@evolith/core-domain 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/domain/services/default-workflow-definition.js +1 -1
- package/dist/domain/services/default-workflow-definition.js.map +1 -1
- package/package.json +2 -1
- package/rulesets/README.es.md +170 -0
- package/rulesets/README.md +170 -0
- package/rulesets/acl/README.es.md +41 -0
- package/rulesets/acl/README.md +41 -0
- package/rulesets/acl/anti-corruption-layer.rules.es.json +99 -0
- package/rulesets/acl/anti-corruption-layer.rules.json +99 -0
- package/rulesets/adr/ADR_COVERAGE.es.md +133 -0
- package/rulesets/adr/ADR_COVERAGE.md +133 -0
- package/rulesets/adr/README.es.md +17 -0
- package/rulesets/adr/README.md +17 -0
- package/rulesets/adr/adr-0002-hexagonal-architecture.rules.json +103 -0
- package/rulesets/adr/adr-0005-cicd-quality-gates.rules.json +102 -0
- package/rulesets/adr/adr-0010-multi-tenancy.rules.json +129 -0
- package/rulesets/adr/adr-0018-testing-pyramid.rules.json +115 -0
- package/rulesets/adr/adr-0032-protocol-selection.rules.json +134 -0
- package/rulesets/adr/adr-0040-multi-runtime.rules.json +131 -0
- package/rulesets/adr/adr-0050-gitflow-branching.rules.json +176 -0
- package/rulesets/adr/generated/adr-0001-monorepo-orchestration-principle.rules.json +29 -0
- package/rulesets/adr/generated/adr-0006-microservices-transition-via-sidecar-pattern.rules.json +29 -0
- package/rulesets/adr/generated/adr-0009-strict-dependency-pinning-and-automated-vulnerability-manage.rules.json +29 -0
- package/rulesets/adr/generated/adr-0011-fault-tolerance-and-resiliency-patterns.rules.json +29 -0
- package/rulesets/adr/generated/adr-0013-cloud-infrastructure-topology-and-disaster-recovery-dr.rules.json +28 -0
- package/rulesets/adr/generated/adr-0014-multi-layer-distributed-caching-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0015-event-driven-architecture-eda-for-intra-domain-communication.rules.json +29 -0
- package/rulesets/adr/generated/adr-0016-immutable-business-audit-trail-and-change-tracking.rules.json +29 -0
- package/rulesets/adr/generated/adr-0017-feature-flagging-strategy-for-progressive-delivery.rules.json +28 -0
- package/rulesets/adr/generated/adr-0019-tactical-design-patterns-for-future-proofing.rules.json +29 -0
- package/rulesets/adr/generated/adr-0020-identity-provider-abstraction-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0024-centralized-configuration-feature-platform.rules.json +28 -0
- package/rulesets/adr/generated/adr-0025-feature-flag-provider-abstraction-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0028-self-hosted-open-source-hybrid-infrastructure.rules.json +29 -0
- package/rulesets/adr/generated/adr-0030-two-tier-distributed-gateway-model.rules.json +28 -0
- package/rulesets/adr/generated/adr-0031-schema-per-bounded-context-and-domain-event-catalog.rules.json +29 -0
- package/rulesets/adr/generated/adr-0033-transactional-outbox-pattern-for-async-messaging.rules.json +28 -0
- package/rulesets/adr/generated/adr-0034-cqrs-pattern-application-matrix.rules.json +29 -0
- package/rulesets/adr/generated/adr-0035-distributed-saga-pattern-implementation-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0036-message-bus-delivery-flow-control-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0037-enterprise-performance-concurrency-chaos-verification-strate.rules.json +28 -0
- package/rulesets/adr/generated/adr-0039-deployment-topology-abstraction-environment-switcher.rules.json +29 -0
- package/rulesets/adr/generated/adr-0041-dual-engine-policy-evaluation-native-opa.rules.json +28 -0
- package/rulesets/adr/generated/adr-0044-configurable-security-persistence-strategy-agnosticism-vs-na.rules.json +29 -0
- package/rulesets/adr/generated/adr-0045-microservice-extraction-readiness-criteria.rules.json +29 -0
- package/rulesets/adr/generated/adr-0046-unified-traceability-via-w3c-tracecontext.rules.json +29 -0
- package/rulesets/adr/generated/adr-0047-progressive-architecture-evolution-framework-modular-monolit.rules.json +29 -0
- package/rulesets/adr/generated/adr-0048-enterprise-taxonomy-standardization-and-reference-layout.rules.json +28 -0
- package/rulesets/adr/generated/adr-0049-naming-semantics-clean-code-policy-e2e-and-global.rules.json +29 -0
- package/rulesets/adr/generated/adr-0051-enterprise-database-engine-selection-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0052-unit-testing-isolation-strategy-mocks-vs-stubs.rules.json +29 -0
- package/rulesets/adr/generated/adr-0053-integration-and-e2e-testing-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0054-database-design-and-normalization-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-0055-microfrontends-architecture-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0056-enterprise-naming-design-conventions-multi-language-multi-pl.rules.json +29 -0
- package/rulesets/adr/generated/adr-0057-architecture-intelligence-catalog.rules.json +27 -0
- package/rulesets/adr/generated/adr-0058-ai-consumable-architecture-knowledge.rules.json +27 -0
- package/rulesets/adr/generated/adr-0067-modular-monolith-persistence-boundaries.rules.json +28 -0
- package/rulesets/adr/generated/adr-0068-documentation-release-gitflow.rules.json +29 -0
- package/rulesets/adr/generated/adr-0069-ai-agent-context-protocol-integration.rules.json +28 -0
- package/rulesets/adr/generated/adr-0070-lean-root-repository-taxonomy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0071-domain-layer-base-class-and-inheritance-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0072-utc-date-storage-browser-timezone-detection-and-language-res.rules.json +29 -0
- package/rulesets/adr/generated/adr-0073-unified-cli-mcp-output-contract-and-gate-evidence-schema.rules.json +29 -0
- package/rulesets/adr/generated/adr-0074-evolith-core-api-native-exposure-layer.rules.json +29 -0
- package/rulesets/adr/generated/adr-0075-core-api-authentication-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0076-domain-oriented-microservice-architecture-doma.rules.json +28 -0
- package/rulesets/adr/generated/adr-0077-masstransit-v9-commercial-pivot-stay-on-v8-monitor-opentrans.rules.json +28 -0
- package/rulesets/adr/generated/adr-0078-domain-financial-separation-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0079-multi-topology-reference-corpus-and-topology-manifest-contra.rules.json +29 -0
- package/rulesets/adr/generated/adr-0080-remote-repository-reference-contract.rules.json +29 -0
- package/rulesets/adr/generated/adr-0081-agentic-ai-sandbox-isolation-boundary.rules.json +29 -0
- package/rulesets/adr/generated/adr-0082-agentic-ai-prompt-context-and-tool-trust-boundary.rules.json +28 -0
- package/rulesets/adr/generated/adr-0083-agentic-ai-action-authorization-and-audit.rules.json +29 -0
- package/rulesets/adr/generated/adr-0084-data-mesh-and-data-as-a-product.rules.json +29 -0
- package/rulesets/adr/generated/adr-0085-agnostic-opa-wasm-distribution-architecture.rules.json +28 -0
- package/rulesets/adr/generated/adr-0086-agentic-ai-telemetry-cost-control-standard.rules.json +27 -0
- package/rulesets/adr/generated/adr-0087-attribute-based-access-control-abac-for-agentic-tool-executi.rules.json +29 -0
- package/rulesets/adr/generated/adr-0088-sovereign-identity-for-agentic-ai.rules.json +29 -0
- package/rulesets/adr/generated/adr-0089-event-driven-agentic-workflow-pattern.rules.json +28 -0
- package/rulesets/adr/generated/adr-0090-rag-knowledge-governance-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0091-workload-identity-token-rotation-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0092-agent-infinite-loop-prevention-and-circuit-breaker-rules.rules.json +29 -0
- package/rulesets/adr/generated/adr-0093-concurrency-control-and-resource-locking-standard-for-mcp-to.rules.json +29 -0
- package/rulesets/adr/generated/adr-0094-multi-agent-handoff-and-task-delegation-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-0095-serverless-architecture-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0096-edge-computing-architecture-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0097-knowledge-lifecycle-governance-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0098-rest-uri-versioning-and-deprecation-policy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0099-opa-bundle-distribution-via-s3-minio.rules.json +27 -0
- package/rulesets/adr/generated/adr-ai-augmented-0001-harness-engineering-for-ai-augmented-development.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0002-mcp-integration-protocol-for-agent-tool-invocation.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0003-model-selection-governance-for-ai-augmented-workflows.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0004-agents-md-as-mandatory-repository-artifact.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0005-human-in-the-loop-policy-for-autonomous-agent-operations.rules.json +29 -0
- package/rulesets/adr/generated/adr-android-0042-canonical-android-native-mobile-architecture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0041-canonical-net-c-backend-architecture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0060-net-multi-tenancy-dual-layer-strategy-ef-core-sql-server.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0061-transactional-event-lifecycle-in-ef-core.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0062-net-immutable-audit-trail-via-ddl-triggers-delta-capture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0063-b2b-request-idempotency-middleware-in-asp-net-core.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0064-net-request-scope-observability-context-propagation.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0065-net-pii-safe-structured-logging-pipeline-serilog.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0066-net-lightweight-http-idempotency-via-imemorycache-idistribut.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0069-net-grpc-service-setup-protobuf-contracts.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0070-net-api-endpoint-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0071-net-data-access-strategy-ef-core-as-default-orm-dapper-for-o.rules.json +27 -0
- package/rulesets/adr/generated/adr-dotnet-0072-net-aop-cross-cutting-concern-strategy-dispatchproxy-over-pi.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0003-strict-typescript-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0004-frontend-offline-resilience.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0007-observability-with-opentelemetry-loki-and-jaeger.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0008-progressive-multi-module-evolution-with-api-gateway-and-bff-.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0012-advanced-authorization-rbac-abac-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0021-high-performance-authentication-graph-compilation.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0022-contextual-authentication-and-pluggable-output-projections.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0023-centralized-authorization-core-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0026-adaptive-mfa-and-passwordless-platform.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0027-dual-protocol-api-strategy-rest-grpc.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0029-adoption-of-tactical-ddd-primitives-library.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0038-enterprise-error-handling-result-pattern-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0043-data-access-and-orm-strategy-for-node-js.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0044-frontend-clean-architecture-layer-boundaries-react.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0045-frontend-state-management-zustand-tanstack-query-dual-strate.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0046-prohibition-of-raw-technical-identifiers-in-user-interfaces.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0047-actionable-user-error-contract-and-correlated-diagnostics.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0048-feature-flag-system-scope-and-structured-criteria-model.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0074-monorepo-orchestration-with-nx.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0075-application-gateway-bff-with-nestjs.rules.json +29 -0
- package/rulesets/architecture/README.es.md +21 -0
- package/rulesets/architecture/README.md +21 -0
- package/rulesets/architecture/opa/progressive-axis.rego +50 -0
- package/rulesets/cli/README.es.md +17 -0
- package/rulesets/cli/README.md +17 -0
- package/rulesets/cli/core-parity.rules.json +61 -0
- package/rulesets/cli/release-readiness.rules.json +77 -0
- package/rulesets/compliance-baseline/README.es.md +26 -0
- package/rulesets/compliance-baseline/README.md +26 -0
- package/rulesets/compliance-baseline/compliance-baseline.rules.json +81 -0
- package/rulesets/contracts/README.es.md +19 -0
- package/rulesets/contracts/README.md +19 -0
- package/rulesets/contracts/evolith-machine-contracts.json +29 -0
- package/rulesets/contracts/fixtures/gate-evidence.success.json +10 -0
- package/rulesets/contracts/fixtures/output-envelope.success.json +23 -0
- package/rulesets/cross-cutting/README.es.md +14 -0
- package/rulesets/cross-cutting/README.md +14 -0
- package/rulesets/cross-cutting/compliance-baseline.rules.json +81 -0
- package/rulesets/cross-cutting/definition-of-done.rules.json +135 -0
- package/rulesets/cross-cutting/engineering-manifesto.rules.json +145 -0
- package/rulesets/cross-cutting/repository-taxonomy.rules.json +172 -0
- package/rulesets/definition-of-done/README.es.md +26 -0
- package/rulesets/definition-of-done/README.md +26 -0
- package/rulesets/definition-of-done/definition-of-done.rules.json +135 -0
- package/rulesets/engineering-manifesto/README.es.md +26 -0
- package/rulesets/engineering-manifesto/README.md +26 -0
- package/rulesets/engineering-manifesto/engineering-manifesto.rules.json +145 -0
- package/rulesets/evidence/README.es.md +12 -0
- package/rulesets/evidence/README.md +12 -0
- package/rulesets/evidence/evidence-manifest.rules.json +48 -0
- package/rulesets/executive-scorecards/executive-scorecards.rules.es.json +213 -0
- package/rulesets/executive-scorecards/executive-scorecards.rules.json +213 -0
- package/rulesets/governance/README.es.md +13 -0
- package/rulesets/governance/README.md +13 -0
- package/rulesets/governance/abac-mcp-access.rules.es.json +41 -0
- package/rulesets/governance/abac-mcp-access.rules.json +41 -0
- package/rulesets/governance/executive-scorecards.rules.es.json +213 -0
- package/rulesets/governance/executive-scorecards.rules.json +213 -0
- package/rulesets/governance/inheritance.rules.json +115 -0
- package/rulesets/governance/knowledge-intake.rules.json +18 -0
- package/rulesets/governance/open-core-boundary.rules.es.json +148 -0
- package/rulesets/governance/open-core-boundary.rules.json +148 -0
- package/rulesets/governance/satellite-contracts.rules.json +183 -0
- package/rulesets/infrastructure/helm-enforcement.rules.json +21 -0
- package/rulesets/infrastructure/opa/helm-enforcement.rego +25 -0
- package/rulesets/infrastructure/opa/helm-enforcement.test.rego +31 -0
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.rego +115 -0
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.test.rego +66 -0
- package/rulesets/infrastructure/opa-sidecar-bundle.rules.json +18 -0
- package/rulesets/mcp/README.es.md +12 -0
- package/rulesets/mcp/README.md +12 -0
- package/rulesets/mcp/protocol-compliance.rules.json +57 -0
- package/rulesets/observability/README.es.md +12 -0
- package/rulesets/observability/README.md +12 -0
- package/rulesets/observability/telemetry-evidence.rules.json +48 -0
- package/rulesets/opa/README.es.md +22 -0
- package/rulesets/opa/README.md +22 -0
- package/rulesets/opa/abac-mcp-tool-access.rego +122 -0
- package/rulesets/opa/abac-mcp-tool-access.test.rego +33 -0
- package/rulesets/opa/anti-corruption-layer.rego +39 -0
- package/rulesets/opa/anti-corruption-layer.test.rego +118 -0
- package/rulesets/opa/ci-cd.rego +41 -0
- package/rulesets/opa/ci-cd.test.rego +23 -0
- package/rulesets/opa/cicd-quality-gates.rego +29 -0
- package/rulesets/opa/cicd-quality-gates.test.rego +54 -0
- package/rulesets/opa/cli-core-parity.rego +17 -0
- package/rulesets/opa/cli-core-parity.test.rego +39 -0
- package/rulesets/opa/cli-readiness.rego +32 -0
- package/rulesets/opa/cli-readiness.test.rego +23 -0
- package/rulesets/opa/cli-release-readiness.rego +21 -0
- package/rulesets/opa/cli-release-readiness.test.rego +46 -0
- package/rulesets/opa/compliance-baseline.rego +95 -0
- package/rulesets/opa/compliance-baseline.test.rego +89 -0
- package/rulesets/opa/dod.rego +42 -0
- package/rulesets/opa/dod.test.rego +250 -0
- package/rulesets/opa/engineering-manifesto.rego +78 -0
- package/rulesets/opa/engineering-manifesto.test.rego +133 -0
- package/rulesets/opa/evidence.rego +64 -0
- package/rulesets/opa/evidence.test.rego +23 -0
- package/rulesets/opa/executive-scorecards.rego +41 -0
- package/rulesets/opa/executive-scorecards.test.rego +60 -0
- package/rulesets/opa/gitflow-branching.rego +41 -0
- package/rulesets/opa/gitflow-branching.test.rego +60 -0
- package/rulesets/opa/governance.rego +39 -0
- package/rulesets/opa/governance.test.rego +23 -0
- package/rulesets/opa/hexagonal-architecture.rego +33 -0
- package/rulesets/opa/hexagonal-architecture.test.rego +57 -0
- package/rulesets/opa/infrastructure/helm-enforcement.rego +33 -0
- package/rulesets/opa/infrastructure/opa-sidecar-bundle.rego +42 -0
- package/rulesets/opa/knowledge-intake.rego +98 -0
- package/rulesets/opa/knowledge-intake.test.rego +50 -0
- package/rulesets/opa/main.rego +147 -0
- package/rulesets/opa/main_test.rego +149 -0
- package/rulesets/opa/mcp.rego +61 -0
- package/rulesets/opa/mcp.test.rego +27 -0
- package/rulesets/opa/multi-runtime.rego +33 -0
- package/rulesets/opa/multi-runtime.test.rego +53 -0
- package/rulesets/opa/multi-tenancy.rego +33 -0
- package/rulesets/opa/multi-tenancy.test.rego +53 -0
- package/rulesets/opa/open-core-boundary.rego +33 -0
- package/rulesets/opa/open-core-boundary.test.rego +60 -0
- package/rulesets/opa/protocol-selection.rego +29 -0
- package/rulesets/opa/protocol-selection.test.rego +46 -0
- package/rulesets/opa/rbac/gate-role-enforcement.rego +112 -0
- package/rulesets/opa/repository-taxonomy.rego +98 -0
- package/rulesets/opa/repository-taxonomy.test.rego +91 -0
- package/rulesets/opa/satellite-contracts.rego +42 -0
- package/rulesets/opa/satellite-contracts.test.rego +70 -0
- package/rulesets/opa/schemas/abac-mcp-tool-access.input.schema.json +21 -0
- package/rulesets/opa/schemas/anti-corruption-layer.input.schema.json +25 -0
- package/rulesets/opa/schemas/ci-cd.input.schema.json +27 -0
- package/rulesets/opa/schemas/cicd-quality-gates.input.schema.json +33 -0
- package/rulesets/opa/schemas/cli-core-parity.input.schema.json +30 -0
- package/rulesets/opa/schemas/cli-readiness.input.schema.json +28 -0
- package/rulesets/opa/schemas/cli-release-readiness.input.schema.json +26 -0
- package/rulesets/opa/schemas/compliance-baseline.input.schema.json +25 -0
- package/rulesets/opa/schemas/dod.input.schema.json +38 -0
- package/rulesets/opa/schemas/engineering-manifesto.input.schema.json +24 -0
- package/rulesets/opa/schemas/evidence.input.schema.json +35 -0
- package/rulesets/opa/schemas/executive-scorecards.input.schema.json +36 -0
- package/rulesets/opa/schemas/gitflow-branching.input.schema.json +36 -0
- package/rulesets/opa/schemas/governance.input.schema.json +19 -0
- package/rulesets/opa/schemas/hexagonal-architecture.input.schema.json +46 -0
- package/rulesets/opa/schemas/knowledge-intake.input.schema.json +57 -0
- package/rulesets/opa/schemas/mcp.input.schema.json +38 -0
- package/rulesets/opa/schemas/multi-runtime.input.schema.json +27 -0
- package/rulesets/opa/schemas/multi-tenancy.input.schema.json +27 -0
- package/rulesets/opa/schemas/open-core-boundary.input.schema.json +36 -0
- package/rulesets/opa/schemas/protocol-selection.input.schema.json +26 -0
- package/rulesets/opa/schemas/repository-taxonomy.input.schema.json +18 -0
- package/rulesets/opa/schemas/satellite-contracts.input.schema.json +38 -0
- package/rulesets/opa/schemas/taxonomy.input.schema.json +27 -0
- package/rulesets/opa/schemas/testing-pyramid.input.schema.json +42 -0
- package/rulesets/opa/schemas/version-pinning.input.schema.json +39 -0
- package/rulesets/opa/sdlc/coverage.rego +49 -0
- package/rulesets/opa/sdlc/coverage.test.rego +29 -0
- package/rulesets/opa/sdlc/pyramid-distribution.rego +31 -0
- package/rulesets/opa/sdlc/pyramid-distribution.test.rego +33 -0
- package/rulesets/opa/taxonomy.rego +51 -0
- package/rulesets/opa/taxonomy.test.rego +28 -0
- package/rulesets/opa/telemetry-evidence.rego +102 -0
- package/rulesets/opa/testing-pyramid.rego +49 -0
- package/rulesets/opa/testing-pyramid.test.rego +81 -0
- package/rulesets/opa/version-pinning.rego +99 -0
- package/rulesets/opa/version-pinning.test.rego +28 -0
- package/rulesets/phase-gates/README.es.md +28 -0
- package/rulesets/phase-gates/README.md +28 -0
- package/rulesets/phase-gates/phase-gates.rules.json +297 -0
- package/rulesets/quality-thresholds/README.es.md +28 -0
- package/rulesets/quality-thresholds/README.md +28 -0
- package/rulesets/quality-thresholds/quality-thresholds.rules.json +96 -0
- package/rulesets/repository-taxonomy/README.es.md +26 -0
- package/rulesets/repository-taxonomy/README.md +26 -0
- package/rulesets/repository-taxonomy/repository-taxonomy.rules.json +172 -0
- package/rulesets/satellite-contracts/README.es.md +27 -0
- package/rulesets/satellite-contracts/README.md +27 -0
- package/rulesets/satellite-contracts/satellite-contracts.rules.json +183 -0
- package/rulesets/schema/README.es.md +39 -0
- package/rulesets/schema/README.md +39 -0
- package/rulesets/schema/adr.schema.json +138 -0
- package/rulesets/schema/agile-backlog.schema.json +91 -0
- package/rulesets/schema/ballpark-estimation.schema.json +109 -0
- package/rulesets/schema/build-vs-compose.schema.json +98 -0
- package/rulesets/schema/cli-impact-analysis.schema.json +114 -0
- package/rulesets/schema/discovery-canvas.schema.json +92 -0
- package/rulesets/schema/evolith-user-story.schema.json +105 -0
- package/rulesets/schema/evolith-yaml.schema.json +191 -0
- package/rulesets/schema/functional-story.schema.json +111 -0
- package/rulesets/schema/gate-evidence.schema.json +85 -0
- package/rulesets/schema/integration-evidence.schema.json +47 -0
- package/rulesets/schema/knowledge-intake.schema.json +67 -0
- package/rulesets/schema/knowledge-projection.schema.json +24 -0
- package/rulesets/schema/maturity-evidence.schema.json +59 -0
- package/rulesets/schema/observability-validation.schema.json +85 -0
- package/rulesets/schema/on-call-handoff.schema.json +91 -0
- package/rulesets/schema/output-envelope.schema.json +102 -0
- package/rulesets/schema/prd.schema.json +117 -0
- package/rulesets/schema/release-notes.schema.json +138 -0
- package/rulesets/schema/rollback-rehearsal.schema.json +73 -0
- package/rulesets/schema/ruleset-sdlc.schema.json +59 -0
- package/rulesets/schema/ruleset-standard.schema.json +73 -0
- package/rulesets/schema/security-scan-report.schema.json +79 -0
- package/rulesets/schema/source-registry.schema.json +51 -0
- package/rulesets/schema/technical-feasibility.schema.json +66 -0
- package/rulesets/schema/technical-story.schema.json +112 -0
- package/rulesets/schema/test-summary-report.schema.json +158 -0
- package/rulesets/schema/topology-composition.schema.json +43 -0
- package/rulesets/schema/topology-manifest.schema.json +421 -0
- package/rulesets/sdlc/README.es.md +12 -0
- package/rulesets/sdlc/README.md +12 -0
- package/rulesets/sdlc/default-workflow.yaml +73 -0
- package/rulesets/sdlc/dependency-pinning.rules.json +183 -0
- package/rulesets/sdlc/phase-gates.rules.json +297 -0
- package/rulesets/sdlc/quality-thresholds.rules.json +96 -0
- package/rulesets/topologies/README.es.md +42 -0
- package/rulesets/topologies/README.md +42 -0
- package/rulesets/topologies/agentic-ai/README.es.md +142 -0
- package/rulesets/topologies/agentic-ai/README.md +142 -0
- package/rulesets/topologies/agentic-ai/adoption.es.md +37 -0
- package/rulesets/topologies/agentic-ai/adoption.md +37 -0
- package/rulesets/topologies/agentic-ai/agent.config.schema.json +100 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.rego +46 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.rules.json +109 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.test.rego +68 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.wasm +0 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.es.md +35 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.md +45 -0
- package/rulesets/topologies/agentic-ai/evidence.es.md +25 -0
- package/rulesets/topologies/agentic-ai/evidence.md +25 -0
- package/rulesets/topologies/agentic-ai/evolution.es.md +26 -0
- package/rulesets/topologies/agentic-ai/evolution.md +26 -0
- package/rulesets/topologies/agentic-ai/fixtures/invalid-agent.config.json +48 -0
- package/rulesets/topologies/agentic-ai/fixtures/valid-agent.config.json +48 -0
- package/rulesets/topologies/agentic-ai/maturity.es.md +33 -0
- package/rulesets/topologies/agentic-ai/maturity.md +33 -0
- package/rulesets/topologies/agentic-ai/mcp/mcp-manifest.json +100 -0
- package/rulesets/topologies/agentic-ai/openapi/openapi.yaml +187 -0
- package/rulesets/topologies/agentic-ai/operations.es.md +32 -0
- package/rulesets/topologies/agentic-ai/operations.md +32 -0
- package/rulesets/topologies/agentic-ai/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/agentic-ai/parity-fixtures/violation.json +22 -0
- package/rulesets/topologies/agentic-ai/patterns.es.md +32 -0
- package/rulesets/topologies/agentic-ai/patterns.md +32 -0
- package/rulesets/topologies/agentic-ai/resilience.es.md +26 -0
- package/rulesets/topologies/agentic-ai/resilience.md +26 -0
- package/rulesets/topologies/agentic-ai/runbooks.es.md +48 -0
- package/rulesets/topologies/agentic-ai/runbooks.md +48 -0
- package/rulesets/topologies/agentic-ai/security.es.md +26 -0
- package/rulesets/topologies/agentic-ai/security.md +26 -0
- package/rulesets/topologies/agentic-ai/topology.manifest.json +127 -0
- package/rulesets/topologies/data-mesh/README.es.md +69 -0
- package/rulesets/topologies/data-mesh/README.md +69 -0
- package/rulesets/topologies/data-mesh/adoption.es.md +95 -0
- package/rulesets/topologies/data-mesh/adoption.md +95 -0
- package/rulesets/topologies/data-mesh/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/data-mesh/cli/cli-flows.md +53 -0
- package/rulesets/topologies/data-mesh/data-mesh.rego +11 -0
- package/rulesets/topologies/data-mesh/data-mesh.rules.json +100 -0
- package/rulesets/topologies/data-mesh/data-mesh.test.rego +107 -0
- package/rulesets/topologies/data-mesh/data-mesh.wasm +0 -0
- package/rulesets/topologies/data-mesh/evidence.es.md +111 -0
- package/rulesets/topologies/data-mesh/evidence.md +111 -0
- package/rulesets/topologies/data-mesh/evolution.es.md +67 -0
- package/rulesets/topologies/data-mesh/evolution.md +67 -0
- package/rulesets/topologies/data-mesh/fixtures/invalid.topology.config.json +12 -0
- package/rulesets/topologies/data-mesh/fixtures/valid.topology.config.json +12 -0
- package/rulesets/topologies/data-mesh/maturity.es.md +36 -0
- package/rulesets/topologies/data-mesh/maturity.md +36 -0
- package/rulesets/topologies/data-mesh/mcp/mcp-manifest.json +68 -0
- package/rulesets/topologies/data-mesh/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/data-mesh/operations.es.md +63 -0
- package/rulesets/topologies/data-mesh/operations.md +63 -0
- package/rulesets/topologies/data-mesh/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/data-mesh/parity-fixtures/violation.json +21 -0
- package/rulesets/topologies/data-mesh/patterns.es.md +67 -0
- package/rulesets/topologies/data-mesh/patterns.md +67 -0
- package/rulesets/topologies/data-mesh/resilience.es.md +64 -0
- package/rulesets/topologies/data-mesh/resilience.md +64 -0
- package/rulesets/topologies/data-mesh/runbooks.es.md +147 -0
- package/rulesets/topologies/data-mesh/runbooks.md +147 -0
- package/rulesets/topologies/data-mesh/security.es.md +66 -0
- package/rulesets/topologies/data-mesh/security.md +66 -0
- package/rulesets/topologies/data-mesh/topology.config.schema.json +30 -0
- package/rulesets/topologies/data-mesh/topology.manifest.json +107 -0
- package/rulesets/topologies/edge-computing/README.es.md +81 -0
- package/rulesets/topologies/edge-computing/README.md +81 -0
- package/rulesets/topologies/edge-computing/adoption.es.md +268 -0
- package/rulesets/topologies/edge-computing/adoption.md +268 -0
- package/rulesets/topologies/edge-computing/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/edge-computing/cli/cli-flows.md +53 -0
- package/rulesets/topologies/edge-computing/edge-computing.rego +41 -0
- package/rulesets/topologies/edge-computing/edge-computing.rules.json +50 -0
- package/rulesets/topologies/edge-computing/edge-computing.test.rego +33 -0
- package/rulesets/topologies/edge-computing/edge-computing.wasm +0 -0
- package/rulesets/topologies/edge-computing/evidence.es.md +263 -0
- package/rulesets/topologies/edge-computing/evidence.md +263 -0
- package/rulesets/topologies/edge-computing/evolution.es.md +257 -0
- package/rulesets/topologies/edge-computing/evolution.md +257 -0
- package/rulesets/topologies/edge-computing/fixtures/invalid.topology.config.json +6 -0
- package/rulesets/topologies/edge-computing/fixtures/valid.topology.config.json +6 -0
- package/rulesets/topologies/edge-computing/maturity.es.md +36 -0
- package/rulesets/topologies/edge-computing/maturity.md +36 -0
- package/rulesets/topologies/edge-computing/mcp/mcp-manifest.json +72 -0
- package/rulesets/topologies/edge-computing/openapi/openapi.yaml +187 -0
- package/rulesets/topologies/edge-computing/operations.es.md +148 -0
- package/rulesets/topologies/edge-computing/operations.md +148 -0
- package/rulesets/topologies/edge-computing/parity-fixtures/compliant.json +12 -0
- package/rulesets/topologies/edge-computing/parity-fixtures/violation.json +13 -0
- package/rulesets/topologies/edge-computing/patterns.es.md +291 -0
- package/rulesets/topologies/edge-computing/patterns.md +290 -0
- package/rulesets/topologies/edge-computing/resilience.es.md +232 -0
- package/rulesets/topologies/edge-computing/resilience.md +229 -0
- package/rulesets/topologies/edge-computing/runbooks.es.md +405 -0
- package/rulesets/topologies/edge-computing/runbooks.md +405 -0
- package/rulesets/topologies/edge-computing/security.es.md +218 -0
- package/rulesets/topologies/edge-computing/security.md +218 -0
- package/rulesets/topologies/edge-computing/topology.config.schema.json +13 -0
- package/rulesets/topologies/edge-computing/topology.manifest.json +113 -0
- package/rulesets/topologies/event-driven/README.es.md +71 -0
- package/rulesets/topologies/event-driven/README.md +71 -0
- package/rulesets/topologies/event-driven/adoption.es.md +67 -0
- package/rulesets/topologies/event-driven/adoption.md +67 -0
- package/rulesets/topologies/event-driven/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/event-driven/cli/cli-flows.md +53 -0
- package/rulesets/topologies/event-driven/event-driven.rego +11 -0
- package/rulesets/topologies/event-driven/event-driven.rules.json +100 -0
- package/rulesets/topologies/event-driven/event-driven.test.rego +107 -0
- package/rulesets/topologies/event-driven/event-driven.wasm +0 -0
- package/rulesets/topologies/event-driven/evidence.es.md +69 -0
- package/rulesets/topologies/event-driven/evidence.md +69 -0
- package/rulesets/topologies/event-driven/evolution.es.md +59 -0
- package/rulesets/topologies/event-driven/evolution.md +59 -0
- package/rulesets/topologies/event-driven/fixtures/invalid.topology.config.json +12 -0
- package/rulesets/topologies/event-driven/fixtures/valid.topology.config.json +12 -0
- package/rulesets/topologies/event-driven/maturity.es.md +36 -0
- package/rulesets/topologies/event-driven/maturity.md +36 -0
- package/rulesets/topologies/event-driven/mcp/mcp-manifest.json +68 -0
- package/rulesets/topologies/event-driven/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/event-driven/operations.es.md +67 -0
- package/rulesets/topologies/event-driven/operations.md +67 -0
- package/rulesets/topologies/event-driven/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/event-driven/parity-fixtures/violation.json +21 -0
- package/rulesets/topologies/event-driven/patterns.es.md +68 -0
- package/rulesets/topologies/event-driven/patterns.md +68 -0
- package/rulesets/topologies/event-driven/resilience.es.md +65 -0
- package/rulesets/topologies/event-driven/resilience.md +65 -0
- package/rulesets/topologies/event-driven/runbooks.es.md +79 -0
- package/rulesets/topologies/event-driven/runbooks.md +79 -0
- package/rulesets/topologies/event-driven/security.es.md +59 -0
- package/rulesets/topologies/event-driven/security.md +59 -0
- package/rulesets/topologies/event-driven/topology.config.schema.json +30 -0
- package/rulesets/topologies/event-driven/topology.manifest.json +109 -0
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.es.json +111 -0
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.json +111 -0
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.es.json +106 -0
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.json +106 -0
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.es.json +148 -0
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.json +148 -0
- package/rulesets/topologies/serverless/README.es.md +74 -0
- package/rulesets/topologies/serverless/README.md +74 -0
- package/rulesets/topologies/serverless/adoption.es.md +50 -0
- package/rulesets/topologies/serverless/adoption.md +50 -0
- package/rulesets/topologies/serverless/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/serverless/cli/cli-flows.md +53 -0
- package/rulesets/topologies/serverless/evidence.es.md +66 -0
- package/rulesets/topologies/serverless/evidence.md +66 -0
- package/rulesets/topologies/serverless/evolution.es.md +36 -0
- package/rulesets/topologies/serverless/evolution.md +36 -0
- package/rulesets/topologies/serverless/fixtures/invalid.topology.config.json +6 -0
- package/rulesets/topologies/serverless/fixtures/valid.topology.config.json +6 -0
- package/rulesets/topologies/serverless/maturity.es.md +36 -0
- package/rulesets/topologies/serverless/maturity.md +36 -0
- package/rulesets/topologies/serverless/mcp/mcp-manifest.json +72 -0
- package/rulesets/topologies/serverless/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/serverless/operations.es.md +36 -0
- package/rulesets/topologies/serverless/operations.md +36 -0
- package/rulesets/topologies/serverless/parity-fixtures/compliant.json +13 -0
- package/rulesets/topologies/serverless/parity-fixtures/violation.json +15 -0
- package/rulesets/topologies/serverless/patterns.es.md +36 -0
- package/rulesets/topologies/serverless/patterns.md +36 -0
- package/rulesets/topologies/serverless/resilience.es.md +36 -0
- package/rulesets/topologies/serverless/resilience.md +36 -0
- package/rulesets/topologies/serverless/runbooks.es.md +68 -0
- package/rulesets/topologies/serverless/runbooks.md +68 -0
- package/rulesets/topologies/serverless/security.es.md +36 -0
- package/rulesets/topologies/serverless/security.md +36 -0
- package/rulesets/topologies/serverless/serverless.rego +32 -0
- package/rulesets/topologies/serverless/serverless.rules.json +33 -0
- package/rulesets/topologies/serverless/serverless.test.rego +28 -0
- package/rulesets/topologies/serverless/serverless.wasm +0 -0
- package/rulesets/topologies/serverless/topology.config.schema.json +28 -0
- package/rulesets/topologies/serverless/topology.manifest.json +114 -0
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
package evolith.version_pinning
|
|
2
|
+
|
|
3
|
+
# Define a set of violations.
|
|
4
|
+
# A violation is an object with a rule `id` and a `message`.
|
|
5
|
+
violations[{"id": "DEP-01", "message": msg}] {
|
|
6
|
+
# Check satellite package.json
|
|
7
|
+
deps := input.satellite.packageJson.dependencies
|
|
8
|
+
some pkg
|
|
9
|
+
version := deps[pkg]
|
|
10
|
+
startswith(version, "^")
|
|
11
|
+
msg := sprintf("package.json#dependencies.%v=%v (Caret pinning not allowed)", [pkg, version])
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
violations[{"id": "DEP-02", "message": msg}] {
|
|
15
|
+
deps := input.satellite.packageJson.dependencies
|
|
16
|
+
some pkg
|
|
17
|
+
version := deps[pkg]
|
|
18
|
+
startswith(version, "~")
|
|
19
|
+
msg := sprintf("package.json#dependencies.%v=%v (Tilde pinning not allowed)", [pkg, version])
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
violations[{"id": "DEP-03", "message": msg}] {
|
|
23
|
+
deps := input.satellite.packageJson.dependencies
|
|
24
|
+
some pkg
|
|
25
|
+
version := deps[pkg]
|
|
26
|
+
disallowed := {"*", "latest", "x", "X", ""}
|
|
27
|
+
disallowed[version]
|
|
28
|
+
msg := sprintf("package.json#dependencies.%v=%v (Wildcard/Latest pinning not allowed)", [pkg, version])
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
# Also check devDependencies
|
|
32
|
+
violations[{"id": "DEP-01", "message": msg}] {
|
|
33
|
+
deps := input.satellite.packageJson.devDependencies
|
|
34
|
+
some pkg
|
|
35
|
+
version := deps[pkg]
|
|
36
|
+
startswith(version, "^")
|
|
37
|
+
msg := sprintf("package.json#devDependencies.%v=%v (Caret pinning not allowed)", [pkg, version])
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
violations[{"id": "DEP-02", "message": msg}] {
|
|
41
|
+
deps := input.satellite.packageJson.devDependencies
|
|
42
|
+
some pkg
|
|
43
|
+
version := deps[pkg]
|
|
44
|
+
startswith(version, "~")
|
|
45
|
+
msg := sprintf("package.json#devDependencies.%v=%v (Tilde pinning not allowed)", [pkg, version])
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
violations[{"id": "DEP-03", "message": msg}] {
|
|
49
|
+
deps := input.satellite.packageJson.devDependencies
|
|
50
|
+
some pkg
|
|
51
|
+
version := deps[pkg]
|
|
52
|
+
disallowed := {"*", "latest", "x", "X", ""}
|
|
53
|
+
disallowed[version]
|
|
54
|
+
msg := sprintf("package.json#devDependencies.%v=%v (Wildcard/Latest pinning not allowed)", [pkg, version])
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
# DEP-10 applies to all packages in the workspace
|
|
58
|
+
violations[{"id": "DEP-10", "message": msg}] {
|
|
59
|
+
ws := input.satellite.workspacePackageJsons[_]
|
|
60
|
+
deps := ws.content.dependencies
|
|
61
|
+
some pkg
|
|
62
|
+
version := deps[pkg]
|
|
63
|
+
startswith(version, "^")
|
|
64
|
+
msg := sprintf("%v#dependencies.%v=%v", [ws.path, pkg, version])
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
violations[{"id": "DEP-10", "message": msg}] {
|
|
68
|
+
ws := input.satellite.workspacePackageJsons[_]
|
|
69
|
+
deps := ws.content.devDependencies
|
|
70
|
+
some pkg
|
|
71
|
+
version := deps[pkg]
|
|
72
|
+
startswith(version, "^")
|
|
73
|
+
msg := sprintf("%v#devDependencies.%v=%v", [ws.path, pkg, version])
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
violations[{"id": "DEP-10", "message": msg}] {
|
|
77
|
+
ws := input.satellite.workspacePackageJsons[_]
|
|
78
|
+
deps := ws.content.dependencies
|
|
79
|
+
some pkg
|
|
80
|
+
version := deps[pkg]
|
|
81
|
+
startswith(version, "~")
|
|
82
|
+
msg := sprintf("%v#dependencies.%v=%v", [ws.path, pkg, version])
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
violations[{"id": "DEP-10", "message": msg}] {
|
|
86
|
+
ws := input.satellite.workspacePackageJsons[_]
|
|
87
|
+
deps := ws.content.devDependencies
|
|
88
|
+
some pkg
|
|
89
|
+
version := deps[pkg]
|
|
90
|
+
startswith(version, "~")
|
|
91
|
+
msg := sprintf("%v#devDependencies.%v=%v", [ws.path, pkg, version])
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
violations[{"id": "DEP-08", "message": msg}] {
|
|
95
|
+
overrides := input.satellite.packageJson.overrides
|
|
96
|
+
count(overrides) > 0
|
|
97
|
+
not input.satellite.overridesRationaleDocumented
|
|
98
|
+
msg := sprintf("package.json 'overrides' section has %d entries without a companion overrides-rationale.json — each override must document the CVE or compatibility reason", [count(overrides)])
|
|
99
|
+
}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
package evolith.version_pinning_test
|
|
2
|
+
|
|
3
|
+
import data.evolith.version_pinning
|
|
4
|
+
|
|
5
|
+
test_no_pinning_violations_for_exact_versions {
|
|
6
|
+
violations := version_pinning.violations with input as {"satellite": {"packageJson": {"dependencies": {"express": "4.18.2"}, "devDependencies": {}}, "workspacePackageJsons": []}}
|
|
7
|
+
count(violations) == 0
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
test_caret_pinning_in_dependencies_is_rejected {
|
|
11
|
+
violations := version_pinning.violations with input as {"satellite": {"packageJson": {"dependencies": {"express": "^4.18.2"}, "devDependencies": {}}, "workspacePackageJsons": []}}
|
|
12
|
+
violations[_].id == "DEP-01"
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
test_tilde_pinning_in_dev_dependencies_is_rejected {
|
|
16
|
+
violations := version_pinning.violations with input as {"satellite": {"packageJson": {"dependencies": {}, "devDependencies": {"mocha": "~10.0.0"}}, "workspacePackageJsons": []}}
|
|
17
|
+
violations[_].id == "DEP-02"
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
test_wildcard_pinning_is_rejected {
|
|
21
|
+
violations := version_pinning.violations with input as {"satellite": {"packageJson": {"dependencies": {"lodash": "*"}, "devDependencies": {}}, "workspacePackageJsons": []}}
|
|
22
|
+
violations[_].id == "DEP-03"
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
test_workspace_caret_pinning_is_rejected {
|
|
26
|
+
violations := version_pinning.violations with input as {"satellite": {"packageJson": {"dependencies": {}, "devDependencies": {}}, "workspacePackageJsons": [{"path": "packages/foo", "content": {"dependencies": {"react": "^18.0.0"}, "devDependencies": {}}}]}}
|
|
27
|
+
violations[_].id == "DEP-10"
|
|
28
|
+
}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Ruleset de Gates de Fase
|
|
2
|
+
|
|
3
|
+
> **Bilingual navigation:** [English version](./README.md)
|
|
4
|
+
|
|
5
|
+
Punto de entrada WS1 canonico para el contrato de phase gates del SDLC Evolith.
|
|
6
|
+
|
|
7
|
+
## Proposito
|
|
8
|
+
|
|
9
|
+
El ruleset de gates de fase define la evidencia obligatoria, criterios bloqueantes, roles responsables, autoridades de waiver y campos de waiver requeridos para salir de cada fase SDLC de Evolith. Este punto de entrada mantiene estable la ruta de auditoria WS1 mientras conserva el indice de la categoria SDLC.
|
|
10
|
+
|
|
11
|
+
## Artefactos
|
|
12
|
+
|
|
13
|
+
| Artefacto | Ruta | Proposito |
|
|
14
|
+
|---|---|---|
|
|
15
|
+
| Ruleset nativo | [phase-gates.rules.json](./phase-gates.rules.json) | Contrato machine-readable de gates de fase SDLC |
|
|
16
|
+
| Fuente de categoria SDLC | [../sdlc/phase-gates.rules.json](../sdlc/phase-gates.rules.json) | Contrato existente de la categoria SDLC conservado por compatibilidad |
|
|
17
|
+
| Politica OPA | [../opa/cicd-quality-gates.rego](../opa/cicd-quality-gates.rego) | Enforcement Rego para controles de quality gates CI/CD |
|
|
18
|
+
| Pruebas OPA | [../opa/cicd-quality-gates.test.rego](../opa/cicd-quality-gates.test.rego) | Pruebas reproducibles de politica para controles de quality gates |
|
|
19
|
+
|
|
20
|
+
## Validacion
|
|
21
|
+
|
|
22
|
+
Ejecuta los checks focalizados Native y OPA:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
node --test .harness/scripts/run-evolith-intelligent-data-audit.test.mjs
|
|
26
|
+
npx jest --config packages/core-domain/jest.config.js --rootDir packages/core-domain --testPathPatterns='ruleset-validation.mode' --no-coverage
|
|
27
|
+
.harness/bin/opa test rulesets/opa/cicd-quality-gates.rego rulesets/opa/cicd-quality-gates.test.rego -v
|
|
28
|
+
```
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Phase Gates Ruleset
|
|
2
|
+
|
|
3
|
+
> **Navegación bilingüe:** [Versión en Español](./README.es.md)
|
|
4
|
+
|
|
5
|
+
Canonical WS1 entrypoint for the Evolith SDLC phase-gate contract.
|
|
6
|
+
|
|
7
|
+
## Purpose
|
|
8
|
+
|
|
9
|
+
The phase-gates ruleset defines the mandatory evidence, blocking criteria, accountable roles, waiver authorities, and waiver fields required to exit each Evolith SDLC phase. This entrypoint keeps the WS1 audit path stable while preserving the SDLC category index.
|
|
10
|
+
|
|
11
|
+
## Artifacts
|
|
12
|
+
|
|
13
|
+
| Artifact | Path | Purpose |
|
|
14
|
+
|---|---|---|
|
|
15
|
+
| Native ruleset | [phase-gates.rules.json](./phase-gates.rules.json) | Machine-readable SDLC phase-gate contract |
|
|
16
|
+
| SDLC category source | [../sdlc/phase-gates.rules.json](../sdlc/phase-gates.rules.json) | Existing SDLC category contract retained for backward compatibility |
|
|
17
|
+
| OPA policy | [../opa/cicd-quality-gates.rego](../opa/cicd-quality-gates.rego) | Rego enforcement for CI/CD quality-gate controls |
|
|
18
|
+
| OPA tests | [../opa/cicd-quality-gates.test.rego](../opa/cicd-quality-gates.test.rego) | Reproducible policy tests for quality-gate controls |
|
|
19
|
+
|
|
20
|
+
## Validation
|
|
21
|
+
|
|
22
|
+
Run the focused Native and OPA checks:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
node --test .harness/scripts/run-evolith-intelligent-data-audit.test.mjs
|
|
26
|
+
npx jest --config packages/core-domain/jest.config.js --rootDir packages/core-domain --testPathPatterns='ruleset-validation.mode' --no-coverage
|
|
27
|
+
.harness/bin/opa test rulesets/opa/cicd-quality-gates.rego rulesets/opa/cicd-quality-gates.test.rego -v
|
|
28
|
+
```
|
|
@@ -0,0 +1,297 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../schema/ruleset-sdlc.schema.json",
|
|
3
|
+
"$id": "https://evolith.dev/rulesets/phase-gates/phase-gates.rules.json",
|
|
4
|
+
"title": "SDLC Phase Gate Rules",
|
|
5
|
+
"description": "Canonical phase exit gate criteria for the Evolith 5-phase SDLC. Each gate requires objective evidence; manual confidence cannot override a failed gate.",
|
|
6
|
+
"version": "1.0.0",
|
|
7
|
+
"effectiveDate": "2026-01-01",
|
|
8
|
+
"gates": [
|
|
9
|
+
{
|
|
10
|
+
"phase": 1,
|
|
11
|
+
"name": "Business Sign-Off",
|
|
12
|
+
"description": "Scope frozen; funding authorized; architectural constraints aligned.",
|
|
13
|
+
"playbookRef": "../../reference/governance/sdlc/01-playbooks/phase-1-business-signoff.md",
|
|
14
|
+
"mandatoryEvidence": [
|
|
15
|
+
{
|
|
16
|
+
"artifact": "PRD",
|
|
17
|
+
"schemaRef": "../schema/prd.schema.json",
|
|
18
|
+
"status": "Approved",
|
|
19
|
+
"validation": "PRD status = Approved AND approvalEvidence present AND date filled"
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"artifact": "Discovery Canvas",
|
|
23
|
+
"validation": "Initiative registered with customer pain points and expected value"
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
"artifact": "Technical Feasibility Canvas",
|
|
27
|
+
"schemaRef": "../schema/technical-feasibility.schema.json",
|
|
28
|
+
"validation": "Technical feasibility and quality attributes documented with NFRs"
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"artifact": "Ballpark Estimation",
|
|
32
|
+
"validation": "T-Shirt sizing completed with team composition"
|
|
33
|
+
},
|
|
34
|
+
{
|
|
35
|
+
"artifact": "MoSCoW Prioritization Matrix",
|
|
36
|
+
"validation": "MoSCoW analysis completed for Phase 0 with at least one MUST item and valid priority distribution"
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
"artifact": "Build-versus-Compose Analysis",
|
|
40
|
+
"schemaRef": "../schema/build-vs-compose.schema.json",
|
|
41
|
+
"validation": "Discovery evaluated open-source/free-tier/commercial alternatives with a governed Adopt/Embed/Integrate/Extend/Build/Reject disposition, three-year cost, licensing, tenant isolation, provider replaceability, and PoC requirements; native development requires explicit justification (Product Vision §5.3)"
|
|
42
|
+
}
|
|
43
|
+
],
|
|
44
|
+
"blockingCriteria": [
|
|
45
|
+
{
|
|
46
|
+
"criterion": "Scope is ambiguous",
|
|
47
|
+
"action": "BLOCK — return to Phase 1"
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
"criterion": "Technical constraints or cloud quotas are unaligned",
|
|
51
|
+
"action": "BLOCK — return to Phase 1"
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"criterion": "Architecture constraints are ignored",
|
|
55
|
+
"action": "BLOCK — return to Phase 1"
|
|
56
|
+
}
|
|
57
|
+
],
|
|
58
|
+
"accountableRole": "Product Owner",
|
|
59
|
+
"waiverAuthority": "Executive Sponsor",
|
|
60
|
+
"waiverRequiredFields": [
|
|
61
|
+
"criterion",
|
|
62
|
+
"justification",
|
|
63
|
+
"risk",
|
|
64
|
+
"owner",
|
|
65
|
+
"expirationDate",
|
|
66
|
+
"mitigationPlan"
|
|
67
|
+
]
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
"phase": 2,
|
|
71
|
+
"name": "Design Baseline Approved",
|
|
72
|
+
"description": "Architecture decisions are documented; bounded contexts defined; functional stories written.",
|
|
73
|
+
"playbookRef": "../../reference/governance/sdlc/01-playbooks/phase-2-design-baseline.md",
|
|
74
|
+
"mandatoryEvidence": [
|
|
75
|
+
{
|
|
76
|
+
"artifact": "ADR Registry",
|
|
77
|
+
"validation": "All architecture decisions have corresponding ADR. No undocumented decisions."
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
"artifact": "Functional Stories",
|
|
81
|
+
"schemaRef": "../schema/functional-story.schema.json",
|
|
82
|
+
"validation": "All Functional Stories in Ready state with BDD acceptance criteria"
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"artifact": "Reference Blueprint Alignment",
|
|
86
|
+
"validation": "Product architecture diagrams traceable to Evolith Reference Blueprint"
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
"artifact": "Simplicity Checklist Phase 1",
|
|
90
|
+
"validation": "Passed — no over-engineering detected"
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
"artifact": "Bounded Context Map",
|
|
94
|
+
"validation": "All contexts identified with ownership and persistence strategy"
|
|
95
|
+
}
|
|
96
|
+
],
|
|
97
|
+
"blockingCriteria": [
|
|
98
|
+
{
|
|
99
|
+
"criterion": "Significant architecture decisions are undocumented",
|
|
100
|
+
"action": "BLOCK — require ADR before design baseline"
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
"criterion": "Bounded context boundaries are contradictory",
|
|
104
|
+
"action": "BLOCK — require context map resolution"
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
"criterion": "Functional stories lack acceptance criteria",
|
|
108
|
+
"action": "BLOCK — return to story writing"
|
|
109
|
+
}
|
|
110
|
+
],
|
|
111
|
+
"accountableRole": "Software Architect",
|
|
112
|
+
"waiverAuthority": "Architecture Board",
|
|
113
|
+
"waiverRequiredFields": [
|
|
114
|
+
"criterion",
|
|
115
|
+
"justification",
|
|
116
|
+
"risk",
|
|
117
|
+
"owner",
|
|
118
|
+
"expirationDate",
|
|
119
|
+
"mitigationPlan"
|
|
120
|
+
]
|
|
121
|
+
},
|
|
122
|
+
{
|
|
123
|
+
"phase": 3,
|
|
124
|
+
"name": "Successful Build",
|
|
125
|
+
"description": "All code merged to main; CI passes; quality gates green; definition of done satisfied.",
|
|
126
|
+
"mandatoryEvidence": [
|
|
127
|
+
{
|
|
128
|
+
"artifact": "Technical Stories",
|
|
129
|
+
"schemaRef": "../schema/technical-story.schema.json",
|
|
130
|
+
"validation": "All technical stories Done; traceable to Functional Stories"
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
"artifact": "CI Pipeline",
|
|
134
|
+
"validation": "CI run green on main branch. No failing tests, no lint errors, no security scan failures"
|
|
135
|
+
},
|
|
136
|
+
{
|
|
137
|
+
"artifact": "Definition of Done Checklist",
|
|
138
|
+
"validation": "All DoD items checked per Technical Story"
|
|
139
|
+
},
|
|
140
|
+
{
|
|
141
|
+
"artifact": "Documentation Delta",
|
|
142
|
+
"validation": "Updated ADRs, inline documentation, README changes included in merge"
|
|
143
|
+
},
|
|
144
|
+
{
|
|
145
|
+
"artifact": "Coverage Report",
|
|
146
|
+
"validation": "Business logic coverage >= 80% per Quality Thresholds rules"
|
|
147
|
+
}
|
|
148
|
+
],
|
|
149
|
+
"blockingCriteria": [
|
|
150
|
+
{
|
|
151
|
+
"criterion": "CI fails on main branch",
|
|
152
|
+
"action": "BLOCK merge — fix CI before merge"
|
|
153
|
+
},
|
|
154
|
+
{
|
|
155
|
+
"criterion": "Coverage below threshold (< 80%)",
|
|
156
|
+
"action": "BLOCK merge — add tests or request waiver"
|
|
157
|
+
},
|
|
158
|
+
{
|
|
159
|
+
"criterion": "High or Critical CVEs detected",
|
|
160
|
+
"action": "BLOCK merge — remediate CVEs or request security waiver"
|
|
161
|
+
},
|
|
162
|
+
{
|
|
163
|
+
"criterion": "Missing code review approval",
|
|
164
|
+
"action": "BLOCK merge — require review"
|
|
165
|
+
}
|
|
166
|
+
],
|
|
167
|
+
"accountableRole": "Tech Lead",
|
|
168
|
+
"waiverAuthority": "Architecture Board (with exception for CVEs requires Executive Risk Acceptance)",
|
|
169
|
+
"waiverRequiredFields": [
|
|
170
|
+
"criterion",
|
|
171
|
+
"justification",
|
|
172
|
+
"risk",
|
|
173
|
+
"owner",
|
|
174
|
+
"expirationDate",
|
|
175
|
+
"mitigationPlan",
|
|
176
|
+
"approvalAuthority"
|
|
177
|
+
]
|
|
178
|
+
},
|
|
179
|
+
{
|
|
180
|
+
"phase": 4,
|
|
181
|
+
"name": "RC Stamped",
|
|
182
|
+
"description": "All quality thresholds verified; security scans clean; UAT passed; release candidate formally approved.",
|
|
183
|
+
"playbookRef": "../../reference/governance/sdlc/01-playbooks/phase-4-rc-stamp.md",
|
|
184
|
+
"mandatoryEvidence": [
|
|
185
|
+
{
|
|
186
|
+
"artifact": "Test Summary Report",
|
|
187
|
+
"schemaRef": "../schema/test-summary-report.schema.json",
|
|
188
|
+
"templateRef": "../../reference/governance/sdlc/04-artifact-templates/test-summary-report-template.md",
|
|
189
|
+
"validation": "All quality gates green or explicitly waived. RC stamped by QA Lead and Tech Lead."
|
|
190
|
+
},
|
|
191
|
+
{
|
|
192
|
+
"artifact": "Acceptance Validation",
|
|
193
|
+
"validation": "Product Owner signs off on acceptance criteria verification"
|
|
194
|
+
},
|
|
195
|
+
{
|
|
196
|
+
"artifact": "Security Scan Report",
|
|
197
|
+
"schemaRef": "../schema/security-scan-report.schema.json",
|
|
198
|
+
"templateRef": "../../reference/governance/sdlc/04-artifact-templates/security-scan-report-template.md",
|
|
199
|
+
"validation": "Zero High/Critical CVEs in production-bound artifacts; structure conforms to security-scan-report.schema.json"
|
|
200
|
+
},
|
|
201
|
+
{
|
|
202
|
+
"artifact": "Integration Evidence",
|
|
203
|
+
"schemaRef": "../schema/integration-evidence.schema.json",
|
|
204
|
+
"templateRef": "../../reference/governance/sdlc/04-artifact-templates/integration-evidence-template.md",
|
|
205
|
+
"validation": "Every declared inter-component contract exercised; no FAIL entries without waiver; structure conforms to integration-evidence.schema.json"
|
|
206
|
+
},
|
|
207
|
+
{
|
|
208
|
+
"artifact": "Pyramid Distribution",
|
|
209
|
+
"validation": "70% unit / 20% integration / 10% E2E target met or deviation explained"
|
|
210
|
+
}
|
|
211
|
+
],
|
|
212
|
+
"blockingCriteria": [
|
|
213
|
+
{
|
|
214
|
+
"criterion": "Any mandatory quality metric fails",
|
|
215
|
+
"action": "BLOCK RC stamp — remediate or waiver"
|
|
216
|
+
},
|
|
217
|
+
{
|
|
218
|
+
"criterion": "Acceptance criteria remain unverified",
|
|
219
|
+
"action": "BLOCK RC stamp — return to validation"
|
|
220
|
+
},
|
|
221
|
+
{
|
|
222
|
+
"criterion": "Technical debt ratio exceeds 5%",
|
|
223
|
+
"action": "BLOCK RC stamp — remediation plan required"
|
|
224
|
+
}
|
|
225
|
+
],
|
|
226
|
+
"accountableRole": "QA Lead",
|
|
227
|
+
"waiverAuthority": "Architecture Board",
|
|
228
|
+
"waiverRequiredFields": [
|
|
229
|
+
"criterion",
|
|
230
|
+
"justification",
|
|
231
|
+
"risk",
|
|
232
|
+
"owner",
|
|
233
|
+
"expirationDate",
|
|
234
|
+
"mitigationPlan"
|
|
235
|
+
]
|
|
236
|
+
},
|
|
237
|
+
{
|
|
238
|
+
"phase": 5,
|
|
239
|
+
"name": "Production Live",
|
|
240
|
+
"description": "Deployment executed; observability verified nominal; monitoring active; rollback procedure confirmed.",
|
|
241
|
+
"playbookRef": "../../reference/governance/sdlc/01-playbooks/zero-downtime-release.md",
|
|
242
|
+
"mandatoryEvidence": [
|
|
243
|
+
{
|
|
244
|
+
"artifact": "Release Notes",
|
|
245
|
+
"schemaRef": "../schema/release-notes.schema.json",
|
|
246
|
+
"validation": "Release scope, deployment steps, rollback procedure, observability checklist all present and complete"
|
|
247
|
+
},
|
|
248
|
+
{
|
|
249
|
+
"artifact": "Observability Validation",
|
|
250
|
+
"schemaRef": "../schema/observability-validation.schema.json",
|
|
251
|
+
"templateRef": "../../reference/governance/sdlc/04-artifact-templates/observability-validation-template.md",
|
|
252
|
+
"validation": "Metrics nominal, logs flowing, traces complete for all production paths; structure conforms to observability-validation.schema.json"
|
|
253
|
+
},
|
|
254
|
+
{
|
|
255
|
+
"artifact": "Rollback Procedure",
|
|
256
|
+
"schemaRef": "../schema/rollback-rehearsal.schema.json",
|
|
257
|
+
"templateRef": "../../reference/governance/sdlc/04-artifact-templates/rollback-rehearsal-template.md",
|
|
258
|
+
"validation": "Rollback steps documented and tested. Last good version identified. Rehearsal evidence confirms rollback within budget."
|
|
259
|
+
},
|
|
260
|
+
{
|
|
261
|
+
"artifact": "On-Call Handoff",
|
|
262
|
+
"schemaRef": "../schema/on-call-handoff.schema.json",
|
|
263
|
+
"templateRef": "../../reference/governance/sdlc/04-artifact-templates/on-call-handoff-template.md",
|
|
264
|
+
"validation": "On-call team briefed with runbook references, escalation paths, alert ownership, and SLA acknowledgement confirmed."
|
|
265
|
+
},
|
|
266
|
+
{
|
|
267
|
+
"artifact": "Deployment Evidence",
|
|
268
|
+
"validation": "Deployment artifacts (images, configs) traceable to RC"
|
|
269
|
+
}
|
|
270
|
+
],
|
|
271
|
+
"blockingCriteria": [
|
|
272
|
+
{
|
|
273
|
+
"criterion": "Monitoring is not nominal",
|
|
274
|
+
"action": "BLOCK Production Live — investigate before deploy"
|
|
275
|
+
},
|
|
276
|
+
{
|
|
277
|
+
"criterion": "Rollback procedure is undefined",
|
|
278
|
+
"action": "BLOCK Production Live — document rollback first"
|
|
279
|
+
},
|
|
280
|
+
{
|
|
281
|
+
"criterion": "Release is not traceable to RC",
|
|
282
|
+
"action": "BLOCK Production Live — ensure RC → Release chain"
|
|
283
|
+
}
|
|
284
|
+
],
|
|
285
|
+
"accountableRole": "DevOps Lead",
|
|
286
|
+
"waiverAuthority": "Technology Director",
|
|
287
|
+
"waiverRequiredFields": [
|
|
288
|
+
"criterion",
|
|
289
|
+
"justification",
|
|
290
|
+
"risk",
|
|
291
|
+
"owner",
|
|
292
|
+
"expirationDate",
|
|
293
|
+
"mitigationPlan"
|
|
294
|
+
]
|
|
295
|
+
}
|
|
296
|
+
]
|
|
297
|
+
}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Ruleset de Umbrales de Calidad
|
|
2
|
+
|
|
3
|
+
> **Bilingual navigation:** [English version](./README.md)
|
|
4
|
+
|
|
5
|
+
Punto de entrada WS1 canonico para los umbrales de calidad bloqueantes de release de Evolith.
|
|
6
|
+
|
|
7
|
+
## Proposito
|
|
8
|
+
|
|
9
|
+
El ruleset de umbrales de calidad define los minimos de testing, calidad de codigo, seguridad, documentacion, operaciones y contratos que pueden bloquear merge, RC stamp o Production Live. Este punto de entrada mantiene estable la ruta de auditoria WS1 mientras conserva el indice de la categoria SDLC.
|
|
10
|
+
|
|
11
|
+
## Artefactos
|
|
12
|
+
|
|
13
|
+
| Artefacto | Ruta | Proposito |
|
|
14
|
+
|---|---|---|
|
|
15
|
+
| Ruleset nativo | [quality-thresholds.rules.json](./quality-thresholds.rules.json) | Contrato machine-readable de umbrales bloqueantes de release |
|
|
16
|
+
| Fuente de categoria SDLC | [../sdlc/quality-thresholds.rules.json](../sdlc/quality-thresholds.rules.json) | Contrato existente de la categoria SDLC conservado por compatibilidad |
|
|
17
|
+
| Politica OPA | [../opa/testing-pyramid.rego](../opa/testing-pyramid.rego) | Enforcement Rego para umbrales de cobertura y testing pyramid |
|
|
18
|
+
| Pruebas OPA | [../opa/testing-pyramid.test.rego](../opa/testing-pyramid.test.rego) | Pruebas reproducibles de politica para controles de testing y cobertura |
|
|
19
|
+
|
|
20
|
+
## Validacion
|
|
21
|
+
|
|
22
|
+
Ejecuta los checks focalizados Native y OPA:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
node --test .harness/scripts/run-evolith-intelligent-data-audit.test.mjs
|
|
26
|
+
npx jest --config packages/core-domain/jest.config.js --rootDir packages/core-domain --testPathPatterns='ruleset-validation.mode' --no-coverage
|
|
27
|
+
.harness/bin/opa test rulesets/opa/testing-pyramid.rego rulesets/opa/testing-pyramid.test.rego -v
|
|
28
|
+
```
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Quality Thresholds Ruleset
|
|
2
|
+
|
|
3
|
+
> **Navegación bilingüe:** [Versión en Español](./README.es.md)
|
|
4
|
+
|
|
5
|
+
Canonical WS1 entrypoint for the Evolith release-blocking quality thresholds.
|
|
6
|
+
|
|
7
|
+
## Purpose
|
|
8
|
+
|
|
9
|
+
The quality-thresholds ruleset defines the minimum testing, code-quality, security, documentation, operations, and contract thresholds that can block merge, RC stamp, or Production Live gates. This entrypoint keeps the WS1 audit path stable while preserving the SDLC category index.
|
|
10
|
+
|
|
11
|
+
## Artifacts
|
|
12
|
+
|
|
13
|
+
| Artifact | Path | Purpose |
|
|
14
|
+
|---|---|---|
|
|
15
|
+
| Native ruleset | [quality-thresholds.rules.json](./quality-thresholds.rules.json) | Machine-readable release-blocking threshold contract |
|
|
16
|
+
| SDLC category source | [../sdlc/quality-thresholds.rules.json](../sdlc/quality-thresholds.rules.json) | Existing SDLC category contract retained for backward compatibility |
|
|
17
|
+
| OPA policy | [../opa/testing-pyramid.rego](../opa/testing-pyramid.rego) | Rego enforcement for coverage and testing-pyramid thresholds |
|
|
18
|
+
| OPA tests | [../opa/testing-pyramid.test.rego](../opa/testing-pyramid.test.rego) | Reproducible policy tests for testing and coverage controls |
|
|
19
|
+
|
|
20
|
+
## Validation
|
|
21
|
+
|
|
22
|
+
Run the focused Native and OPA checks:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
node --test .harness/scripts/run-evolith-intelligent-data-audit.test.mjs
|
|
26
|
+
npx jest --config packages/core-domain/jest.config.js --rootDir packages/core-domain --testPathPatterns='ruleset-validation.mode' --no-coverage
|
|
27
|
+
.harness/bin/opa test rulesets/opa/testing-pyramid.rego rulesets/opa/testing-pyramid.test.rego -v
|
|
28
|
+
```
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
+
"$id": "https://evolith.dev/rulesets/quality-thresholds/quality-thresholds.rules.json",
|
|
4
|
+
"title": "SDLC Quality Threshold Rules",
|
|
5
|
+
"description": "Canonical release-blocking quality thresholds for Evolith satellites. These thresholds apply to all SDLC phases where construction or validation occurs.",
|
|
6
|
+
"version": "1.0.0",
|
|
7
|
+
"effectiveDate": "2026-01-01",
|
|
8
|
+
"waiverPolicy": {
|
|
9
|
+
"description": "A waiver may be used only when the organization deliberately accepts a temporary deviation.",
|
|
10
|
+
"requiredFields": [
|
|
11
|
+
"criterion",
|
|
12
|
+
"justification",
|
|
13
|
+
"risk",
|
|
14
|
+
"owner",
|
|
15
|
+
"expirationDate",
|
|
16
|
+
"mitigationPlan",
|
|
17
|
+
"approvalAuthority"
|
|
18
|
+
],
|
|
19
|
+
"exceptions": {
|
|
20
|
+
"cves": "High/Critical security vulnerabilities cannot be waived in production releases without explicit Executive Risk Acceptance",
|
|
21
|
+
"coverage": "Business logic coverage below 80% cannot be waived without Architecture Board approval and remediation plan"
|
|
22
|
+
}
|
|
23
|
+
},
|
|
24
|
+
"rules": [
|
|
25
|
+
{
|
|
26
|
+
"id": "QT-01",
|
|
27
|
+
"severity": "MUST",
|
|
28
|
+
"category": "testing",
|
|
29
|
+
"title": "Code Coverage",
|
|
30
|
+
"description": "Coverage below 80% on business logic BLOCKS merge (Phase 3) and RC stamp (Phase 4).",
|
|
31
|
+
"blocking": true
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
"id": "QT-02",
|
|
35
|
+
"severity": "MUST",
|
|
36
|
+
"category": "code-quality",
|
|
37
|
+
"title": "Cyclomatic Complexity",
|
|
38
|
+
"description": "Methods or functions exceeding cyclomatic complexity of 15 BLOCK merge or RC stamp without refactoring plan or explicit waiver.",
|
|
39
|
+
"blocking": true
|
|
40
|
+
},
|
|
41
|
+
{
|
|
42
|
+
"id": "QT-03",
|
|
43
|
+
"severity": "MUST",
|
|
44
|
+
"category": "security",
|
|
45
|
+
"title": "Security Vulnerabilities",
|
|
46
|
+
"description": "Any High or Critical CVE BLOCKS merge, RC stamp, and production release. Medium CVEs require justification.",
|
|
47
|
+
"blocking": true
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
"id": "QT-04",
|
|
51
|
+
"severity": "MUST",
|
|
52
|
+
"category": "code-quality",
|
|
53
|
+
"title": "Technical Debt Ratio",
|
|
54
|
+
"description": "Technical debt ratio > 5% BLOCKS RC stamp unless a remediation plan with explicit timeline and owner is approved.",
|
|
55
|
+
"blocking": true
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
"id": "QT-05",
|
|
59
|
+
"severity": "MUST",
|
|
60
|
+
"category": "testing",
|
|
61
|
+
"title": "Testing Pyramid Distribution",
|
|
62
|
+
"description": "Release with materially skewed distribution (e.g., 40% unit / 50% integration) requires written explanation. Not a hard block but must be reviewed.",
|
|
63
|
+
"blocking": true
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
"id": "QT-06",
|
|
67
|
+
"severity": "MUST",
|
|
68
|
+
"category": "documentation",
|
|
69
|
+
"title": "Documentation Delta",
|
|
70
|
+
"description": "Code changes that alter behavior, introduce new API endpoints, change architecture, or modify operations without corresponding documentation BLOCK merge and Production Live.",
|
|
71
|
+
"blocking": true
|
|
72
|
+
},
|
|
73
|
+
{
|
|
74
|
+
"id": "QT-07",
|
|
75
|
+
"severity": "MUST",
|
|
76
|
+
"category": "operations",
|
|
77
|
+
"title": "Observability Evidence",
|
|
78
|
+
"description": "Any production API path without traces, structured logs, or metrics BLOCKS Production Live declaration.",
|
|
79
|
+
"blocking": true
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
"id": "QT-08",
|
|
83
|
+
"severity": "MUST",
|
|
84
|
+
"category": "contract",
|
|
85
|
+
"title": "API Contract Compatibility",
|
|
86
|
+
"description": "Breaking changes to inter-module (gRPC/REST) contracts BLOCK merge. Consumer-driven contract tests must pass.",
|
|
87
|
+
"blocking": true
|
|
88
|
+
}
|
|
89
|
+
],
|
|
90
|
+
"references": [
|
|
91
|
+
"../sdlc/phase-gates.rules.json",
|
|
92
|
+
"adr/0018-testing-pyramid-quality-gates.md",
|
|
93
|
+
"adr/0049-naming-semantics-clean-code-policy.md",
|
|
94
|
+
"adr/0005-ci-cd-quality-codeql.md"
|
|
95
|
+
]
|
|
96
|
+
}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Ruleset de Taxonomía del Repositorio
|
|
2
|
+
|
|
3
|
+
> **Navegación Bilingüe:** [English Version](./README.md)
|
|
4
|
+
|
|
5
|
+
Punto de entrada ejecutable WS1 para el ruleset de Taxonomía del Repositorio de Evolith.
|
|
6
|
+
|
|
7
|
+
## Propósito
|
|
8
|
+
|
|
9
|
+
Este directorio expone `rulesets/repository-taxonomy` como la ruta ejecutable canónica que verifica la auditoría de fortaleza como data inteligente. El ruleset codifica restricciones de nomenclatura, estructura de directorios, nombres ADR, pares bilingües y clasificación de artefactos consumidas por el validador nativo de rulesets y los flujos de evidencia CI.
|
|
10
|
+
|
|
11
|
+
## Artefactos
|
|
12
|
+
|
|
13
|
+
| Artefacto | Propósito |
|
|
14
|
+
|---|---|
|
|
15
|
+
| [repository-taxonomy.rules.json](./repository-taxonomy.rules.json) | Ruleset nativo machine-readable para validación de Taxonomía del Repositorio |
|
|
16
|
+
| [../opa/repository-taxonomy.rego](../opa/repository-taxonomy.rego) | Artefacto de paridad OPA para validación de Taxonomía del Repositorio |
|
|
17
|
+
| [../opa/repository-taxonomy.test.rego](../opa/repository-taxonomy.test.rego) | Cobertura de pruebas OPA para la política de Taxonomía del Repositorio |
|
|
18
|
+
|
|
19
|
+
## Validación
|
|
20
|
+
|
|
21
|
+
Ejecuta estos checks después de cambiar el ruleset:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
npx jest --config packages/core-domain/jest.config.js --rootDir packages/core-domain --testPathPatterns='ruleset-validation.mode' --no-coverage
|
|
25
|
+
.harness/bin/opa test rulesets/opa/repository-taxonomy.rego rulesets/opa/repository-taxonomy.test.rego -v
|
|
26
|
+
```
|