
- package/rulesets/adr/adr-0040-multi-runtime.rules.json +131 -0
- package/rulesets/adr/adr-0050-gitflow-branching.rules.json +176 -0
- package/rulesets/adr/generated/adr-0001-monorepo-orchestration-principle.rules.json +29 -0
- package/rulesets/adr/generated/adr-0006-microservices-transition-via-sidecar-pattern.rules.json +29 -0
- package/rulesets/adr/generated/adr-0009-strict-dependency-pinning-and-automated-vulnerability-manage.rules.json +29 -0
- package/rulesets/adr/generated/adr-0011-fault-tolerance-and-resiliency-patterns.rules.json +29 -0
- package/rulesets/adr/generated/adr-0013-cloud-infrastructure-topology-and-disaster-recovery-dr.rules.json +28 -0
- package/rulesets/adr/generated/adr-0014-multi-layer-distributed-caching-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0015-event-driven-architecture-eda-for-intra-domain-communication.rules.json +29 -0
- package/rulesets/adr/generated/adr-0016-immutable-business-audit-trail-and-change-tracking.rules.json +29 -0
- package/rulesets/adr/generated/adr-0017-feature-flagging-strategy-for-progressive-delivery.rules.json +28 -0
- package/rulesets/adr/generated/adr-0019-tactical-design-patterns-for-future-proofing.rules.json +29 -0
- package/rulesets/adr/generated/adr-0020-identity-provider-abstraction-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0024-centralized-configuration-feature-platform.rules.json +28 -0
- package/rulesets/adr/generated/adr-0025-feature-flag-provider-abstraction-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0028-self-hosted-open-source-hybrid-infrastructure.rules.json +29 -0
- package/rulesets/adr/generated/adr-0030-two-tier-distributed-gateway-model.rules.json +28 -0
- package/rulesets/adr/generated/adr-0031-schema-per-bounded-context-and-domain-event-catalog.rules.json +29 -0
- package/rulesets/adr/generated/adr-0033-transactional-outbox-pattern-for-async-messaging.rules.json +28 -0
- package/rulesets/adr/generated/adr-0034-cqrs-pattern-application-matrix.rules.json +29 -0
- package/rulesets/adr/generated/adr-0035-distributed-saga-pattern-implementation-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0036-message-bus-delivery-flow-control-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0037-enterprise-performance-concurrency-chaos-verification-strate.rules.json +28 -0
- package/rulesets/adr/generated/adr-0039-deployment-topology-abstraction-environment-switcher.rules.json +29 -0
- package/rulesets/adr/generated/adr-0041-dual-engine-policy-evaluation-native-opa.rules.json +28 -0
- package/rulesets/adr/generated/adr-0044-configurable-security-persistence-strategy-agnosticism-vs-na.rules.json +29 -0
- package/rulesets/adr/generated/adr-0045-microservice-extraction-readiness-criteria.rules.json +29 -0
- package/rulesets/adr/generated/adr-0046-unified-traceability-via-w3c-tracecontext.rules.json +29 -0
- package/rulesets/adr/generated/adr-0047-progressive-architecture-evolution-framework-modular-monolit.rules.json +29 -0
- package/rulesets/adr/generated/adr-0048-enterprise-taxonomy-standardization-and-reference-layout.rules.json +28 -0
- package/rulesets/adr/generated/adr-0049-naming-semantics-clean-code-policy-e2e-and-global.rules.json +29 -0
- package/rulesets/adr/generated/adr-0051-enterprise-database-engine-selection-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0052-unit-testing-isolation-strategy-mocks-vs-stubs.rules.json +29 -0
- package/rulesets/adr/generated/adr-0053-integration-and-e2e-testing-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0054-database-design-and-normalization-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-0055-microfrontends-architecture-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0056-enterprise-naming-design-conventions-multi-language-multi-pl.rules.json +29 -0
- package/rulesets/adr/generated/adr-0057-architecture-intelligence-catalog.rules.json +27 -0
- package/rulesets/adr/generated/adr-0058-ai-consumable-architecture-knowledge.rules.json +27 -0
- package/rulesets/adr/generated/adr-0067-modular-monolith-persistence-boundaries.rules.json +28 -0
- package/rulesets/adr/generated/adr-0068-documentation-release-gitflow.rules.json +29 -0
- package/rulesets/adr/generated/adr-0069-ai-agent-context-protocol-integration.rules.json +28 -0
- package/rulesets/adr/generated/adr-0070-lean-root-repository-taxonomy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0071-domain-layer-base-class-and-inheritance-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0072-utc-date-storage-browser-timezone-detection-and-language-res.rules.json +29 -0
- package/rulesets/adr/generated/adr-0073-unified-cli-mcp-output-contract-and-gate-evidence-schema.rules.json +29 -0
- package/rulesets/adr/generated/adr-0074-evolith-core-api-native-exposure-layer.rules.json +29 -0
- package/rulesets/adr/generated/adr-0075-core-api-authentication-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0076-domain-oriented-microservice-architecture-doma.rules.json +28 -0
- package/rulesets/adr/generated/adr-0077-masstransit-v9-commercial-pivot-stay-on-v8-monitor-opentrans.rules.json +28 -0
- package/rulesets/adr/generated/adr-0078-domain-financial-separation-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0079-multi-topology-reference-corpus-and-topology-manifest-contra.rules.json +29 -0
- package/rulesets/adr/generated/adr-0080-remote-repository-reference-contract.rules.json +29 -0
- package/rulesets/adr/generated/adr-0081-agentic-ai-sandbox-isolation-boundary.rules.json +29 -0
- package/rulesets/adr/generated/adr-0082-agentic-ai-prompt-context-and-tool-trust-boundary.rules.json +28 -0
- package/rulesets/adr/generated/adr-0083-agentic-ai-action-authorization-and-audit.rules.json +29 -0
- package/rulesets/adr/generated/adr-0084-data-mesh-and-data-as-a-product.rules.json +29 -0
- package/rulesets/adr/generated/adr-0085-agnostic-opa-wasm-distribution-architecture.rules.json +28 -0
- package/rulesets/adr/generated/adr-0086-agentic-ai-telemetry-cost-control-standard.rules.json +27 -0
- package/rulesets/adr/generated/adr-0087-attribute-based-access-control-abac-for-agentic-tool-executi.rules.json +29 -0
- package/rulesets/adr/generated/adr-0088-sovereign-identity-for-agentic-ai.rules.json +29 -0
- package/rulesets/adr/generated/adr-0089-event-driven-agentic-workflow-pattern.rules.json +28 -0
- package/rulesets/adr/generated/adr-0090-rag-knowledge-governance-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0091-workload-identity-token-rotation-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0092-agent-infinite-loop-prevention-and-circuit-breaker-rules.rules.json +29 -0
- package/rulesets/adr/generated/adr-0093-concurrency-control-and-resource-locking-standard-for-mcp-to.rules.json +29 -0
- package/rulesets/adr/generated/adr-0094-multi-agent-handoff-and-task-delegation-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-0095-serverless-architecture-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0096-edge-computing-architecture-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0097-knowledge-lifecycle-governance-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0098-rest-uri-versioning-and-deprecation-policy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0099-opa-bundle-distribution-via-s3-minio.rules.json +27 -0
- package/rulesets/adr/generated/adr-ai-augmented-0001-harness-engineering-for-ai-augmented-development.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0002-mcp-integration-protocol-for-agent-tool-invocation.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0003-model-selection-governance-for-ai-augmented-workflows.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0004-agents-md-as-mandatory-repository-artifact.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0005-human-in-the-loop-policy-for-autonomous-agent-operations.rules.json +29 -0
- package/rulesets/adr/generated/adr-android-0042-canonical-android-native-mobile-architecture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0041-canonical-net-c-backend-architecture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0060-net-multi-tenancy-dual-layer-strategy-ef-core-sql-server.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0061-transactional-event-lifecycle-in-ef-core.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0062-net-immutable-audit-trail-via-ddl-triggers-delta-capture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0063-b2b-request-idempotency-middleware-in-asp-net-core.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0064-net-request-scope-observability-context-propagation.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0065-net-pii-safe-structured-logging-pipeline-serilog.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0066-net-lightweight-http-idempotency-via-imemorycache-idistribut.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0069-net-grpc-service-setup-protobuf-contracts.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0070-net-api-endpoint-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0071-net-data-access-strategy-ef-core-as-default-orm-dapper-for-o.rules.json +27 -0
- package/rulesets/adr/generated/adr-dotnet-0072-net-aop-cross-cutting-concern-strategy-dispatchproxy-over-pi.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0003-strict-typescript-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0004-frontend-offline-resilience.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0007-observability-with-opentelemetry-loki-and-jaeger.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0008-progressive-multi-module-evolution-with-api-gateway-and-bff-.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0012-advanced-authorization-rbac-abac-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0021-high-performance-authentication-graph-compilation.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0022-contextual-authentication-and-pluggable-output-projections.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0023-centralized-authorization-core-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0026-adaptive-mfa-and-passwordless-platform.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0027-dual-protocol-api-strategy-rest-grpc.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0029-adoption-of-tactical-ddd-primitives-library.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0038-enterprise-error-handling-result-pattern-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0043-data-access-and-orm-strategy-for-node-js.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0044-frontend-clean-architecture-layer-boundaries-react.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0045-frontend-state-management-zustand-tanstack-query-dual-strate.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0046-prohibition-of-raw-technical-identifiers-in-user-interfaces.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0047-actionable-user-error-contract-and-correlated-diagnostics.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0048-feature-flag-system-scope-and-structured-criteria-model.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0074-monorepo-orchestration-with-nx.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0075-application-gateway-bff-with-nestjs.rules.json +29 -0
- package/rulesets/architecture/README.es.md +21 -0
- package/rulesets/architecture/README.md +21 -0
- package/rulesets/architecture/opa/progressive-axis.rego +50 -0
- package/rulesets/cli/README.es.md +17 -0
- package/rulesets/cli/README.md +17 -0
- package/rulesets/cli/core-parity.rules.json +61 -0
- package/rulesets/cli/release-readiness.rules.json +77 -0
- package/rulesets/compliance-baseline/README.es.md +26 -0
- package/rulesets/compliance-baseline/README.md +26 -0
- package/rulesets/compliance-baseline/compliance-baseline.rules.json +81 -0
- package/rulesets/contracts/README.es.md +19 -0
- package/rulesets/contracts/README.md +19 -0
- package/rulesets/contracts/evolith-machine-contracts.json +29 -0
- package/rulesets/contracts/fixtures/gate-evidence.success.json +10 -0
- package/rulesets/contracts/fixtures/output-envelope.success.json +23 -0
- package/rulesets/cross-cutting/README.es.md +14 -0
- package/rulesets/cross-cutting/README.md +14 -0
- package/rulesets/cross-cutting/compliance-baseline.rules.json +81 -0
- package/rulesets/cross-cutting/definition-of-done.rules.json +135 -0
- package/rulesets/cross-cutting/engineering-manifesto.rules.json +145 -0
- package/rulesets/cross-cutting/repository-taxonomy.rules.json +172 -0
- package/rulesets/definition-of-done/README.es.md +26 -0
- package/rulesets/definition-of-done/README.md +26 -0
- package/rulesets/definition-of-done/definition-of-done.rules.json +135 -0
- package/rulesets/engineering-manifesto/README.es.md +26 -0
- package/rulesets/engineering-manifesto/README.md +26 -0
- package/rulesets/engineering-manifesto/engineering-manifesto.rules.json +145 -0
- package/rulesets/evidence/README.es.md +12 -0
- package/rulesets/evidence/README.md +12 -0
- package/rulesets/evidence/evidence-manifest.rules.json +48 -0
- package/rulesets/executive-scorecards/executive-scorecards.rules.es.json +213 -0
- package/rulesets/executive-scorecards/executive-scorecards.rules.json +213 -0
- package/rulesets/governance/README.es.md +13 -0
- package/rulesets/governance/README.md +13 -0
- package/rulesets/governance/abac-mcp-access.rules.es.json +41 -0
- package/rulesets/governance/abac-mcp-access.rules.json +41 -0
- package/rulesets/governance/executive-scorecards.rules.es.json +213 -0
- package/rulesets/governance/executive-scorecards.rules.json +213 -0
- package/rulesets/governance/inheritance.rules.json +115 -0
- package/rulesets/governance/knowledge-intake.rules.json +18 -0
- package/rulesets/governance/open-core-boundary.rules.es.json +148 -0
- package/rulesets/governance/open-core-boundary.rules.json +148 -0
- package/rulesets/governance/satellite-contracts.rules.json +183 -0
- package/rulesets/infrastructure/helm-enforcement.rules.json +21 -0
- package/rulesets/infrastructure/opa/helm-enforcement.rego +25 -0
- package/rulesets/infrastructure/opa/helm-enforcement.test.rego +31 -0
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.rego +115 -0
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.test.rego +66 -0
- package/rulesets/infrastructure/opa-sidecar-bundle.rules.json +18 -0
- package/rulesets/mcp/README.es.md +12 -0
- package/rulesets/mcp/README.md +12 -0
- package/rulesets/mcp/protocol-compliance.rules.json +57 -0
- package/rulesets/observability/README.es.md +12 -0
- package/rulesets/observability/README.md +12 -0
- package/rulesets/observability/telemetry-evidence.rules.json +48 -0
- package/rulesets/opa/README.es.md +22 -0
- package/rulesets/opa/README.md +22 -0
- package/rulesets/opa/abac-mcp-tool-access.rego +122 -0
- package/rulesets/opa/abac-mcp-tool-access.test.rego +33 -0
- package/rulesets/opa/anti-corruption-layer.rego +39 -0
- package/rulesets/opa/anti-corruption-layer.test.rego +118 -0
- package/rulesets/opa/ci-cd.rego +41 -0
- package/rulesets/opa/ci-cd.test.rego +23 -0
- package/rulesets/opa/cicd-quality-gates.rego +29 -0
- package/rulesets/opa/cicd-quality-gates.test.rego +54 -0
- package/rulesets/opa/cli-core-parity.rego +17 -0
- package/rulesets/opa/cli-core-parity.test.rego +39 -0
- package/rulesets/opa/cli-readiness.rego +32 -0
- package/rulesets/opa/cli-readiness.test.rego +23 -0
- package/rulesets/opa/cli-release-readiness.rego +21 -0
- package/rulesets/opa/cli-release-readiness.test.rego +46 -0
- package/rulesets/opa/compliance-baseline.rego +95 -0
- package/rulesets/opa/compliance-baseline.test.rego +89 -0
- package/rulesets/opa/dod.rego +42 -0
- package/rulesets/opa/dod.test.rego +250 -0
- package/rulesets/opa/engineering-manifesto.rego +78 -0
- package/rulesets/opa/engineering-manifesto.test.rego +133 -0
- package/rulesets/opa/evidence.rego +64 -0
- package/rulesets/opa/evidence.test.rego +23 -0
- package/rulesets/opa/executive-scorecards.rego +41 -0
- package/rulesets/opa/executive-scorecards.test.rego +60 -0
- package/rulesets/opa/gitflow-branching.rego +41 -0
- package/rulesets/opa/gitflow-branching.test.rego +60 -0
- package/rulesets/opa/governance.rego +39 -0
- package/rulesets/opa/governance.test.rego +23 -0
- package/rulesets/opa/hexagonal-architecture.rego +33 -0
- package/rulesets/opa/hexagonal-architecture.test.rego +57 -0
- package/rulesets/opa/infrastructure/helm-enforcement.rego +33 -0
- package/rulesets/opa/infrastructure/opa-sidecar-bundle.rego +42 -0
- package/rulesets/opa/knowledge-intake.rego +98 -0
- package/rulesets/opa/knowledge-intake.test.rego +50 -0
- package/rulesets/opa/main.rego +147 -0
- package/rulesets/opa/main_test.rego +149 -0
- package/rulesets/opa/mcp.rego +61 -0
- package/rulesets/opa/mcp.test.rego +27 -0
- package/rulesets/opa/multi-runtime.rego +33 -0
- package/rulesets/opa/multi-runtime.test.rego +53 -0
- package/rulesets/opa/multi-tenancy.rego +33 -0
- package/rulesets/opa/multi-tenancy.test.rego +53 -0
- package/rulesets/opa/open-core-boundary.rego +33 -0
- package/rulesets/opa/open-core-boundary.test.rego +60 -0
- package/rulesets/opa/protocol-selection.rego +29 -0
- package/rulesets/opa/protocol-selection.test.rego +46 -0
- package/rulesets/opa/rbac/gate-role-enforcement.rego +112 -0
- package/rulesets/opa/repository-taxonomy.rego +98 -0
- package/rulesets/opa/repository-taxonomy.test.rego +91 -0
- package/rulesets/opa/satellite-contracts.rego +42 -0
- package/rulesets/opa/satellite-contracts.test.rego +70 -0
- package/rulesets/opa/schemas/abac-mcp-tool-access.input.schema.json +21 -0
- package/rulesets/opa/schemas/anti-corruption-layer.input.schema.json +25 -0
- package/rulesets/opa/schemas/ci-cd.input.schema.json +27 -0
- package/rulesets/opa/schemas/cicd-quality-gates.input.schema.json +33 -0
- package/rulesets/opa/schemas/cli-core-parity.input.schema.json +30 -0
- package/rulesets/opa/schemas/cli-readiness.input.schema.json +28 -0
- package/rulesets/opa/schemas/cli-release-readiness.input.schema.json +26 -0
- package/rulesets/opa/schemas/compliance-baseline.input.schema.json +25 -0
- package/rulesets/opa/schemas/dod.input.schema.json +38 -0
- package/rulesets/opa/schemas/engineering-manifesto.input.schema.json +24 -0
- package/rulesets/opa/schemas/evidence.input.schema.json +35 -0
- package/rulesets/opa/schemas/executive-scorecards.input.schema.json +36 -0
- package/rulesets/opa/schemas/gitflow-branching.input.schema.json +36 -0
- package/rulesets/opa/schemas/governance.input.schema.json +19 -0
- package/rulesets/opa/schemas/hexagonal-architecture.input.schema.json +46 -0
- package/rulesets/opa/schemas/knowledge-intake.input.schema.json +57 -0
- package/rulesets/opa/schemas/mcp.input.schema.json +38 -0
- package/rulesets/opa/schemas/multi-runtime.input.schema.json +27 -0
- package/rulesets/opa/schemas/multi-tenancy.input.schema.json +27 -0
- package/rulesets/opa/schemas/open-core-boundary.input.schema.json +36 -0
- package/rulesets/opa/schemas/protocol-selection.input.schema.json +26 -0
- package/rulesets/opa/schemas/repository-taxonomy.input.schema.json +18 -0
- package/rulesets/opa/schemas/satellite-contracts.input.schema.json +38 -0
- package/rulesets/opa/schemas/taxonomy.input.schema.json +27 -0
- package/rulesets/opa/schemas/testing-pyramid.input.schema.json +42 -0
- package/rulesets/opa/schemas/version-pinning.input.schema.json +39 -0
- package/rulesets/opa/sdlc/coverage.rego +49 -0
- package/rulesets/opa/sdlc/coverage.test.rego +29 -0
- package/rulesets/opa/sdlc/pyramid-distribution.rego +31 -0
- package/rulesets/opa/sdlc/pyramid-distribution.test.rego +33 -0
- package/rulesets/opa/taxonomy.rego +51 -0
- package/rulesets/opa/taxonomy.test.rego +28 -0
- package/rulesets/opa/telemetry-evidence.rego +102 -0
- package/rulesets/opa/testing-pyramid.rego +49 -0
- package/rulesets/opa/testing-pyramid.test.rego +81 -0
- package/rulesets/opa/version-pinning.rego +99 -0
- package/rulesets/opa/version-pinning.test.rego +28 -0
- package/rulesets/phase-gates/README.es.md +28 -0
- package/rulesets/phase-gates/README.md +28 -0
- package/rulesets/phase-gates/phase-gates.rules.json +297 -0
- package/rulesets/quality-thresholds/README.es.md +28 -0
- package/rulesets/quality-thresholds/README.md +28 -0
- package/rulesets/quality-thresholds/quality-thresholds.rules.json +96 -0
- package/rulesets/repository-taxonomy/README.es.md +26 -0
- package/rulesets/repository-taxonomy/README.md +26 -0
- package/rulesets/repository-taxonomy/repository-taxonomy.rules.json +172 -0
- package/rulesets/satellite-contracts/README.es.md +27 -0
- package/rulesets/satellite-contracts/README.md +27 -0
- package/rulesets/satellite-contracts/satellite-contracts.rules.json +183 -0
- package/rulesets/schema/README.es.md +39 -0
- package/rulesets/schema/README.md +39 -0
- package/rulesets/schema/adr.schema.json +138 -0
- package/rulesets/schema/agile-backlog.schema.json +91 -0
- package/rulesets/schema/ballpark-estimation.schema.json +109 -0
- package/rulesets/schema/build-vs-compose.schema.json +98 -0
- package/rulesets/schema/cli-impact-analysis.schema.json +114 -0
- package/rulesets/schema/discovery-canvas.schema.json +92 -0
- package/rulesets/schema/evolith-user-story.schema.json +105 -0
- package/rulesets/schema/evolith-yaml.schema.json +191 -0
- package/rulesets/schema/functional-story.schema.json +111 -0
- package/rulesets/schema/gate-evidence.schema.json +85 -0
- package/rulesets/schema/integration-evidence.schema.json +47 -0
- package/rulesets/schema/knowledge-intake.schema.json +67 -0
- package/rulesets/schema/knowledge-projection.schema.json +24 -0
- package/rulesets/schema/maturity-evidence.schema.json +59 -0
- package/rulesets/schema/observability-validation.schema.json +85 -0
- package/rulesets/schema/on-call-handoff.schema.json +91 -0
- package/rulesets/schema/output-envelope.schema.json +102 -0
- package/rulesets/schema/prd.schema.json +117 -0
- package/rulesets/schema/release-notes.schema.json +138 -0
- package/rulesets/schema/rollback-rehearsal.schema.json +73 -0
- package/rulesets/schema/ruleset-sdlc.schema.json +59 -0
- package/rulesets/schema/ruleset-standard.schema.json +73 -0
- package/rulesets/schema/security-scan-report.schema.json +79 -0
- package/rulesets/schema/source-registry.schema.json +51 -0
- package/rulesets/schema/technical-feasibility.schema.json +66 -0
- package/rulesets/schema/technical-story.schema.json +112 -0
- package/rulesets/schema/test-summary-report.schema.json +158 -0
- package/rulesets/schema/topology-composition.schema.json +43 -0
- package/rulesets/schema/topology-manifest.schema.json +421 -0
- package/rulesets/sdlc/README.es.md +12 -0
- package/rulesets/sdlc/README.md +12 -0
- package/rulesets/sdlc/default-workflow.yaml +73 -0
- package/rulesets/sdlc/dependency-pinning.rules.json +183 -0
- package/rulesets/sdlc/phase-gates.rules.json +297 -0
- package/rulesets/sdlc/quality-thresholds.rules.json +96 -0
- package/rulesets/topologies/README.es.md +42 -0
- package/rulesets/topologies/README.md +42 -0
- package/rulesets/topologies/agentic-ai/README.es.md +142 -0
- package/rulesets/topologies/agentic-ai/README.md +142 -0
- package/rulesets/topologies/agentic-ai/adoption.es.md +37 -0
- package/rulesets/topologies/agentic-ai/adoption.md +37 -0
- package/rulesets/topologies/agentic-ai/agent.config.schema.json +100 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.rego +46 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.rules.json +109 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.test.rego +68 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.wasm +0 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.es.md +35 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.md +45 -0
- package/rulesets/topologies/agentic-ai/evidence.es.md +25 -0
- package/rulesets/topologies/agentic-ai/evidence.md +25 -0
- package/rulesets/topologies/agentic-ai/evolution.es.md +26 -0
- package/rulesets/topologies/agentic-ai/evolution.md +26 -0
- package/rulesets/topologies/agentic-ai/fixtures/invalid-agent.config.json +48 -0
- package/rulesets/topologies/agentic-ai/fixtures/valid-agent.config.json +48 -0
- package/rulesets/topologies/agentic-ai/maturity.es.md +33 -0
- package/rulesets/topologies/agentic-ai/maturity.md +33 -0
- package/rulesets/topologies/agentic-ai/mcp/mcp-manifest.json +100 -0
- package/rulesets/topologies/agentic-ai/openapi/openapi.yaml +187 -0
- package/rulesets/topologies/agentic-ai/operations.es.md +32 -0
- package/rulesets/topologies/agentic-ai/operations.md +32 -0
- package/rulesets/topologies/agentic-ai/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/agentic-ai/parity-fixtures/violation.json +22 -0
- package/rulesets/topologies/agentic-ai/patterns.es.md +32 -0
- package/rulesets/topologies/agentic-ai/patterns.md +32 -0
- package/rulesets/topologies/agentic-ai/resilience.es.md +26 -0
- package/rulesets/topologies/agentic-ai/resilience.md +26 -0
- package/rulesets/topologies/agentic-ai/runbooks.es.md +48 -0
- package/rulesets/topologies/agentic-ai/runbooks.md +48 -0
- package/rulesets/topologies/agentic-ai/security.es.md +26 -0
- package/rulesets/topologies/agentic-ai/security.md +26 -0
- package/rulesets/topologies/agentic-ai/topology.manifest.json +127 -0
- package/rulesets/topologies/data-mesh/README.es.md +69 -0
- package/rulesets/topologies/data-mesh/README.md +69 -0
- package/rulesets/topologies/data-mesh/adoption.es.md +95 -0
- package/rulesets/topologies/data-mesh/adoption.md +95 -0
- package/rulesets/topologies/data-mesh/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/data-mesh/cli/cli-flows.md +53 -0
- package/rulesets/topologies/data-mesh/data-mesh.rego +11 -0
- package/rulesets/topologies/data-mesh/data-mesh.rules.json +100 -0
- package/rulesets/topologies/data-mesh/data-mesh.test.rego +107 -0
- package/rulesets/topologies/data-mesh/data-mesh.wasm +0 -0
- package/rulesets/topologies/data-mesh/evidence.es.md +111 -0
- package/rulesets/topologies/data-mesh/evidence.md +111 -0
- package/rulesets/topologies/data-mesh/evolution.es.md +67 -0
- package/rulesets/topologies/data-mesh/evolution.md +67 -0
- package/rulesets/topologies/data-mesh/fixtures/invalid.topology.config.json +12 -0
- package/rulesets/topologies/data-mesh/fixtures/valid.topology.config.json +12 -0
- package/rulesets/topologies/data-mesh/maturity.es.md +36 -0
- package/rulesets/topologies/data-mesh/maturity.md +36 -0
- package/rulesets/topologies/data-mesh/mcp/mcp-manifest.json +68 -0
- package/rulesets/topologies/data-mesh/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/data-mesh/operations.es.md +63 -0
- package/rulesets/topologies/data-mesh/operations.md +63 -0
- package/rulesets/topologies/data-mesh/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/data-mesh/parity-fixtures/violation.json +21 -0
- package/rulesets/topologies/data-mesh/patterns.es.md +67 -0
- package/rulesets/topologies/data-mesh/patterns.md +67 -0
- package/rulesets/topologies/data-mesh/resilience.es.md +64 -0
- package/rulesets/topologies/data-mesh/resilience.md +64 -0
- package/rulesets/topologies/data-mesh/runbooks.es.md +147 -0
- package/rulesets/topologies/data-mesh/runbooks.md +147 -0
- package/rulesets/topologies/data-mesh/security.es.md +66 -0
- package/rulesets/topologies/data-mesh/security.md +66 -0
- package/rulesets/topologies/data-mesh/topology.config.schema.json +30 -0
- package/rulesets/topologies/data-mesh/topology.manifest.json +107 -0
- package/rulesets/topologies/edge-computing/README.es.md +81 -0
- package/rulesets/topologies/edge-computing/README.md +81 -0
- package/rulesets/topologies/edge-computing/adoption.es.md +268 -0
- package/rulesets/topologies/edge-computing/adoption.md +268 -0
- package/rulesets/topologies/edge-computing/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/edge-computing/cli/cli-flows.md +53 -0
- package/rulesets/topologies/edge-computing/edge-computing.rego +41 -0
- package/rulesets/topologies/edge-computing/edge-computing.rules.json +50 -0
- package/rulesets/topologies/edge-computing/edge-computing.test.rego +33 -0
- package/rulesets/topologies/edge-computing/edge-computing.wasm +0 -0
- package/rulesets/topologies/edge-computing/evidence.es.md +263 -0
- package/rulesets/topologies/edge-computing/evidence.md +263 -0
- package/rulesets/topologies/edge-computing/evolution.es.md +257 -0
- package/rulesets/topologies/edge-computing/evolution.md +257 -0
- package/rulesets/topologies/edge-computing/fixtures/invalid.topology.config.json +6 -0
- package/rulesets/topologies/edge-computing/fixtures/valid.topology.config.json +6 -0
- package/rulesets/topologies/edge-computing/maturity.es.md +36 -0
- package/rulesets/topologies/edge-computing/maturity.md +36 -0
- package/rulesets/topologies/edge-computing/mcp/mcp-manifest.json +72 -0
- package/rulesets/topologies/edge-computing/openapi/openapi.yaml +187 -0
- package/rulesets/topologies/edge-computing/operations.es.md +148 -0
- package/rulesets/topologies/edge-computing/operations.md +148 -0
- package/rulesets/topologies/edge-computing/parity-fixtures/compliant.json +12 -0
- package/rulesets/topologies/edge-computing/parity-fixtures/violation.json +13 -0
- package/rulesets/topologies/edge-computing/patterns.es.md +291 -0
- package/rulesets/topologies/edge-computing/patterns.md +290 -0
- package/rulesets/topologies/edge-computing/resilience.es.md +232 -0
- package/rulesets/topologies/edge-computing/resilience.md +229 -0
- package/rulesets/topologies/edge-computing/runbooks.es.md +405 -0
- package/rulesets/topologies/edge-computing/runbooks.md +405 -0
- package/rulesets/topologies/edge-computing/security.es.md +218 -0
- package/rulesets/topologies/edge-computing/security.md +218 -0
- package/rulesets/topologies/edge-computing/topology.config.schema.json +13 -0
- package/rulesets/topologies/edge-computing/topology.manifest.json +113 -0
- package/rulesets/topologies/event-driven/README.es.md +71 -0
- package/rulesets/topologies/event-driven/README.md +71 -0
- package/rulesets/topologies/event-driven/adoption.es.md +67 -0
- package/rulesets/topologies/event-driven/adoption.md +67 -0
- package/rulesets/topologies/event-driven/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/event-driven/cli/cli-flows.md +53 -0
- package/rulesets/topologies/event-driven/event-driven.rego +11 -0
- package/rulesets/topologies/event-driven/event-driven.rules.json +100 -0
- package/rulesets/topologies/event-driven/event-driven.test.rego +107 -0
- package/rulesets/topologies/event-driven/event-driven.wasm +0 -0
- package/rulesets/topologies/event-driven/evidence.es.md +69 -0
- package/rulesets/topologies/event-driven/evidence.md +69 -0
- package/rulesets/topologies/event-driven/evolution.es.md +59 -0
- package/rulesets/topologies/event-driven/evolution.md +59 -0
- package/rulesets/topologies/event-driven/fixtures/invalid.topology.config.json +12 -0
- package/rulesets/topologies/event-driven/fixtures/valid.topology.config.json +12 -0
- package/rulesets/topologies/event-driven/maturity.es.md +36 -0
- package/rulesets/topologies/event-driven/maturity.md +36 -0
- package/rulesets/topologies/event-driven/mcp/mcp-manifest.json +68 -0
- package/rulesets/topologies/event-driven/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/event-driven/operations.es.md +67 -0
- package/rulesets/topologies/event-driven/operations.md +67 -0
- package/rulesets/topologies/event-driven/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/event-driven/parity-fixtures/violation.json +21 -0
- package/rulesets/topologies/event-driven/patterns.es.md +68 -0
- package/rulesets/topologies/event-driven/patterns.md +68 -0
- package/rulesets/topologies/event-driven/resilience.es.md +65 -0
- package/rulesets/topologies/event-driven/resilience.md +65 -0
- package/rulesets/topologies/event-driven/runbooks.es.md +79 -0
- package/rulesets/topologies/event-driven/runbooks.md +79 -0
- package/rulesets/topologies/event-driven/security.es.md +59 -0
- package/rulesets/topologies/event-driven/security.md +59 -0
- package/rulesets/topologies/event-driven/topology.config.schema.json +30 -0
- package/rulesets/topologies/event-driven/topology.manifest.json +109 -0
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.es.json +111 -0
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.json +111 -0
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.es.json +106 -0
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.json +106 -0
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.es.json +148 -0
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.json +148 -0
- package/rulesets/topologies/serverless/README.es.md +74 -0
- package/rulesets/topologies/serverless/README.md +74 -0
- package/rulesets/topologies/serverless/adoption.es.md +50 -0
- package/rulesets/topologies/serverless/adoption.md +50 -0
- package/rulesets/topologies/serverless/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/serverless/cli/cli-flows.md +53 -0
- package/rulesets/topologies/serverless/evidence.es.md +66 -0
- package/rulesets/topologies/serverless/evidence.md +66 -0
- package/rulesets/topologies/serverless/evolution.es.md +36 -0
- package/rulesets/topologies/serverless/evolution.md +36 -0
- package/rulesets/topologies/serverless/fixtures/invalid.topology.config.json +6 -0
- package/rulesets/topologies/serverless/fixtures/valid.topology.config.json +6 -0
- package/rulesets/topologies/serverless/maturity.es.md +36 -0
- package/rulesets/topologies/serverless/maturity.md +36 -0
- package/rulesets/topologies/serverless/mcp/mcp-manifest.json +72 -0
- package/rulesets/topologies/serverless/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/serverless/operations.es.md +36 -0
- package/rulesets/topologies/serverless/operations.md +36 -0
- package/rulesets/topologies/serverless/parity-fixtures/compliant.json +13 -0
- package/rulesets/topologies/serverless/parity-fixtures/violation.json +15 -0
- package/rulesets/topologies/serverless/patterns.es.md +36 -0
- package/rulesets/topologies/serverless/patterns.md +36 -0
- package/rulesets/topologies/serverless/resilience.es.md +36 -0
- package/rulesets/topologies/serverless/resilience.md +36 -0
- package/rulesets/topologies/serverless/runbooks.es.md +68 -0
- package/rulesets/topologies/serverless/runbooks.md +68 -0
- package/rulesets/topologies/serverless/security.es.md +36 -0
- package/rulesets/topologies/serverless/security.md +36 -0
- package/rulesets/topologies/serverless/serverless.rego +32 -0
- package/rulesets/topologies/serverless/serverless.rules.json +33 -0
- package/rulesets/topologies/serverless/serverless.test.rego +28 -0
- package/rulesets/topologies/serverless/serverless.wasm +0 -0
- package/rulesets/topologies/serverless/topology.config.schema.json +28 -0
- package/rulesets/topologies/serverless/topology.manifest.json +114 -0
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
package evolith.engineering_manifesto_test
|
|
2
|
+
|
|
3
|
+
import data.evolith.engineering_manifesto
|
|
4
|
+
|
|
5
|
+
test_compliant_code_has_no_violations {
|
|
6
|
+
violations := engineering_manifesto.violations with input as {
|
|
7
|
+
"classLineCount": 100,
|
|
8
|
+
"classMethodCount": 8,
|
|
9
|
+
"liskovViolations": 0,
|
|
10
|
+
"domainImportsInfrastructure": false,
|
|
11
|
+
"maxCyclomaticComplexity": 10,
|
|
12
|
+
"circularDependencies": false,
|
|
13
|
+
"magicNumbersCount": 0
|
|
14
|
+
}
|
|
15
|
+
count(violations) == 0
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
test_class_exceeding_200_lines_is_violation {
|
|
19
|
+
violations := engineering_manifesto.violations with input as {
|
|
20
|
+
"classLineCount": 250,
|
|
21
|
+
"classMethodCount": 10,
|
|
22
|
+
"liskovViolations": 0,
|
|
23
|
+
"domainImportsInfrastructure": false,
|
|
24
|
+
"maxCyclomaticComplexity": 10,
|
|
25
|
+
"circularDependencies": false,
|
|
26
|
+
"magicNumbersCount": 0
|
|
27
|
+
}
|
|
28
|
+
violations[_].id == "EM-S-01"
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
test_liskov_violations_detected {
|
|
32
|
+
violations := engineering_manifesto.violations with input as {
|
|
33
|
+
"classLineCount": 100,
|
|
34
|
+
"classMethodCount": 8,
|
|
35
|
+
"liskovViolations": 2,
|
|
36
|
+
"domainImportsInfrastructure": false,
|
|
37
|
+
"maxCyclomaticComplexity": 10,
|
|
38
|
+
"circularDependencies": false,
|
|
39
|
+
"magicNumbersCount": 0
|
|
40
|
+
}
|
|
41
|
+
violations[_].id == "EM-S-03"
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
test_domain_imports_infrastructure_is_violation {
|
|
45
|
+
violations := engineering_manifesto.violations with input as {
|
|
46
|
+
"classLineCount": 100,
|
|
47
|
+
"classMethodCount": 8,
|
|
48
|
+
"liskovViolations": 0,
|
|
49
|
+
"domainImportsInfrastructure": true,
|
|
50
|
+
"maxCyclomaticComplexity": 10,
|
|
51
|
+
"circularDependencies": false,
|
|
52
|
+
"magicNumbersCount": 0
|
|
53
|
+
}
|
|
54
|
+
violations[_].id == "EM-S-05"
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
test_cyclomatic_complexity_exceeds_threshold {
|
|
58
|
+
violations := engineering_manifesto.violations with input as {
|
|
59
|
+
"classLineCount": 100,
|
|
60
|
+
"classMethodCount": 8,
|
|
61
|
+
"liskovViolations": 0,
|
|
62
|
+
"domainImportsInfrastructure": false,
|
|
63
|
+
"maxCyclomaticComplexity": 20,
|
|
64
|
+
"circularDependencies": false,
|
|
65
|
+
"magicNumbersCount": 0
|
|
66
|
+
}
|
|
67
|
+
violations[_].id == "EM-K-01"
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
test_god_class_by_line_count {
|
|
71
|
+
violations := engineering_manifesto.violations with input as {
|
|
72
|
+
"classLineCount": 600,
|
|
73
|
+
"classMethodCount": 10,
|
|
74
|
+
"liskovViolations": 0,
|
|
75
|
+
"domainImportsInfrastructure": false,
|
|
76
|
+
"maxCyclomaticComplexity": 10,
|
|
77
|
+
"circularDependencies": false,
|
|
78
|
+
"magicNumbersCount": 0
|
|
79
|
+
}
|
|
80
|
+
violations[_].id == "AP-01"
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
test_god_class_by_method_count {
|
|
84
|
+
violations := engineering_manifesto.violations with input as {
|
|
85
|
+
"classLineCount": 300,
|
|
86
|
+
"classMethodCount": 25,
|
|
87
|
+
"liskovViolations": 0,
|
|
88
|
+
"domainImportsInfrastructure": false,
|
|
89
|
+
"maxCyclomaticComplexity": 10,
|
|
90
|
+
"circularDependencies": false,
|
|
91
|
+
"magicNumbersCount": 0
|
|
92
|
+
}
|
|
93
|
+
violations[_].id == "AP-01"
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
test_circular_dependencies_detected {
|
|
97
|
+
violations := engineering_manifesto.violations with input as {
|
|
98
|
+
"classLineCount": 100,
|
|
99
|
+
"classMethodCount": 8,
|
|
100
|
+
"liskovViolations": 0,
|
|
101
|
+
"domainImportsInfrastructure": false,
|
|
102
|
+
"maxCyclomaticComplexity": 10,
|
|
103
|
+
"circularDependencies": true,
|
|
104
|
+
"magicNumbersCount": 0
|
|
105
|
+
}
|
|
106
|
+
violations[_].id == "AP-02"
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
test_magic_numbers_detected {
|
|
110
|
+
violations := engineering_manifesto.violations with input as {
|
|
111
|
+
"classLineCount": 100,
|
|
112
|
+
"classMethodCount": 8,
|
|
113
|
+
"liskovViolations": 0,
|
|
114
|
+
"domainImportsInfrastructure": false,
|
|
115
|
+
"maxCyclomaticComplexity": 10,
|
|
116
|
+
"circularDependencies": false,
|
|
117
|
+
"magicNumbersCount": 5
|
|
118
|
+
}
|
|
119
|
+
violations[_].id == "AP-05"
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
test_all_violations_detected {
|
|
123
|
+
violations := engineering_manifesto.violations with input as {
|
|
124
|
+
"classLineCount": 600,
|
|
125
|
+
"classMethodCount": 25,
|
|
126
|
+
"liskovViolations": 3,
|
|
127
|
+
"domainImportsInfrastructure": true,
|
|
128
|
+
"maxCyclomaticComplexity": 25,
|
|
129
|
+
"circularDependencies": true,
|
|
130
|
+
"magicNumbersCount": 10
|
|
131
|
+
}
|
|
132
|
+
count(violations) >= 5
|
|
133
|
+
}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
package evolith.evidence
|
|
2
|
+
|
|
3
|
+
# Helper to get all evidence files
|
|
4
|
+
evidence_files := [file | input.core.evidence[file]]
|
|
5
|
+
|
|
6
|
+
violations[{"id": "EVD-01", "message": ".harness/evidence directory not found or empty"}] {
|
|
7
|
+
count(evidence_files) == 0
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
violations[{"id": "EVD-02", "message": ".harness/evidence directory not found or empty"}] {
|
|
11
|
+
count(evidence_files) == 0
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
violations[{"id": "EVD-03", "message": ".harness/evidence directory not found or empty"}] {
|
|
15
|
+
count(evidence_files) == 0
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
violations[{"id": "EVD-04", "message": ".harness/evidence directory not found or empty"}] {
|
|
19
|
+
count(evidence_files) == 0
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
violations[{"id": "EVD-01", "message": msg}] {
|
|
23
|
+
manifest := input.core.evidence[file]
|
|
24
|
+
required := {"id", "source", "generatedAt", "producer"}
|
|
25
|
+
actual := {k | manifest[k]}
|
|
26
|
+
missing := required - actual
|
|
27
|
+
count(missing) > 0
|
|
28
|
+
msg := sprintf("%v missing fields: %v", [file, concat(", ", missing)])
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
violations[{"id": "EVD-01", "message": msg}] {
|
|
32
|
+
manifest := input.core.evidence[file]
|
|
33
|
+
not manifest.evaluatedRules
|
|
34
|
+
not manifest.relatedRuleIds
|
|
35
|
+
not manifest.relatedGateId
|
|
36
|
+
msg := sprintf("%v missing evaluatedRules or relatedGateId", [file])
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
violations[{"id": "EVD-02", "message": msg}] {
|
|
40
|
+
manifest := input.core.evidence[file]
|
|
41
|
+
not manifest.sourceRef
|
|
42
|
+
msg := sprintf("%v missing sourceRef", [file])
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
violations[{"id": "EVD-03", "message": msg}] {
|
|
46
|
+
manifest := input.core.evidence[file]
|
|
47
|
+
required := {"status", "evaluatedRules", "blockingFailures"}
|
|
48
|
+
actual := {k | manifest[k]}
|
|
49
|
+
missing := required - actual
|
|
50
|
+
count(missing) > 0
|
|
51
|
+
msg := sprintf("%v missing fields: %v", [file, concat(", ", missing)])
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
violations[{"id": "EVD-04", "message": msg}] {
|
|
55
|
+
manifest := input.core.evidence[file]
|
|
56
|
+
not manifest.retentionPeriod
|
|
57
|
+
msg := sprintf("%v missing retentionPeriod or owner", [file])
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
violations[{"id": "EVD-04", "message": msg}] {
|
|
61
|
+
manifest := input.core.evidence[file]
|
|
62
|
+
not manifest.owner
|
|
63
|
+
msg := sprintf("%v missing retentionPeriod or owner", [file])
|
|
64
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
package evolith.evidence_test
|
|
2
|
+
|
|
3
|
+
import data.evolith.evidence
|
|
4
|
+
|
|
5
|
+
test_complete_evidence_has_no_violations {
|
|
6
|
+
violations := evidence.violations with input as {"core": {"evidence": {"gate-evidence.json": {"id": "gate-001", "source": "cli", "generatedAt": "2026-06-20", "producer": "evolith-cli", "evaluatedRules": ["MM-R01"], "relatedGateId": "gate-01", "sourceRef": "main", "status": "passed", "blockingFailures": [], "retentionPeriod": "90d", "owner": "architecture-team"}}}}
|
|
7
|
+
count(violations) == 0
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
test_missing_evidence_directory_is_rejected {
|
|
11
|
+
violations := evidence.violations with input as {"core": {"evidence": {}}}
|
|
12
|
+
violations[_].id == "EVD-01"
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
test_evidence_missing_source_ref_is_rejected {
|
|
16
|
+
violations := evidence.violations with input as {"core": {"evidence": {"gate-evidence.json": {"id": "gate-001", "source": "cli", "generatedAt": "2026-06-20", "producer": "evolith-cli", "evaluatedRules": ["MM-R01"], "relatedGateId": "gate-01", "status": "passed", "blockingFailures": [], "retentionPeriod": "90d", "owner": "architecture-team"}}}}
|
|
17
|
+
violations[_].id == "EVD-02"
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
test_evidence_missing_retention_period_is_rejected {
|
|
21
|
+
violations := evidence.violations with input as {"core": {"evidence": {"gate-evidence.json": {"id": "gate-001", "source": "cli", "generatedAt": "2026-06-20", "producer": "evolith-cli", "evaluatedRules": ["MM-R01"], "relatedGateId": "gate-01", "sourceRef": "main", "status": "passed", "blockingFailures": []}}}}
|
|
22
|
+
violations[_].id == "EVD-04"
|
|
23
|
+
}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
package evolith.executive_scorecards
|
|
2
|
+
|
|
3
|
+
violations[{"id": "DORA-01", "message": "Deployment Frequency metric not declared or dashboard required but missing"}] {
|
|
4
|
+
not input.satellite.scorecards.deploymentFrequencyDeclared
|
|
5
|
+
}
|
|
6
|
+
|
|
7
|
+
violations[{"id": "DORA-02", "message": "Lead Time for Changes metric not declared or dashboard required but missing"}] {
|
|
8
|
+
not input.satellite.scorecards.leadTimeDeclared
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
violations[{"id": "DORA-03", "message": "Change Failure Rate metric not declared or dashboard required but missing"}] {
|
|
12
|
+
not input.satellite.scorecards.changeFailureRateDeclared
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
violations[{"id": "DORA-04", "message": "Time to Restore (MTTR) metric not declared or dashboard required but missing"}] {
|
|
16
|
+
not input.satellite.scorecards.timeToRestoreDeclared
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
violations[{"id": "SPACE-01", "message": "Observability infrastructure (traces, logs, metrics) not operational in production"}] {
|
|
20
|
+
not input.satellite.scorecards.observabilityOperational
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
violations[{"id": "SPACE-02", "message": "Satellite performance (P95 latency) not measured or dashboard not linked in scorecards"}] {
|
|
24
|
+
not input.satellite.scorecards.performanceDashboardLinked
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
violations[{"id": "SPACE-03", "message": "Team cognitive load survey not completed or score not recorded in satellite scorecards"}] {
|
|
28
|
+
not input.satellite.scorecards.cognitivLoadSurveyCompleted
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
violations[{"id": "SPACE-04", "message": "Collaboration index (cross-team PRs and shared ADRs) not computed — required for SPACE executive review"}] {
|
|
32
|
+
not input.satellite.scorecards.collaborationIndexComputed
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
violations[{"id": "SPACE-05", "message": "Executive sponsor not assigned or quarterly review not documented"}] {
|
|
36
|
+
not input.satellite.scorecards.executiveSponsorAssigned
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
violations[{"id": "DRIFT-01", "message": "Architecture Drift Index not measured or exceeds 10% threshold"}] {
|
|
40
|
+
input.satellite.scorecards.architectureDriftIndex > 10
|
|
41
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
package evolith.executive_scorecards_test
|
|
2
|
+
|
|
3
|
+
import data.evolith.executive_scorecards
|
|
4
|
+
|
|
5
|
+
compliant_input := {"satellite": {"scorecards": {
|
|
6
|
+
"deploymentFrequencyDeclared": true,
|
|
7
|
+
"leadTimeDeclared": true,
|
|
8
|
+
"changeFailureRateDeclared": true,
|
|
9
|
+
"timeToRestoreDeclared": true,
|
|
10
|
+
"observabilityOperational": true,
|
|
11
|
+
"executiveSponsorAssigned": true,
|
|
12
|
+
"architectureDriftIndex": 5,
|
|
13
|
+
}}}
|
|
14
|
+
|
|
15
|
+
test_compliant_scorecards_has_no_violations {
|
|
16
|
+
violations := executive_scorecards.violations with input as compliant_input
|
|
17
|
+
count(violations) == 0
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
test_missing_deployment_frequency_is_rejected {
|
|
21
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/scorecards/deploymentFrequencyDeclared", "value": false}])
|
|
22
|
+
violations := executive_scorecards.violations with input as i
|
|
23
|
+
violations[_].id == "DORA-01"
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
test_missing_lead_time_is_rejected {
|
|
27
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/scorecards/leadTimeDeclared", "value": false}])
|
|
28
|
+
violations := executive_scorecards.violations with input as i
|
|
29
|
+
violations[_].id == "DORA-02"
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
test_missing_change_failure_rate_is_rejected {
|
|
33
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/scorecards/changeFailureRateDeclared", "value": false}])
|
|
34
|
+
violations := executive_scorecards.violations with input as i
|
|
35
|
+
violations[_].id == "DORA-03"
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
test_missing_time_to_restore_is_rejected {
|
|
39
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/scorecards/timeToRestoreDeclared", "value": false}])
|
|
40
|
+
violations := executive_scorecards.violations with input as i
|
|
41
|
+
violations[_].id == "DORA-04"
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
test_missing_observability_is_rejected {
|
|
45
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/scorecards/observabilityOperational", "value": false}])
|
|
46
|
+
violations := executive_scorecards.violations with input as i
|
|
47
|
+
violations[_].id == "SPACE-01"
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
test_missing_executive_sponsor_is_rejected {
|
|
51
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/scorecards/executiveSponsorAssigned", "value": false}])
|
|
52
|
+
violations := executive_scorecards.violations with input as i
|
|
53
|
+
violations[_].id == "SPACE-05"
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
test_drift_index_exceeding_threshold_is_rejected {
|
|
57
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/scorecards/architectureDriftIndex", "value": 15}])
|
|
58
|
+
violations := executive_scorecards.violations with input as i
|
|
59
|
+
violations[_].id == "DRIFT-01"
|
|
60
|
+
}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
package evolith.gitflow_branching
|
|
2
|
+
|
|
3
|
+
violations[{"id": "GIT-01", "message": "Branch name does not follow pattern: type/ticket-id-description"}] {
|
|
4
|
+
input.satellite.git.branchNameInvalid
|
|
5
|
+
}
|
|
6
|
+
|
|
7
|
+
violations[{"id": "GIT-02", "message": "Direct push to protected branch detected — all changes must come through PRs"}] {
|
|
8
|
+
input.satellite.git.directPushToProtectedBranch
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
violations[{"id": "GIT-03", "message": "PR merged without minimum 1 approved review"}] {
|
|
12
|
+
not input.satellite.git.prHasMinimumReview
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
violations[{"id": "GIT-04", "message": "Release tag does not follow semver format v{major}.{minor}.{patch}"}] {
|
|
16
|
+
input.satellite.git.releaseTagInvalid
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
violations[{"id": "GIT-05", "message": "Feature branches must merge via squash or rebase — merge commits that clutter history with intermediary commits are not allowed on protected branches"}] {
|
|
20
|
+
input.satellite.git.featureBranchMergeNotSquashOrRebase
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
violations[{"id": "GIT-06", "message": "Hotfix branch not following expedited merge path — hotfix/* must merge directly to main and back-merge to develop within the release cycle"}] {
|
|
24
|
+
input.satellite.git.hotfixNotExpeditedPath
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
violations[{"id": "GIT-07", "message": "Stale branch not deleted after merge — branches merged more than 7 days ago must be removed from remote"}] {
|
|
28
|
+
input.satellite.git.hasStaleBranchesAfterMerge
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
violations[{"id": "GIT-08", "message": "Commit message does not follow Conventional Commits format"}] {
|
|
32
|
+
input.satellite.git.commitMessageInvalid
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
violations[{"id": "GIT-09", "message": "Environment promotion does not follow develop→qa→uat→main sequence"}] {
|
|
36
|
+
input.satellite.git.promotionSequenceInvalid
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
violations[{"id": "GIT-10", "message": "PR into qa/uat/main/release/hotfix without minimum 2 approvals"}] {
|
|
40
|
+
not input.satellite.git.higherEnvPrHasTwoApprovals
|
|
41
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
package evolith.gitflow_branching_test
|
|
2
|
+
|
|
3
|
+
import data.evolith.gitflow_branching
|
|
4
|
+
|
|
5
|
+
compliant_input := {"satellite": {"git": {
|
|
6
|
+
"branchNameInvalid": false,
|
|
7
|
+
"directPushToProtectedBranch": false,
|
|
8
|
+
"prHasMinimumReview": true,
|
|
9
|
+
"releaseTagInvalid": false,
|
|
10
|
+
"commitMessageInvalid": false,
|
|
11
|
+
"promotionSequenceInvalid": false,
|
|
12
|
+
"higherEnvPrHasTwoApprovals": true,
|
|
13
|
+
}}}
|
|
14
|
+
|
|
15
|
+
test_compliant_gitflow_has_no_violations {
|
|
16
|
+
violations := gitflow_branching.violations with input as compliant_input
|
|
17
|
+
count(violations) == 0
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
test_invalid_branch_name_is_rejected {
|
|
21
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/git/branchNameInvalid", "value": true}])
|
|
22
|
+
violations := gitflow_branching.violations with input as i
|
|
23
|
+
violations[_].id == "GIT-01"
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
test_direct_push_to_protected_branch_is_rejected {
|
|
27
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/git/directPushToProtectedBranch", "value": true}])
|
|
28
|
+
violations := gitflow_branching.violations with input as i
|
|
29
|
+
violations[_].id == "GIT-02"
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
test_pr_without_review_is_rejected {
|
|
33
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/git/prHasMinimumReview", "value": false}])
|
|
34
|
+
violations := gitflow_branching.violations with input as i
|
|
35
|
+
violations[_].id == "GIT-03"
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
test_invalid_release_tag_is_rejected {
|
|
39
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/git/releaseTagInvalid", "value": true}])
|
|
40
|
+
violations := gitflow_branching.violations with input as i
|
|
41
|
+
violations[_].id == "GIT-04"
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
test_invalid_commit_message_is_rejected {
|
|
45
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/git/commitMessageInvalid", "value": true}])
|
|
46
|
+
violations := gitflow_branching.violations with input as i
|
|
47
|
+
violations[_].id == "GIT-08"
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
test_invalid_promotion_sequence_is_rejected {
|
|
51
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/git/promotionSequenceInvalid", "value": true}])
|
|
52
|
+
violations := gitflow_branching.violations with input as i
|
|
53
|
+
violations[_].id == "GIT-09"
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
test_higher_env_pr_without_two_approvals_is_rejected {
|
|
57
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/git/higherEnvPrHasTwoApprovals", "value": false}])
|
|
58
|
+
violations := gitflow_branching.violations with input as i
|
|
59
|
+
violations[_].id == "GIT-10"
|
|
60
|
+
}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
package evolith.governance
|
|
2
|
+
|
|
3
|
+
violations[{"id": "INH-01", "message": "Satellite contains a rulesets/ directory — inheriting from Core only is required"}] {
|
|
4
|
+
input.satellitePath != input.corePath
|
|
5
|
+
|
|
6
|
+
# Check if "rulesets" is in satellite directories
|
|
7
|
+
dirs := {dir | dir := input.satellite.directories[_]}
|
|
8
|
+
dirs["rulesets"]
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
violations[{"id": "INH-02", "message": "Satellite coreRef.version must be a specific semver — 'latest' or unpinned references are prohibited"}] {
|
|
12
|
+
input.satellitePath != input.corePath
|
|
13
|
+
not input.satellite.contracts.coreVersionPinned
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
violations[{"id": "INH-03", "message": "Satellite governance version cannot be downgraded — downgrade requires Architecture Board exception with --force flag"}] {
|
|
17
|
+
input.satellitePath != input.corePath
|
|
18
|
+
input.satellite.contracts.governanceVersionDowngraded
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
violations[{"id": "INH-04", "message": "Satellite local ADRs must reference Core corpus — DECISIONS.md or local ADR registry with coreRef is required for extension decisions"}] {
|
|
22
|
+
input.satellitePath != input.corePath
|
|
23
|
+
files := {file | file := input.satellite.files[_]}
|
|
24
|
+
not files["DECISIONS.md"]
|
|
25
|
+
not input.satellite.contracts.hasLocalAdrRegistry
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
violations[{"id": "INH-05", "message": "Local ADR promotion to Core requires Architecture Board review artifact — no approval evidence found for this ADR promotion"}] {
|
|
29
|
+
input.satellitePath != input.corePath
|
|
30
|
+
input.satellite.contracts.hasAdrsAwaitingPromotion
|
|
31
|
+
not input.satellite.contracts.hasArchitectureBoardApproval
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
violations[{"id": "INH-06", "message": "Satellite missing DECISIONS.md in root directory"}] {
|
|
35
|
+
input.satellitePath != input.corePath
|
|
36
|
+
|
|
37
|
+
files := {file | file := input.satellite.files[_]}
|
|
38
|
+
not files["DECISIONS.md"]
|
|
39
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
package evolith.governance_test
|
|
2
|
+
|
|
3
|
+
import data.evolith.governance
|
|
4
|
+
|
|
5
|
+
test_satellite_without_rulesets_has_no_violations {
|
|
6
|
+
violations := governance.violations with input as {"satellitePath": "/satellite", "corePath": "/core", "satellite": {"directories": ["src", "docs"], "files": ["DECISIONS.md", "README.md"]}}
|
|
7
|
+
count(violations) == 0
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
test_satellite_with_rulesets_is_rejected {
|
|
11
|
+
violations := governance.violations with input as {"satellitePath": "/satellite", "corePath": "/core", "satellite": {"directories": ["rulesets", "src"], "files": ["DECISIONS.md"]}}
|
|
12
|
+
violations[_].id == "INH-01"
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
test_satellite_missing_decisions_md_is_rejected {
|
|
16
|
+
violations := governance.violations with input as {"satellitePath": "/satellite", "corePath": "/core", "satellite": {"directories": ["src"], "files": ["README.md"]}}
|
|
17
|
+
violations[_].id == "INH-06"
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
test_core_repo_is_exempt_from_inheritance_rules {
|
|
21
|
+
violations := governance.violations with input as {"satellitePath": "/core", "corePath": "/core", "satellite": {"directories": ["rulesets"], "files": []}}
|
|
22
|
+
count(violations) == 0
|
|
23
|
+
}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
package evolith.hexagonal_architecture
|
|
2
|
+
|
|
3
|
+
violations[{"id": "HXA-01", "message": "Core (Domain) layer has framework imports — must be pure TypeScript only"}] {
|
|
4
|
+
input.satellite.layers.core.hasFrameworkImports
|
|
5
|
+
}
|
|
6
|
+
|
|
7
|
+
violations[{"id": "HXA-02", "message": "Application layer has infrastructure imports — may import Core and NestJS DI only"}] {
|
|
8
|
+
input.satellite.layers.application.hasInfrastructureImports
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
violations[{"id": "HXA-03", "message": "Infrastructure layer does not implement Core port interfaces"}] {
|
|
12
|
+
not input.satellite.layers.infrastructure.implementsPorts
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
violations[{"id": "HXA-04", "message": "Dependency direction violated — backward imports detected"}] {
|
|
16
|
+
input.satellite.layers.hasBackwardImports
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
violations[{"id": "HXA-05", "message": "AOP concerns found in Core/Application layers — prohibited"}] {
|
|
20
|
+
input.satellite.layers.core.hasAopDecorators
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
violations[{"id": "HXA-05", "message": "AOP concerns found in Core/Application layers — prohibited"}] {
|
|
24
|
+
input.satellite.layers.application.hasAopDecorators
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
violations[{"id": "HXA-06", "message": "AOP concerns (interceptors, decorators) must be implemented exclusively in Infrastructure layer — not in Core or Application"}] {
|
|
28
|
+
input.satellite.layers.infrastructure.aopNotInInfrastructure
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
violations[{"id": "HXA-07", "message": "Core domain tests require framework bootstrap — must run without framework"}] {
|
|
32
|
+
input.satellite.layers.core.domainTestsRequireBootstrap
|
|
33
|
+
}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
package evolith.hexagonal_architecture_test
|
|
2
|
+
|
|
3
|
+
import data.evolith.hexagonal_architecture
|
|
4
|
+
|
|
5
|
+
compliant_input := {"satellite": {"layers": {
|
|
6
|
+
"core": {"hasFrameworkImports": false, "hasAopDecorators": false, "domainTestsRequireBootstrap": false},
|
|
7
|
+
"application": {"hasInfrastructureImports": false, "hasAopDecorators": false},
|
|
8
|
+
"infrastructure": {"implementsPorts": true},
|
|
9
|
+
"hasBackwardImports": false,
|
|
10
|
+
}}}
|
|
11
|
+
|
|
12
|
+
test_compliant_hexagonal_has_no_violations {
|
|
13
|
+
violations := hexagonal_architecture.violations with input as compliant_input
|
|
14
|
+
count(violations) == 0
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
test_core_framework_imports_is_rejected {
|
|
18
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/layers/core/hasFrameworkImports", "value": true}])
|
|
19
|
+
violations := hexagonal_architecture.violations with input as i
|
|
20
|
+
violations[_].id == "HXA-01"
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
test_application_infrastructure_imports_is_rejected {
|
|
24
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/layers/application/hasInfrastructureImports", "value": true}])
|
|
25
|
+
violations := hexagonal_architecture.violations with input as i
|
|
26
|
+
violations[_].id == "HXA-02"
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
test_infrastructure_not_implementing_ports_is_rejected {
|
|
30
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/layers/infrastructure/implementsPorts", "value": false}])
|
|
31
|
+
violations := hexagonal_architecture.violations with input as i
|
|
32
|
+
violations[_].id == "HXA-03"
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
test_backward_imports_is_rejected {
|
|
36
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/layers/hasBackwardImports", "value": true}])
|
|
37
|
+
violations := hexagonal_architecture.violations with input as i
|
|
38
|
+
violations[_].id == "HXA-04"
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
test_aop_in_core_is_rejected {
|
|
42
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/layers/core/hasAopDecorators", "value": true}])
|
|
43
|
+
violations := hexagonal_architecture.violations with input as i
|
|
44
|
+
violations[_].id == "HXA-05"
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
test_aop_in_application_is_rejected {
|
|
48
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/layers/application/hasAopDecorators", "value": true}])
|
|
49
|
+
violations := hexagonal_architecture.violations with input as i
|
|
50
|
+
violations[_].id == "HXA-05"
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
test_domain_tests_requiring_bootstrap_is_rejected {
|
|
54
|
+
i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/layers/core/domainTestsRequireBootstrap", "value": true}])
|
|
55
|
+
violations := hexagonal_architecture.violations with input as i
|
|
56
|
+
violations[_].id == "HXA-07"
|
|
57
|
+
}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
package evolith.infrastructure.helm
|
|
2
|
+
|
|
3
|
+
import rego.v1
|
|
4
|
+
|
|
5
|
+
# INFRA-001: Helm Charts Over Raw Manifests Enforcement
|
|
6
|
+
# Native counterpart: rulesets/infrastructure/helm-enforcement.rules.json
|
|
7
|
+
# ADR ref: ADR-0076
|
|
8
|
+
|
|
9
|
+
violations contains {"id": "INFRA-001", "message": msg} if {
|
|
10
|
+
file := input.infrastructure.kubernetesFiles[_]
|
|
11
|
+
not contains(file, "Chart.yaml")
|
|
12
|
+
not contains(file, "values.yaml")
|
|
13
|
+
not contains(file, "templates/")
|
|
14
|
+
endswith(file, ".yaml")
|
|
15
|
+
msg := sprintf("Raw Kubernetes manifest detected: %v — wrap in a Helm Chart (Chart.yaml required)", [file])
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
violations contains {"id": "INFRA-001", "message": "No Helm Chart.yaml found in Kubernetes infrastructure directory — all Kubernetes configs must use Helm"} if {
|
|
19
|
+
dirs := {d | d := input.infrastructure.directories[_]}
|
|
20
|
+
dirs["kubernetes"]
|
|
21
|
+
not any_chart_yaml
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
any_chart_yaml if {
|
|
25
|
+
file := input.infrastructure.kubernetesFiles[_]
|
|
26
|
+
contains(file, "Chart.yaml")
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
default allow := false
|
|
30
|
+
|
|
31
|
+
allow if {
|
|
32
|
+
count(violations) == 0
|
|
33
|
+
}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
package evolith.infrastructure.opa_sidecar
|
|
2
|
+
|
|
3
|
+
import rego.v1
|
|
4
|
+
|
|
5
|
+
# INFRA-OPA-001: OPA Sidecar Bundle Integrity
|
|
6
|
+
# Native counterpart: rulesets/infrastructure/opa-sidecar-bundle.rules.json
|
|
7
|
+
|
|
8
|
+
violations contains {"id": "INFRA-OPA-001", "message": msg} if {
|
|
9
|
+
sidecar := input.infrastructure.opaSidecars[_]
|
|
10
|
+
not startswith(sidecar.bundleUrl, "https://")
|
|
11
|
+
msg := sprintf("OPA sidecar '%v' bundle URL must use HTTPS — unauthenticated transport prohibited", [sidecar.name])
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
violations contains {"id": "INFRA-OPA-001", "message": msg} if {
|
|
15
|
+
sidecar := input.infrastructure.opaSidecars[_]
|
|
16
|
+
not sidecar.credentialsFromSecret
|
|
17
|
+
msg := sprintf("OPA sidecar '%v' must source credentials from a Kubernetes Secret, not inline config", [sidecar.name])
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
violations contains {"id": "INFRA-OPA-001", "message": msg} if {
|
|
21
|
+
sidecar := input.infrastructure.opaSidecars[_]
|
|
22
|
+
not sidecar.bundleSignatureVerified
|
|
23
|
+
msg := sprintf("OPA sidecar '%v' does not verify bundle signatures — signed bundle verification is required", [sidecar.name])
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
violations contains {"id": "INFRA-OPA-001", "message": msg} if {
|
|
27
|
+
sidecar := input.infrastructure.opaSidecars[_]
|
|
28
|
+
not sidecar.bundleDigestPinned
|
|
29
|
+
msg := sprintf("OPA sidecar '%v' does not pin expected SHA-256 bundle digest — digest pinning required", [sidecar.name])
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
violations contains {"id": "INFRA-OPA-001", "message": msg} if {
|
|
33
|
+
sidecar := input.infrastructure.opaSidecars[_]
|
|
34
|
+
not sidecar.failClosedOnBundleLoad
|
|
35
|
+
msg := sprintf("OPA sidecar '%v' is not configured to fail-closed if bundle activation fails — readiness probe must block traffic until bundle is active", [sidecar.name])
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
default allow := false
|
|
39
|
+
|
|
40
|
+
allow if {
|
|
41
|
+
count(violations) == 0
|
|
42
|
+
}
|