@evolith/core-domain 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (500) hide show
  1. package/dist/domain/services/default-workflow-definition.js +1 -1
  2. package/dist/domain/services/default-workflow-definition.js.map +1 -1
  3. package/package.json +2 -1
  4. package/rulesets/README.es.md +170 -0
  5. package/rulesets/README.md +170 -0
  6. package/rulesets/acl/README.es.md +41 -0
  7. package/rulesets/acl/README.md +41 -0
  8. package/rulesets/acl/anti-corruption-layer.rules.es.json +99 -0
  9. package/rulesets/acl/anti-corruption-layer.rules.json +99 -0
  10. package/rulesets/adr/ADR_COVERAGE.es.md +133 -0
  11. package/rulesets/adr/ADR_COVERAGE.md +133 -0
  12. package/rulesets/adr/README.es.md +17 -0
  13. package/rulesets/adr/README.md +17 -0
  14. package/rulesets/adr/adr-0002-hexagonal-architecture.rules.json +103 -0
  15. package/rulesets/adr/adr-0005-cicd-quality-gates.rules.json +102 -0
  16. package/rulesets/adr/adr-0010-multi-tenancy.rules.json +129 -0
  17. package/rulesets/adr/adr-0018-testing-pyramid.rules.json +115 -0
  18. package/rulesets/adr/adr-0032-protocol-selection.rules.json +134 -0
  19. package/rulesets/adr/adr-0040-multi-runtime.rules.json +131 -0
  20. package/rulesets/adr/adr-0050-gitflow-branching.rules.json +176 -0
  21. package/rulesets/adr/generated/adr-0001-monorepo-orchestration-principle.rules.json +29 -0
  22. package/rulesets/adr/generated/adr-0006-microservices-transition-via-sidecar-pattern.rules.json +29 -0
  23. package/rulesets/adr/generated/adr-0009-strict-dependency-pinning-and-automated-vulnerability-manage.rules.json +29 -0
  24. package/rulesets/adr/generated/adr-0011-fault-tolerance-and-resiliency-patterns.rules.json +29 -0
  25. package/rulesets/adr/generated/adr-0013-cloud-infrastructure-topology-and-disaster-recovery-dr.rules.json +28 -0
  26. package/rulesets/adr/generated/adr-0014-multi-layer-distributed-caching-strategy.rules.json +29 -0
  27. package/rulesets/adr/generated/adr-0015-event-driven-architecture-eda-for-intra-domain-communication.rules.json +29 -0
  28. package/rulesets/adr/generated/adr-0016-immutable-business-audit-trail-and-change-tracking.rules.json +29 -0
  29. package/rulesets/adr/generated/adr-0017-feature-flagging-strategy-for-progressive-delivery.rules.json +28 -0
  30. package/rulesets/adr/generated/adr-0019-tactical-design-patterns-for-future-proofing.rules.json +29 -0
  31. package/rulesets/adr/generated/adr-0020-identity-provider-abstraction-strategy.rules.json +28 -0
  32. package/rulesets/adr/generated/adr-0024-centralized-configuration-feature-platform.rules.json +28 -0
  33. package/rulesets/adr/generated/adr-0025-feature-flag-provider-abstraction-strategy.rules.json +29 -0
  34. package/rulesets/adr/generated/adr-0028-self-hosted-open-source-hybrid-infrastructure.rules.json +29 -0
  35. package/rulesets/adr/generated/adr-0030-two-tier-distributed-gateway-model.rules.json +28 -0
  36. package/rulesets/adr/generated/adr-0031-schema-per-bounded-context-and-domain-event-catalog.rules.json +29 -0
  37. package/rulesets/adr/generated/adr-0033-transactional-outbox-pattern-for-async-messaging.rules.json +28 -0
  38. package/rulesets/adr/generated/adr-0034-cqrs-pattern-application-matrix.rules.json +29 -0
  39. package/rulesets/adr/generated/adr-0035-distributed-saga-pattern-implementation-strategy.rules.json +29 -0
  40. package/rulesets/adr/generated/adr-0036-message-bus-delivery-flow-control-strategy.rules.json +29 -0
  41. package/rulesets/adr/generated/adr-0037-enterprise-performance-concurrency-chaos-verification-strate.rules.json +28 -0
  42. package/rulesets/adr/generated/adr-0039-deployment-topology-abstraction-environment-switcher.rules.json +29 -0
  43. package/rulesets/adr/generated/adr-0041-dual-engine-policy-evaluation-native-opa.rules.json +28 -0
  44. package/rulesets/adr/generated/adr-0044-configurable-security-persistence-strategy-agnosticism-vs-na.rules.json +29 -0
  45. package/rulesets/adr/generated/adr-0045-microservice-extraction-readiness-criteria.rules.json +29 -0
  46. package/rulesets/adr/generated/adr-0046-unified-traceability-via-w3c-tracecontext.rules.json +29 -0
  47. package/rulesets/adr/generated/adr-0047-progressive-architecture-evolution-framework-modular-monolit.rules.json +29 -0
  48. package/rulesets/adr/generated/adr-0048-enterprise-taxonomy-standardization-and-reference-layout.rules.json +28 -0
  49. package/rulesets/adr/generated/adr-0049-naming-semantics-clean-code-policy-e2e-and-global.rules.json +29 -0
  50. package/rulesets/adr/generated/adr-0051-enterprise-database-engine-selection-strategy.rules.json +29 -0
  51. package/rulesets/adr/generated/adr-0052-unit-testing-isolation-strategy-mocks-vs-stubs.rules.json +29 -0
  52. package/rulesets/adr/generated/adr-0053-integration-and-e2e-testing-strategy.rules.json +29 -0
  53. package/rulesets/adr/generated/adr-0054-database-design-and-normalization-standards.rules.json +29 -0
  54. package/rulesets/adr/generated/adr-0055-microfrontends-architecture-strategy.rules.json +28 -0
  55. package/rulesets/adr/generated/adr-0056-enterprise-naming-design-conventions-multi-language-multi-pl.rules.json +29 -0
  56. package/rulesets/adr/generated/adr-0057-architecture-intelligence-catalog.rules.json +27 -0
  57. package/rulesets/adr/generated/adr-0058-ai-consumable-architecture-knowledge.rules.json +27 -0
  58. package/rulesets/adr/generated/adr-0067-modular-monolith-persistence-boundaries.rules.json +28 -0
  59. package/rulesets/adr/generated/adr-0068-documentation-release-gitflow.rules.json +29 -0
  60. package/rulesets/adr/generated/adr-0069-ai-agent-context-protocol-integration.rules.json +28 -0
  61. package/rulesets/adr/generated/adr-0070-lean-root-repository-taxonomy.rules.json +29 -0
  62. package/rulesets/adr/generated/adr-0071-domain-layer-base-class-and-inheritance-strategy.rules.json +29 -0
  63. package/rulesets/adr/generated/adr-0072-utc-date-storage-browser-timezone-detection-and-language-res.rules.json +29 -0
  64. package/rulesets/adr/generated/adr-0073-unified-cli-mcp-output-contract-and-gate-evidence-schema.rules.json +29 -0
  65. package/rulesets/adr/generated/adr-0074-evolith-core-api-native-exposure-layer.rules.json +29 -0
  66. package/rulesets/adr/generated/adr-0075-core-api-authentication-strategy.rules.json +28 -0
  67. package/rulesets/adr/generated/adr-0076-domain-oriented-microservice-architecture-doma.rules.json +28 -0
  68. package/rulesets/adr/generated/adr-0077-masstransit-v9-commercial-pivot-stay-on-v8-monitor-opentrans.rules.json +28 -0
  69. package/rulesets/adr/generated/adr-0078-domain-financial-separation-governance.rules.json +29 -0
  70. package/rulesets/adr/generated/adr-0079-multi-topology-reference-corpus-and-topology-manifest-contra.rules.json +29 -0
  71. package/rulesets/adr/generated/adr-0080-remote-repository-reference-contract.rules.json +29 -0
  72. package/rulesets/adr/generated/adr-0081-agentic-ai-sandbox-isolation-boundary.rules.json +29 -0
  73. package/rulesets/adr/generated/adr-0082-agentic-ai-prompt-context-and-tool-trust-boundary.rules.json +28 -0
  74. package/rulesets/adr/generated/adr-0083-agentic-ai-action-authorization-and-audit.rules.json +29 -0
  75. package/rulesets/adr/generated/adr-0084-data-mesh-and-data-as-a-product.rules.json +29 -0
  76. package/rulesets/adr/generated/adr-0085-agnostic-opa-wasm-distribution-architecture.rules.json +28 -0
  77. package/rulesets/adr/generated/adr-0086-agentic-ai-telemetry-cost-control-standard.rules.json +27 -0
  78. package/rulesets/adr/generated/adr-0087-attribute-based-access-control-abac-for-agentic-tool-executi.rules.json +29 -0
  79. package/rulesets/adr/generated/adr-0088-sovereign-identity-for-agentic-ai.rules.json +29 -0
  80. package/rulesets/adr/generated/adr-0089-event-driven-agentic-workflow-pattern.rules.json +28 -0
  81. package/rulesets/adr/generated/adr-0090-rag-knowledge-governance-standard.rules.json +29 -0
  82. package/rulesets/adr/generated/adr-0091-workload-identity-token-rotation-standard.rules.json +29 -0
  83. package/rulesets/adr/generated/adr-0092-agent-infinite-loop-prevention-and-circuit-breaker-rules.rules.json +29 -0
  84. package/rulesets/adr/generated/adr-0093-concurrency-control-and-resource-locking-standard-for-mcp-to.rules.json +29 -0
  85. package/rulesets/adr/generated/adr-0094-multi-agent-handoff-and-task-delegation-standards.rules.json +29 -0
  86. package/rulesets/adr/generated/adr-0095-serverless-architecture-governance.rules.json +29 -0
  87. package/rulesets/adr/generated/adr-0096-edge-computing-architecture-governance.rules.json +29 -0
  88. package/rulesets/adr/generated/adr-0097-knowledge-lifecycle-governance-standard.rules.json +29 -0
  89. package/rulesets/adr/generated/adr-0098-rest-uri-versioning-and-deprecation-policy.rules.json +29 -0
  90. package/rulesets/adr/generated/adr-0099-opa-bundle-distribution-via-s3-minio.rules.json +27 -0
  91. package/rulesets/adr/generated/adr-ai-augmented-0001-harness-engineering-for-ai-augmented-development.rules.json +29 -0
  92. package/rulesets/adr/generated/adr-ai-augmented-0002-mcp-integration-protocol-for-agent-tool-invocation.rules.json +29 -0
  93. package/rulesets/adr/generated/adr-ai-augmented-0003-model-selection-governance-for-ai-augmented-workflows.rules.json +29 -0
  94. package/rulesets/adr/generated/adr-ai-augmented-0004-agents-md-as-mandatory-repository-artifact.rules.json +29 -0
  95. package/rulesets/adr/generated/adr-ai-augmented-0005-human-in-the-loop-policy-for-autonomous-agent-operations.rules.json +29 -0
  96. package/rulesets/adr/generated/adr-android-0042-canonical-android-native-mobile-architecture.rules.json +29 -0
  97. package/rulesets/adr/generated/adr-dotnet-0041-canonical-net-c-backend-architecture.rules.json +29 -0
  98. package/rulesets/adr/generated/adr-dotnet-0060-net-multi-tenancy-dual-layer-strategy-ef-core-sql-server.rules.json +29 -0
  99. package/rulesets/adr/generated/adr-dotnet-0061-transactional-event-lifecycle-in-ef-core.rules.json +28 -0
  100. package/rulesets/adr/generated/adr-dotnet-0062-net-immutable-audit-trail-via-ddl-triggers-delta-capture.rules.json +29 -0
  101. package/rulesets/adr/generated/adr-dotnet-0063-b2b-request-idempotency-middleware-in-asp-net-core.rules.json +28 -0
  102. package/rulesets/adr/generated/adr-dotnet-0064-net-request-scope-observability-context-propagation.rules.json +29 -0
  103. package/rulesets/adr/generated/adr-dotnet-0065-net-pii-safe-structured-logging-pipeline-serilog.rules.json +29 -0
  104. package/rulesets/adr/generated/adr-dotnet-0066-net-lightweight-http-idempotency-via-imemorycache-idistribut.rules.json +28 -0
  105. package/rulesets/adr/generated/adr-dotnet-0069-net-grpc-service-setup-protobuf-contracts.rules.json +29 -0
  106. package/rulesets/adr/generated/adr-dotnet-0070-net-api-endpoint-strategy.rules.json +29 -0
  107. package/rulesets/adr/generated/adr-dotnet-0071-net-data-access-strategy-ef-core-as-default-orm-dapper-for-o.rules.json +27 -0
  108. package/rulesets/adr/generated/adr-dotnet-0072-net-aop-cross-cutting-concern-strategy-dispatchproxy-over-pi.rules.json +29 -0
  109. package/rulesets/adr/generated/adr-nodejs-0003-strict-typescript-standards.rules.json +29 -0
  110. package/rulesets/adr/generated/adr-nodejs-0004-frontend-offline-resilience.rules.json +28 -0
  111. package/rulesets/adr/generated/adr-nodejs-0007-observability-with-opentelemetry-loki-and-jaeger.rules.json +29 -0
  112. package/rulesets/adr/generated/adr-nodejs-0008-progressive-multi-module-evolution-with-api-gateway-and-bff-.rules.json +28 -0
  113. package/rulesets/adr/generated/adr-nodejs-0012-advanced-authorization-rbac-abac-strategy.rules.json +28 -0
  114. package/rulesets/adr/generated/adr-nodejs-0021-high-performance-authentication-graph-compilation.rules.json +28 -0
  115. package/rulesets/adr/generated/adr-nodejs-0022-contextual-authentication-and-pluggable-output-projections.rules.json +28 -0
  116. package/rulesets/adr/generated/adr-nodejs-0023-centralized-authorization-core-strategy.rules.json +28 -0
  117. package/rulesets/adr/generated/adr-nodejs-0026-adaptive-mfa-and-passwordless-platform.rules.json +28 -0
  118. package/rulesets/adr/generated/adr-nodejs-0027-dual-protocol-api-strategy-rest-grpc.rules.json +28 -0
  119. package/rulesets/adr/generated/adr-nodejs-0029-adoption-of-tactical-ddd-primitives-library.rules.json +29 -0
  120. package/rulesets/adr/generated/adr-nodejs-0038-enterprise-error-handling-result-pattern-strategy.rules.json +29 -0
  121. package/rulesets/adr/generated/adr-nodejs-0043-data-access-and-orm-strategy-for-node-js.rules.json +29 -0
  122. package/rulesets/adr/generated/adr-nodejs-0044-frontend-clean-architecture-layer-boundaries-react.rules.json +29 -0
  123. package/rulesets/adr/generated/adr-nodejs-0045-frontend-state-management-zustand-tanstack-query-dual-strate.rules.json +29 -0
  124. package/rulesets/adr/generated/adr-nodejs-0046-prohibition-of-raw-technical-identifiers-in-user-interfaces.rules.json +29 -0
  125. package/rulesets/adr/generated/adr-nodejs-0047-actionable-user-error-contract-and-correlated-diagnostics.rules.json +29 -0
  126. package/rulesets/adr/generated/adr-nodejs-0048-feature-flag-system-scope-and-structured-criteria-model.rules.json +29 -0
  127. package/rulesets/adr/generated/adr-nodejs-0074-monorepo-orchestration-with-nx.rules.json +29 -0
  128. package/rulesets/adr/generated/adr-nodejs-0075-application-gateway-bff-with-nestjs.rules.json +29 -0
  129. package/rulesets/architecture/README.es.md +21 -0
  130. package/rulesets/architecture/README.md +21 -0
  131. package/rulesets/architecture/opa/progressive-axis.rego +50 -0
  132. package/rulesets/cli/README.es.md +17 -0
  133. package/rulesets/cli/README.md +17 -0
  134. package/rulesets/cli/core-parity.rules.json +61 -0
  135. package/rulesets/cli/release-readiness.rules.json +77 -0
  136. package/rulesets/compliance-baseline/README.es.md +26 -0
  137. package/rulesets/compliance-baseline/README.md +26 -0
  138. package/rulesets/compliance-baseline/compliance-baseline.rules.json +81 -0
  139. package/rulesets/contracts/README.es.md +19 -0
  140. package/rulesets/contracts/README.md +19 -0
  141. package/rulesets/contracts/evolith-machine-contracts.json +29 -0
  142. package/rulesets/contracts/fixtures/gate-evidence.success.json +10 -0
  143. package/rulesets/contracts/fixtures/output-envelope.success.json +23 -0
  144. package/rulesets/cross-cutting/README.es.md +14 -0
  145. package/rulesets/cross-cutting/README.md +14 -0
  146. package/rulesets/cross-cutting/compliance-baseline.rules.json +81 -0
  147. package/rulesets/cross-cutting/definition-of-done.rules.json +135 -0
  148. package/rulesets/cross-cutting/engineering-manifesto.rules.json +145 -0
  149. package/rulesets/cross-cutting/repository-taxonomy.rules.json +172 -0
  150. package/rulesets/definition-of-done/README.es.md +26 -0
  151. package/rulesets/definition-of-done/README.md +26 -0
  152. package/rulesets/definition-of-done/definition-of-done.rules.json +135 -0
  153. package/rulesets/engineering-manifesto/README.es.md +26 -0
  154. package/rulesets/engineering-manifesto/README.md +26 -0
  155. package/rulesets/engineering-manifesto/engineering-manifesto.rules.json +145 -0
  156. package/rulesets/evidence/README.es.md +12 -0
  157. package/rulesets/evidence/README.md +12 -0
  158. package/rulesets/evidence/evidence-manifest.rules.json +48 -0
  159. package/rulesets/executive-scorecards/executive-scorecards.rules.es.json +213 -0
  160. package/rulesets/executive-scorecards/executive-scorecards.rules.json +213 -0
  161. package/rulesets/governance/README.es.md +13 -0
  162. package/rulesets/governance/README.md +13 -0
  163. package/rulesets/governance/abac-mcp-access.rules.es.json +41 -0
  164. package/rulesets/governance/abac-mcp-access.rules.json +41 -0
  165. package/rulesets/governance/executive-scorecards.rules.es.json +213 -0
  166. package/rulesets/governance/executive-scorecards.rules.json +213 -0
  167. package/rulesets/governance/inheritance.rules.json +115 -0
  168. package/rulesets/governance/knowledge-intake.rules.json +18 -0
  169. package/rulesets/governance/open-core-boundary.rules.es.json +148 -0
  170. package/rulesets/governance/open-core-boundary.rules.json +148 -0
  171. package/rulesets/governance/satellite-contracts.rules.json +183 -0
  172. package/rulesets/infrastructure/helm-enforcement.rules.json +21 -0
  173. package/rulesets/infrastructure/opa/helm-enforcement.rego +25 -0
  174. package/rulesets/infrastructure/opa/helm-enforcement.test.rego +31 -0
  175. package/rulesets/infrastructure/opa/opa-sidecar-bundle.rego +115 -0
  176. package/rulesets/infrastructure/opa/opa-sidecar-bundle.test.rego +66 -0
  177. package/rulesets/infrastructure/opa-sidecar-bundle.rules.json +18 -0
  178. package/rulesets/mcp/README.es.md +12 -0
  179. package/rulesets/mcp/README.md +12 -0
  180. package/rulesets/mcp/protocol-compliance.rules.json +57 -0
  181. package/rulesets/observability/README.es.md +12 -0
  182. package/rulesets/observability/README.md +12 -0
  183. package/rulesets/observability/telemetry-evidence.rules.json +48 -0
  184. package/rulesets/opa/README.es.md +22 -0
  185. package/rulesets/opa/README.md +22 -0
  186. package/rulesets/opa/abac-mcp-tool-access.rego +122 -0
  187. package/rulesets/opa/abac-mcp-tool-access.test.rego +33 -0
  188. package/rulesets/opa/anti-corruption-layer.rego +39 -0
  189. package/rulesets/opa/anti-corruption-layer.test.rego +118 -0
  190. package/rulesets/opa/ci-cd.rego +41 -0
  191. package/rulesets/opa/ci-cd.test.rego +23 -0
  192. package/rulesets/opa/cicd-quality-gates.rego +29 -0
  193. package/rulesets/opa/cicd-quality-gates.test.rego +54 -0
  194. package/rulesets/opa/cli-core-parity.rego +17 -0
  195. package/rulesets/opa/cli-core-parity.test.rego +39 -0
  196. package/rulesets/opa/cli-readiness.rego +32 -0
  197. package/rulesets/opa/cli-readiness.test.rego +23 -0
  198. package/rulesets/opa/cli-release-readiness.rego +21 -0
  199. package/rulesets/opa/cli-release-readiness.test.rego +46 -0
  200. package/rulesets/opa/compliance-baseline.rego +95 -0
  201. package/rulesets/opa/compliance-baseline.test.rego +89 -0
  202. package/rulesets/opa/dod.rego +42 -0
  203. package/rulesets/opa/dod.test.rego +250 -0
  204. package/rulesets/opa/engineering-manifesto.rego +78 -0
  205. package/rulesets/opa/engineering-manifesto.test.rego +133 -0
  206. package/rulesets/opa/evidence.rego +64 -0
  207. package/rulesets/opa/evidence.test.rego +23 -0
  208. package/rulesets/opa/executive-scorecards.rego +41 -0
  209. package/rulesets/opa/executive-scorecards.test.rego +60 -0
  210. package/rulesets/opa/gitflow-branching.rego +41 -0
  211. package/rulesets/opa/gitflow-branching.test.rego +60 -0
  212. package/rulesets/opa/governance.rego +39 -0
  213. package/rulesets/opa/governance.test.rego +23 -0
  214. package/rulesets/opa/hexagonal-architecture.rego +33 -0
  215. package/rulesets/opa/hexagonal-architecture.test.rego +57 -0
  216. package/rulesets/opa/infrastructure/helm-enforcement.rego +33 -0
  217. package/rulesets/opa/infrastructure/opa-sidecar-bundle.rego +42 -0
  218. package/rulesets/opa/knowledge-intake.rego +98 -0
  219. package/rulesets/opa/knowledge-intake.test.rego +50 -0
  220. package/rulesets/opa/main.rego +147 -0
  221. package/rulesets/opa/main_test.rego +149 -0
  222. package/rulesets/opa/mcp.rego +61 -0
  223. package/rulesets/opa/mcp.test.rego +27 -0
  224. package/rulesets/opa/multi-runtime.rego +33 -0
  225. package/rulesets/opa/multi-runtime.test.rego +53 -0
  226. package/rulesets/opa/multi-tenancy.rego +33 -0
  227. package/rulesets/opa/multi-tenancy.test.rego +53 -0
  228. package/rulesets/opa/open-core-boundary.rego +33 -0
  229. package/rulesets/opa/open-core-boundary.test.rego +60 -0
  230. package/rulesets/opa/protocol-selection.rego +29 -0
  231. package/rulesets/opa/protocol-selection.test.rego +46 -0
  232. package/rulesets/opa/rbac/gate-role-enforcement.rego +112 -0
  233. package/rulesets/opa/repository-taxonomy.rego +98 -0
  234. package/rulesets/opa/repository-taxonomy.test.rego +91 -0
  235. package/rulesets/opa/satellite-contracts.rego +42 -0
  236. package/rulesets/opa/satellite-contracts.test.rego +70 -0
  237. package/rulesets/opa/schemas/abac-mcp-tool-access.input.schema.json +21 -0
  238. package/rulesets/opa/schemas/anti-corruption-layer.input.schema.json +25 -0
  239. package/rulesets/opa/schemas/ci-cd.input.schema.json +27 -0
  240. package/rulesets/opa/schemas/cicd-quality-gates.input.schema.json +33 -0
  241. package/rulesets/opa/schemas/cli-core-parity.input.schema.json +30 -0
  242. package/rulesets/opa/schemas/cli-readiness.input.schema.json +28 -0
  243. package/rulesets/opa/schemas/cli-release-readiness.input.schema.json +26 -0
  244. package/rulesets/opa/schemas/compliance-baseline.input.schema.json +25 -0
  245. package/rulesets/opa/schemas/dod.input.schema.json +38 -0
  246. package/rulesets/opa/schemas/engineering-manifesto.input.schema.json +24 -0
  247. package/rulesets/opa/schemas/evidence.input.schema.json +35 -0
  248. package/rulesets/opa/schemas/executive-scorecards.input.schema.json +36 -0
  249. package/rulesets/opa/schemas/gitflow-branching.input.schema.json +36 -0
  250. package/rulesets/opa/schemas/governance.input.schema.json +19 -0
  251. package/rulesets/opa/schemas/hexagonal-architecture.input.schema.json +46 -0
  252. package/rulesets/opa/schemas/knowledge-intake.input.schema.json +57 -0
  253. package/rulesets/opa/schemas/mcp.input.schema.json +38 -0
  254. package/rulesets/opa/schemas/multi-runtime.input.schema.json +27 -0
  255. package/rulesets/opa/schemas/multi-tenancy.input.schema.json +27 -0
  256. package/rulesets/opa/schemas/open-core-boundary.input.schema.json +36 -0
  257. package/rulesets/opa/schemas/protocol-selection.input.schema.json +26 -0
  258. package/rulesets/opa/schemas/repository-taxonomy.input.schema.json +18 -0
  259. package/rulesets/opa/schemas/satellite-contracts.input.schema.json +38 -0
  260. package/rulesets/opa/schemas/taxonomy.input.schema.json +27 -0
  261. package/rulesets/opa/schemas/testing-pyramid.input.schema.json +42 -0
  262. package/rulesets/opa/schemas/version-pinning.input.schema.json +39 -0
  263. package/rulesets/opa/sdlc/coverage.rego +49 -0
  264. package/rulesets/opa/sdlc/coverage.test.rego +29 -0
  265. package/rulesets/opa/sdlc/pyramid-distribution.rego +31 -0
  266. package/rulesets/opa/sdlc/pyramid-distribution.test.rego +33 -0
  267. package/rulesets/opa/taxonomy.rego +51 -0
  268. package/rulesets/opa/taxonomy.test.rego +28 -0
  269. package/rulesets/opa/telemetry-evidence.rego +102 -0
  270. package/rulesets/opa/testing-pyramid.rego +49 -0
  271. package/rulesets/opa/testing-pyramid.test.rego +81 -0
  272. package/rulesets/opa/version-pinning.rego +99 -0
  273. package/rulesets/opa/version-pinning.test.rego +28 -0
  274. package/rulesets/phase-gates/README.es.md +28 -0
  275. package/rulesets/phase-gates/README.md +28 -0
  276. package/rulesets/phase-gates/phase-gates.rules.json +297 -0
  277. package/rulesets/quality-thresholds/README.es.md +28 -0
  278. package/rulesets/quality-thresholds/README.md +28 -0
  279. package/rulesets/quality-thresholds/quality-thresholds.rules.json +96 -0
  280. package/rulesets/repository-taxonomy/README.es.md +26 -0
  281. package/rulesets/repository-taxonomy/README.md +26 -0
  282. package/rulesets/repository-taxonomy/repository-taxonomy.rules.json +172 -0
  283. package/rulesets/satellite-contracts/README.es.md +27 -0
  284. package/rulesets/satellite-contracts/README.md +27 -0
  285. package/rulesets/satellite-contracts/satellite-contracts.rules.json +183 -0
  286. package/rulesets/schema/README.es.md +39 -0
  287. package/rulesets/schema/README.md +39 -0
  288. package/rulesets/schema/adr.schema.json +138 -0
  289. package/rulesets/schema/agile-backlog.schema.json +91 -0
  290. package/rulesets/schema/ballpark-estimation.schema.json +109 -0
  291. package/rulesets/schema/build-vs-compose.schema.json +98 -0
  292. package/rulesets/schema/cli-impact-analysis.schema.json +114 -0
  293. package/rulesets/schema/discovery-canvas.schema.json +92 -0
  294. package/rulesets/schema/evolith-user-story.schema.json +105 -0
  295. package/rulesets/schema/evolith-yaml.schema.json +191 -0
  296. package/rulesets/schema/functional-story.schema.json +111 -0
  297. package/rulesets/schema/gate-evidence.schema.json +85 -0
  298. package/rulesets/schema/integration-evidence.schema.json +47 -0
  299. package/rulesets/schema/knowledge-intake.schema.json +67 -0
  300. package/rulesets/schema/knowledge-projection.schema.json +24 -0
  301. package/rulesets/schema/maturity-evidence.schema.json +59 -0
  302. package/rulesets/schema/observability-validation.schema.json +85 -0
  303. package/rulesets/schema/on-call-handoff.schema.json +91 -0
  304. package/rulesets/schema/output-envelope.schema.json +102 -0
  305. package/rulesets/schema/prd.schema.json +117 -0
  306. package/rulesets/schema/release-notes.schema.json +138 -0
  307. package/rulesets/schema/rollback-rehearsal.schema.json +73 -0
  308. package/rulesets/schema/ruleset-sdlc.schema.json +59 -0
  309. package/rulesets/schema/ruleset-standard.schema.json +73 -0
  310. package/rulesets/schema/security-scan-report.schema.json +79 -0
  311. package/rulesets/schema/source-registry.schema.json +51 -0
  312. package/rulesets/schema/technical-feasibility.schema.json +66 -0
  313. package/rulesets/schema/technical-story.schema.json +112 -0
  314. package/rulesets/schema/test-summary-report.schema.json +158 -0
  315. package/rulesets/schema/topology-composition.schema.json +43 -0
  316. package/rulesets/schema/topology-manifest.schema.json +421 -0
  317. package/rulesets/sdlc/README.es.md +12 -0
  318. package/rulesets/sdlc/README.md +12 -0
  319. package/rulesets/sdlc/default-workflow.yaml +73 -0
  320. package/rulesets/sdlc/dependency-pinning.rules.json +183 -0
  321. package/rulesets/sdlc/phase-gates.rules.json +297 -0
  322. package/rulesets/sdlc/quality-thresholds.rules.json +96 -0
  323. package/rulesets/topologies/README.es.md +42 -0
  324. package/rulesets/topologies/README.md +42 -0
  325. package/rulesets/topologies/agentic-ai/README.es.md +142 -0
  326. package/rulesets/topologies/agentic-ai/README.md +142 -0
  327. package/rulesets/topologies/agentic-ai/adoption.es.md +37 -0
  328. package/rulesets/topologies/agentic-ai/adoption.md +37 -0
  329. package/rulesets/topologies/agentic-ai/agent.config.schema.json +100 -0
  330. package/rulesets/topologies/agentic-ai/agentic-ai.rego +46 -0
  331. package/rulesets/topologies/agentic-ai/agentic-ai.rules.json +109 -0
  332. package/rulesets/topologies/agentic-ai/agentic-ai.test.rego +68 -0
  333. package/rulesets/topologies/agentic-ai/agentic-ai.wasm +0 -0
  334. package/rulesets/topologies/agentic-ai/cli/cli-flows.es.md +35 -0
  335. package/rulesets/topologies/agentic-ai/cli/cli-flows.md +45 -0
  336. package/rulesets/topologies/agentic-ai/evidence.es.md +25 -0
  337. package/rulesets/topologies/agentic-ai/evidence.md +25 -0
  338. package/rulesets/topologies/agentic-ai/evolution.es.md +26 -0
  339. package/rulesets/topologies/agentic-ai/evolution.md +26 -0
  340. package/rulesets/topologies/agentic-ai/fixtures/invalid-agent.config.json +48 -0
  341. package/rulesets/topologies/agentic-ai/fixtures/valid-agent.config.json +48 -0
  342. package/rulesets/topologies/agentic-ai/maturity.es.md +33 -0
  343. package/rulesets/topologies/agentic-ai/maturity.md +33 -0
  344. package/rulesets/topologies/agentic-ai/mcp/mcp-manifest.json +100 -0
  345. package/rulesets/topologies/agentic-ai/openapi/openapi.yaml +187 -0
  346. package/rulesets/topologies/agentic-ai/operations.es.md +32 -0
  347. package/rulesets/topologies/agentic-ai/operations.md +32 -0
  348. package/rulesets/topologies/agentic-ai/parity-fixtures/compliant.json +18 -0
  349. package/rulesets/topologies/agentic-ai/parity-fixtures/violation.json +22 -0
  350. package/rulesets/topologies/agentic-ai/patterns.es.md +32 -0
  351. package/rulesets/topologies/agentic-ai/patterns.md +32 -0
  352. package/rulesets/topologies/agentic-ai/resilience.es.md +26 -0
  353. package/rulesets/topologies/agentic-ai/resilience.md +26 -0
  354. package/rulesets/topologies/agentic-ai/runbooks.es.md +48 -0
  355. package/rulesets/topologies/agentic-ai/runbooks.md +48 -0
  356. package/rulesets/topologies/agentic-ai/security.es.md +26 -0
  357. package/rulesets/topologies/agentic-ai/security.md +26 -0
  358. package/rulesets/topologies/agentic-ai/topology.manifest.json +127 -0
  359. package/rulesets/topologies/data-mesh/README.es.md +69 -0
  360. package/rulesets/topologies/data-mesh/README.md +69 -0
  361. package/rulesets/topologies/data-mesh/adoption.es.md +95 -0
  362. package/rulesets/topologies/data-mesh/adoption.md +95 -0
  363. package/rulesets/topologies/data-mesh/cli/cli-flows.es.md +41 -0
  364. package/rulesets/topologies/data-mesh/cli/cli-flows.md +53 -0
  365. package/rulesets/topologies/data-mesh/data-mesh.rego +11 -0
  366. package/rulesets/topologies/data-mesh/data-mesh.rules.json +100 -0
  367. package/rulesets/topologies/data-mesh/data-mesh.test.rego +107 -0
  368. package/rulesets/topologies/data-mesh/data-mesh.wasm +0 -0
  369. package/rulesets/topologies/data-mesh/evidence.es.md +111 -0
  370. package/rulesets/topologies/data-mesh/evidence.md +111 -0
  371. package/rulesets/topologies/data-mesh/evolution.es.md +67 -0
  372. package/rulesets/topologies/data-mesh/evolution.md +67 -0
  373. package/rulesets/topologies/data-mesh/fixtures/invalid.topology.config.json +12 -0
  374. package/rulesets/topologies/data-mesh/fixtures/valid.topology.config.json +12 -0
  375. package/rulesets/topologies/data-mesh/maturity.es.md +36 -0
  376. package/rulesets/topologies/data-mesh/maturity.md +36 -0
  377. package/rulesets/topologies/data-mesh/mcp/mcp-manifest.json +68 -0
  378. package/rulesets/topologies/data-mesh/openapi/openapi.yaml +186 -0
  379. package/rulesets/topologies/data-mesh/operations.es.md +63 -0
  380. package/rulesets/topologies/data-mesh/operations.md +63 -0
  381. package/rulesets/topologies/data-mesh/parity-fixtures/compliant.json +18 -0
  382. package/rulesets/topologies/data-mesh/parity-fixtures/violation.json +21 -0
  383. package/rulesets/topologies/data-mesh/patterns.es.md +67 -0
  384. package/rulesets/topologies/data-mesh/patterns.md +67 -0
  385. package/rulesets/topologies/data-mesh/resilience.es.md +64 -0
  386. package/rulesets/topologies/data-mesh/resilience.md +64 -0
  387. package/rulesets/topologies/data-mesh/runbooks.es.md +147 -0
  388. package/rulesets/topologies/data-mesh/runbooks.md +147 -0
  389. package/rulesets/topologies/data-mesh/security.es.md +66 -0
  390. package/rulesets/topologies/data-mesh/security.md +66 -0
  391. package/rulesets/topologies/data-mesh/topology.config.schema.json +30 -0
  392. package/rulesets/topologies/data-mesh/topology.manifest.json +107 -0
  393. package/rulesets/topologies/edge-computing/README.es.md +81 -0
  394. package/rulesets/topologies/edge-computing/README.md +81 -0
  395. package/rulesets/topologies/edge-computing/adoption.es.md +268 -0
  396. package/rulesets/topologies/edge-computing/adoption.md +268 -0
  397. package/rulesets/topologies/edge-computing/cli/cli-flows.es.md +41 -0
  398. package/rulesets/topologies/edge-computing/cli/cli-flows.md +53 -0
  399. package/rulesets/topologies/edge-computing/edge-computing.rego +41 -0
  400. package/rulesets/topologies/edge-computing/edge-computing.rules.json +50 -0
  401. package/rulesets/topologies/edge-computing/edge-computing.test.rego +33 -0
  402. package/rulesets/topologies/edge-computing/edge-computing.wasm +0 -0
  403. package/rulesets/topologies/edge-computing/evidence.es.md +263 -0
  404. package/rulesets/topologies/edge-computing/evidence.md +263 -0
  405. package/rulesets/topologies/edge-computing/evolution.es.md +257 -0
  406. package/rulesets/topologies/edge-computing/evolution.md +257 -0
  407. package/rulesets/topologies/edge-computing/fixtures/invalid.topology.config.json +6 -0
  408. package/rulesets/topologies/edge-computing/fixtures/valid.topology.config.json +6 -0
  409. package/rulesets/topologies/edge-computing/maturity.es.md +36 -0
  410. package/rulesets/topologies/edge-computing/maturity.md +36 -0
  411. package/rulesets/topologies/edge-computing/mcp/mcp-manifest.json +72 -0
  412. package/rulesets/topologies/edge-computing/openapi/openapi.yaml +187 -0
  413. package/rulesets/topologies/edge-computing/operations.es.md +148 -0
  414. package/rulesets/topologies/edge-computing/operations.md +148 -0
  415. package/rulesets/topologies/edge-computing/parity-fixtures/compliant.json +12 -0
  416. package/rulesets/topologies/edge-computing/parity-fixtures/violation.json +13 -0
  417. package/rulesets/topologies/edge-computing/patterns.es.md +291 -0
  418. package/rulesets/topologies/edge-computing/patterns.md +290 -0
  419. package/rulesets/topologies/edge-computing/resilience.es.md +232 -0
  420. package/rulesets/topologies/edge-computing/resilience.md +229 -0
  421. package/rulesets/topologies/edge-computing/runbooks.es.md +405 -0
  422. package/rulesets/topologies/edge-computing/runbooks.md +405 -0
  423. package/rulesets/topologies/edge-computing/security.es.md +218 -0
  424. package/rulesets/topologies/edge-computing/security.md +218 -0
  425. package/rulesets/topologies/edge-computing/topology.config.schema.json +13 -0
  426. package/rulesets/topologies/edge-computing/topology.manifest.json +113 -0
  427. package/rulesets/topologies/event-driven/README.es.md +71 -0
  428. package/rulesets/topologies/event-driven/README.md +71 -0
  429. package/rulesets/topologies/event-driven/adoption.es.md +67 -0
  430. package/rulesets/topologies/event-driven/adoption.md +67 -0
  431. package/rulesets/topologies/event-driven/cli/cli-flows.es.md +41 -0
  432. package/rulesets/topologies/event-driven/cli/cli-flows.md +53 -0
  433. package/rulesets/topologies/event-driven/event-driven.rego +11 -0
  434. package/rulesets/topologies/event-driven/event-driven.rules.json +100 -0
  435. package/rulesets/topologies/event-driven/event-driven.test.rego +107 -0
  436. package/rulesets/topologies/event-driven/event-driven.wasm +0 -0
  437. package/rulesets/topologies/event-driven/evidence.es.md +69 -0
  438. package/rulesets/topologies/event-driven/evidence.md +69 -0
  439. package/rulesets/topologies/event-driven/evolution.es.md +59 -0
  440. package/rulesets/topologies/event-driven/evolution.md +59 -0
  441. package/rulesets/topologies/event-driven/fixtures/invalid.topology.config.json +12 -0
  442. package/rulesets/topologies/event-driven/fixtures/valid.topology.config.json +12 -0
  443. package/rulesets/topologies/event-driven/maturity.es.md +36 -0
  444. package/rulesets/topologies/event-driven/maturity.md +36 -0
  445. package/rulesets/topologies/event-driven/mcp/mcp-manifest.json +68 -0
  446. package/rulesets/topologies/event-driven/openapi/openapi.yaml +186 -0
  447. package/rulesets/topologies/event-driven/operations.es.md +67 -0
  448. package/rulesets/topologies/event-driven/operations.md +67 -0
  449. package/rulesets/topologies/event-driven/parity-fixtures/compliant.json +18 -0
  450. package/rulesets/topologies/event-driven/parity-fixtures/violation.json +21 -0
  451. package/rulesets/topologies/event-driven/patterns.es.md +68 -0
  452. package/rulesets/topologies/event-driven/patterns.md +68 -0
  453. package/rulesets/topologies/event-driven/resilience.es.md +65 -0
  454. package/rulesets/topologies/event-driven/resilience.md +65 -0
  455. package/rulesets/topologies/event-driven/runbooks.es.md +79 -0
  456. package/rulesets/topologies/event-driven/runbooks.md +79 -0
  457. package/rulesets/topologies/event-driven/security.es.md +59 -0
  458. package/rulesets/topologies/event-driven/security.md +59 -0
  459. package/rulesets/topologies/event-driven/topology.config.schema.json +30 -0
  460. package/rulesets/topologies/event-driven/topology.manifest.json +109 -0
  461. package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.es.json +111 -0
  462. package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.json +111 -0
  463. package/rulesets/topologies/progressive-axis/microservices/microservices.rules.es.json +106 -0
  464. package/rulesets/topologies/progressive-axis/microservices/microservices.rules.json +106 -0
  465. package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.es.json +148 -0
  466. package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.json +148 -0
  467. package/rulesets/topologies/serverless/README.es.md +74 -0
  468. package/rulesets/topologies/serverless/README.md +74 -0
  469. package/rulesets/topologies/serverless/adoption.es.md +50 -0
  470. package/rulesets/topologies/serverless/adoption.md +50 -0
  471. package/rulesets/topologies/serverless/cli/cli-flows.es.md +41 -0
  472. package/rulesets/topologies/serverless/cli/cli-flows.md +53 -0
  473. package/rulesets/topologies/serverless/evidence.es.md +66 -0
  474. package/rulesets/topologies/serverless/evidence.md +66 -0
  475. package/rulesets/topologies/serverless/evolution.es.md +36 -0
  476. package/rulesets/topologies/serverless/evolution.md +36 -0
  477. package/rulesets/topologies/serverless/fixtures/invalid.topology.config.json +6 -0
  478. package/rulesets/topologies/serverless/fixtures/valid.topology.config.json +6 -0
  479. package/rulesets/topologies/serverless/maturity.es.md +36 -0
  480. package/rulesets/topologies/serverless/maturity.md +36 -0
  481. package/rulesets/topologies/serverless/mcp/mcp-manifest.json +72 -0
  482. package/rulesets/topologies/serverless/openapi/openapi.yaml +186 -0
  483. package/rulesets/topologies/serverless/operations.es.md +36 -0
  484. package/rulesets/topologies/serverless/operations.md +36 -0
  485. package/rulesets/topologies/serverless/parity-fixtures/compliant.json +13 -0
  486. package/rulesets/topologies/serverless/parity-fixtures/violation.json +15 -0
  487. package/rulesets/topologies/serverless/patterns.es.md +36 -0
  488. package/rulesets/topologies/serverless/patterns.md +36 -0
  489. package/rulesets/topologies/serverless/resilience.es.md +36 -0
  490. package/rulesets/topologies/serverless/resilience.md +36 -0
  491. package/rulesets/topologies/serverless/runbooks.es.md +68 -0
  492. package/rulesets/topologies/serverless/runbooks.md +68 -0
  493. package/rulesets/topologies/serverless/security.es.md +36 -0
  494. package/rulesets/topologies/serverless/security.md +36 -0
  495. package/rulesets/topologies/serverless/serverless.rego +32 -0
  496. package/rulesets/topologies/serverless/serverless.rules.json +33 -0
  497. package/rulesets/topologies/serverless/serverless.test.rego +28 -0
  498. package/rulesets/topologies/serverless/serverless.wasm +0 -0
  499. package/rulesets/topologies/serverless/topology.config.schema.json +28 -0
  500. package/rulesets/topologies/serverless/topology.manifest.json +114 -0
package/rulesets/topologies/serverless/security.es.md ADDED
@@ -0,0 +1,36 @@
1
+ # Guía de Seguridad Sin Servidor
2
+
3
+ > **Navegación Bilingüe:** [English](./security.md) | [Español](./security.es.md)
4
+
5
+ **Propietario:** Ingeniería de Plataforma
6
+ **Topología:** Sin Servidor
7
+
8
+ ---
9
+
10
+ ## Roles IAM por Función
11
+
12
+ Aplicar roles IAM de privilegio mínimo a cada función. Ninguna función comparte un rol IAM con otra a menos que sus conjuntos de permisos sean idénticos. Rotar credenciales automáticamente. Auditar asignaciones de roles trimestralmente.
13
+
14
+ ## Aislamiento VPC
15
+
16
+ Desplegar funciones en subnets privadas al acceder a recursos internos. Usar grupos de seguridad para restringir el tráfico de salida. Evitar subnets públicas para funciones de plano de datos. Monitorear logs de flujo VPC en busca de patrones de tráfico anómalos.
17
+
18
+ ## Gestión de Secretos
19
+
20
+ Nunca incrustar secretos en paquetes de despliegue o variables de entorno en texto plano. Utilizar un almacén de secretos gestionado (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager). Rotar secretos en un calendario definido. Almacenar secretos en caché en memoria con TTL corto para reducir llamadas al almacén.
21
+
22
+ ## Seguridad de Red (SV-SEC-01)
23
+
24
+ Aplicar segmentación de red entre capas de funciones. Bloquear todo acceso de entrada a Internet a menos que sea explícitamente requerido. Usar reglas WAF a nivel de API Gateway. Validar y sanitizar todas las entradas externas en el límite de la función.
25
+
26
+ ## TLS Mutuo (SV-SEC-02)
27
+
28
+ Implementar mTLS para comunicación entre servicios en topologías distribuidas. Usar una autoridad de certificados compartida o proveedor mTLS gestionado. Validar certificados de cliente en la puerta de enlace de la función. Rotar certificados en un ciclo de 90 días.
29
+
30
+ ## Endurecimiento del Runtime
31
+
32
+ Usar imágenes base mínimas para funciones basadas en contenedores. Aplicar parches del nivel de SO de manera oportuna. Deshabilitar características y runtimes de lenguaje no utilizados. Escanear paquetes de despliegue en busca de vulnerabilidades conocidas antes de publicar.
33
+
34
+ ---
35
+
36
+ [Volver al Perfil Sin Servidor](./README.es.md)
package/rulesets/topologies/serverless/security.md ADDED
@@ -0,0 +1,36 @@
1
+ # Serverless — Security Guide
2
+
3
+ > **Bilingual Navigation:** [English](./security.md) | [Español](./security.es.md)
4
+
5
+ **Owner:** Platform Engineering
6
+ **Topology:** Serverless
7
+
8
+ ---
9
+
10
+ ## IAM Roles Per Function
11
+
12
+ Apply least-privilege IAM roles to each function. No function shares an IAM role with another unless their permission sets are identical. Rotate credentials automatically. Audit role assignments quarterly.
13
+
14
+ ## VPC Isolation
15
+
16
+ Deploy functions into private subnets when accessing internal resources. Use security groups to restrict egress. Avoid public subnets for data-plane functions. Monitor VPC flow logs for anomalous traffic patterns.
17
+
18
+ ## Secret Management
19
+
20
+ Never embed secrets in deployment packages or environment variables in plaintext. Use a managed secrets store (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager). Rotate secrets on a defined schedule. Cache secrets in-memory with short TTL to reduce store calls.
21
+
22
+ ## Network Security (SV-SEC-01)
23
+
24
+ Enforce network segmentation between function layers. Block all inbound internet access unless explicitly required. Use WAF rules at API Gateway level. Validate and sanitize all external inputs at the function boundary.
25
+
26
+ ## Mutual TLS (SV-SEC-02)
27
+
28
+ Implement mTLS for service-to-service communication in distributed topologies. Use a shared certificate authority or managed mTLS provider. Validate client certificates at the function gateway. Rotate certificates on a 90-day cycle.
29
+
30
+ ## Runtime Hardening
31
+
32
+ Use minimal base images for container-based functions. Apply OS-level patches promptly. Disable unused language features and runtimes. Scan deployment packages for known vulnerabilities before publishing.
33
+
34
+ ---
35
+
36
+ [Back to Serverless Profile](./README.md)
package/rulesets/topologies/serverless/serverless.rego ADDED
@@ -0,0 +1,32 @@
1
+ package evolith.topologies.serverless
2
+
3
+ # Inlined from common-execution.rego (self-contained WASM per topology)
4
+
5
+ violations[{"id":"SV-SEC-01","blocking":true,"message":"Serverless components MUST define a 'networkSecurity' profile."}] {
6
+ not input.config.networkSecurity
7
+ }
8
+
9
+ violations[{"id":"SV-SEC-02","blocking":true,"message":"mTLS must be enabled for all serverless network communications."}] {
10
+ input.config.networkSecurity
11
+ not input.config.networkSecurity.mtlsEnabled
12
+ }
13
+
14
+ # SV-R01: Declared Serverless Contract
15
+ violations[{"id":"SV-R01","blocking":true,"message":"serverless.config.json is required (SV-R01)."}] {
16
+ not input.config.hasContract
17
+ }
18
+
19
+ # SV-R02: Stateless Execution
20
+ violations[{"id":"SV-R02","blocking":true,"message":"Serverless execution must be stateless (SV-R02)."}] {
21
+ not input.config.isStateless
22
+ }
23
+
24
+ # SV-R03: Bounded Deployment Package
25
+ violations[{"id":"SV-R03","blocking":true,"message":"Package size must be positive and no greater than 50 MB (SV-R03)."}] {
26
+ not input.config.hasBoundedPackage
27
+ }
28
+
29
+ # SV-R04: Cold-Start Readiness
30
+ violations[{"id":"SV-R04","blocking":true,"message":"Cold-start limits and lazy initialization are required (SV-R04)."}] {
31
+ not input.config.hasColdStartReadiness
32
+ }
package/rulesets/topologies/serverless/serverless.rules.json ADDED
@@ -0,0 +1,33 @@
1
+ {
2
+ "$schema": "../../../../../rulesets/schema/ruleset-standard.schema.json",
3
+ "$id": "https://evolith.dev/rulesets/topologies/serverless.rules.json",
4
+ "title": "Serverless Topology Rules",
5
+ "description": "Architectural rules for the serverless execution topology.",
6
+ "version": "1.0.0",
7
+ "effectiveDate": "2026-06-20",
8
+ "rules": [
9
+ {
10
+ "id": "SV-SEC-01",
11
+ "severity": "MUST",
12
+ "category": "execution-security",
13
+ "title": "Network Security Profile",
14
+ "description": "Serverless components MUST define a 'networkSecurity' profile in their config.",
15
+ "blocking": true
16
+ },
17
+ {
18
+ "id": "SV-SEC-02",
19
+ "severity": "MUST",
20
+ "category": "execution-mtls",
21
+ "title": "mTLS Enforcement",
22
+ "description": "mTLS must be enabled for all serverless network communications.",
23
+ "blocking": true
24
+ },
25
+ {
26
+ "id": "SV-R01",
27
+ "severity": "MUST", "category": "serverless-config", "title": "Declared Serverless Contract", "description": "A Serverless satellite MUST provide serverless.config.json.", "blocking": true
28
+ },
29
+ { "id": "SV-R02", "severity": "MUST", "category": "serverless-stateless", "title": "Stateless Execution", "description": "serverless.config.json MUST declare stateless=true.", "blocking": true },
30
+ { "id": "SV-R03", "severity": "MUST", "category": "serverless-package", "title": "Bounded Deployment Package", "description": "serverless.config.json MUST declare a positive package.maxSizeMb not exceeding 50.", "blocking": true },
31
+ { "id": "SV-R04", "severity": "MUST", "category": "serverless-cold-start", "title": "Cold-Start Readiness", "description": "serverless.config.json MUST declare positive coldStart.maxInitMilliseconds and coldStart.lazyInitialization=true.", "blocking": true }
32
+ ]
33
+ }
package/rulesets/topologies/serverless/serverless.test.rego ADDED
@@ -0,0 +1,28 @@
1
+ package evolith.topologies.serverless_test
2
+
3
+ import data.evolith.topologies.serverless
4
+
5
+ test_compliant_serverless_has_no_violations {
6
+ violations := serverless.violations with input as {"topology": "serverless", "config": {"networkSecurity": {"mtlsEnabled": true}, "hasContract": true, "isStateless": true, "hasBoundedPackage": true, "hasColdStartReadiness": true}}
7
+ count(violations) == 0
8
+ }
9
+
10
+ test_missing_contract_is_rejected {
11
+ violations := serverless.violations with input as {"topology": "serverless", "config": {"networkSecurity": {"mtlsEnabled": true}, "hasContract": false, "isStateless": true, "hasBoundedPackage": true, "hasColdStartReadiness": true}}
12
+ violations[_].id == "SV-R01"
13
+ }
14
+
15
+ test_non_stateless_is_rejected {
16
+ violations := serverless.violations with input as {"topology": "serverless", "config": {"networkSecurity": {"mtlsEnabled": true}, "hasContract": true, "isStateless": false, "hasBoundedPackage": true, "hasColdStartReadiness": true}}
17
+ violations[_].id == "SV-R02"
18
+ }
19
+
20
+ test_missing_package_bound_is_rejected {
21
+ violations := serverless.violations with input as {"topology": "serverless", "config": {"networkSecurity": {"mtlsEnabled": true}, "hasContract": true, "isStateless": true, "hasBoundedPackage": false, "hasColdStartReadiness": true}}
22
+ violations[_].id == "SV-R03"
23
+ }
24
+
25
+ test_missing_cold_start_readiness_is_rejected {
26
+ violations := serverless.violations with input as {"topology": "serverless", "config": {"networkSecurity": {"mtlsEnabled": true}, "hasContract": true, "isStateless": true, "hasBoundedPackage": true, "hasColdStartReadiness": false}}
27
+ violations[_].id == "SV-R04"
28
+ }
package/rulesets/topologies/serverless/topology.config.schema.json ADDED
@@ -0,0 +1,28 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-07/schema#",
3
+ "title": "Serverless Topology Configuration",
4
+ "type": "object",
5
+ "additionalProperties": false,
6
+ "required": ["topology", "stateless", "package", "coldStart"],
7
+ "properties": {
8
+ "topology": { "const": "serverless" },
9
+ "stateless": { "const": true },
10
+ "package": {
11
+ "type": "object",
12
+ "additionalProperties": false,
13
+ "required": ["maxSizeMb"],
14
+ "properties": {
15
+ "maxSizeMb": { "type": "integer", "minimum": 1, "maximum": 50 }
16
+ }
17
+ },
18
+ "coldStart": {
19
+ "type": "object",
20
+ "additionalProperties": false,
21
+ "required": ["maxInitMilliseconds", "lazyInitialization"],
22
+ "properties": {
23
+ "maxInitMilliseconds": { "type": "integer", "minimum": 1 },
24
+ "lazyInitialization": { "const": true }
25
+ }
26
+ }
27
+ }
28
+ }
package/rulesets/topologies/serverless/topology.manifest.json ADDED
@@ -0,0 +1,114 @@
1
+ {
2
+ "apiVersion": "evolith.dev/topology/v1",
3
+ "kind": "TopologyManifest",
4
+ "metadata": {
5
+ "id": "serverless",
6
+ "name": "Serverless",
7
+ "dimension": "execution",
8
+ "status": "accepted",
9
+ "version": "1.0.0",
10
+ "governance": {
11
+ "owner": "Platform Engineering",
12
+ "criticality": "P1"
13
+ }
14
+ },
15
+ "spec": {
16
+ "summary": "Managed event-scaled execution topology for isolated capabilities governed by contracts, idempotency, observability, and provider-neutral architecture rules.",
17
+ "topologyType": "serverless",
18
+ "compatibility": {
19
+ "progressiveAxis": {
20
+ "phase": "cross",
21
+ "profile": "cross"
22
+ },
23
+ "composableWith": [
24
+ "modular-monolith",
25
+ "distributed-modules",
26
+ "microservices",
27
+ "event-driven",
28
+ "data-mesh",
29
+ "agentic-ai"
30
+ ]
31
+ },
32
+ "artifacts": {
33
+ "adrs": [
34
+ "reference/architecture/adrs/core/0079-multi-topology-reference-corpus.md",
35
+ "reference/architecture/adrs/core/0095-serverless-architecture-governance.md"
36
+ ],
37
+ "rulesets": [
38
+ "rulesets/topologies/serverless/serverless.rules.json"
39
+ ],
40
+ "opaPolicies": [
41
+ "rulesets/topologies/serverless/serverless.rego"
42
+ ],
43
+ "aiRulesets": [
44
+ "rulesets/topologies/serverless/README.md"
45
+ ],
46
+ "umsContracts": [
47
+ "reference/knowledge/demo/ums-reference-model.md"
48
+ ]
49
+ },
50
+ "corpus": {
51
+ "guidance": {
52
+ "profile": "rulesets/topologies/serverless/README.md",
53
+ "maturityGuide": "rulesets/topologies/serverless/maturity.md"
54
+ },
55
+ "configurationContract": "rulesets/topologies/serverless/topology.config.schema.json",
56
+ "fixtures": {
57
+ "valid": "rulesets/topologies/serverless/fixtures/valid.topology.config.json",
58
+ "invalid": "rulesets/topologies/serverless/fixtures/invalid.topology.config.json"
59
+ },
60
+ "nativeEvaluator": "packages/core-domain/src/application/validators/ruleset-validator.service.ts",
61
+ "tests": {
62
+ "positive": "packages/core-domain/src/application/validators/ruleset-validator-architecture.spec.ts",
63
+ "negative": "packages/core-domain/src/application/validators/ruleset-validator-architecture.spec.ts"
64
+ },
65
+ "evidence": "reference/governance/standards/vision/maturity-evidence.json"
66
+ },
67
+ "operationalBudgets": {
68
+ "latencyBudgetMs": 1500,
69
+ "coldStartCeilingMs": 1000,
70
+ "costCeilingPerExecutionCents": 1
71
+ },
72
+ "operationalInterfaces": {
73
+ "cli": {
74
+ "validators": [
75
+ "validate-architecture",
76
+ "validate-topology"
77
+ ]
78
+ },
79
+ "mcp": {
80
+ "resources": [
81
+ "evolith://topologies/serverless/manifest",
82
+ "evolith://topologies/serverless/rulesets"
83
+ ],
84
+ "tools": [
85
+ "evolith-topology-inspect",
86
+ "evolith-topology-validate"
87
+ ],
88
+ "prompts": [
89
+ "serverless-readiness-review",
90
+ "topology-aware-implementation"
91
+ ]
92
+ },
93
+ "coreApi": {
94
+ "endpoints": [
95
+ "GET /topologies/{id}",
96
+ "GET /topologies/{id}/manifest",
97
+ "POST /topologies/{id}/validate"
98
+ ]
99
+ }
100
+ }
101
+ },
102
+ "businessBoundary": {
103
+ "technicalOnly": true,
104
+ "trackerOwns": [
105
+ "timing",
106
+ "ownership",
107
+ "prioritization",
108
+ "roi",
109
+ "cost",
110
+ "budget",
111
+ "funnel-0"
112
+ ]
113
+ }
114
+ }