@evolith/core-domain 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/domain/services/default-workflow-definition.js +4 -1
- package/dist/domain/services/default-workflow-definition.js.map +1 -1
- package/dist/gates/decision/gate-decision.js.map +1 -1
- package/package.json +1 -2
- package/rulesets/README.es.md +0 -170
- package/rulesets/README.md +0 -170
- package/rulesets/acl/README.es.md +0 -41
- package/rulesets/acl/README.md +0 -41
- package/rulesets/acl/anti-corruption-layer.rules.es.json +0 -99
- package/rulesets/acl/anti-corruption-layer.rules.json +0 -99
- package/rulesets/adr/ADR_COVERAGE.es.md +0 -133
- package/rulesets/adr/ADR_COVERAGE.md +0 -133
- package/rulesets/adr/README.es.md +0 -17
- package/rulesets/adr/README.md +0 -17
- package/rulesets/adr/adr-0002-hexagonal-architecture.rules.json +0 -103
- package/rulesets/adr/adr-0005-cicd-quality-gates.rules.json +0 -102
- package/rulesets/adr/adr-0010-multi-tenancy.rules.json +0 -129
- package/rulesets/adr/adr-0018-testing-pyramid.rules.json +0 -115
- package/rulesets/adr/adr-0032-protocol-selection.rules.json +0 -134
- package/rulesets/adr/adr-0040-multi-runtime.rules.json +0 -131
- package/rulesets/adr/adr-0050-gitflow-branching.rules.json +0 -176
- package/rulesets/adr/generated/adr-0001-monorepo-orchestration-principle.rules.json +0 -29
- package/rulesets/adr/generated/adr-0006-microservices-transition-via-sidecar-pattern.rules.json +0 -29
- package/rulesets/adr/generated/adr-0009-strict-dependency-pinning-and-automated-vulnerability-manage.rules.json +0 -29
- package/rulesets/adr/generated/adr-0011-fault-tolerance-and-resiliency-patterns.rules.json +0 -29
- package/rulesets/adr/generated/adr-0013-cloud-infrastructure-topology-and-disaster-recovery-dr.rules.json +0 -28
- package/rulesets/adr/generated/adr-0014-multi-layer-distributed-caching-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0015-event-driven-architecture-eda-for-intra-domain-communication.rules.json +0 -29
- package/rulesets/adr/generated/adr-0016-immutable-business-audit-trail-and-change-tracking.rules.json +0 -29
- package/rulesets/adr/generated/adr-0017-feature-flagging-strategy-for-progressive-delivery.rules.json +0 -28
- package/rulesets/adr/generated/adr-0019-tactical-design-patterns-for-future-proofing.rules.json +0 -29
- package/rulesets/adr/generated/adr-0020-identity-provider-abstraction-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-0024-centralized-configuration-feature-platform.rules.json +0 -28
- package/rulesets/adr/generated/adr-0025-feature-flag-provider-abstraction-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0028-self-hosted-open-source-hybrid-infrastructure.rules.json +0 -29
- package/rulesets/adr/generated/adr-0030-two-tier-distributed-gateway-model.rules.json +0 -28
- package/rulesets/adr/generated/adr-0031-schema-per-bounded-context-and-domain-event-catalog.rules.json +0 -29
- package/rulesets/adr/generated/adr-0033-transactional-outbox-pattern-for-async-messaging.rules.json +0 -28
- package/rulesets/adr/generated/adr-0034-cqrs-pattern-application-matrix.rules.json +0 -29
- package/rulesets/adr/generated/adr-0035-distributed-saga-pattern-implementation-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0036-message-bus-delivery-flow-control-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0037-enterprise-performance-concurrency-chaos-verification-strate.rules.json +0 -28
- package/rulesets/adr/generated/adr-0039-deployment-topology-abstraction-environment-switcher.rules.json +0 -29
- package/rulesets/adr/generated/adr-0041-dual-engine-policy-evaluation-native-opa.rules.json +0 -28
- package/rulesets/adr/generated/adr-0044-configurable-security-persistence-strategy-agnosticism-vs-na.rules.json +0 -29
- package/rulesets/adr/generated/adr-0045-microservice-extraction-readiness-criteria.rules.json +0 -29
- package/rulesets/adr/generated/adr-0046-unified-traceability-via-w3c-tracecontext.rules.json +0 -29
- package/rulesets/adr/generated/adr-0047-progressive-architecture-evolution-framework-modular-monolit.rules.json +0 -29
- package/rulesets/adr/generated/adr-0048-enterprise-taxonomy-standardization-and-reference-layout.rules.json +0 -28
- package/rulesets/adr/generated/adr-0049-naming-semantics-clean-code-policy-e2e-and-global.rules.json +0 -29
- package/rulesets/adr/generated/adr-0051-enterprise-database-engine-selection-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0052-unit-testing-isolation-strategy-mocks-vs-stubs.rules.json +0 -29
- package/rulesets/adr/generated/adr-0053-integration-and-e2e-testing-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0054-database-design-and-normalization-standards.rules.json +0 -29
- package/rulesets/adr/generated/adr-0055-microfrontends-architecture-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-0056-enterprise-naming-design-conventions-multi-language-multi-pl.rules.json +0 -29
- package/rulesets/adr/generated/adr-0057-architecture-intelligence-catalog.rules.json +0 -27
- package/rulesets/adr/generated/adr-0058-ai-consumable-architecture-knowledge.rules.json +0 -27
- package/rulesets/adr/generated/adr-0067-modular-monolith-persistence-boundaries.rules.json +0 -28
- package/rulesets/adr/generated/adr-0068-documentation-release-gitflow.rules.json +0 -29
- package/rulesets/adr/generated/adr-0069-ai-agent-context-protocol-integration.rules.json +0 -28
- package/rulesets/adr/generated/adr-0070-lean-root-repository-taxonomy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0071-domain-layer-base-class-and-inheritance-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0072-utc-date-storage-browser-timezone-detection-and-language-res.rules.json +0 -29
- package/rulesets/adr/generated/adr-0073-unified-cli-mcp-output-contract-and-gate-evidence-schema.rules.json +0 -29
- package/rulesets/adr/generated/adr-0074-evolith-core-api-native-exposure-layer.rules.json +0 -29
- package/rulesets/adr/generated/adr-0075-core-api-authentication-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-0076-domain-oriented-microservice-architecture-doma.rules.json +0 -28
- package/rulesets/adr/generated/adr-0077-masstransit-v9-commercial-pivot-stay-on-v8-monitor-opentrans.rules.json +0 -28
- package/rulesets/adr/generated/adr-0078-domain-financial-separation-governance.rules.json +0 -29
- package/rulesets/adr/generated/adr-0079-multi-topology-reference-corpus-and-topology-manifest-contra.rules.json +0 -29
- package/rulesets/adr/generated/adr-0080-remote-repository-reference-contract.rules.json +0 -29
- package/rulesets/adr/generated/adr-0081-agentic-ai-sandbox-isolation-boundary.rules.json +0 -29
- package/rulesets/adr/generated/adr-0082-agentic-ai-prompt-context-and-tool-trust-boundary.rules.json +0 -28
- package/rulesets/adr/generated/adr-0083-agentic-ai-action-authorization-and-audit.rules.json +0 -29
- package/rulesets/adr/generated/adr-0084-data-mesh-and-data-as-a-product.rules.json +0 -29
- package/rulesets/adr/generated/adr-0085-agnostic-opa-wasm-distribution-architecture.rules.json +0 -28
- package/rulesets/adr/generated/adr-0086-agentic-ai-telemetry-cost-control-standard.rules.json +0 -27
- package/rulesets/adr/generated/adr-0087-attribute-based-access-control-abac-for-agentic-tool-executi.rules.json +0 -29
- package/rulesets/adr/generated/adr-0088-sovereign-identity-for-agentic-ai.rules.json +0 -29
- package/rulesets/adr/generated/adr-0089-event-driven-agentic-workflow-pattern.rules.json +0 -28
- package/rulesets/adr/generated/adr-0090-rag-knowledge-governance-standard.rules.json +0 -29
- package/rulesets/adr/generated/adr-0091-workload-identity-token-rotation-standard.rules.json +0 -29
- package/rulesets/adr/generated/adr-0092-agent-infinite-loop-prevention-and-circuit-breaker-rules.rules.json +0 -29
- package/rulesets/adr/generated/adr-0093-concurrency-control-and-resource-locking-standard-for-mcp-to.rules.json +0 -29
- package/rulesets/adr/generated/adr-0094-multi-agent-handoff-and-task-delegation-standards.rules.json +0 -29
- package/rulesets/adr/generated/adr-0095-serverless-architecture-governance.rules.json +0 -29
- package/rulesets/adr/generated/adr-0096-edge-computing-architecture-governance.rules.json +0 -29
- package/rulesets/adr/generated/adr-0097-knowledge-lifecycle-governance-standard.rules.json +0 -29
- package/rulesets/adr/generated/adr-0098-rest-uri-versioning-and-deprecation-policy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0099-opa-bundle-distribution-via-s3-minio.rules.json +0 -27
- package/rulesets/adr/generated/adr-ai-augmented-0001-harness-engineering-for-ai-augmented-development.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0002-mcp-integration-protocol-for-agent-tool-invocation.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0003-model-selection-governance-for-ai-augmented-workflows.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0004-agents-md-as-mandatory-repository-artifact.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0005-human-in-the-loop-policy-for-autonomous-agent-operations.rules.json +0 -29
- package/rulesets/adr/generated/adr-android-0042-canonical-android-native-mobile-architecture.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0041-canonical-net-c-backend-architecture.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0060-net-multi-tenancy-dual-layer-strategy-ef-core-sql-server.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0061-transactional-event-lifecycle-in-ef-core.rules.json +0 -28
- package/rulesets/adr/generated/adr-dotnet-0062-net-immutable-audit-trail-via-ddl-triggers-delta-capture.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0063-b2b-request-idempotency-middleware-in-asp-net-core.rules.json +0 -28
- package/rulesets/adr/generated/adr-dotnet-0064-net-request-scope-observability-context-propagation.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0065-net-pii-safe-structured-logging-pipeline-serilog.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0066-net-lightweight-http-idempotency-via-imemorycache-idistribut.rules.json +0 -28
- package/rulesets/adr/generated/adr-dotnet-0069-net-grpc-service-setup-protobuf-contracts.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0070-net-api-endpoint-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0071-net-data-access-strategy-ef-core-as-default-orm-dapper-for-o.rules.json +0 -27
- package/rulesets/adr/generated/adr-dotnet-0072-net-aop-cross-cutting-concern-strategy-dispatchproxy-over-pi.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0003-strict-typescript-standards.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0004-frontend-offline-resilience.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0007-observability-with-opentelemetry-loki-and-jaeger.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0008-progressive-multi-module-evolution-with-api-gateway-and-bff-.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0012-advanced-authorization-rbac-abac-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0021-high-performance-authentication-graph-compilation.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0022-contextual-authentication-and-pluggable-output-projections.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0023-centralized-authorization-core-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0026-adaptive-mfa-and-passwordless-platform.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0027-dual-protocol-api-strategy-rest-grpc.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0029-adoption-of-tactical-ddd-primitives-library.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0038-enterprise-error-handling-result-pattern-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0043-data-access-and-orm-strategy-for-node-js.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0044-frontend-clean-architecture-layer-boundaries-react.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0045-frontend-state-management-zustand-tanstack-query-dual-strate.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0046-prohibition-of-raw-technical-identifiers-in-user-interfaces.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0047-actionable-user-error-contract-and-correlated-diagnostics.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0048-feature-flag-system-scope-and-structured-criteria-model.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0074-monorepo-orchestration-with-nx.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0075-application-gateway-bff-with-nestjs.rules.json +0 -29
- package/rulesets/architecture/README.es.md +0 -21
- package/rulesets/architecture/README.md +0 -21
- package/rulesets/architecture/opa/progressive-axis.rego +0 -50
- package/rulesets/cli/README.es.md +0 -17
- package/rulesets/cli/README.md +0 -17
- package/rulesets/cli/core-parity.rules.json +0 -61
- package/rulesets/cli/release-readiness.rules.json +0 -77
- package/rulesets/compliance-baseline/README.es.md +0 -26
- package/rulesets/compliance-baseline/README.md +0 -26
- package/rulesets/compliance-baseline/compliance-baseline.rules.json +0 -81
- package/rulesets/contracts/README.es.md +0 -19
- package/rulesets/contracts/README.md +0 -19
- package/rulesets/contracts/evolith-machine-contracts.json +0 -29
- package/rulesets/contracts/fixtures/gate-evidence.success.json +0 -10
- package/rulesets/contracts/fixtures/output-envelope.success.json +0 -23
- package/rulesets/cross-cutting/README.es.md +0 -14
- package/rulesets/cross-cutting/README.md +0 -14
- package/rulesets/cross-cutting/compliance-baseline.rules.json +0 -81
- package/rulesets/cross-cutting/definition-of-done.rules.json +0 -135
- package/rulesets/cross-cutting/engineering-manifesto.rules.json +0 -145
- package/rulesets/cross-cutting/repository-taxonomy.rules.json +0 -172
- package/rulesets/definition-of-done/README.es.md +0 -26
- package/rulesets/definition-of-done/README.md +0 -26
- package/rulesets/definition-of-done/definition-of-done.rules.json +0 -135
- package/rulesets/engineering-manifesto/README.es.md +0 -26
- package/rulesets/engineering-manifesto/README.md +0 -26
- package/rulesets/engineering-manifesto/engineering-manifesto.rules.json +0 -145
- package/rulesets/evidence/README.es.md +0 -12
- package/rulesets/evidence/README.md +0 -12
- package/rulesets/evidence/evidence-manifest.rules.json +0 -48
- package/rulesets/executive-scorecards/executive-scorecards.rules.es.json +0 -213
- package/rulesets/executive-scorecards/executive-scorecards.rules.json +0 -213
- package/rulesets/governance/README.es.md +0 -13
- package/rulesets/governance/README.md +0 -13
- package/rulesets/governance/abac-mcp-access.rules.es.json +0 -41
- package/rulesets/governance/abac-mcp-access.rules.json +0 -41
- package/rulesets/governance/executive-scorecards.rules.es.json +0 -213
- package/rulesets/governance/executive-scorecards.rules.json +0 -213
- package/rulesets/governance/inheritance.rules.json +0 -115
- package/rulesets/governance/knowledge-intake.rules.json +0 -18
- package/rulesets/governance/open-core-boundary.rules.es.json +0 -148
- package/rulesets/governance/open-core-boundary.rules.json +0 -148
- package/rulesets/governance/satellite-contracts.rules.json +0 -183
- package/rulesets/infrastructure/helm-enforcement.rules.json +0 -21
- package/rulesets/infrastructure/opa/helm-enforcement.rego +0 -25
- package/rulesets/infrastructure/opa/helm-enforcement.test.rego +0 -31
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.rego +0 -115
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.test.rego +0 -66
- package/rulesets/infrastructure/opa-sidecar-bundle.rules.json +0 -18
- package/rulesets/mcp/README.es.md +0 -12
- package/rulesets/mcp/README.md +0 -12
- package/rulesets/mcp/protocol-compliance.rules.json +0 -57
- package/rulesets/observability/README.es.md +0 -12
- package/rulesets/observability/README.md +0 -12
- package/rulesets/observability/telemetry-evidence.rules.json +0 -48
- package/rulesets/opa/README.es.md +0 -22
- package/rulesets/opa/README.md +0 -22
- package/rulesets/opa/abac-mcp-tool-access.rego +0 -122
- package/rulesets/opa/abac-mcp-tool-access.test.rego +0 -33
- package/rulesets/opa/anti-corruption-layer.rego +0 -39
- package/rulesets/opa/anti-corruption-layer.test.rego +0 -118
- package/rulesets/opa/ci-cd.rego +0 -41
- package/rulesets/opa/ci-cd.test.rego +0 -23
- package/rulesets/opa/cicd-quality-gates.rego +0 -29
- package/rulesets/opa/cicd-quality-gates.test.rego +0 -54
- package/rulesets/opa/cli-core-parity.rego +0 -17
- package/rulesets/opa/cli-core-parity.test.rego +0 -39
- package/rulesets/opa/cli-readiness.rego +0 -32
- package/rulesets/opa/cli-readiness.test.rego +0 -23
- package/rulesets/opa/cli-release-readiness.rego +0 -21
- package/rulesets/opa/cli-release-readiness.test.rego +0 -46
- package/rulesets/opa/compliance-baseline.rego +0 -95
- package/rulesets/opa/compliance-baseline.test.rego +0 -89
- package/rulesets/opa/dod.rego +0 -42
- package/rulesets/opa/dod.test.rego +0 -250
- package/rulesets/opa/engineering-manifesto.rego +0 -78
- package/rulesets/opa/engineering-manifesto.test.rego +0 -133
- package/rulesets/opa/evidence.rego +0 -64
- package/rulesets/opa/evidence.test.rego +0 -23
- package/rulesets/opa/executive-scorecards.rego +0 -41
- package/rulesets/opa/executive-scorecards.test.rego +0 -60
- package/rulesets/opa/gitflow-branching.rego +0 -41
- package/rulesets/opa/gitflow-branching.test.rego +0 -60
- package/rulesets/opa/governance.rego +0 -39
- package/rulesets/opa/governance.test.rego +0 -23
- package/rulesets/opa/hexagonal-architecture.rego +0 -33
- package/rulesets/opa/hexagonal-architecture.test.rego +0 -57
- package/rulesets/opa/infrastructure/helm-enforcement.rego +0 -33
- package/rulesets/opa/infrastructure/opa-sidecar-bundle.rego +0 -42
- package/rulesets/opa/knowledge-intake.rego +0 -98
- package/rulesets/opa/knowledge-intake.test.rego +0 -50
- package/rulesets/opa/main.rego +0 -147
- package/rulesets/opa/main_test.rego +0 -149
- package/rulesets/opa/mcp.rego +0 -61
- package/rulesets/opa/mcp.test.rego +0 -27
- package/rulesets/opa/multi-runtime.rego +0 -33
- package/rulesets/opa/multi-runtime.test.rego +0 -53
- package/rulesets/opa/multi-tenancy.rego +0 -33
- package/rulesets/opa/multi-tenancy.test.rego +0 -53
- package/rulesets/opa/open-core-boundary.rego +0 -33
- package/rulesets/opa/open-core-boundary.test.rego +0 -60
- package/rulesets/opa/protocol-selection.rego +0 -29
- package/rulesets/opa/protocol-selection.test.rego +0 -46
- package/rulesets/opa/rbac/gate-role-enforcement.rego +0 -112
- package/rulesets/opa/repository-taxonomy.rego +0 -98
- package/rulesets/opa/repository-taxonomy.test.rego +0 -91
- package/rulesets/opa/satellite-contracts.rego +0 -42
- package/rulesets/opa/satellite-contracts.test.rego +0 -70
- package/rulesets/opa/schemas/abac-mcp-tool-access.input.schema.json +0 -21
- package/rulesets/opa/schemas/anti-corruption-layer.input.schema.json +0 -25
- package/rulesets/opa/schemas/ci-cd.input.schema.json +0 -27
- package/rulesets/opa/schemas/cicd-quality-gates.input.schema.json +0 -33
- package/rulesets/opa/schemas/cli-core-parity.input.schema.json +0 -30
- package/rulesets/opa/schemas/cli-readiness.input.schema.json +0 -28
- package/rulesets/opa/schemas/cli-release-readiness.input.schema.json +0 -26
- package/rulesets/opa/schemas/compliance-baseline.input.schema.json +0 -25
- package/rulesets/opa/schemas/dod.input.schema.json +0 -38
- package/rulesets/opa/schemas/engineering-manifesto.input.schema.json +0 -24
- package/rulesets/opa/schemas/evidence.input.schema.json +0 -35
- package/rulesets/opa/schemas/executive-scorecards.input.schema.json +0 -36
- package/rulesets/opa/schemas/gitflow-branching.input.schema.json +0 -36
- package/rulesets/opa/schemas/governance.input.schema.json +0 -19
- package/rulesets/opa/schemas/hexagonal-architecture.input.schema.json +0 -46
- package/rulesets/opa/schemas/knowledge-intake.input.schema.json +0 -57
- package/rulesets/opa/schemas/mcp.input.schema.json +0 -38
- package/rulesets/opa/schemas/multi-runtime.input.schema.json +0 -27
- package/rulesets/opa/schemas/multi-tenancy.input.schema.json +0 -27
- package/rulesets/opa/schemas/open-core-boundary.input.schema.json +0 -36
- package/rulesets/opa/schemas/protocol-selection.input.schema.json +0 -26
- package/rulesets/opa/schemas/repository-taxonomy.input.schema.json +0 -18
- package/rulesets/opa/schemas/satellite-contracts.input.schema.json +0 -38
- package/rulesets/opa/schemas/taxonomy.input.schema.json +0 -27
- package/rulesets/opa/schemas/testing-pyramid.input.schema.json +0 -42
- package/rulesets/opa/schemas/version-pinning.input.schema.json +0 -39
- package/rulesets/opa/sdlc/coverage.rego +0 -49
- package/rulesets/opa/sdlc/coverage.test.rego +0 -29
- package/rulesets/opa/sdlc/pyramid-distribution.rego +0 -31
- package/rulesets/opa/sdlc/pyramid-distribution.test.rego +0 -33
- package/rulesets/opa/taxonomy.rego +0 -51
- package/rulesets/opa/taxonomy.test.rego +0 -28
- package/rulesets/opa/telemetry-evidence.rego +0 -102
- package/rulesets/opa/testing-pyramid.rego +0 -49
- package/rulesets/opa/testing-pyramid.test.rego +0 -81
- package/rulesets/opa/version-pinning.rego +0 -99
- package/rulesets/opa/version-pinning.test.rego +0 -28
- package/rulesets/phase-gates/README.es.md +0 -28
- package/rulesets/phase-gates/README.md +0 -28
- package/rulesets/phase-gates/phase-gates.rules.json +0 -297
- package/rulesets/quality-thresholds/README.es.md +0 -28
- package/rulesets/quality-thresholds/README.md +0 -28
- package/rulesets/quality-thresholds/quality-thresholds.rules.json +0 -96
- package/rulesets/repository-taxonomy/README.es.md +0 -26
- package/rulesets/repository-taxonomy/README.md +0 -26
- package/rulesets/repository-taxonomy/repository-taxonomy.rules.json +0 -172
- package/rulesets/satellite-contracts/README.es.md +0 -27
- package/rulesets/satellite-contracts/README.md +0 -27
- package/rulesets/satellite-contracts/satellite-contracts.rules.json +0 -183
- package/rulesets/schema/README.es.md +0 -39
- package/rulesets/schema/README.md +0 -39
- package/rulesets/schema/adr.schema.json +0 -138
- package/rulesets/schema/agile-backlog.schema.json +0 -91
- package/rulesets/schema/ballpark-estimation.schema.json +0 -109
- package/rulesets/schema/build-vs-compose.schema.json +0 -98
- package/rulesets/schema/cli-impact-analysis.schema.json +0 -114
- package/rulesets/schema/discovery-canvas.schema.json +0 -92
- package/rulesets/schema/evolith-user-story.schema.json +0 -105
- package/rulesets/schema/evolith-yaml.schema.json +0 -191
- package/rulesets/schema/functional-story.schema.json +0 -111
- package/rulesets/schema/gate-evidence.schema.json +0 -85
- package/rulesets/schema/integration-evidence.schema.json +0 -47
- package/rulesets/schema/knowledge-intake.schema.json +0 -67
- package/rulesets/schema/knowledge-projection.schema.json +0 -24
- package/rulesets/schema/maturity-evidence.schema.json +0 -59
- package/rulesets/schema/observability-validation.schema.json +0 -85
- package/rulesets/schema/on-call-handoff.schema.json +0 -91
- package/rulesets/schema/output-envelope.schema.json +0 -102
- package/rulesets/schema/prd.schema.json +0 -117
- package/rulesets/schema/release-notes.schema.json +0 -138
- package/rulesets/schema/rollback-rehearsal.schema.json +0 -73
- package/rulesets/schema/ruleset-sdlc.schema.json +0 -59
- package/rulesets/schema/ruleset-standard.schema.json +0 -73
- package/rulesets/schema/security-scan-report.schema.json +0 -79
- package/rulesets/schema/source-registry.schema.json +0 -51
- package/rulesets/schema/technical-feasibility.schema.json +0 -66
- package/rulesets/schema/technical-story.schema.json +0 -112
- package/rulesets/schema/test-summary-report.schema.json +0 -158
- package/rulesets/schema/topology-composition.schema.json +0 -43
- package/rulesets/schema/topology-manifest.schema.json +0 -421
- package/rulesets/sdlc/README.es.md +0 -12
- package/rulesets/sdlc/README.md +0 -12
- package/rulesets/sdlc/default-workflow.yaml +0 -73
- package/rulesets/sdlc/dependency-pinning.rules.json +0 -183
- package/rulesets/sdlc/phase-gates.rules.json +0 -297
- package/rulesets/sdlc/quality-thresholds.rules.json +0 -96
- package/rulesets/topologies/README.es.md +0 -42
- package/rulesets/topologies/README.md +0 -42
- package/rulesets/topologies/agentic-ai/README.es.md +0 -142
- package/rulesets/topologies/agentic-ai/README.md +0 -142
- package/rulesets/topologies/agentic-ai/adoption.es.md +0 -37
- package/rulesets/topologies/agentic-ai/adoption.md +0 -37
- package/rulesets/topologies/agentic-ai/agent.config.schema.json +0 -100
- package/rulesets/topologies/agentic-ai/agentic-ai.rego +0 -46
- package/rulesets/topologies/agentic-ai/agentic-ai.rules.json +0 -109
- package/rulesets/topologies/agentic-ai/agentic-ai.test.rego +0 -68
- package/rulesets/topologies/agentic-ai/agentic-ai.wasm +0 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.es.md +0 -35
- package/rulesets/topologies/agentic-ai/cli/cli-flows.md +0 -45
- package/rulesets/topologies/agentic-ai/evidence.es.md +0 -25
- package/rulesets/topologies/agentic-ai/evidence.md +0 -25
- package/rulesets/topologies/agentic-ai/evolution.es.md +0 -26
- package/rulesets/topologies/agentic-ai/evolution.md +0 -26
- package/rulesets/topologies/agentic-ai/fixtures/invalid-agent.config.json +0 -48
- package/rulesets/topologies/agentic-ai/fixtures/valid-agent.config.json +0 -48
- package/rulesets/topologies/agentic-ai/maturity.es.md +0 -33
- package/rulesets/topologies/agentic-ai/maturity.md +0 -33
- package/rulesets/topologies/agentic-ai/mcp/mcp-manifest.json +0 -100
- package/rulesets/topologies/agentic-ai/openapi/openapi.yaml +0 -187
- package/rulesets/topologies/agentic-ai/operations.es.md +0 -32
- package/rulesets/topologies/agentic-ai/operations.md +0 -32
- package/rulesets/topologies/agentic-ai/parity-fixtures/compliant.json +0 -18
- package/rulesets/topologies/agentic-ai/parity-fixtures/violation.json +0 -22
- package/rulesets/topologies/agentic-ai/patterns.es.md +0 -32
- package/rulesets/topologies/agentic-ai/patterns.md +0 -32
- package/rulesets/topologies/agentic-ai/resilience.es.md +0 -26
- package/rulesets/topologies/agentic-ai/resilience.md +0 -26
- package/rulesets/topologies/agentic-ai/runbooks.es.md +0 -48
- package/rulesets/topologies/agentic-ai/runbooks.md +0 -48
- package/rulesets/topologies/agentic-ai/security.es.md +0 -26
- package/rulesets/topologies/agentic-ai/security.md +0 -26
- package/rulesets/topologies/agentic-ai/topology.manifest.json +0 -127
- package/rulesets/topologies/data-mesh/README.es.md +0 -69
- package/rulesets/topologies/data-mesh/README.md +0 -69
- package/rulesets/topologies/data-mesh/adoption.es.md +0 -95
- package/rulesets/topologies/data-mesh/adoption.md +0 -95
- package/rulesets/topologies/data-mesh/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/data-mesh/cli/cli-flows.md +0 -53
- package/rulesets/topologies/data-mesh/data-mesh.rego +0 -11
- package/rulesets/topologies/data-mesh/data-mesh.rules.json +0 -100
- package/rulesets/topologies/data-mesh/data-mesh.test.rego +0 -107
- package/rulesets/topologies/data-mesh/data-mesh.wasm +0 -0
- package/rulesets/topologies/data-mesh/evidence.es.md +0 -111
- package/rulesets/topologies/data-mesh/evidence.md +0 -111
- package/rulesets/topologies/data-mesh/evolution.es.md +0 -67
- package/rulesets/topologies/data-mesh/evolution.md +0 -67
- package/rulesets/topologies/data-mesh/fixtures/invalid.topology.config.json +0 -12
- package/rulesets/topologies/data-mesh/fixtures/valid.topology.config.json +0 -12
- package/rulesets/topologies/data-mesh/maturity.es.md +0 -36
- package/rulesets/topologies/data-mesh/maturity.md +0 -36
- package/rulesets/topologies/data-mesh/mcp/mcp-manifest.json +0 -68
- package/rulesets/topologies/data-mesh/openapi/openapi.yaml +0 -186
- package/rulesets/topologies/data-mesh/operations.es.md +0 -63
- package/rulesets/topologies/data-mesh/operations.md +0 -63
- package/rulesets/topologies/data-mesh/parity-fixtures/compliant.json +0 -18
- package/rulesets/topologies/data-mesh/parity-fixtures/violation.json +0 -21
- package/rulesets/topologies/data-mesh/patterns.es.md +0 -67
- package/rulesets/topologies/data-mesh/patterns.md +0 -67
- package/rulesets/topologies/data-mesh/resilience.es.md +0 -64
- package/rulesets/topologies/data-mesh/resilience.md +0 -64
- package/rulesets/topologies/data-mesh/runbooks.es.md +0 -147
- package/rulesets/topologies/data-mesh/runbooks.md +0 -147
- package/rulesets/topologies/data-mesh/security.es.md +0 -66
- package/rulesets/topologies/data-mesh/security.md +0 -66
- package/rulesets/topologies/data-mesh/topology.config.schema.json +0 -30
- package/rulesets/topologies/data-mesh/topology.manifest.json +0 -107
- package/rulesets/topologies/edge-computing/README.es.md +0 -81
- package/rulesets/topologies/edge-computing/README.md +0 -81
- package/rulesets/topologies/edge-computing/adoption.es.md +0 -268
- package/rulesets/topologies/edge-computing/adoption.md +0 -268
- package/rulesets/topologies/edge-computing/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/edge-computing/cli/cli-flows.md +0 -53
- package/rulesets/topologies/edge-computing/edge-computing.rego +0 -41
- package/rulesets/topologies/edge-computing/edge-computing.rules.json +0 -50
- package/rulesets/topologies/edge-computing/edge-computing.test.rego +0 -33
- package/rulesets/topologies/edge-computing/edge-computing.wasm +0 -0
- package/rulesets/topologies/edge-computing/evidence.es.md +0 -263
- package/rulesets/topologies/edge-computing/evidence.md +0 -263
- package/rulesets/topologies/edge-computing/evolution.es.md +0 -257
- package/rulesets/topologies/edge-computing/evolution.md +0 -257
- package/rulesets/topologies/edge-computing/fixtures/invalid.topology.config.json +0 -6
- package/rulesets/topologies/edge-computing/fixtures/valid.topology.config.json +0 -6
- package/rulesets/topologies/edge-computing/maturity.es.md +0 -36
- package/rulesets/topologies/edge-computing/maturity.md +0 -36
- package/rulesets/topologies/edge-computing/mcp/mcp-manifest.json +0 -72
- package/rulesets/topologies/edge-computing/openapi/openapi.yaml +0 -187
- package/rulesets/topologies/edge-computing/operations.es.md +0 -148
- package/rulesets/topologies/edge-computing/operations.md +0 -148
- package/rulesets/topologies/edge-computing/parity-fixtures/compliant.json +0 -12
- package/rulesets/topologies/edge-computing/parity-fixtures/violation.json +0 -13
- package/rulesets/topologies/edge-computing/patterns.es.md +0 -291
- package/rulesets/topologies/edge-computing/patterns.md +0 -290
- package/rulesets/topologies/edge-computing/resilience.es.md +0 -232
- package/rulesets/topologies/edge-computing/resilience.md +0 -229
- package/rulesets/topologies/edge-computing/runbooks.es.md +0 -405
- package/rulesets/topologies/edge-computing/runbooks.md +0 -405
- package/rulesets/topologies/edge-computing/security.es.md +0 -218
- package/rulesets/topologies/edge-computing/security.md +0 -218
- package/rulesets/topologies/edge-computing/topology.config.schema.json +0 -13
- package/rulesets/topologies/edge-computing/topology.manifest.json +0 -113
- package/rulesets/topologies/event-driven/README.es.md +0 -71
- package/rulesets/topologies/event-driven/README.md +0 -71
- package/rulesets/topologies/event-driven/adoption.es.md +0 -67
- package/rulesets/topologies/event-driven/adoption.md +0 -67
- package/rulesets/topologies/event-driven/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/event-driven/cli/cli-flows.md +0 -53
- package/rulesets/topologies/event-driven/event-driven.rego +0 -11
- package/rulesets/topologies/event-driven/event-driven.rules.json +0 -100
- package/rulesets/topologies/event-driven/event-driven.test.rego +0 -107
- package/rulesets/topologies/event-driven/event-driven.wasm +0 -0
- package/rulesets/topologies/event-driven/evidence.es.md +0 -69
- package/rulesets/topologies/event-driven/evidence.md +0 -69
- package/rulesets/topologies/event-driven/evolution.es.md +0 -59
- package/rulesets/topologies/event-driven/evolution.md +0 -59
- package/rulesets/topologies/event-driven/fixtures/invalid.topology.config.json +0 -12
- package/rulesets/topologies/event-driven/fixtures/valid.topology.config.json +0 -12
- package/rulesets/topologies/event-driven/maturity.es.md +0 -36
- package/rulesets/topologies/event-driven/maturity.md +0 -36
- package/rulesets/topologies/event-driven/mcp/mcp-manifest.json +0 -68
- package/rulesets/topologies/event-driven/openapi/openapi.yaml +0 -186
- package/rulesets/topologies/event-driven/operations.es.md +0 -67
- package/rulesets/topologies/event-driven/operations.md +0 -67
- package/rulesets/topologies/event-driven/parity-fixtures/compliant.json +0 -18
- package/rulesets/topologies/event-driven/parity-fixtures/violation.json +0 -21
- package/rulesets/topologies/event-driven/patterns.es.md +0 -68
- package/rulesets/topologies/event-driven/patterns.md +0 -68
- package/rulesets/topologies/event-driven/resilience.es.md +0 -65
- package/rulesets/topologies/event-driven/resilience.md +0 -65
- package/rulesets/topologies/event-driven/runbooks.es.md +0 -79
- package/rulesets/topologies/event-driven/runbooks.md +0 -79
- package/rulesets/topologies/event-driven/security.es.md +0 -59
- package/rulesets/topologies/event-driven/security.md +0 -59
- package/rulesets/topologies/event-driven/topology.config.schema.json +0 -30
- package/rulesets/topologies/event-driven/topology.manifest.json +0 -109
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.es.json +0 -111
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.json +0 -111
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.es.json +0 -106
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.json +0 -106
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.es.json +0 -148
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.json +0 -148
- package/rulesets/topologies/serverless/README.es.md +0 -74
- package/rulesets/topologies/serverless/README.md +0 -74
- package/rulesets/topologies/serverless/adoption.es.md +0 -50
- package/rulesets/topologies/serverless/adoption.md +0 -50
- package/rulesets/topologies/serverless/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/serverless/cli/cli-flows.md +0 -53
- package/rulesets/topologies/serverless/evidence.es.md +0 -66
- package/rulesets/topologies/serverless/evidence.md +0 -66
- package/rulesets/topologies/serverless/evolution.es.md +0 -36
- package/rulesets/topologies/serverless/evolution.md +0 -36
- package/rulesets/topologies/serverless/fixtures/invalid.topology.config.json +0 -6
- package/rulesets/topologies/serverless/fixtures/valid.topology.config.json +0 -6
- package/rulesets/topologies/serverless/maturity.es.md +0 -36
- package/rulesets/topologies/serverless/maturity.md +0 -36
- package/rulesets/topologies/serverless/mcp/mcp-manifest.json +0 -72
- package/rulesets/topologies/serverless/openapi/openapi.yaml +0 -186
- package/rulesets/topologies/serverless/operations.es.md +0 -36
- package/rulesets/topologies/serverless/operations.md +0 -36
- package/rulesets/topologies/serverless/parity-fixtures/compliant.json +0 -13
- package/rulesets/topologies/serverless/parity-fixtures/violation.json +0 -15
- package/rulesets/topologies/serverless/patterns.es.md +0 -36
- package/rulesets/topologies/serverless/patterns.md +0 -36
- package/rulesets/topologies/serverless/resilience.es.md +0 -36
- package/rulesets/topologies/serverless/resilience.md +0 -36
- package/rulesets/topologies/serverless/runbooks.es.md +0 -68
- package/rulesets/topologies/serverless/runbooks.md +0 -68
- package/rulesets/topologies/serverless/security.es.md +0 -36
- package/rulesets/topologies/serverless/security.md +0 -36
- package/rulesets/topologies/serverless/serverless.rego +0 -32
- package/rulesets/topologies/serverless/serverless.rules.json +0 -33
- package/rulesets/topologies/serverless/serverless.test.rego +0 -28
- package/rulesets/topologies/serverless/serverless.wasm +0 -0
- package/rulesets/topologies/serverless/topology.config.schema.json +0 -28
- package/rulesets/topologies/serverless/topology.manifest.json +0 -114
|
@@ -1,102 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0005-cicd-quality-gates.rules.json",
|
|
4
|
-
"title": "ADR-0005 — CI/CD Security Quality Gates Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0005 CI/CD Security Quality Gates. Mandatory gates for every merge to protected branches.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0005",
|
|
8
|
-
"adrTitle": "CI/CD Security Quality Gates with CodeQL",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-08",
|
|
11
|
-
"effectiveDate": "2026-05-08",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "CICD-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "security-scan",
|
|
17
|
-
"title": "CodeQL Static Analysis runs on every PR",
|
|
18
|
-
"description": "GitHub CodeQL must run on every pull request. Scans for OWASP Top 10 vulnerability patterns in TypeScript source code. PRs with High or Critical findings are BLOCKED from merging.",
|
|
19
|
-
"rationale": "ADR-0005 §Decision: Security enforced mechanically, not left to human review.",
|
|
20
|
-
"validationQuery": "CI pipeline includes CodeQL scan step. PRs with CRITICAL/HIGH findings cannot complete merge.",
|
|
21
|
-
"blocking": true,
|
|
22
|
-
"sla": {
|
|
23
|
-
"critical": "24 hours",
|
|
24
|
-
"high": "72 hours"
|
|
25
|
-
}
|
|
26
|
-
},
|
|
27
|
-
{
|
|
28
|
-
"id": "CICD-02",
|
|
29
|
-
"severity": "MUST",
|
|
30
|
-
"category": "dependency-scan",
|
|
31
|
-
"title": "Dependency vulnerability scan blocks merge",
|
|
32
|
-
"description": "npm audit --audit-level=high (or equivalent for other languages) runs in CI. Any dependency with a High or Critical CVE blocks the pipeline.",
|
|
33
|
-
"rationale": "ADR-0005 §Decision: Third-party dependencies can introduce known CVEs that go undetected without automated scanning.",
|
|
34
|
-
"validationQuery": "CI pipeline runs dependency audit. Pipeline fails on High/Critical CVE detection.",
|
|
35
|
-
"blocking": true
|
|
36
|
-
},
|
|
37
|
-
{
|
|
38
|
-
"id": "CICD-03",
|
|
39
|
-
"severity": "MUST",
|
|
40
|
-
"category": "secret-detection",
|
|
41
|
-
"title": "Secret detection enabled on repository",
|
|
42
|
-
"description": "GitHub's built-in secret scanning is enabled on the repository to detect accidentally committed API keys or credentials. Commits containing secrets are rejected.",
|
|
43
|
-
"rationale": "ADR-0005 §Decision: Secret detection prevents credential leakage at the source.",
|
|
44
|
-
"validationQuery": "Secret scanning is enabled in repository settings. Pre-commit hooks detect known secret patterns.",
|
|
45
|
-
"blocking": true
|
|
46
|
-
},
|
|
47
|
-
{
|
|
48
|
-
"id": "CICD-04",
|
|
49
|
-
"severity": "MUST",
|
|
50
|
-
"category": "pipeline-structure",
|
|
51
|
-
"title": "All quality gates execute before merge",
|
|
52
|
-
"description": "All quality gates (CodeQL, dependency scan, lint, tests, coverage) MUST complete successfully before a PR can merge. No merge with failing pipeline.",
|
|
53
|
-
"rationale": "ADR-0005 §Pipeline gates: Mechanical enforcement before merge.",
|
|
54
|
-
"validationQuery": "Protected branch requires all CI checks green. No override allowed without explicit waiver.",
|
|
55
|
-
"blocking": true
|
|
56
|
-
},
|
|
57
|
-
{
|
|
58
|
-
"id": "CICD-05",
|
|
59
|
-
"severity": "MUST",
|
|
60
|
-
"category": "documentation",
|
|
61
|
-
"title": "Security findings documented with justification",
|
|
62
|
-
"description": "False positive suppressions require documented justification comments in code. Suppressed findings must include a reason and an issue tracker reference.",
|
|
63
|
-
"rationale": "ADR-0005 §Consequences: False positives require manual suppression with documented justification.",
|
|
64
|
-
"validationQuery": "Suppressed findings have inline comments explaining justification and JIRA/Ticket reference.",
|
|
65
|
-
"blocking": false
|
|
66
|
-
},
|
|
67
|
-
{
|
|
68
|
-
"id": "CICD-06",
|
|
69
|
-
"severity": "MUST",
|
|
70
|
-
"category": "sla-compliance",
|
|
71
|
-
"title": "Critical findings resolved within 24 hours",
|
|
72
|
-
"description": "All Critical severity findings from CodeQL or dependency scans MUST be resolved within 24 hours of detection.",
|
|
73
|
-
"rationale": "ADR-0005 §SLA: Critical findings require immediate response.",
|
|
74
|
-
"validationQuery": "Issue tracker has Critical findings with age <= 24 hours or explicit SLA waiver.",
|
|
75
|
-
"blocking": false,
|
|
76
|
-
"enforcement": "Issue tracker integration or automated escalation"
|
|
77
|
-
},
|
|
78
|
-
{
|
|
79
|
-
"id": "CICD-07",
|
|
80
|
-
"severity": "MUST",
|
|
81
|
-
"category": "sla-compliance",
|
|
82
|
-
"title": "High findings resolved within 72 hours",
|
|
83
|
-
"description": "All High severity findings from CodeQL or dependency scans MUST be resolved within 72 hours of detection.",
|
|
84
|
-
"rationale": "ADR-0005 §SLA: High findings require timely response.",
|
|
85
|
-
"validationQuery": "Issue tracker has High findings with age <= 72 hours or explicit SLA waiver.",
|
|
86
|
-
"blocking": false
|
|
87
|
-
}
|
|
88
|
-
],
|
|
89
|
-
"references": [
|
|
90
|
-
"reference/architecture/adrs/core/0005-ci-cd-quality-codeql.md",
|
|
91
|
-
"reference/architecture/adrs/core/0009-strict-dependency-pinning-vulnerability-management.md"
|
|
92
|
-
],
|
|
93
|
-
"exitCriteria": {
|
|
94
|
-
"description": "All CI/CD gates pass. Protected branches enforce all checks. SLA compliance tracked.",
|
|
95
|
-
"validationTools": [
|
|
96
|
-
"GitHub Actions",
|
|
97
|
-
"CodeQL",
|
|
98
|
-
"npm audit",
|
|
99
|
-
"pre-commit hooks"
|
|
100
|
-
]
|
|
101
|
-
}
|
|
102
|
-
}
|
|
@@ -1,129 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0010-multi-tenancy.rules.json",
|
|
4
|
-
"title": "ADR-0010 — Multi-Tenancy Architecture Strategy Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0010 Multi-Tenancy Architecture. Conditional rules for products serving multiple tenants with dual-layer filtering.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0010",
|
|
8
|
-
"adrTitle": "Multi-Tenancy Architecture Strategy",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-08",
|
|
11
|
-
"effectiveDate": "2026-05-08",
|
|
12
|
-
"conditional": true,
|
|
13
|
-
"condition": "REQUIRED when product serves multiple tenants. Single-tenant products may defer.",
|
|
14
|
-
"rules": [
|
|
15
|
-
{
|
|
16
|
-
"id": "MTN-01",
|
|
17
|
-
"severity": "MUST",
|
|
18
|
-
"category": "filtering-layer",
|
|
19
|
-
"title": "Application-layer tenant filtering is primary",
|
|
20
|
-
"description": "Application-layer filtering (WHERE tenant_id = X) is the PRIMARY enforcement mechanism for tenant data isolation. Every query that returns tenant-owned data MUST include tenant_id filter.",
|
|
21
|
-
"rationale": "ADR-0010: Application-layer filtering as primary mechanism. Always filter by tenant context.",
|
|
22
|
-
"validationQuery": "All repository queries include tenant_id in WHERE clause. No raw queries that bypass application context.",
|
|
23
|
-
"blocking": true,
|
|
24
|
-
"layer": "Application"
|
|
25
|
-
},
|
|
26
|
-
{
|
|
27
|
-
"id": "MTN-02",
|
|
28
|
-
"severity": "MUST",
|
|
29
|
-
"category": "filtering-layer",
|
|
30
|
-
"title": "Database-native tenant enforcement is secondary",
|
|
31
|
-
"description": "Database-native enforcement (RLS policies, separate schemas) is the SECONDARY failsafe mechanism. Database enforcement supplements but does not replace application-layer filtering.",
|
|
32
|
-
"rationale": "ADR-0010: Dual-layer strategy. Database is failsafe, not primary.",
|
|
33
|
-
"validationQuery": "Database has RLS or schema-per-tenant. Application-layer filtering still enforced even when DB enforcement exists.",
|
|
34
|
-
"blocking": true,
|
|
35
|
-
"layer": "Infrastructure"
|
|
36
|
-
},
|
|
37
|
-
{
|
|
38
|
-
"id": "MTN-03",
|
|
39
|
-
"severity": "MUST",
|
|
40
|
-
"category": "context-propagation",
|
|
41
|
-
"title": "Tenant context propagated through all layers",
|
|
42
|
-
"description": "Tenant context (tenant_id) MUST be propagated through all layers without exception. Domain logic operates with explicit tenant context. No implicit tenant assumption.",
|
|
43
|
-
"rationale": "ADR-0010: Tenant context must be explicit and immutable for the duration of the request.",
|
|
44
|
-
"validationQuery": "TenantId passed as explicit parameter or via scoped context (not static). Domain methods signature includes tenant context.",
|
|
45
|
-
"blocking": true
|
|
46
|
-
},
|
|
47
|
-
{
|
|
48
|
-
"id": "MTN-04",
|
|
49
|
-
"severity": "MUST NOT",
|
|
50
|
-
"category": "data-isolation",
|
|
51
|
-
"title": "Cross-tenant data access prohibited",
|
|
52
|
-
"description": "Cross-tenant data access is strictly prohibited. No query, report, or export operation may access data from multiple tenants without explicit multi-tenant authorization.",
|
|
53
|
-
"rationale": "ADR-0010: Data isolation is non-negotiable. Cross-tenant access requires explicit corporate authorization.",
|
|
54
|
-
"validationQuery": "Audit logs verify no cross-tenant queries. Access control lists block cross-tenant operations.",
|
|
55
|
-
"blocking": true
|
|
56
|
-
},
|
|
57
|
-
{
|
|
58
|
-
"id": "MTN-05",
|
|
59
|
-
"severity": "MUST",
|
|
60
|
-
"category": "schema-per-tenant",
|
|
61
|
-
"title": "Multi-tenant schema strategy defined upfront",
|
|
62
|
-
"description": "The multi-tenant schema strategy (shared schema with tenant_id, separate schema per tenant, or separate database per tenant) MUST be defined before Phase 2 Design and documented in evolith.yaml.",
|
|
63
|
-
"rationale": "ADR-0010: Schema strategy affects all bounded contexts. Must be decided early.",
|
|
64
|
-
"validationQuery": "evolith.yaml specifies boundedContexts[].persistence strategy (shared-schema | schema-per-tenant | db-per-tenant).",
|
|
65
|
-
"blocking": true
|
|
66
|
-
},
|
|
67
|
-
{
|
|
68
|
-
"id": "MTN-06",
|
|
69
|
-
"severity": "MUST",
|
|
70
|
-
"category": "audit-trail",
|
|
71
|
-
"title": "Tenant-scoped audit trail maintained",
|
|
72
|
-
"description": "All tenant operations MUST be logged with tenant context. Audit trail enables compliance and security investigation per tenant.",
|
|
73
|
-
"rationale": "ADR-0010: Audit trail must be tenant-scoped for compliance and security.",
|
|
74
|
-
"validationQuery": "All audit logs include tenant_id field. Logs are immutable and retained per compliance requirements.",
|
|
75
|
-
"blocking": false,
|
|
76
|
-
"layer": "Infrastructure"
|
|
77
|
-
},
|
|
78
|
-
{
|
|
79
|
-
"id": "MTN-07",
|
|
80
|
-
"severity": "MUST",
|
|
81
|
-
"category": "data-migration",
|
|
82
|
-
"title": "Tenant migration path defined for schema changes",
|
|
83
|
-
"description": "When schema changes affect tenant data (new tenant column, migration scripts), the migration MUST include tenant-aware rollback and validation. No schema migration that breaks tenant data integrity.",
|
|
84
|
-
"rationale": "ADR-0010: Schema migrations in multi-tenant context are high-risk. Tenant data integrity must be preserved.",
|
|
85
|
-
"validationQuery": "Migration scripts include tenant validation tests. Rollback tested with tenant data present.",
|
|
86
|
-
"blocking": true
|
|
87
|
-
},
|
|
88
|
-
{
|
|
89
|
-
"id": "MTN-08",
|
|
90
|
-
"severity": "MUST",
|
|
91
|
-
"category": "external-api",
|
|
92
|
-
"title": "External APIs validate tenant context on every request",
|
|
93
|
-
"description": "Every API endpoint that handles tenant data MUST validate tenant context from authentication token or header. Requests without valid tenant context are rejected with 403 Forbidden.",
|
|
94
|
-
"rationale": "ADR-0010: API endpoints must enforce tenant context at the boundary.",
|
|
95
|
-
"validationQuery": "API middleware validates tenant_id from JWT/token on every request. Invalid tenant context returns 403.",
|
|
96
|
-
"blocking": true,
|
|
97
|
-
"layer": "Api"
|
|
98
|
-
}
|
|
99
|
-
],
|
|
100
|
-
"schemaStrategies": [
|
|
101
|
-
{
|
|
102
|
-
"strategy": "shared-schema",
|
|
103
|
-
"description": "All tenants share same database schema with tenant_id column",
|
|
104
|
-
"useWhen": "Low sensitivity, high tenant count"
|
|
105
|
-
},
|
|
106
|
-
{
|
|
107
|
-
"strategy": "schema-per-tenant",
|
|
108
|
-
"description": "Each tenant has own PostgreSQL schema",
|
|
109
|
-
"useWhen": "Moderate sensitivity, moderate tenant count"
|
|
110
|
-
},
|
|
111
|
-
{
|
|
112
|
-
"strategy": "db-per-tenant",
|
|
113
|
-
"description": "Each tenant has own database",
|
|
114
|
-
"useWhen": "High sensitivity, low tenant count, strong isolation required"
|
|
115
|
-
}
|
|
116
|
-
],
|
|
117
|
-
"references": [
|
|
118
|
-
"reference/architecture/adrs/core/0010-multi-tenancy-architecture-strategy.md",
|
|
119
|
-
"reference/architecture/adrs/dotnet/0060-dotnet-multi-tenancy-dual-layer-strategy.md"
|
|
120
|
-
],
|
|
121
|
-
"exitCriteria": {
|
|
122
|
-
"description": "All tenant-scoped queries include tenant_id filter. Database RLS enforced. Tenant context propagated through all layers.",
|
|
123
|
-
"validationTools": [
|
|
124
|
-
"SQL analysis",
|
|
125
|
-
"integration tests with tenant isolation",
|
|
126
|
-
"security scan"
|
|
127
|
-
]
|
|
128
|
-
}
|
|
129
|
-
}
|
|
@@ -1,115 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0018-testing-pyramid.rules.json",
|
|
4
|
-
"title": "ADR-0018 — Testing Pyramid and Quality Gates Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0018 Testing Pyramid. Enforces layered testing with distribution targets and blocking thresholds.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0018",
|
|
8
|
-
"adrTitle": "Testing Pyramid and Automated Quality Gates",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-08",
|
|
11
|
-
"effectiveDate": "2026-05-08",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "TPY-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "test-layer-distribution",
|
|
17
|
-
"title": "Test distribution follows 70/20/10 pyramid",
|
|
18
|
-
"description": "Test suite distribution MUST target: 70% unit tests, 20% integration tests, 10% E2E tests. Deviation beyond 5% tolerance requires written explanation in PR.",
|
|
19
|
-
"rationale": "ADR-0018 §Decision: Rigid test requirements prevent gradual regression. Pyramid distribution enforces coverage quality.",
|
|
20
|
-
"validationQuery": "CI reports test count by type. Distribution checked against target ±5% tolerance.",
|
|
21
|
-
"blocking": false,
|
|
22
|
-
"target": {
|
|
23
|
-
"unit": 70,
|
|
24
|
-
"integration": 20,
|
|
25
|
-
"e2e": 10,
|
|
26
|
-
"tolerance": 5
|
|
27
|
-
}
|
|
28
|
-
},
|
|
29
|
-
{
|
|
30
|
-
"id": "TPY-02",
|
|
31
|
-
"severity": "MUST",
|
|
32
|
-
"category": "unit-testing",
|
|
33
|
-
"title": "Unit tests dominate total test volume",
|
|
34
|
-
"description": "Unit tests MUST dominate the total test volume. Unit tests isolate pure core and application classes. Tests must not execute IO or container startups.",
|
|
35
|
-
"rationale": "ADR-0018 §Decision: Unit layer dominates total test volume using standard Jest executions isolating pure core and application classes.",
|
|
36
|
-
"validationQuery": "Unit test execution time < 50ms average. No testcontainer, database, or HTTP call in unit tests.",
|
|
37
|
-
"blocking": true,
|
|
38
|
-
"layer": "Core, Application"
|
|
39
|
-
},
|
|
40
|
-
{
|
|
41
|
-
"id": "TPY-03",
|
|
42
|
-
"severity": "MUST",
|
|
43
|
-
"category": "integration-testing",
|
|
44
|
-
"title": "Integration tests use ephemeral containers",
|
|
45
|
-
"description": "Integration tests MUST test persistence and gateway adapters against active databases using testcontainer engines (e.g., live PostgreSQL/Redis in ephemeral containers). No shared state between test runs.",
|
|
46
|
-
"rationale": "ADR-0018 §Decision: Integration layer uses testcontainers for safe, isolated database testing.",
|
|
47
|
-
"validationQuery": "Integration tests use ephemeral containers. No mutable shared database state across test runs.",
|
|
48
|
-
"blocking": false,
|
|
49
|
-
"layer": "Infrastructure"
|
|
50
|
-
},
|
|
51
|
-
{
|
|
52
|
-
"id": "TPY-04",
|
|
53
|
-
"severity": "MUST",
|
|
54
|
-
"category": "e2e-testing",
|
|
55
|
-
"title": "E2E tests cover full HTTP routes",
|
|
56
|
-
"description": "E2E tests deploy isolated supertest routines orchestrating full HTTP routes (Controller Service Database) testing actual external boundary security and transport.",
|
|
57
|
-
"rationale": "ADR-0018 §Decision: E2E layer tests complete HTTP integration from controller to database.",
|
|
58
|
-
"validationQuery": "E2E tests execute real HTTP requests against deployed service. No mocked services.",
|
|
59
|
-
"blocking": false,
|
|
60
|
-
"layer": "Api"
|
|
61
|
-
},
|
|
62
|
-
{
|
|
63
|
-
"id": "TPY-05",
|
|
64
|
-
"severity": "MUST",
|
|
65
|
-
"category": "coverage-threshold",
|
|
66
|
-
"title": "Business logic coverage >= 80%",
|
|
67
|
-
"description": "CI pipeline rigorously denies processing merge commits that collapse general test coverage thresholds underneath 80% for business logic.",
|
|
68
|
-
"rationale": "ADR-0018 §Decision: Binary gates enforce coverage minimums before code enters target branch.",
|
|
69
|
-
"validationQuery": "Coverage report shows business logic coverage >= 80%. CI fails below threshold.",
|
|
70
|
-
"blocking": true,
|
|
71
|
-
"threshold": 80
|
|
72
|
-
},
|
|
73
|
-
{
|
|
74
|
-
"id": "TPY-06",
|
|
75
|
-
"severity": "MUST",
|
|
76
|
-
"category": "per-layer-thresholds",
|
|
77
|
-
"title": "Per-layer coverage thresholds enforced",
|
|
78
|
-
"description": "Coverage thresholds are enforced per layer: Domain >= 95%, Application >= 85%, Infrastructure >= 60%, BFF/Controllers >= 70%. Aggregate coverage is insufficient.",
|
|
79
|
-
"rationale": "Senior Architectural Assessment finding: 70% aggregate can be reached with happy paths only. Layer differentiation is required for hexagonal architectures with rich domains.",
|
|
80
|
-
"validationQuery": "Jest/Istanbul configured with coverageThresholds by path pattern. Each layer meets its threshold.",
|
|
81
|
-
"blocking": true,
|
|
82
|
-
"layerThresholds": {
|
|
83
|
-
"Domain": 95,
|
|
84
|
-
"Application": 85,
|
|
85
|
-
"Infrastructure": 60,
|
|
86
|
-
"Api": 70
|
|
87
|
-
}
|
|
88
|
-
},
|
|
89
|
-
{
|
|
90
|
-
"id": "TPY-07",
|
|
91
|
-
"severity": "MUST NOT",
|
|
92
|
-
"category": "test-isolation",
|
|
93
|
-
"title": "Unit tests do not execute IO",
|
|
94
|
-
"description": "Unit tests MUST NOT execute IO operations (file system, network, database). Pure domain tests run in milliseconds with no external dependencies.",
|
|
95
|
-
"rationale": "ADR-0018 §Decision: Unit tests isolate pure core and application classes. IO would defeat isolation.",
|
|
96
|
-
"validationQuery": "Unit tests complete without network calls, file system access, or database connections. Mock all external dependencies.",
|
|
97
|
-
"blocking": true,
|
|
98
|
-
"layer": "Core, Application"
|
|
99
|
-
}
|
|
100
|
-
],
|
|
101
|
-
"references": [
|
|
102
|
-
"reference/architecture/adrs/core/0018-testing-pyramid-quality-gates.md",
|
|
103
|
-
"reference/architecture/adrs/core/0005-ci-cd-quality-codeql.md",
|
|
104
|
-
"reference/governance/sdlc/quality-gates.md"
|
|
105
|
-
],
|
|
106
|
-
"exitCriteria": {
|
|
107
|
-
"description": "Pyramid distribution validated per release. Coverage thresholds enforced in CI. SLA compliance tracked.",
|
|
108
|
-
"validationTools": [
|
|
109
|
-
"Jest",
|
|
110
|
-
"Istanbul",
|
|
111
|
-
"testcontainers",
|
|
112
|
-
"supertest"
|
|
113
|
-
]
|
|
114
|
-
}
|
|
115
|
-
}
|
|
@@ -1,134 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0032-protocol-selection.rules.json",
|
|
4
|
-
"title": "ADR-0032 — API Protocol Selection Matrix Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0032 Protocol Selection Matrix. Mandatory protocol selection for internal, external, and BFF communication.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0032",
|
|
8
|
-
"adrTitle": "API Protocol Selection Matrix (REST vs gRPC vs GraphQL)",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-11",
|
|
11
|
-
"effectiveDate": "2026-05-11",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "PROT-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "internal-communication",
|
|
17
|
-
"title": "Internal service-to-service uses gRPC",
|
|
18
|
-
"description": "MANDATE: gRPC (Protocol Buffers over HTTP/2) for all internal service-to-service communication between bounded contexts. Scope: synchronous calls where both services are owned by the organization.",
|
|
19
|
-
"rationale": "ADR-0032 §Decision: High performance, binary serialization, and strict type-safety through unified .proto contracts.",
|
|
20
|
-
"validationQuery": "Internal service calls use gRPC. No REST calls between internal bounded contexts (telemetry confirms).",
|
|
21
|
-
"blocking": true,
|
|
22
|
-
"scenario": "Machine-to-Machine (Internal)"
|
|
23
|
-
},
|
|
24
|
-
{
|
|
25
|
-
"id": "PROT-02",
|
|
26
|
-
"severity": "MUST",
|
|
27
|
-
"category": "external-communication",
|
|
28
|
-
"title": "Public and external APIs use REST",
|
|
29
|
-
"description": "MANDATE: REST (JSON over HTTPS) for all public third-party and external integration. Scope: external customer integrations, legacy corporate gateway connections, and global developer public APIs.",
|
|
30
|
-
"rationale": "ADR-0032 §Decision: Industry universality, trivial consumption, easiest debugging/testing, broad interactive documentation.",
|
|
31
|
-
"validationQuery": "Public API endpoints use REST/JSON. OpenAPI spec available for all public APIs.",
|
|
32
|
-
"blocking": true,
|
|
33
|
-
"scenario": "Public Third-Party & External Integration"
|
|
34
|
-
},
|
|
35
|
-
{
|
|
36
|
-
"id": "PROT-03",
|
|
37
|
-
"severity": "MUST",
|
|
38
|
-
"category": "bff-communication",
|
|
39
|
-
"title": "BFF uses REST primary, GraphQL targeted",
|
|
40
|
-
"description": "Default to REST for standard flows (CRUD commands). Adopt GraphQL strictly at the NestJS BFF level ONLY when a screen requires complex data aggregation (fetching Entities, associated Taxonomies, Audits, and relations simultaneously).",
|
|
41
|
-
"rationale": "ADR-0032 §Decision: Prevents mobile/web over-fetching and multiple sequential roundtrips for rich read scenarios.",
|
|
42
|
-
"validationQuery": "BFF uses REST for standard CRUD. GraphQL used only for aggregate read scenarios with documented justification.",
|
|
43
|
-
"blocking": false,
|
|
44
|
-
"scenario": "Frontend Portals & Dynamic BFF Orchestration"
|
|
45
|
-
},
|
|
46
|
-
{
|
|
47
|
-
"id": "PROT-04",
|
|
48
|
-
"severity": "MUST NOT",
|
|
49
|
-
"category": "graphql-isolation",
|
|
50
|
-
"title": "GraphQL resolvers never in domain layer",
|
|
51
|
-
"description": "GraphQL runtime logic MUST exist only within Tier-2 BFF application nodes. Core domain API definitions never natively support GraphQL resolvers. This prevents view-specific constraints from leaking into domain business logic.",
|
|
52
|
-
"rationale": "ADR-0032 §Architecture Guidelines: GraphQL isolation. Core domain must remain protocol-agnostic.",
|
|
53
|
-
"validationQuery": "No GraphQL resolvers in Core or Application layers. GraphQL exists only in BFF/Api layer.",
|
|
54
|
-
"blocking": true,
|
|
55
|
-
"scenario": "Domain Layer"
|
|
56
|
-
},
|
|
57
|
-
{
|
|
58
|
-
"id": "PROT-05",
|
|
59
|
-
"severity": "MUST",
|
|
60
|
-
"category": "protobuf-centralization",
|
|
61
|
-
"title": "Proto files centralized in Contracts library",
|
|
62
|
-
"description": "All internal gRPC service schemas (.proto) are hosted and versioned in a unified Contracts library (libs/contracts or similar) to prevent drifted interface models.",
|
|
63
|
-
"rationale": "ADR-0032 §Architecture Guidelines: Protobuf centralization prevents interface drift between services.",
|
|
64
|
-
"validationQuery": ".proto files exist in shared Contracts library. No duplicate .proto definitions across services.",
|
|
65
|
-
"blocking": true
|
|
66
|
-
},
|
|
67
|
-
{
|
|
68
|
-
"id": "PROT-06",
|
|
69
|
-
"severity": "SHOULD",
|
|
70
|
-
"category": "streaming",
|
|
71
|
-
"title": "File uploads/streams prefer gRPC streaming",
|
|
72
|
-
"description": "File uploads and streaming scenarios SHOULD use gRPC streaming capabilities for native streaming or REST multipart as fallback.",
|
|
73
|
-
"rationale": "ADR-0032 §Selection Decision Tree: Native streaming capability or simple multipart.",
|
|
74
|
-
"validationQuery": "Streaming endpoints evaluated for gRPC first, REST multipart as fallback.",
|
|
75
|
-
"blocking": false
|
|
76
|
-
},
|
|
77
|
-
{
|
|
78
|
-
"id": "PROT-07",
|
|
79
|
-
"severity": "MUST",
|
|
80
|
-
"category": "contract-versioning",
|
|
81
|
-
"title": "Breaking changes require version bump",
|
|
82
|
-
"description": "Breaking changes to inter-service contracts (gRPC .proto or REST OpenAPI) require a new major version. Consumer-driven contract tests must pass before merge.",
|
|
83
|
-
"rationale": "ADR-0032 §Decision: Contract versioning ensures backward compatibility during service evolution.",
|
|
84
|
-
"validationQuery": "Contract tests enforce backward compatibility. Breaking changes blocked by CI.",
|
|
85
|
-
"blocking": true
|
|
86
|
-
}
|
|
87
|
-
],
|
|
88
|
-
"protocolMatrix": [
|
|
89
|
-
{
|
|
90
|
-
"scenario": "Machine-to-Machine (Internal)",
|
|
91
|
-
"protocol": "gRPC",
|
|
92
|
-
"justification": "Low latency, binary compaction, strongly typed"
|
|
93
|
-
},
|
|
94
|
-
{
|
|
95
|
-
"scenario": "File Uploads/Streams",
|
|
96
|
-
"protocol": "gRPC / REST",
|
|
97
|
-
"justification": "Native streaming or simple multipart"
|
|
98
|
-
},
|
|
99
|
-
{
|
|
100
|
-
"scenario": "Public Open API / Developer Docs",
|
|
101
|
-
"protocol": "REST",
|
|
102
|
-
"justification": "Universal standard, easiest vendor adoption"
|
|
103
|
-
},
|
|
104
|
-
{
|
|
105
|
-
"scenario": "High-Density Aggregate Dashboards",
|
|
106
|
-
"protocol": "GraphQL",
|
|
107
|
-
"justification": "Resolves under-fetching / recursive lookups"
|
|
108
|
-
},
|
|
109
|
-
{
|
|
110
|
-
"scenario": "Low-Power Mobile Data Retrieval",
|
|
111
|
-
"protocol": "GraphQL",
|
|
112
|
-
"justification": "Client strictly defines data shape"
|
|
113
|
-
},
|
|
114
|
-
{
|
|
115
|
-
"scenario": "Standard CRUD",
|
|
116
|
-
"protocol": "REST",
|
|
117
|
-
"justification": "Predictable cacheability, native HTTP semantics"
|
|
118
|
-
}
|
|
119
|
-
],
|
|
120
|
-
"references": [
|
|
121
|
-
"reference/architecture/adrs/core/0032-api-protocol-decision-matrix-rest-grpc-graphql.md",
|
|
122
|
-
"reference/architecture/adrs/nodejs/0027-dual-protocol-rest-grpc-api-gateway.md",
|
|
123
|
-
"reference/architecture/adrs/core/0030-two-tier-distributed-gateway-model.md"
|
|
124
|
-
],
|
|
125
|
-
"exitCriteria": {
|
|
126
|
-
"description": "All inter-service communication uses correct protocol per matrix. Contracts centralized and versioned.",
|
|
127
|
-
"validationTools": [
|
|
128
|
-
"gRPC",
|
|
129
|
-
"OpenAPI",
|
|
130
|
-
"Pact",
|
|
131
|
-
"network traffic analysis"
|
|
132
|
-
]
|
|
133
|
-
}
|
|
134
|
-
}
|
|
@@ -1,131 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0040-multi-runtime.rules.json",
|
|
4
|
-
"title": "ADR-0040 — Multi-Runtime Selection Matrix Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0040 Multi-Runtime Selection. Defines runtime selection by workload profile and inter-runtime communication rules.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0040",
|
|
8
|
-
"adrTitle": "Multi-Runtime Selection Matrix & Inter-Runtime Contracts",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-11",
|
|
11
|
-
"effectiveDate": "2026-05-11",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "RUNT-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "runtime-selection",
|
|
17
|
-
"title": "Runtime selected by workload profile only",
|
|
18
|
-
"description": "Teams MUST select the target runtime based exclusively on the specific workload profile. Language selection must not be based on subjective preference.",
|
|
19
|
-
"rationale": "ADR-0040 §Decision: Optimized cost/performance. Each workload runs on the engine most efficient for its memory/CPU profile.",
|
|
20
|
-
"validationQuery": "Runtime selection documented in evolith.yaml and justified by workload profile analysis.",
|
|
21
|
-
"blocking": true
|
|
22
|
-
},
|
|
23
|
-
{
|
|
24
|
-
"id": "RUNT-02",
|
|
25
|
-
"severity": "MUST",
|
|
26
|
-
"category": "web-apis",
|
|
27
|
-
"title": "Web APIs and BFF use Node.js/TypeScript",
|
|
28
|
-
"description": "MANDATE: Node.js/TypeScript for Web APIs, BFF, and I/O-bound workloads. Rationale: High I/O concurrency, rapid delivery, extensive community ecosystem.",
|
|
29
|
-
"rationale": "ADR-0040 §Runtime Selection Matrix: Web APIs, BFF, I/O Bound → Node.js/TypeScript.",
|
|
30
|
-
"validationQuery": "Web API and BFF services run on Node.js. No .NET or other runtimes for these workloads without explicit ADR exception.",
|
|
31
|
-
"blocking": true,
|
|
32
|
-
"workload": "Web APIs, BFF, I/O Bound",
|
|
33
|
-
"runtime": "Node.js/TypeScript"
|
|
34
|
-
},
|
|
35
|
-
{
|
|
36
|
-
"id": "RUNT-03",
|
|
37
|
-
"severity": "MUST",
|
|
38
|
-
"category": "compute-workloads",
|
|
39
|
-
"title": "High compute and batch use .NET (C#)",
|
|
40
|
-
"description": "MANDATE: .NET (C#) for High Compute, ETL, and Batch workloads. Rationale: Superior multi-threading performance, typed raw compute, heavy math.",
|
|
41
|
-
"rationale": "ADR-0040 §Runtime Selection Matrix: High Compute, ETL, Batch → .NET (C#).",
|
|
42
|
-
"validationQuery": "High compute services (ETL, batch processing, mathematical computation) run on .NET. Documented workload classification in evolith.yaml.",
|
|
43
|
-
"blocking": true,
|
|
44
|
-
"workload": "High Compute, ETL, Batch",
|
|
45
|
-
"runtime": ".NET (C#)"
|
|
46
|
-
},
|
|
47
|
-
{
|
|
48
|
-
"id": "RUNT-04",
|
|
49
|
-
"severity": "MUST",
|
|
50
|
-
"category": "mobile-workloads",
|
|
51
|
-
"title": "Mobile with hardware access uses Android/Kotlin",
|
|
52
|
-
"description": "MANDATE: Android (Kotlin) for Operative Mobility workloads with direct hardware peripheral access (Scanners, GPS, Cameras) and strict offline mode requirements.",
|
|
53
|
-
"rationale": "ADR-0040 §Runtime Selection Matrix: Operative Mobility → Android (Kotlin).",
|
|
54
|
-
"validationQuery": "Mobile apps requiring hardware access run on Android/Kotlin. iOS considered only with Architecture Board exception.",
|
|
55
|
-
"blocking": true,
|
|
56
|
-
"workload": "Operative Mobility",
|
|
57
|
-
"runtime": "Android (Kotlin)"
|
|
58
|
-
},
|
|
59
|
-
{
|
|
60
|
-
"id": "RUNT-05",
|
|
61
|
-
"severity": "MUST NOT",
|
|
62
|
-
"category": "runtime-coupling",
|
|
63
|
-
"title": "Direct runtime dependency forbidden",
|
|
64
|
-
"description": "Direct runtime dependency is forbidden. Communication between disparate runtimes MUST traverse explicitly defined boundaries. No Node.js code directly importing .NET assemblies or vice versa.",
|
|
65
|
-
"rationale": "ADR-0040 §Decision: Runtime isolation prevents tight coupling that prevents independent evolution.",
|
|
66
|
-
"validationQuery": "No direct cross-runtime imports. All inter-runtime calls go through protocol boundaries (gRPC/REST).",
|
|
67
|
-
"blocking": true
|
|
68
|
-
},
|
|
69
|
-
{
|
|
70
|
-
"id": "RUNT-06",
|
|
71
|
-
"severity": "MUST",
|
|
72
|
-
"category": "sync-interop",
|
|
73
|
-
"title": "Synchronous inter-op uses gRPC",
|
|
74
|
-
"description": "Synchronous Inter-Op between runtimes (Node.js ↔ .NET) MUST mandatorily utilize gRPC (Protocol Buffers) for low-latency type-safe transmission.",
|
|
75
|
-
"rationale": "ADR-0040 §Inter-Runtime Communications Rule: gRPC for synchronous inter-op.",
|
|
76
|
-
"validationQuery": "Node.js ↔ .NET synchronous calls use gRPC. Contract tests validate proto compatibility.",
|
|
77
|
-
"blocking": true,
|
|
78
|
-
"scenario": "Synchronous Inter-Op"
|
|
79
|
-
},
|
|
80
|
-
{
|
|
81
|
-
"id": "RUNT-07",
|
|
82
|
-
"severity": "MUST",
|
|
83
|
-
"category": "async-interop",
|
|
84
|
-
"title": "Asynchronous inter-op uses message broker",
|
|
85
|
-
"description": "Asynchronous Inter-Op utilizes RabbitMQ/Kafka with contract validation via JSON-Schema or Protobuf. Contracts must be centrally stored and versioned.",
|
|
86
|
-
"rationale": "ADR-0040 §Inter-Runtime Communications Rule: RabbitMQ/Kafka for async inter-op with schema validation.",
|
|
87
|
-
"validationQuery": "Async events validated against schema. Message broker contracts centralized in shared library.",
|
|
88
|
-
"blocking": false,
|
|
89
|
-
"scenario": "Asynchronous Inter-Op"
|
|
90
|
-
},
|
|
91
|
-
{
|
|
92
|
-
"id": "RUNT-08",
|
|
93
|
-
"severity": "MUST",
|
|
94
|
-
"category": "contract-registry",
|
|
95
|
-
"title": "Contracts centrally stored and versioned",
|
|
96
|
-
"description": "All inter-runtime contracts must be centrally stored and versioned using semantic versioning. Changes require Pact JS/Net backward compatibility verification.",
|
|
97
|
-
"rationale": "ADR-0040 §Contract Registry: Centralized versioning prevents contract drift.",
|
|
98
|
-
"validationQuery": "Contract registry exists and is referenced by all inter-runtime communicating services.",
|
|
99
|
-
"blocking": true
|
|
100
|
-
}
|
|
101
|
-
],
|
|
102
|
-
"runtimeMatrix": [
|
|
103
|
-
{
|
|
104
|
-
"workload": "Web APIs, BFF, I/O Bound",
|
|
105
|
-
"runtime": "Node.js/TypeScript",
|
|
106
|
-
"rationale": "High I/O concurrency, rapid delivery"
|
|
107
|
-
},
|
|
108
|
-
{
|
|
109
|
-
"workload": "High Compute, ETL, Batch",
|
|
110
|
-
"runtime": ".NET (C#)",
|
|
111
|
-
"rationale": "Superior multi-threading, typed compute"
|
|
112
|
-
},
|
|
113
|
-
{
|
|
114
|
-
"workload": "Operative Mobility",
|
|
115
|
-
"runtime": "Android (Kotlin)",
|
|
116
|
-
"rationale": "Direct hardware access, strict offline mode"
|
|
117
|
-
}
|
|
118
|
-
],
|
|
119
|
-
"references": [
|
|
120
|
-
"reference/architecture/adrs/core/0040-multi-runtime-selection-contracts.md",
|
|
121
|
-
"reference/architecture/adrs/dotnet/0041-canonical-dotnet-backend-architecture.md"
|
|
122
|
-
],
|
|
123
|
-
"exitCriteria": {
|
|
124
|
-
"description": "Runtime selection documented per service. Inter-runtime communication uses gRPC/RabbitMQ. Contracts versioned centrally.",
|
|
125
|
-
"validationTools": [
|
|
126
|
-
"evolits.yaml validation",
|
|
127
|
-
"gRPC",
|
|
128
|
-
"Pact"
|
|
129
|
-
]
|
|
130
|
-
}
|
|
131
|
-
}
|