@evolith/core-domain 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/domain/services/default-workflow-definition.js +1 -1
- package/dist/domain/services/default-workflow-definition.js.map +1 -1
- package/package.json +2 -1
- package/rulesets/README.es.md +170 -0
- package/rulesets/README.md +170 -0
- package/rulesets/acl/README.es.md +41 -0
- package/rulesets/acl/README.md +41 -0
- package/rulesets/acl/anti-corruption-layer.rules.es.json +99 -0
- package/rulesets/acl/anti-corruption-layer.rules.json +99 -0
- package/rulesets/adr/ADR_COVERAGE.es.md +133 -0
- package/rulesets/adr/ADR_COVERAGE.md +133 -0
- package/rulesets/adr/README.es.md +17 -0
- package/rulesets/adr/README.md +17 -0
- package/rulesets/adr/adr-0002-hexagonal-architecture.rules.json +103 -0
- package/rulesets/adr/adr-0005-cicd-quality-gates.rules.json +102 -0
- package/rulesets/adr/adr-0010-multi-tenancy.rules.json +129 -0
- package/rulesets/adr/adr-0018-testing-pyramid.rules.json +115 -0
- package/rulesets/adr/adr-0032-protocol-selection.rules.json +134 -0
- package/rulesets/adr/adr-0040-multi-runtime.rules.json +131 -0
- package/rulesets/adr/adr-0050-gitflow-branching.rules.json +176 -0
- package/rulesets/adr/generated/adr-0001-monorepo-orchestration-principle.rules.json +29 -0
- package/rulesets/adr/generated/adr-0006-microservices-transition-via-sidecar-pattern.rules.json +29 -0
- package/rulesets/adr/generated/adr-0009-strict-dependency-pinning-and-automated-vulnerability-manage.rules.json +29 -0
- package/rulesets/adr/generated/adr-0011-fault-tolerance-and-resiliency-patterns.rules.json +29 -0
- package/rulesets/adr/generated/adr-0013-cloud-infrastructure-topology-and-disaster-recovery-dr.rules.json +28 -0
- package/rulesets/adr/generated/adr-0014-multi-layer-distributed-caching-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0015-event-driven-architecture-eda-for-intra-domain-communication.rules.json +29 -0
- package/rulesets/adr/generated/adr-0016-immutable-business-audit-trail-and-change-tracking.rules.json +29 -0
- package/rulesets/adr/generated/adr-0017-feature-flagging-strategy-for-progressive-delivery.rules.json +28 -0
- package/rulesets/adr/generated/adr-0019-tactical-design-patterns-for-future-proofing.rules.json +29 -0
- package/rulesets/adr/generated/adr-0020-identity-provider-abstraction-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0024-centralized-configuration-feature-platform.rules.json +28 -0
- package/rulesets/adr/generated/adr-0025-feature-flag-provider-abstraction-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0028-self-hosted-open-source-hybrid-infrastructure.rules.json +29 -0
- package/rulesets/adr/generated/adr-0030-two-tier-distributed-gateway-model.rules.json +28 -0
- package/rulesets/adr/generated/adr-0031-schema-per-bounded-context-and-domain-event-catalog.rules.json +29 -0
- package/rulesets/adr/generated/adr-0033-transactional-outbox-pattern-for-async-messaging.rules.json +28 -0
- package/rulesets/adr/generated/adr-0034-cqrs-pattern-application-matrix.rules.json +29 -0
- package/rulesets/adr/generated/adr-0035-distributed-saga-pattern-implementation-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0036-message-bus-delivery-flow-control-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0037-enterprise-performance-concurrency-chaos-verification-strate.rules.json +28 -0
- package/rulesets/adr/generated/adr-0039-deployment-topology-abstraction-environment-switcher.rules.json +29 -0
- package/rulesets/adr/generated/adr-0041-dual-engine-policy-evaluation-native-opa.rules.json +28 -0
- package/rulesets/adr/generated/adr-0044-configurable-security-persistence-strategy-agnosticism-vs-na.rules.json +29 -0
- package/rulesets/adr/generated/adr-0045-microservice-extraction-readiness-criteria.rules.json +29 -0
- package/rulesets/adr/generated/adr-0046-unified-traceability-via-w3c-tracecontext.rules.json +29 -0
- package/rulesets/adr/generated/adr-0047-progressive-architecture-evolution-framework-modular-monolit.rules.json +29 -0
- package/rulesets/adr/generated/adr-0048-enterprise-taxonomy-standardization-and-reference-layout.rules.json +28 -0
- package/rulesets/adr/generated/adr-0049-naming-semantics-clean-code-policy-e2e-and-global.rules.json +29 -0
- package/rulesets/adr/generated/adr-0051-enterprise-database-engine-selection-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0052-unit-testing-isolation-strategy-mocks-vs-stubs.rules.json +29 -0
- package/rulesets/adr/generated/adr-0053-integration-and-e2e-testing-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0054-database-design-and-normalization-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-0055-microfrontends-architecture-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0056-enterprise-naming-design-conventions-multi-language-multi-pl.rules.json +29 -0
- package/rulesets/adr/generated/adr-0057-architecture-intelligence-catalog.rules.json +27 -0
- package/rulesets/adr/generated/adr-0058-ai-consumable-architecture-knowledge.rules.json +27 -0
- package/rulesets/adr/generated/adr-0067-modular-monolith-persistence-boundaries.rules.json +28 -0
- package/rulesets/adr/generated/adr-0068-documentation-release-gitflow.rules.json +29 -0
- package/rulesets/adr/generated/adr-0069-ai-agent-context-protocol-integration.rules.json +28 -0
- package/rulesets/adr/generated/adr-0070-lean-root-repository-taxonomy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0071-domain-layer-base-class-and-inheritance-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0072-utc-date-storage-browser-timezone-detection-and-language-res.rules.json +29 -0
- package/rulesets/adr/generated/adr-0073-unified-cli-mcp-output-contract-and-gate-evidence-schema.rules.json +29 -0
- package/rulesets/adr/generated/adr-0074-evolith-core-api-native-exposure-layer.rules.json +29 -0
- package/rulesets/adr/generated/adr-0075-core-api-authentication-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-0076-domain-oriented-microservice-architecture-doma.rules.json +28 -0
- package/rulesets/adr/generated/adr-0077-masstransit-v9-commercial-pivot-stay-on-v8-monitor-opentrans.rules.json +28 -0
- package/rulesets/adr/generated/adr-0078-domain-financial-separation-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0079-multi-topology-reference-corpus-and-topology-manifest-contra.rules.json +29 -0
- package/rulesets/adr/generated/adr-0080-remote-repository-reference-contract.rules.json +29 -0
- package/rulesets/adr/generated/adr-0081-agentic-ai-sandbox-isolation-boundary.rules.json +29 -0
- package/rulesets/adr/generated/adr-0082-agentic-ai-prompt-context-and-tool-trust-boundary.rules.json +28 -0
- package/rulesets/adr/generated/adr-0083-agentic-ai-action-authorization-and-audit.rules.json +29 -0
- package/rulesets/adr/generated/adr-0084-data-mesh-and-data-as-a-product.rules.json +29 -0
- package/rulesets/adr/generated/adr-0085-agnostic-opa-wasm-distribution-architecture.rules.json +28 -0
- package/rulesets/adr/generated/adr-0086-agentic-ai-telemetry-cost-control-standard.rules.json +27 -0
- package/rulesets/adr/generated/adr-0087-attribute-based-access-control-abac-for-agentic-tool-executi.rules.json +29 -0
- package/rulesets/adr/generated/adr-0088-sovereign-identity-for-agentic-ai.rules.json +29 -0
- package/rulesets/adr/generated/adr-0089-event-driven-agentic-workflow-pattern.rules.json +28 -0
- package/rulesets/adr/generated/adr-0090-rag-knowledge-governance-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0091-workload-identity-token-rotation-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0092-agent-infinite-loop-prevention-and-circuit-breaker-rules.rules.json +29 -0
- package/rulesets/adr/generated/adr-0093-concurrency-control-and-resource-locking-standard-for-mcp-to.rules.json +29 -0
- package/rulesets/adr/generated/adr-0094-multi-agent-handoff-and-task-delegation-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-0095-serverless-architecture-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0096-edge-computing-architecture-governance.rules.json +29 -0
- package/rulesets/adr/generated/adr-0097-knowledge-lifecycle-governance-standard.rules.json +29 -0
- package/rulesets/adr/generated/adr-0098-rest-uri-versioning-and-deprecation-policy.rules.json +29 -0
- package/rulesets/adr/generated/adr-0099-opa-bundle-distribution-via-s3-minio.rules.json +27 -0
- package/rulesets/adr/generated/adr-ai-augmented-0001-harness-engineering-for-ai-augmented-development.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0002-mcp-integration-protocol-for-agent-tool-invocation.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0003-model-selection-governance-for-ai-augmented-workflows.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0004-agents-md-as-mandatory-repository-artifact.rules.json +29 -0
- package/rulesets/adr/generated/adr-ai-augmented-0005-human-in-the-loop-policy-for-autonomous-agent-operations.rules.json +29 -0
- package/rulesets/adr/generated/adr-android-0042-canonical-android-native-mobile-architecture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0041-canonical-net-c-backend-architecture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0060-net-multi-tenancy-dual-layer-strategy-ef-core-sql-server.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0061-transactional-event-lifecycle-in-ef-core.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0062-net-immutable-audit-trail-via-ddl-triggers-delta-capture.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0063-b2b-request-idempotency-middleware-in-asp-net-core.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0064-net-request-scope-observability-context-propagation.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0065-net-pii-safe-structured-logging-pipeline-serilog.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0066-net-lightweight-http-idempotency-via-imemorycache-idistribut.rules.json +28 -0
- package/rulesets/adr/generated/adr-dotnet-0069-net-grpc-service-setup-protobuf-contracts.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0070-net-api-endpoint-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-dotnet-0071-net-data-access-strategy-ef-core-as-default-orm-dapper-for-o.rules.json +27 -0
- package/rulesets/adr/generated/adr-dotnet-0072-net-aop-cross-cutting-concern-strategy-dispatchproxy-over-pi.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0003-strict-typescript-standards.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0004-frontend-offline-resilience.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0007-observability-with-opentelemetry-loki-and-jaeger.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0008-progressive-multi-module-evolution-with-api-gateway-and-bff-.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0012-advanced-authorization-rbac-abac-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0021-high-performance-authentication-graph-compilation.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0022-contextual-authentication-and-pluggable-output-projections.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0023-centralized-authorization-core-strategy.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0026-adaptive-mfa-and-passwordless-platform.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0027-dual-protocol-api-strategy-rest-grpc.rules.json +28 -0
- package/rulesets/adr/generated/adr-nodejs-0029-adoption-of-tactical-ddd-primitives-library.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0038-enterprise-error-handling-result-pattern-strategy.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0043-data-access-and-orm-strategy-for-node-js.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0044-frontend-clean-architecture-layer-boundaries-react.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0045-frontend-state-management-zustand-tanstack-query-dual-strate.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0046-prohibition-of-raw-technical-identifiers-in-user-interfaces.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0047-actionable-user-error-contract-and-correlated-diagnostics.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0048-feature-flag-system-scope-and-structured-criteria-model.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0074-monorepo-orchestration-with-nx.rules.json +29 -0
- package/rulesets/adr/generated/adr-nodejs-0075-application-gateway-bff-with-nestjs.rules.json +29 -0
- package/rulesets/architecture/README.es.md +21 -0
- package/rulesets/architecture/README.md +21 -0
- package/rulesets/architecture/opa/progressive-axis.rego +50 -0
- package/rulesets/cli/README.es.md +17 -0
- package/rulesets/cli/README.md +17 -0
- package/rulesets/cli/core-parity.rules.json +61 -0
- package/rulesets/cli/release-readiness.rules.json +77 -0
- package/rulesets/compliance-baseline/README.es.md +26 -0
- package/rulesets/compliance-baseline/README.md +26 -0
- package/rulesets/compliance-baseline/compliance-baseline.rules.json +81 -0
- package/rulesets/contracts/README.es.md +19 -0
- package/rulesets/contracts/README.md +19 -0
- package/rulesets/contracts/evolith-machine-contracts.json +29 -0
- package/rulesets/contracts/fixtures/gate-evidence.success.json +10 -0
- package/rulesets/contracts/fixtures/output-envelope.success.json +23 -0
- package/rulesets/cross-cutting/README.es.md +14 -0
- package/rulesets/cross-cutting/README.md +14 -0
- package/rulesets/cross-cutting/compliance-baseline.rules.json +81 -0
- package/rulesets/cross-cutting/definition-of-done.rules.json +135 -0
- package/rulesets/cross-cutting/engineering-manifesto.rules.json +145 -0
- package/rulesets/cross-cutting/repository-taxonomy.rules.json +172 -0
- package/rulesets/definition-of-done/README.es.md +26 -0
- package/rulesets/definition-of-done/README.md +26 -0
- package/rulesets/definition-of-done/definition-of-done.rules.json +135 -0
- package/rulesets/engineering-manifesto/README.es.md +26 -0
- package/rulesets/engineering-manifesto/README.md +26 -0
- package/rulesets/engineering-manifesto/engineering-manifesto.rules.json +145 -0
- package/rulesets/evidence/README.es.md +12 -0
- package/rulesets/evidence/README.md +12 -0
- package/rulesets/evidence/evidence-manifest.rules.json +48 -0
- package/rulesets/executive-scorecards/executive-scorecards.rules.es.json +213 -0
- package/rulesets/executive-scorecards/executive-scorecards.rules.json +213 -0
- package/rulesets/governance/README.es.md +13 -0
- package/rulesets/governance/README.md +13 -0
- package/rulesets/governance/abac-mcp-access.rules.es.json +41 -0
- package/rulesets/governance/abac-mcp-access.rules.json +41 -0
- package/rulesets/governance/executive-scorecards.rules.es.json +213 -0
- package/rulesets/governance/executive-scorecards.rules.json +213 -0
- package/rulesets/governance/inheritance.rules.json +115 -0
- package/rulesets/governance/knowledge-intake.rules.json +18 -0
- package/rulesets/governance/open-core-boundary.rules.es.json +148 -0
- package/rulesets/governance/open-core-boundary.rules.json +148 -0
- package/rulesets/governance/satellite-contracts.rules.json +183 -0
- package/rulesets/infrastructure/helm-enforcement.rules.json +21 -0
- package/rulesets/infrastructure/opa/helm-enforcement.rego +25 -0
- package/rulesets/infrastructure/opa/helm-enforcement.test.rego +31 -0
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.rego +115 -0
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.test.rego +66 -0
- package/rulesets/infrastructure/opa-sidecar-bundle.rules.json +18 -0
- package/rulesets/mcp/README.es.md +12 -0
- package/rulesets/mcp/README.md +12 -0
- package/rulesets/mcp/protocol-compliance.rules.json +57 -0
- package/rulesets/observability/README.es.md +12 -0
- package/rulesets/observability/README.md +12 -0
- package/rulesets/observability/telemetry-evidence.rules.json +48 -0
- package/rulesets/opa/README.es.md +22 -0
- package/rulesets/opa/README.md +22 -0
- package/rulesets/opa/abac-mcp-tool-access.rego +122 -0
- package/rulesets/opa/abac-mcp-tool-access.test.rego +33 -0
- package/rulesets/opa/anti-corruption-layer.rego +39 -0
- package/rulesets/opa/anti-corruption-layer.test.rego +118 -0
- package/rulesets/opa/ci-cd.rego +41 -0
- package/rulesets/opa/ci-cd.test.rego +23 -0
- package/rulesets/opa/cicd-quality-gates.rego +29 -0
- package/rulesets/opa/cicd-quality-gates.test.rego +54 -0
- package/rulesets/opa/cli-core-parity.rego +17 -0
- package/rulesets/opa/cli-core-parity.test.rego +39 -0
- package/rulesets/opa/cli-readiness.rego +32 -0
- package/rulesets/opa/cli-readiness.test.rego +23 -0
- package/rulesets/opa/cli-release-readiness.rego +21 -0
- package/rulesets/opa/cli-release-readiness.test.rego +46 -0
- package/rulesets/opa/compliance-baseline.rego +95 -0
- package/rulesets/opa/compliance-baseline.test.rego +89 -0
- package/rulesets/opa/dod.rego +42 -0
- package/rulesets/opa/dod.test.rego +250 -0
- package/rulesets/opa/engineering-manifesto.rego +78 -0
- package/rulesets/opa/engineering-manifesto.test.rego +133 -0
- package/rulesets/opa/evidence.rego +64 -0
- package/rulesets/opa/evidence.test.rego +23 -0
- package/rulesets/opa/executive-scorecards.rego +41 -0
- package/rulesets/opa/executive-scorecards.test.rego +60 -0
- package/rulesets/opa/gitflow-branching.rego +41 -0
- package/rulesets/opa/gitflow-branching.test.rego +60 -0
- package/rulesets/opa/governance.rego +39 -0
- package/rulesets/opa/governance.test.rego +23 -0
- package/rulesets/opa/hexagonal-architecture.rego +33 -0
- package/rulesets/opa/hexagonal-architecture.test.rego +57 -0
- package/rulesets/opa/infrastructure/helm-enforcement.rego +33 -0
- package/rulesets/opa/infrastructure/opa-sidecar-bundle.rego +42 -0
- package/rulesets/opa/knowledge-intake.rego +98 -0
- package/rulesets/opa/knowledge-intake.test.rego +50 -0
- package/rulesets/opa/main.rego +147 -0
- package/rulesets/opa/main_test.rego +149 -0
- package/rulesets/opa/mcp.rego +61 -0
- package/rulesets/opa/mcp.test.rego +27 -0
- package/rulesets/opa/multi-runtime.rego +33 -0
- package/rulesets/opa/multi-runtime.test.rego +53 -0
- package/rulesets/opa/multi-tenancy.rego +33 -0
- package/rulesets/opa/multi-tenancy.test.rego +53 -0
- package/rulesets/opa/open-core-boundary.rego +33 -0
- package/rulesets/opa/open-core-boundary.test.rego +60 -0
- package/rulesets/opa/protocol-selection.rego +29 -0
- package/rulesets/opa/protocol-selection.test.rego +46 -0
- package/rulesets/opa/rbac/gate-role-enforcement.rego +112 -0
- package/rulesets/opa/repository-taxonomy.rego +98 -0
- package/rulesets/opa/repository-taxonomy.test.rego +91 -0
- package/rulesets/opa/satellite-contracts.rego +42 -0
- package/rulesets/opa/satellite-contracts.test.rego +70 -0
- package/rulesets/opa/schemas/abac-mcp-tool-access.input.schema.json +21 -0
- package/rulesets/opa/schemas/anti-corruption-layer.input.schema.json +25 -0
- package/rulesets/opa/schemas/ci-cd.input.schema.json +27 -0
- package/rulesets/opa/schemas/cicd-quality-gates.input.schema.json +33 -0
- package/rulesets/opa/schemas/cli-core-parity.input.schema.json +30 -0
- package/rulesets/opa/schemas/cli-readiness.input.schema.json +28 -0
- package/rulesets/opa/schemas/cli-release-readiness.input.schema.json +26 -0
- package/rulesets/opa/schemas/compliance-baseline.input.schema.json +25 -0
- package/rulesets/opa/schemas/dod.input.schema.json +38 -0
- package/rulesets/opa/schemas/engineering-manifesto.input.schema.json +24 -0
- package/rulesets/opa/schemas/evidence.input.schema.json +35 -0
- package/rulesets/opa/schemas/executive-scorecards.input.schema.json +36 -0
- package/rulesets/opa/schemas/gitflow-branching.input.schema.json +36 -0
- package/rulesets/opa/schemas/governance.input.schema.json +19 -0
- package/rulesets/opa/schemas/hexagonal-architecture.input.schema.json +46 -0
- package/rulesets/opa/schemas/knowledge-intake.input.schema.json +57 -0
- package/rulesets/opa/schemas/mcp.input.schema.json +38 -0
- package/rulesets/opa/schemas/multi-runtime.input.schema.json +27 -0
- package/rulesets/opa/schemas/multi-tenancy.input.schema.json +27 -0
- package/rulesets/opa/schemas/open-core-boundary.input.schema.json +36 -0
- package/rulesets/opa/schemas/protocol-selection.input.schema.json +26 -0
- package/rulesets/opa/schemas/repository-taxonomy.input.schema.json +18 -0
- package/rulesets/opa/schemas/satellite-contracts.input.schema.json +38 -0
- package/rulesets/opa/schemas/taxonomy.input.schema.json +27 -0
- package/rulesets/opa/schemas/testing-pyramid.input.schema.json +42 -0
- package/rulesets/opa/schemas/version-pinning.input.schema.json +39 -0
- package/rulesets/opa/sdlc/coverage.rego +49 -0
- package/rulesets/opa/sdlc/coverage.test.rego +29 -0
- package/rulesets/opa/sdlc/pyramid-distribution.rego +31 -0
- package/rulesets/opa/sdlc/pyramid-distribution.test.rego +33 -0
- package/rulesets/opa/taxonomy.rego +51 -0
- package/rulesets/opa/taxonomy.test.rego +28 -0
- package/rulesets/opa/telemetry-evidence.rego +102 -0
- package/rulesets/opa/testing-pyramid.rego +49 -0
- package/rulesets/opa/testing-pyramid.test.rego +81 -0
- package/rulesets/opa/version-pinning.rego +99 -0
- package/rulesets/opa/version-pinning.test.rego +28 -0
- package/rulesets/phase-gates/README.es.md +28 -0
- package/rulesets/phase-gates/README.md +28 -0
- package/rulesets/phase-gates/phase-gates.rules.json +297 -0
- package/rulesets/quality-thresholds/README.es.md +28 -0
- package/rulesets/quality-thresholds/README.md +28 -0
- package/rulesets/quality-thresholds/quality-thresholds.rules.json +96 -0
- package/rulesets/repository-taxonomy/README.es.md +26 -0
- package/rulesets/repository-taxonomy/README.md +26 -0
- package/rulesets/repository-taxonomy/repository-taxonomy.rules.json +172 -0
- package/rulesets/satellite-contracts/README.es.md +27 -0
- package/rulesets/satellite-contracts/README.md +27 -0
- package/rulesets/satellite-contracts/satellite-contracts.rules.json +183 -0
- package/rulesets/schema/README.es.md +39 -0
- package/rulesets/schema/README.md +39 -0
- package/rulesets/schema/adr.schema.json +138 -0
- package/rulesets/schema/agile-backlog.schema.json +91 -0
- package/rulesets/schema/ballpark-estimation.schema.json +109 -0
- package/rulesets/schema/build-vs-compose.schema.json +98 -0
- package/rulesets/schema/cli-impact-analysis.schema.json +114 -0
- package/rulesets/schema/discovery-canvas.schema.json +92 -0
- package/rulesets/schema/evolith-user-story.schema.json +105 -0
- package/rulesets/schema/evolith-yaml.schema.json +191 -0
- package/rulesets/schema/functional-story.schema.json +111 -0
- package/rulesets/schema/gate-evidence.schema.json +85 -0
- package/rulesets/schema/integration-evidence.schema.json +47 -0
- package/rulesets/schema/knowledge-intake.schema.json +67 -0
- package/rulesets/schema/knowledge-projection.schema.json +24 -0
- package/rulesets/schema/maturity-evidence.schema.json +59 -0
- package/rulesets/schema/observability-validation.schema.json +85 -0
- package/rulesets/schema/on-call-handoff.schema.json +91 -0
- package/rulesets/schema/output-envelope.schema.json +102 -0
- package/rulesets/schema/prd.schema.json +117 -0
- package/rulesets/schema/release-notes.schema.json +138 -0
- package/rulesets/schema/rollback-rehearsal.schema.json +73 -0
- package/rulesets/schema/ruleset-sdlc.schema.json +59 -0
- package/rulesets/schema/ruleset-standard.schema.json +73 -0
- package/rulesets/schema/security-scan-report.schema.json +79 -0
- package/rulesets/schema/source-registry.schema.json +51 -0
- package/rulesets/schema/technical-feasibility.schema.json +66 -0
- package/rulesets/schema/technical-story.schema.json +112 -0
- package/rulesets/schema/test-summary-report.schema.json +158 -0
- package/rulesets/schema/topology-composition.schema.json +43 -0
- package/rulesets/schema/topology-manifest.schema.json +421 -0
- package/rulesets/sdlc/README.es.md +12 -0
- package/rulesets/sdlc/README.md +12 -0
- package/rulesets/sdlc/default-workflow.yaml +73 -0
- package/rulesets/sdlc/dependency-pinning.rules.json +183 -0
- package/rulesets/sdlc/phase-gates.rules.json +297 -0
- package/rulesets/sdlc/quality-thresholds.rules.json +96 -0
- package/rulesets/topologies/README.es.md +42 -0
- package/rulesets/topologies/README.md +42 -0
- package/rulesets/topologies/agentic-ai/README.es.md +142 -0
- package/rulesets/topologies/agentic-ai/README.md +142 -0
- package/rulesets/topologies/agentic-ai/adoption.es.md +37 -0
- package/rulesets/topologies/agentic-ai/adoption.md +37 -0
- package/rulesets/topologies/agentic-ai/agent.config.schema.json +100 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.rego +46 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.rules.json +109 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.test.rego +68 -0
- package/rulesets/topologies/agentic-ai/agentic-ai.wasm +0 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.es.md +35 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.md +45 -0
- package/rulesets/topologies/agentic-ai/evidence.es.md +25 -0
- package/rulesets/topologies/agentic-ai/evidence.md +25 -0
- package/rulesets/topologies/agentic-ai/evolution.es.md +26 -0
- package/rulesets/topologies/agentic-ai/evolution.md +26 -0
- package/rulesets/topologies/agentic-ai/fixtures/invalid-agent.config.json +48 -0
- package/rulesets/topologies/agentic-ai/fixtures/valid-agent.config.json +48 -0
- package/rulesets/topologies/agentic-ai/maturity.es.md +33 -0
- package/rulesets/topologies/agentic-ai/maturity.md +33 -0
- package/rulesets/topologies/agentic-ai/mcp/mcp-manifest.json +100 -0
- package/rulesets/topologies/agentic-ai/openapi/openapi.yaml +187 -0
- package/rulesets/topologies/agentic-ai/operations.es.md +32 -0
- package/rulesets/topologies/agentic-ai/operations.md +32 -0
- package/rulesets/topologies/agentic-ai/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/agentic-ai/parity-fixtures/violation.json +22 -0
- package/rulesets/topologies/agentic-ai/patterns.es.md +32 -0
- package/rulesets/topologies/agentic-ai/patterns.md +32 -0
- package/rulesets/topologies/agentic-ai/resilience.es.md +26 -0
- package/rulesets/topologies/agentic-ai/resilience.md +26 -0
- package/rulesets/topologies/agentic-ai/runbooks.es.md +48 -0
- package/rulesets/topologies/agentic-ai/runbooks.md +48 -0
- package/rulesets/topologies/agentic-ai/security.es.md +26 -0
- package/rulesets/topologies/agentic-ai/security.md +26 -0
- package/rulesets/topologies/agentic-ai/topology.manifest.json +127 -0
- package/rulesets/topologies/data-mesh/README.es.md +69 -0
- package/rulesets/topologies/data-mesh/README.md +69 -0
- package/rulesets/topologies/data-mesh/adoption.es.md +95 -0
- package/rulesets/topologies/data-mesh/adoption.md +95 -0
- package/rulesets/topologies/data-mesh/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/data-mesh/cli/cli-flows.md +53 -0
- package/rulesets/topologies/data-mesh/data-mesh.rego +11 -0
- package/rulesets/topologies/data-mesh/data-mesh.rules.json +100 -0
- package/rulesets/topologies/data-mesh/data-mesh.test.rego +107 -0
- package/rulesets/topologies/data-mesh/data-mesh.wasm +0 -0
- package/rulesets/topologies/data-mesh/evidence.es.md +111 -0
- package/rulesets/topologies/data-mesh/evidence.md +111 -0
- package/rulesets/topologies/data-mesh/evolution.es.md +67 -0
- package/rulesets/topologies/data-mesh/evolution.md +67 -0
- package/rulesets/topologies/data-mesh/fixtures/invalid.topology.config.json +12 -0
- package/rulesets/topologies/data-mesh/fixtures/valid.topology.config.json +12 -0
- package/rulesets/topologies/data-mesh/maturity.es.md +36 -0
- package/rulesets/topologies/data-mesh/maturity.md +36 -0
- package/rulesets/topologies/data-mesh/mcp/mcp-manifest.json +68 -0
- package/rulesets/topologies/data-mesh/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/data-mesh/operations.es.md +63 -0
- package/rulesets/topologies/data-mesh/operations.md +63 -0
- package/rulesets/topologies/data-mesh/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/data-mesh/parity-fixtures/violation.json +21 -0
- package/rulesets/topologies/data-mesh/patterns.es.md +67 -0
- package/rulesets/topologies/data-mesh/patterns.md +67 -0
- package/rulesets/topologies/data-mesh/resilience.es.md +64 -0
- package/rulesets/topologies/data-mesh/resilience.md +64 -0
- package/rulesets/topologies/data-mesh/runbooks.es.md +147 -0
- package/rulesets/topologies/data-mesh/runbooks.md +147 -0
- package/rulesets/topologies/data-mesh/security.es.md +66 -0
- package/rulesets/topologies/data-mesh/security.md +66 -0
- package/rulesets/topologies/data-mesh/topology.config.schema.json +30 -0
- package/rulesets/topologies/data-mesh/topology.manifest.json +107 -0
- package/rulesets/topologies/edge-computing/README.es.md +81 -0
- package/rulesets/topologies/edge-computing/README.md +81 -0
- package/rulesets/topologies/edge-computing/adoption.es.md +268 -0
- package/rulesets/topologies/edge-computing/adoption.md +268 -0
- package/rulesets/topologies/edge-computing/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/edge-computing/cli/cli-flows.md +53 -0
- package/rulesets/topologies/edge-computing/edge-computing.rego +41 -0
- package/rulesets/topologies/edge-computing/edge-computing.rules.json +50 -0
- package/rulesets/topologies/edge-computing/edge-computing.test.rego +33 -0
- package/rulesets/topologies/edge-computing/edge-computing.wasm +0 -0
- package/rulesets/topologies/edge-computing/evidence.es.md +263 -0
- package/rulesets/topologies/edge-computing/evidence.md +263 -0
- package/rulesets/topologies/edge-computing/evolution.es.md +257 -0
- package/rulesets/topologies/edge-computing/evolution.md +257 -0
- package/rulesets/topologies/edge-computing/fixtures/invalid.topology.config.json +6 -0
- package/rulesets/topologies/edge-computing/fixtures/valid.topology.config.json +6 -0
- package/rulesets/topologies/edge-computing/maturity.es.md +36 -0
- package/rulesets/topologies/edge-computing/maturity.md +36 -0
- package/rulesets/topologies/edge-computing/mcp/mcp-manifest.json +72 -0
- package/rulesets/topologies/edge-computing/openapi/openapi.yaml +187 -0
- package/rulesets/topologies/edge-computing/operations.es.md +148 -0
- package/rulesets/topologies/edge-computing/operations.md +148 -0
- package/rulesets/topologies/edge-computing/parity-fixtures/compliant.json +12 -0
- package/rulesets/topologies/edge-computing/parity-fixtures/violation.json +13 -0
- package/rulesets/topologies/edge-computing/patterns.es.md +291 -0
- package/rulesets/topologies/edge-computing/patterns.md +290 -0
- package/rulesets/topologies/edge-computing/resilience.es.md +232 -0
- package/rulesets/topologies/edge-computing/resilience.md +229 -0
- package/rulesets/topologies/edge-computing/runbooks.es.md +405 -0
- package/rulesets/topologies/edge-computing/runbooks.md +405 -0
- package/rulesets/topologies/edge-computing/security.es.md +218 -0
- package/rulesets/topologies/edge-computing/security.md +218 -0
- package/rulesets/topologies/edge-computing/topology.config.schema.json +13 -0
- package/rulesets/topologies/edge-computing/topology.manifest.json +113 -0
- package/rulesets/topologies/event-driven/README.es.md +71 -0
- package/rulesets/topologies/event-driven/README.md +71 -0
- package/rulesets/topologies/event-driven/adoption.es.md +67 -0
- package/rulesets/topologies/event-driven/adoption.md +67 -0
- package/rulesets/topologies/event-driven/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/event-driven/cli/cli-flows.md +53 -0
- package/rulesets/topologies/event-driven/event-driven.rego +11 -0
- package/rulesets/topologies/event-driven/event-driven.rules.json +100 -0
- package/rulesets/topologies/event-driven/event-driven.test.rego +107 -0
- package/rulesets/topologies/event-driven/event-driven.wasm +0 -0
- package/rulesets/topologies/event-driven/evidence.es.md +69 -0
- package/rulesets/topologies/event-driven/evidence.md +69 -0
- package/rulesets/topologies/event-driven/evolution.es.md +59 -0
- package/rulesets/topologies/event-driven/evolution.md +59 -0
- package/rulesets/topologies/event-driven/fixtures/invalid.topology.config.json +12 -0
- package/rulesets/topologies/event-driven/fixtures/valid.topology.config.json +12 -0
- package/rulesets/topologies/event-driven/maturity.es.md +36 -0
- package/rulesets/topologies/event-driven/maturity.md +36 -0
- package/rulesets/topologies/event-driven/mcp/mcp-manifest.json +68 -0
- package/rulesets/topologies/event-driven/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/event-driven/operations.es.md +67 -0
- package/rulesets/topologies/event-driven/operations.md +67 -0
- package/rulesets/topologies/event-driven/parity-fixtures/compliant.json +18 -0
- package/rulesets/topologies/event-driven/parity-fixtures/violation.json +21 -0
- package/rulesets/topologies/event-driven/patterns.es.md +68 -0
- package/rulesets/topologies/event-driven/patterns.md +68 -0
- package/rulesets/topologies/event-driven/resilience.es.md +65 -0
- package/rulesets/topologies/event-driven/resilience.md +65 -0
- package/rulesets/topologies/event-driven/runbooks.es.md +79 -0
- package/rulesets/topologies/event-driven/runbooks.md +79 -0
- package/rulesets/topologies/event-driven/security.es.md +59 -0
- package/rulesets/topologies/event-driven/security.md +59 -0
- package/rulesets/topologies/event-driven/topology.config.schema.json +30 -0
- package/rulesets/topologies/event-driven/topology.manifest.json +109 -0
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.es.json +111 -0
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.json +111 -0
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.es.json +106 -0
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.json +106 -0
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.es.json +148 -0
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.json +148 -0
- package/rulesets/topologies/serverless/README.es.md +74 -0
- package/rulesets/topologies/serverless/README.md +74 -0
- package/rulesets/topologies/serverless/adoption.es.md +50 -0
- package/rulesets/topologies/serverless/adoption.md +50 -0
- package/rulesets/topologies/serverless/cli/cli-flows.es.md +41 -0
- package/rulesets/topologies/serverless/cli/cli-flows.md +53 -0
- package/rulesets/topologies/serverless/evidence.es.md +66 -0
- package/rulesets/topologies/serverless/evidence.md +66 -0
- package/rulesets/topologies/serverless/evolution.es.md +36 -0
- package/rulesets/topologies/serverless/evolution.md +36 -0
- package/rulesets/topologies/serverless/fixtures/invalid.topology.config.json +6 -0
- package/rulesets/topologies/serverless/fixtures/valid.topology.config.json +6 -0
- package/rulesets/topologies/serverless/maturity.es.md +36 -0
- package/rulesets/topologies/serverless/maturity.md +36 -0
- package/rulesets/topologies/serverless/mcp/mcp-manifest.json +72 -0
- package/rulesets/topologies/serverless/openapi/openapi.yaml +186 -0
- package/rulesets/topologies/serverless/operations.es.md +36 -0
- package/rulesets/topologies/serverless/operations.md +36 -0
- package/rulesets/topologies/serverless/parity-fixtures/compliant.json +13 -0
- package/rulesets/topologies/serverless/parity-fixtures/violation.json +15 -0
- package/rulesets/topologies/serverless/patterns.es.md +36 -0
- package/rulesets/topologies/serverless/patterns.md +36 -0
- package/rulesets/topologies/serverless/resilience.es.md +36 -0
- package/rulesets/topologies/serverless/resilience.md +36 -0
- package/rulesets/topologies/serverless/runbooks.es.md +68 -0
- package/rulesets/topologies/serverless/runbooks.md +68 -0
- package/rulesets/topologies/serverless/security.es.md +36 -0
- package/rulesets/topologies/serverless/security.md +36 -0
- package/rulesets/topologies/serverless/serverless.rego +32 -0
- package/rulesets/topologies/serverless/serverless.rules.json +33 -0
- package/rulesets/topologies/serverless/serverless.test.rego +28 -0
- package/rulesets/topologies/serverless/serverless.wasm +0 -0
- package/rulesets/topologies/serverless/topology.config.schema.json +28 -0
- package/rulesets/topologies/serverless/topology.manifest.json +114 -0
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
# Edge Computing — Security Guide
|
|
2
|
+
|
|
3
|
+
> **Bilingual Navigation:** [English](./security.md) | [Español](./security.es.md)
|
|
4
|
+
|
|
5
|
+
**Owner:** Platform Engineering
|
|
6
|
+
**Topology:** Edge Computing
|
|
7
|
+
|
|
8
|
+
## Edge Authentication
|
|
9
|
+
|
|
10
|
+
Edge nodes authenticate using a layered approach: node identity, workload identity, and client tokens.
|
|
11
|
+
|
|
12
|
+
### Node Identity
|
|
13
|
+
|
|
14
|
+
Each edge node holds a hardware-backed identity certificate issued during provisioning.
|
|
15
|
+
|
|
16
|
+
```bash
|
|
17
|
+
# Verify node identity
|
|
18
|
+
edge-cli auth node-identity verify \
|
|
19
|
+
--node-id edge-node-01 \
|
|
20
|
+
--check-cert-expiry
|
|
21
|
+
|
|
22
|
+
# Output:
|
|
23
|
+
# NODE: edge-node-01
|
|
24
|
+
# CERT_EXPIRY: 2027-06-23
|
|
25
|
+
# TRUST_CHAIN: root-ca → intermediate-ca → node-cert
|
|
26
|
+
# STATUS: valid
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
### Workload Identity
|
|
30
|
+
|
|
31
|
+
Workloads running on edge nodes use SPIFFE-based workload identities for service-to-service authentication.
|
|
32
|
+
|
|
33
|
+
```yaml
|
|
34
|
+
spiffe:
|
|
35
|
+
trust_domain: "edge.example.com"
|
|
36
|
+
workload:
|
|
37
|
+
path: "/compute/worker"
|
|
38
|
+
selector:
|
|
39
|
+
- "k8s:ns=edge-workloads"
|
|
40
|
+
- "k8s:sa=edge-worker"
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
## Data Residency
|
|
44
|
+
|
|
45
|
+
Edge deployments must respect data residency requirements based on node geographic location.
|
|
46
|
+
|
|
47
|
+
### Residency Policy Engine
|
|
48
|
+
|
|
49
|
+
```yaml
|
|
50
|
+
residency:
|
|
51
|
+
rules:
|
|
52
|
+
- region: "eu-west-*"
|
|
53
|
+
restrictions:
|
|
54
|
+
- data_type: "pii"
|
|
55
|
+
allowed_destinations: ["eu-west-1", "eu-central-1"]
|
|
56
|
+
- data_type: "telemetry"
|
|
57
|
+
allowed_destinations: ["eu-west-*"]
|
|
58
|
+
- region: "us-*"
|
|
59
|
+
restrictions:
|
|
60
|
+
- data_type: "pii"
|
|
61
|
+
allowed_destinations: ["us-*"]
|
|
62
|
+
- region: "ap-*"
|
|
63
|
+
restrictions:
|
|
64
|
+
- data_type: "pii"
|
|
65
|
+
allowed_destinations: ["ap-*"]
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
### Enforcement
|
|
69
|
+
|
|
70
|
+
```bash
|
|
71
|
+
# Audit data residency compliance
|
|
72
|
+
edge-cli residency audit --fleet-wide --output report.json
|
|
73
|
+
|
|
74
|
+
# Violations trigger automated remediation:
|
|
75
|
+
# - Cross-border PII: block and alert
|
|
76
|
+
# - Telemetry leakage: redirect to allowed region
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
## Encryption at Rest
|
|
80
|
+
|
|
81
|
+
All persistent data on edge nodes is encrypted using AES-256-GCM.
|
|
82
|
+
|
|
83
|
+
### Encryption Architecture
|
|
84
|
+
|
|
85
|
+
| Data Category | Key Source | Rotation | Scope |
|
|
86
|
+
|---------------|------------|----------|-------|
|
|
87
|
+
| Cached content | Node-local KMS | 24 hours | Per-node |
|
|
88
|
+
| Configuration | Central KMS | 7 days | Fleet-wide |
|
|
89
|
+
| Logs | Node-local KMS | 24 hours | Per-node |
|
|
90
|
+
| Secrets | External vault | On-demand | Per-workload |
|
|
91
|
+
|
|
92
|
+
### Key Management
|
|
93
|
+
|
|
94
|
+
```bash
|
|
95
|
+
# Rotate edge encryption keys
|
|
96
|
+
edge-cli crypto rotate \
|
|
97
|
+
--scope node-local \
|
|
98
|
+
--algorithm aes-256-gcm \
|
|
99
|
+
--grace-period 1h
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
## Network Security (EC-SEC-01)
|
|
103
|
+
|
|
104
|
+
Edge nodes enforce network security policies at the node level.
|
|
105
|
+
|
|
106
|
+
### Network Segmentation
|
|
107
|
+
|
|
108
|
+
```
|
|
109
|
+
┌─────────────────────────────────────────────┐
|
|
110
|
+
│ Edge Node Network │
|
|
111
|
+
│ ┌───────────┐ ┌───────────┐ ┌─────────┐ │
|
|
112
|
+
│ │ Compute │ │ Storage │ │ Control │ │
|
|
113
|
+
│ │ Segment │ │ Segment │ │ Segment │ │
|
|
114
|
+
│ │ (VLAN 10) │ │ (VLAN 20) │ │ (VLAN 30)│ │
|
|
115
|
+
│ └───────────┘ └───────────┘ └─────────┘ │
|
|
116
|
+
│ │ │ │ │
|
|
117
|
+
│ └──────────────┼─────────────┘ │
|
|
118
|
+
│ │ │
|
|
119
|
+
│ ┌────┴────┐ │
|
|
120
|
+
│ │ Firewall│ │
|
|
121
|
+
│ └────┬────┘ │
|
|
122
|
+
│ │ │
|
|
123
|
+
└────────────────────────┼─────────────────────┘
|
|
124
|
+
│
|
|
125
|
+
┌────┴────┐
|
|
126
|
+
│ Origin │
|
|
127
|
+
└─────────┘
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
### Firewall Rules
|
|
131
|
+
|
|
132
|
+
```yaml
|
|
133
|
+
firewall:
|
|
134
|
+
ingress:
|
|
135
|
+
- port: 443
|
|
136
|
+
source: "client-cidrs"
|
|
137
|
+
action: allow
|
|
138
|
+
- port: 8443
|
|
139
|
+
source: "peer-nodes"
|
|
140
|
+
action: allow
|
|
141
|
+
- port: 9090
|
|
142
|
+
source: "monitoring-subnet"
|
|
143
|
+
action: allow
|
|
144
|
+
egress:
|
|
145
|
+
- port: 443
|
|
146
|
+
destination: "origin-servers"
|
|
147
|
+
action: allow
|
|
148
|
+
- port: 443
|
|
149
|
+
destination: "kms-endpoints"
|
|
150
|
+
action: allow
|
|
151
|
+
- all: deny
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
## Mutual TLS (EC-SEC-02)
|
|
155
|
+
|
|
156
|
+
All communication between edge nodes and between edge and origin uses mTLS.
|
|
157
|
+
|
|
158
|
+
### Certificate Configuration
|
|
159
|
+
|
|
160
|
+
```yaml
|
|
161
|
+
mtls:
|
|
162
|
+
enabled: true
|
|
163
|
+
min_version: "1.3"
|
|
164
|
+
cipher_suites:
|
|
165
|
+
- "TLS_AES_256_GCM_SHA384"
|
|
166
|
+
- "TLS_CHACHA20_POLY1305_SHA256"
|
|
167
|
+
client_auth:
|
|
168
|
+
required: true
|
|
169
|
+
ca_bundle: "/etc/edge/ca-bundle.pem"
|
|
170
|
+
cert_rotation:
|
|
171
|
+
interval: 24h
|
|
172
|
+
overlap: 1h
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
### mTLS Verification
|
|
176
|
+
|
|
177
|
+
```bash
|
|
178
|
+
# Test mTLS connectivity between nodes
|
|
179
|
+
edge-cli mtls test \
|
|
180
|
+
--source edge-node-01 \
|
|
181
|
+
--target edge-node-02 \
|
|
182
|
+
--verify-peer-cert
|
|
183
|
+
|
|
184
|
+
# Output:
|
|
185
|
+
# SOURCE: edge-node-01
|
|
186
|
+
# TARGET: edge-node-02
|
|
187
|
+
# TLS_VERSION: 1.3
|
|
188
|
+
# CIPHER: TLS_AES_256_GCM_SHA384
|
|
189
|
+
# PEER_CERT_VALID: true
|
|
190
|
+
# STATUS: passed
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
## Secret Rotation
|
|
194
|
+
|
|
195
|
+
Secrets on edge nodes are rotated automatically to limit exposure window.
|
|
196
|
+
|
|
197
|
+
### Rotation Schedule
|
|
198
|
+
|
|
199
|
+
| Secret Type | Rotation Interval | Grace Period | Failure Action |
|
|
200
|
+
|-------------|-------------------|--------------|----------------|
|
|
201
|
+
| Node identity cert | 90 days | 24 hours | Alert + degrade |
|
|
202
|
+
| API tokens | 1 hour | 5 minutes | Refresh background |
|
|
203
|
+
| Encryption keys | 24 hours | 1 hour | Queue new key |
|
|
204
|
+
| Database credentials | 7 days | 2 hours | Hold connection |
|
|
205
|
+
|
|
206
|
+
### Rotation Orchestration
|
|
207
|
+
|
|
208
|
+
```bash
|
|
209
|
+
# Trigger fleet-wide secret rotation
|
|
210
|
+
edge-cli secrets rotate \
|
|
211
|
+
--scope fleet \
|
|
212
|
+
--type all \
|
|
213
|
+
--strategy rolling \
|
|
214
|
+
--batch 10%
|
|
215
|
+
```
|
|
216
|
+
|
|
217
|
+
---
|
|
218
|
+
[Back to Edge Computing Profile](./README.md)
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
3
|
+
"title": "Edge Computing Topology Configuration",
|
|
4
|
+
"type": "object",
|
|
5
|
+
"additionalProperties": false,
|
|
6
|
+
"required": ["topology", "syncStrategy", "edgeIsolation", "conflictResolution"],
|
|
7
|
+
"properties": {
|
|
8
|
+
"topology": { "const": "edge-computing" },
|
|
9
|
+
"syncStrategy": { "type": "string", "enum": ["offline-first", "eventual", "real-time-fallback"] },
|
|
10
|
+
"edgeIsolation": { "const": true },
|
|
11
|
+
"conflictResolution": { "type": "string", "enum": ["last-write-wins", "merge", "manual"] }
|
|
12
|
+
}
|
|
13
|
+
}
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
{
|
|
2
|
+
"apiVersion": "evolith.dev/topology/v1",
|
|
3
|
+
"kind": "TopologyManifest",
|
|
4
|
+
"metadata": {
|
|
5
|
+
"id": "edge-computing",
|
|
6
|
+
"name": "Edge Computing",
|
|
7
|
+
"dimension": "execution",
|
|
8
|
+
"status": "accepted",
|
|
9
|
+
"version": "1.0.0",
|
|
10
|
+
"governance": {
|
|
11
|
+
"owner": "Platform Engineering",
|
|
12
|
+
"criticality": "P1"
|
|
13
|
+
}
|
|
14
|
+
},
|
|
15
|
+
"spec": {
|
|
16
|
+
"summary": "Execution topology for workloads placed near users, devices, regions, or constrained networks while preserving Evolith domain ownership and governance contracts.",
|
|
17
|
+
"topologyType": "edge-computing",
|
|
18
|
+
"compatibility": {
|
|
19
|
+
"progressiveAxis": {
|
|
20
|
+
"phase": "cross",
|
|
21
|
+
"profile": "cross"
|
|
22
|
+
},
|
|
23
|
+
"composableWith": [
|
|
24
|
+
"microservices",
|
|
25
|
+
"distributed-modules",
|
|
26
|
+
"event-driven",
|
|
27
|
+
"serverless",
|
|
28
|
+
"agentic-ai"
|
|
29
|
+
]
|
|
30
|
+
},
|
|
31
|
+
"artifacts": {
|
|
32
|
+
"adrs": [
|
|
33
|
+
"reference/architecture/adrs/core/0079-multi-topology-reference-corpus.md",
|
|
34
|
+
"reference/architecture/adrs/core/0096-edge-computing-architecture-governance.md"
|
|
35
|
+
],
|
|
36
|
+
"rulesets": [
|
|
37
|
+
"rulesets/topologies/edge-computing/edge-computing.rules.json"
|
|
38
|
+
],
|
|
39
|
+
"opaPolicies": [
|
|
40
|
+
"rulesets/topologies/edge-computing/edge-computing.rego"
|
|
41
|
+
],
|
|
42
|
+
"aiRulesets": [
|
|
43
|
+
"rulesets/topologies/edge-computing/README.md"
|
|
44
|
+
],
|
|
45
|
+
"umsContracts": [
|
|
46
|
+
"reference/knowledge/demo/ums-reference-model.md"
|
|
47
|
+
]
|
|
48
|
+
},
|
|
49
|
+
"corpus": {
|
|
50
|
+
"guidance": {
|
|
51
|
+
"profile": "rulesets/topologies/edge-computing/README.md",
|
|
52
|
+
"maturityGuide": "rulesets/topologies/edge-computing/maturity.md"
|
|
53
|
+
},
|
|
54
|
+
"configurationContract": "rulesets/topologies/edge-computing/topology.config.schema.json",
|
|
55
|
+
"fixtures": {
|
|
56
|
+
"valid": "rulesets/topologies/edge-computing/fixtures/valid.topology.config.json",
|
|
57
|
+
"invalid": "rulesets/topologies/edge-computing/fixtures/invalid.topology.config.json"
|
|
58
|
+
},
|
|
59
|
+
"nativeEvaluator": "packages/core-domain/src/application/validators/ruleset-validator.service.ts",
|
|
60
|
+
"tests": {
|
|
61
|
+
"positive": "packages/core-domain/src/application/validators/ruleset-validator-architecture.spec.ts",
|
|
62
|
+
"negative": "packages/core-domain/src/application/validators/ruleset-validator-architecture.spec.ts"
|
|
63
|
+
},
|
|
64
|
+
"evidence": "reference/governance/standards/vision/maturity-evidence.json"
|
|
65
|
+
},
|
|
66
|
+
"operationalBudgets": {
|
|
67
|
+
"latencyBudgetMs": 200,
|
|
68
|
+
"coldStartCeilingMs": 300,
|
|
69
|
+
"costCeilingPerExecutionCents": 1
|
|
70
|
+
},
|
|
71
|
+
"operationalInterfaces": {
|
|
72
|
+
"cli": {
|
|
73
|
+
"validators": [
|
|
74
|
+
"validate-architecture",
|
|
75
|
+
"validate-topology"
|
|
76
|
+
]
|
|
77
|
+
},
|
|
78
|
+
"mcp": {
|
|
79
|
+
"resources": [
|
|
80
|
+
"evolith://topologies/edge-computing/manifest",
|
|
81
|
+
"evolith://topologies/edge-computing/rulesets"
|
|
82
|
+
],
|
|
83
|
+
"tools": [
|
|
84
|
+
"evolith-topology-inspect",
|
|
85
|
+
"evolith-topology-validate"
|
|
86
|
+
],
|
|
87
|
+
"prompts": [
|
|
88
|
+
"topology-aware-implementation",
|
|
89
|
+
"extraction-readiness-review"
|
|
90
|
+
]
|
|
91
|
+
},
|
|
92
|
+
"coreApi": {
|
|
93
|
+
"endpoints": [
|
|
94
|
+
"GET /topologies/{id}",
|
|
95
|
+
"GET /topologies/{id}/manifest",
|
|
96
|
+
"POST /topologies/{id}/validate"
|
|
97
|
+
]
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
},
|
|
101
|
+
"businessBoundary": {
|
|
102
|
+
"technicalOnly": true,
|
|
103
|
+
"trackerOwns": [
|
|
104
|
+
"timing",
|
|
105
|
+
"ownership",
|
|
106
|
+
"prioritization",
|
|
107
|
+
"roi",
|
|
108
|
+
"cost",
|
|
109
|
+
"budget",
|
|
110
|
+
"funnel-0"
|
|
111
|
+
]
|
|
112
|
+
}
|
|
113
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# Perfil Topologico Event-Driven
|
|
2
|
+
|
|
3
|
+
> **Navegacion Bilingue:** [English Version](./README.md)
|
|
4
|
+
|
|
5
|
+
**Estado:** Accepted
|
|
6
|
+
**Dimension:** `integration`
|
|
7
|
+
**ID de Topologia:** `event-driven`
|
|
8
|
+
**Alias de Compatibilidad:** `F2-compatible`
|
|
9
|
+
**Manifiesto:** [topology.manifest.json](./topology.manifest.json)
|
|
10
|
+
|
|
11
|
+
La arquitectura event-driven es una topologia de integracion para coordinacion asincrona mediante contratos de eventos explicitos, publicacion confiable, consumidores idempotentes y flujo de mensajes observable.
|
|
12
|
+
|
|
13
|
+
## Proposito
|
|
14
|
+
|
|
15
|
+
Usa esta topologia cuando bounded contexts, modulos, servicios, funciones o workloads edge deben coordinar sin acoplamiento sincrono fuerte.
|
|
16
|
+
|
|
17
|
+
La integracion event-driven no autoriza esconder workflows de negocio en infraestructura. Los eventos deben expresar hechos de dominio explicitos, ownership, reglas de evolucion de schema y semantica de fallo.
|
|
18
|
+
|
|
19
|
+
## Reglas de Gobernanza
|
|
20
|
+
|
|
21
|
+
| Regla | Requisito |
|
|
22
|
+
|---|---|
|
|
23
|
+
| Contratos de eventos | Los eventos deben ser explicitos, versionados y backward-compatible. |
|
|
24
|
+
| Confiabilidad | La publicacion entre fronteras debe usar Transactional Outbox o un patron equivalente de confiabilidad. |
|
|
25
|
+
| Idempotencia | Los consumidores deben tolerar entrega duplicada y reintentos. |
|
|
26
|
+
| Observabilidad | El flujo de eventos debe exponer correlacion, lag, fallos y evidencia de replay. |
|
|
27
|
+
| Ownership | Los productores poseen el significado del evento; los consumidores poseen sus reacciones locales. |
|
|
28
|
+
|
|
29
|
+
## Autoridad Requerida
|
|
30
|
+
|
|
31
|
+
| Artefacto | Rol |
|
|
32
|
+
|---|---|
|
|
33
|
+
| [ADR-0015: Arquitectura Event-Driven Intra-Dominio](../../../adrs/core/0015-event-driven-architecture-intra-domain.md) | Gobierna la coordinacion event-driven dentro de contextos acotados. |
|
|
34
|
+
| [ADR-0079: Corpus de Referencia Multi-Topologia](../../../adrs/core/0079-multi-topology-reference-corpus.md) | Gobierna los manifiestos de topologia y composicion. |
|
|
35
|
+
| [Reglas de Arquitectura Event-Driven](./event-driven.rules.json) | Reglas de compatibilidad ejecutables existentes. |
|
|
36
|
+
| [Modelo de Dimensiones de Topologia](../../topology-dimensions.md) | Define reglas de composicion y compatibilidad. |
|
|
37
|
+
|
|
38
|
+
## Contrato Ejecutable
|
|
39
|
+
|
|
40
|
+
Todo satelite que adopte este perfil proporciona `event-driven.config.json`:
|
|
41
|
+
|
|
42
|
+
```json
|
|
43
|
+
{
|
|
44
|
+
"strictAsyncApi": true,
|
|
45
|
+
"transactionalOutbox": true,
|
|
46
|
+
"deadLetterQueue": true
|
|
47
|
+
}
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
ED-R01 a ED-R03 exigen ese contrato, forzando la definicion explicita de AsyncAPI, el patron Transactional Outbox para la confiabilidad, y un Dead Letter Queue (DLQ) para el manejo de mensajes fallidos. El evaluador Native y la [politica OPA](./event-driven.rego) evaluan estos campos.
|
|
51
|
+
|
|
52
|
+
## Composicion
|
|
53
|
+
|
|
54
|
+
`event-driven` puede combinarse con:
|
|
55
|
+
|
|
56
|
+
| Topologia | Por Que Puede Componerse |
|
|
57
|
+
|---|---|
|
|
58
|
+
| `modular-monolith` | Agrega integracion event-driven desacoplada preservando un sistema desplegable. |
|
|
59
|
+
| `distributed-modules` | Habilita coordinacion asincrona entre fronteras de modulo con contratos explicitos. |
|
|
60
|
+
| `microservices` | Proporciona comunicacion event-driven confiable entre servicios con propiedad independiente. |
|
|
61
|
+
| `serverless` | Impulsa ejecucion serverless disparada por eventos gobernada por contratos explicitos. |
|
|
62
|
+
| `edge-computing` | Soporta flujo de eventos asincrono hacia y desde workloads ubicados en el edge. |
|
|
63
|
+
| `data-mesh` | Habilita actualizaciones de productos de datos impulsadas por eventos con propiedad analitica gobernada. |
|
|
64
|
+
| `agentic-ai` | Coordina workflows de agentes IA a traves de canales de eventos observables. |
|
|
65
|
+
|
|
66
|
+
## Frontera de Negocio
|
|
67
|
+
|
|
68
|
+
Este perfil es solo tecnico. No define priorizacion de negocio, timing, ROI, costo, presupuesto, staffing ni Funnel 0. Evolith Tracker posee esas preocupaciones de negocio mediante su ACL.
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
[Volver al Hub de Topologias](../../README.es.md)
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# Event-Driven Topology Profile
|
|
2
|
+
|
|
3
|
+
> **Bilingual Navigation:** [Version en Espanol](./README.es.md)
|
|
4
|
+
|
|
5
|
+
**Status:** Accepted
|
|
6
|
+
**Dimension:** `integration`
|
|
7
|
+
**Topology ID:** `event-driven`
|
|
8
|
+
**Compatibility Alias:** `F2-compatible`
|
|
9
|
+
**Manifest:** [topology.manifest.json](./topology.manifest.json)
|
|
10
|
+
|
|
11
|
+
Event-driven architecture is an integration topology for asynchronous coordination through explicit event contracts, reliable publication, idempotent consumers, and observable message flow.
|
|
12
|
+
|
|
13
|
+
## Purpose
|
|
14
|
+
|
|
15
|
+
Use this topology when bounded contexts, modules, services, functions, or edge workloads must coordinate without tight synchronous coupling.
|
|
16
|
+
|
|
17
|
+
Event-driven integration is not permission to hide business workflows in infrastructure. Events must express explicit domain facts, ownership, schema evolution rules, and failure semantics.
|
|
18
|
+
|
|
19
|
+
## Governance Rules
|
|
20
|
+
|
|
21
|
+
| Rule | Requirement |
|
|
22
|
+
|---|---|
|
|
23
|
+
| Event contracts | Events must be explicit, versioned, and backward-compatible. |
|
|
24
|
+
| Reliability | Cross-boundary publication should use Transactional Outbox or an equivalent reliability pattern. |
|
|
25
|
+
| Idempotency | Consumers must tolerate duplicate delivery and retries. |
|
|
26
|
+
| Observability | Event flow must expose correlation, lag, failures, and replay evidence. |
|
|
27
|
+
| Ownership | Event producers own event meaning; consumers own local reactions. |
|
|
28
|
+
|
|
29
|
+
## Required Authority
|
|
30
|
+
|
|
31
|
+
| Artifact | Role |
|
|
32
|
+
|---|---|
|
|
33
|
+
| [ADR-0015: Event-Driven Architecture Intra-Domain](../../../adrs/core/0015-event-driven-architecture-intra-domain.md) | Governs event-driven coordination within bounded contexts. |
|
|
34
|
+
| [ADR-0079: Multi-Topology Reference Corpus](../../../adrs/core/0079-multi-topology-reference-corpus.md) | Governs topology manifests and composition. |
|
|
35
|
+
| [Event-Driven Architecture Rules](./event-driven.rules.json) | Existing executable compatibility rules. |
|
|
36
|
+
| [Topology Dimensions Model](../../topology-dimensions.md) | Defines composition and compatibility rules. |
|
|
37
|
+
|
|
38
|
+
## Executable Contract
|
|
39
|
+
|
|
40
|
+
Every adopting satellite provides `event-driven.config.json`:
|
|
41
|
+
|
|
42
|
+
```json
|
|
43
|
+
{
|
|
44
|
+
"strictAsyncApi": true,
|
|
45
|
+
"transactionalOutbox": true,
|
|
46
|
+
"deadLetterQueue": true
|
|
47
|
+
}
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
ED-R01 through ED-R03 require that contract, enforcing explicit AsyncAPI definition, the Transactional Outbox pattern for reliability, and a Dead Letter Queue (DLQ) for failed message handling. The Native evaluator and [OPA policy](./event-driven.rego) evaluate these fields.
|
|
51
|
+
|
|
52
|
+
## Composition
|
|
53
|
+
|
|
54
|
+
`event-driven` can combine with:
|
|
55
|
+
|
|
56
|
+
| Topology | Why It Can Compose |
|
|
57
|
+
|---|---|
|
|
58
|
+
| `modular-monolith` | Adds decoupled event-driven integration while preserving one deployable system. |
|
|
59
|
+
| `distributed-modules` | Enables async coordination across module boundaries with explicit contracts. |
|
|
60
|
+
| `microservices` | Provides reliable event-driven communication between independently owned services. |
|
|
61
|
+
| `serverless` | Drives event-triggered serverless execution governed by explicit contracts. |
|
|
62
|
+
| `edge-computing` | Supports async event flow to and from edge-located workloads. |
|
|
63
|
+
| `data-mesh` | Enables event-driven data product updates with governed analytical ownership. |
|
|
64
|
+
| `agentic-ai` | Coordinates AI-agent workflows through observable event channels. |
|
|
65
|
+
|
|
66
|
+
## Business Boundary
|
|
67
|
+
|
|
68
|
+
This profile is technical-only. It does not define business prioritization, timing, ROI, cost, budget, staffing, or Funnel 0. Evolith Tracker owns those business concerns through its ACL.
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
[Back to Topology Hub](../../README.md)
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Guía de Adopción Orientada a Eventos
|
|
2
|
+
|
|
3
|
+
> **Navegación Bilingüe:** [English](./adoption.md) | [Español](./adoption.es.md)
|
|
4
|
+
|
|
5
|
+
**Propietario:** Junta de Arquitectura
|
|
6
|
+
**Topología:** Orientada a Eventos
|
|
7
|
+
|
|
8
|
+
## Propósito
|
|
9
|
+
|
|
10
|
+
Definir criterios de entrada, procedimientos de configuración y listas de verificación de adopción para equipos que adoptan arquitectura orientada a eventos: configuración del catálogo de eventos, contratos de productor/consumidor y validación de preparación.
|
|
11
|
+
|
|
12
|
+
## Criterios de Entrada
|
|
13
|
+
|
|
14
|
+
Antes de adoptar patrones orientados a eventos, verificar:
|
|
15
|
+
|
|
16
|
+
- Se ha identificado al menos un caso de uso asincrónico (por ejemplo, notificación entre dominios, requisito de consistencia eventual).
|
|
17
|
+
- El equipo tiene acceso a un broker de mensajes (gestionado o auto-hospedado).
|
|
18
|
+
- El equipo comprende los tradeoffs de orientado a eventos vs. alternativas síncronas.
|
|
19
|
+
- La infraestructura de registro de esquemas está disponible o planificada.
|
|
20
|
+
|
|
21
|
+
## Configuración del Catálogo de Eventos
|
|
22
|
+
|
|
23
|
+
- Crear entrada en el catálogo para cada tipo de evento con: nombre, dominio, propietario, versión del esquema, política de retención.
|
|
24
|
+
- Asignar un propietario de dominio responsable de cambios de esquema y deprecación.
|
|
25
|
+
- Publicar el catálogo en una ubicación accesible (wiki, portal o repositorio de código).
|
|
26
|
+
|
|
27
|
+
## Contratos de Productor — ED-R01
|
|
28
|
+
|
|
29
|
+
- Registrar especificación AsyncAPI para cada tipo de evento antes de la primera publicación.
|
|
30
|
+
- Definir campos requeridos y opcionales con tipos y valores predeterminados.
|
|
31
|
+
- Incluir metadatos del evento: event-id, event-version, timestamp, correlation-id.
|
|
32
|
+
|
|
33
|
+
## Contratos de Consumidor — ED-R05
|
|
34
|
+
|
|
35
|
+
- Declarar tipos de eventos esperados y versiones de esquemas en el registro del consumidor.
|
|
36
|
+
- Documentar estrategia de idempotencia y ventana de deduplicación.
|
|
37
|
+
- Definir tolerancia de retraso y umbrales de alerta para el consumidor.
|
|
38
|
+
|
|
39
|
+
## Lista de Verificación de Preparación
|
|
40
|
+
|
|
41
|
+
- [ ] Especificación AsyncAPI registrada en el registro de esquemas
|
|
42
|
+
- [ ] Entrada del catálogo de eventos creada con propietario y retención
|
|
43
|
+
- [ ] Productor implementa validación de esquemas antes de publicar
|
|
44
|
+
- [ ] Consumidor implementa procesamiento idempotente
|
|
45
|
+
- [ ] Enrutamiento DLQ configurado con política de reintento
|
|
46
|
+
- [ ] Paneles de monitoreo creados para retraso y throughput
|
|
47
|
+
- [ ] Manuales operativos documentados para escenarios de falla
|
|
48
|
+
- [ ] Equipo capacitado en patrones y tradeoffs orientados a eventos
|
|
49
|
+
|
|
50
|
+
## Aplicabilidad Componible
|
|
51
|
+
|
|
52
|
+
| Componible | Orientación |
|
|
53
|
+
|---|---|
|
|
54
|
+
| Monolito Modular | Catálogo ligero; broker embebido; validación de eventos intra-proceso. |
|
|
55
|
+
| Módulos Distribuidos | Catálogo compartido; se requiere revisión de contratos entre módulos. |
|
|
56
|
+
| Microservicios | Catálogo completo con propiedad de dominio; registro de contratos por servicio. |
|
|
57
|
+
| Serverless | Catálogo gestionado por plataforma; ejecución de contratos vía políticas de plataforma. |
|
|
58
|
+
| Computación Edge | Catálogo local con sincronización a la nube; contrato simplificado para restricciones de edge. |
|
|
59
|
+
|
|
60
|
+
## Referencias ADR
|
|
61
|
+
|
|
62
|
+
- **ADR-0015**: Estándares de catálogo de eventos y contratos de productor.
|
|
63
|
+
- **ADR-0079**: Requisitos de contratos de consumidor y preparación.
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
|
|
67
|
+
[Volver al Perfil Orientado a Eventos](./README.es.md)
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Event-Driven — Adoption Guide
|
|
2
|
+
|
|
3
|
+
> **Bilingual Navigation:** [English](./adoption.md) | [Español](./adoption.es.md)
|
|
4
|
+
|
|
5
|
+
**Owner:** Architecture Board
|
|
6
|
+
**Topology:** Event-Driven
|
|
7
|
+
|
|
8
|
+
## Purpose
|
|
9
|
+
|
|
10
|
+
Define entry criteria, setup procedures, and adoption checklists for teams adopting event-driven architecture: event catalog setup, producer/consumer contracts, and readiness validation.
|
|
11
|
+
|
|
12
|
+
## Entry Criteria
|
|
13
|
+
|
|
14
|
+
Before adopting event-driven patterns, verify:
|
|
15
|
+
|
|
16
|
+
- At least one asynchronous use case is identified (e.g., cross-domain notification, eventual consistency requirement).
|
|
17
|
+
- Team has access to a message broker (managed or self-hosted).
|
|
18
|
+
- Team understands event-driven tradeoffs vs. synchronous alternatives.
|
|
19
|
+
- Schema registry infrastructure is available or planned.
|
|
20
|
+
|
|
21
|
+
## Event Catalog Setup
|
|
22
|
+
|
|
23
|
+
- Create catalog entry for each event type with: name, domain, owner, schema version, retention policy.
|
|
24
|
+
- Assign a domain owner responsible for schema changes and deprecation.
|
|
25
|
+
- Publish catalog to a discoverable location (wiki, portal, or code repository).
|
|
26
|
+
|
|
27
|
+
## Producer Contracts — ED-R01
|
|
28
|
+
|
|
29
|
+
- Register AsyncAPI specification for every event type before first publication.
|
|
30
|
+
- Define required and optional fields with types and defaults.
|
|
31
|
+
- Include event metadata: event-id, event-version, timestamp, correlation-id.
|
|
32
|
+
|
|
33
|
+
## Consumer Contracts — ED-R05
|
|
34
|
+
|
|
35
|
+
- Declare expected event types and schema versions in consumer registration.
|
|
36
|
+
- Document idempotency strategy and deduplication window.
|
|
37
|
+
- Define lag tolerance and alert thresholds for the consumer.
|
|
38
|
+
|
|
39
|
+
## Readiness Checklist
|
|
40
|
+
|
|
41
|
+
- [ ] AsyncAPI specification registered in schema registry
|
|
42
|
+
- [ ] Event catalog entry created with owner and retention
|
|
43
|
+
- [ ] Producer implements schema validation before publish
|
|
44
|
+
- [ ] Consumer implements idempotent processing
|
|
45
|
+
- [ ] DLQ routing configured with retry policy
|
|
46
|
+
- [ ] Monitoring dashboards created for lag and throughput
|
|
47
|
+
- [ ] Runbooks documented for failure scenarios
|
|
48
|
+
- [ ] Team trained on event-driven patterns and tradeoffs
|
|
49
|
+
|
|
50
|
+
## Composable Applicability
|
|
51
|
+
|
|
52
|
+
| Composable | Guidance |
|
|
53
|
+
|---|---|
|
|
54
|
+
| Modular Monolith | Lightweight catalog; embedded broker; intra-process event validation. |
|
|
55
|
+
| Distributed Modules | Shared catalog; cross-module contract review required. |
|
|
56
|
+
| Microservices | Full catalog with domain ownership; per-service contract registration. |
|
|
57
|
+
| Serverless | Platform-managed catalog; contract enforcement via platform policies. |
|
|
58
|
+
| Edge Computing | Local catalog with cloud sync; simplified contract for edge constraints. |
|
|
59
|
+
|
|
60
|
+
## ADR References
|
|
61
|
+
|
|
62
|
+
- **ADR-0015**: Event catalog and producer contract standards.
|
|
63
|
+
- **ADR-0079**: Consumer contract and readiness requirements.
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
|
|
67
|
+
[Back to Event-Driven Profile](./README.md)
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Event-Driven — Flujos CLI
|
|
2
|
+
|
|
3
|
+
> **Navegación Bilingüe:** [English Version](./cli-flows.md)
|
|
4
|
+
|
|
5
|
+
**Validadores declarados:** `validate-architecture`, `validate-topology`
|
|
6
|
+
|
|
7
|
+
## Validate
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
evolith validate --topology event-driven
|
|
11
|
+
evolith validate --topology event-driven --arch-level F2
|
|
12
|
+
evolith validate --topology event-driven --format json
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
## Inspect
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
evolith topology inspect event-driven
|
|
19
|
+
evolith topology inspect event-driven --include-channels
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Drift
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
evolith drift detect --topology event-driven
|
|
26
|
+
evolith drift detect --topology event-driven --format json
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
## Scaffold
|
|
30
|
+
|
|
31
|
+
```bash
|
|
32
|
+
evolith architecture scaffold --topology event-driven
|
|
33
|
+
evolith architecture scaffold --topology event-driven --dry-run
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
## Gate Evaluation
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
evolith gate evaluate --topology event-driven
|
|
40
|
+
evolith gate evaluate --topology event-driven --phase F1
|
|
41
|
+
```
|