@evolith/core-domain 1.0.1 → 1.0.3

package/rulesets/opa/knowledge-intake.rego

@@ -1,98 +0,0 @@
-package evolith.knowledge_intake
-
-violations[{"id": "KI-R01", "message": "Knowledge candidate must declare provenance and permitted retention rights."}] {
-  not input.source.class
-}
-
-violations[{"id": "KI-R01", "message": "Knowledge candidate must declare provenance and permitted retention rights."}] {
-  not input.source.locator
-}
-
-violations[{"id": "KI-R01", "message": "Knowledge candidate must declare provenance and permitted retention rights."}] {
-  not input.source.retrieved_at
-}
-
-violations[{"id": "KI-R01", "message": "Knowledge candidate must declare provenance and permitted retention rights."}] {
-  not input.source.rights_status
-}
-
-violations[{"id": "KI-R02", "message": "Knowledge candidate must be reviewed by @winston and have a next review date."}] {
-  input.review.owner != "@winston"
-}
-
-violations[{"id": "KI-R02", "message": "Knowledge candidate must be reviewed by @winston and have a next review date."}] {
-  not input.review.next_review_at
-}
-
-violations[{"id": "KI-R02", "message": "Knowledge candidate must have a review_freshness date."}] {
-  not input.review.review_freshness
-}
-
-violations[{"id": "KI-R03", "message": "Executable knowledge requires ADR, Native rule, OPA policy, and fixtures."}] {
-  input.promotion.status == "executable"
-  not input.promotion.adr
-}
-
-violations[{"id": "KI-R03", "message": "Executable knowledge requires ADR, Native rule, OPA policy, and fixtures."}] {
-  input.promotion.status == "executable"
-  not input.promotion.native_rule
-}
-
-violations[{"id": "KI-R03", "message": "Executable knowledge requires ADR, Native rule, OPA policy, and fixtures."}] {
-  input.promotion.status == "executable"
-  not input.promotion.opa_policy
-}
-
-violations[{"id": "KI-R03", "message": "Executable knowledge requires ADR, Native rule, OPA policy, and fixtures."}] {
-  input.promotion.status == "executable"
-  count(input.promotion.fixtures) == 0
-}
-
-violations[{"id": "KI-R04", "message": "Knowledge candidate must declare maturity."}] {
-  not input.assessment.maturity
-}
-
-violations[{"id": "KI-R04", "message": "Knowledge candidate must list preconditions."}] {
-  not input.assessment.preconditions
-}
-
-violations[{"id": "KI-R04", "message": "Knowledge candidate must list anti-patterns."}] {
-  not input.assessment.anti_patterns
-}
-
-violations[{"id": "KI-R04", "message": "Knowledge candidate must list alternatives."}] {
-  not input.assessment.alternatives
-}
-
-violations[{"id": "KI-R05", "message": "Knowledge candidate must link to a source registry entry via source_registry_id."}] {
-  input.source_registry_id == null
-}
-
-violations[{"id": "KI-R05", "message": "Knowledge candidate must link to a source registry entry via source_registry_id."}] {
-  not input.source_registry_id
-}
-
-violations[{"id": "KI-R06", "message": "Non-candidate promotion must record promoted_at and promoted_by."}] {
-  input.promotion.status != "candidate"
-  not input.promotion.promoted_at
-}
-
-violations[{"id": "KI-R06", "message": "Non-candidate promotion must record promoted_at and promoted_by."}] {
-  input.promotion.status != "candidate"
-  not input.promotion.promoted_by
-}
-
-violations[{"id": "KI-R07", "message": "Accepted or executable status requires a non-null ADR reference."}] {
-  input.promotion.status == "accepted"
-  input.promotion.adr == null
-}
-
-violations[{"id": "KI-R07", "message": "Accepted or executable status requires a non-null ADR reference."}] {
-  input.promotion.status == "executable"
-  input.promotion.adr == null
-}
-
-violations[{"id": "KI-R07", "message": "Retired status requires a non-null disposition reason."}] {
-  input.promotion.status == "retired"
-  input.promotion.disposition == null
-}

package/rulesets/opa/knowledge-intake.test.rego

@@ -1,50 +0,0 @@
-package evolith.knowledge_intake_test
-
-import data.evolith.knowledge_intake
-
-valid_candidate := {"source_registry_id": "SRC-TEST-001", "source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20", "rights_status": "citation-and-synthesis-only"}, "assessment": {"maturity": "proven", "preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20", "review_freshness": "2026-06-20"}, "promotion": {"status": "candidate", "fixtures": []}}
-
-test_candidate_with_provenance_has_no_violations {
-  violations := knowledge_intake.violations with input as valid_candidate
-  count(violations) == 0
-}
-
-test_missing_rights_is_rejected {
-  candidate := {"source_registry_id": "SRC-TEST-001", "source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20"}, "assessment": {"maturity": "proven", "preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20", "review_freshness": "2026-06-20"}, "promotion": {"status": "candidate", "fixtures": []}}
-  knowledge_intake.violations[_].id == "KI-R01" with input as candidate
-}
-
-test_executable_without_fixtures_is_rejected {
-  candidate := object.union(valid_candidate, {"promotion": {"status": "executable", "adr": "ADR-0100", "native_rule": "KI-R01", "opa_policy": "knowledge-intake.rego", "fixtures": []}})
-  knowledge_intake.violations[_].id == "KI-R03" with input as candidate
-}
-
-test_missing_maturity_is_rejected {
-  candidate := {"source_registry_id": "SRC-TEST-001", "source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20", "rights_status": "citation-and-synthesis-only"}, "assessment": {"preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20", "review_freshness": "2026-06-20"}, "promotion": {"status": "candidate", "fixtures": []}}
-  knowledge_intake.violations[_].id == "KI-R04" with input as candidate
-}
-
-test_missing_source_registry_link_is_rejected {
-  candidate := {"source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20", "rights_status": "citation-and-synthesis-only"}, "assessment": {"maturity": "proven", "preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20", "review_freshness": "2026-06-20"}, "promotion": {"status": "candidate", "fixtures": []}}
-  knowledge_intake.violations[_].id == "KI-R05" with input as candidate
-}
-
-test_missing_review_freshness_is_rejected {
-  candidate := {"source_registry_id": "SRC-TEST-001", "source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20", "rights_status": "citation-and-synthesis-only"}, "assessment": {"maturity": "proven", "preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20"}, "promotion": {"status": "candidate", "fixtures": []}}
-  knowledge_intake.violations[_].id == "KI-R02" with input as candidate
-}
-
-test_accepted_without_adr_is_rejected {
-  candidate := {"source_registry_id": "SRC-TEST-001", "source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20", "rights_status": "citation-and-synthesis-only"}, "assessment": {"maturity": "proven", "preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20", "review_freshness": "2026-06-20"}, "promotion": {"status": "accepted", "promoted_at": "2026-06-21", "promoted_by": "@winston", "adr": null, "fixtures": []}}
-  knowledge_intake.violations[_].id == "KI-R07" with input as candidate
-}
-
-test_retired_without_disposition_is_rejected {
-  candidate := {"source_registry_id": "SRC-TEST-001", "source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20", "rights_status": "citation-and-synthesis-only"}, "assessment": {"maturity": "proven", "preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20", "review_freshness": "2026-06-20"}, "promotion": {"status": "retired", "promoted_at": "2026-06-21", "promoted_by": "@winston", "disposition": null, "fixtures": []}}
-  knowledge_intake.violations[_].id == "KI-R07" with input as candidate
-}
-
-test_evaluated_without_promoted_at_is_rejected {
-  candidate := {"source_registry_id": "SRC-TEST-001", "source": {"class": "book", "locator": "chapter", "retrieved_at": "2026-06-20", "rights_status": "citation-and-synthesis-only"}, "assessment": {"maturity": "proven", "preconditions": ["domain-modeling"], "anti_patterns": ["anemic"], "alternatives": ["event-sourcing"]}, "review": {"owner": "@winston", "next_review_at": "2026-12-20", "review_freshness": "2026-06-20"}, "promotion": {"status": "evaluated", "promoted_by": "@winston", "fixtures": []}}
-  knowledge_intake.violations[_].id == "KI-R06" with input as candidate
-}

package/rulesets/opa/main.rego

@@ -1,147 +0,0 @@
-package evolith.main
-
-import data.evolith.version_pinning.violations as vp_violations
-import data.evolith.taxonomy.violations as taxonomy_violations
-import data.evolith.cli_readiness.violations as cli_violations
-import data.evolith.evidence.violations as evidence_violations
-import data.evolith.mcp.violations as mcp_violations
-import data.evolith.ci_cd.violations as ci_cd_violations
-import data.evolith.governance.violations as gov_violations
-import data.evolith.abac.violations as abac_violations
-import data.evolith.acl.violations as acl_violations
-import data.evolith.cicd_quality_gates.violations as cicd_qg_violations
-import data.evolith.cli_core_parity.violations as cli_cp_violations
-import data.evolith.cli_release_readiness.violations as cli_rr_violations
-import data.evolith.compliance_baseline.violations as cb_violations
-import data.evolith.dod.violations as dod_violations
-import data.evolith.engineering_manifesto.violations as em_violations
-import data.evolith.executive_scorecards.violations as exec_violations
-import data.evolith.gitflow_branching.violations as git_violations
-import data.evolith.hexagonal_architecture.violations as hxa_violations
-import data.evolith.knowledge_intake.violations as ki_violations
-import data.evolith.multi_runtime.violations as runt_violations
-import data.evolith.multi_tenancy.violations as mtn_violations
-import data.evolith.open_core_boundary.violations as ocb_violations
-import data.evolith.protocol_selection.violations as prot_violations
-import data.evolith.repository_taxonomy.violations as repo_tax_violations
-import data.evolith.satellite_contracts.violations as svc_violations
-import data.evolith.testing_pyramid.violations as tpy_violations
-import data.evolith.telemetry_evidence.violations as telemetry_violations
-import data.evolith.infrastructure.helm.violations as helm_violations
-import data.evolith.infrastructure.opa_sidecar.violations as opa_sidecar_violations
-
-violations[v] {
-	v := vp_violations[_]
-}
-
-violations[v] {
-	v := taxonomy_violations[_]
-}
-
-violations[v] {
-	v := cli_violations[_]
-}
-
-violations[v] {
-	v := evidence_violations[_]
-}
-
-violations[v] {
-	v := mcp_violations[_]
-}
-
-violations[v] {
-	v := ci_cd_violations[_]
-}
-
-violations[v] {
-	v := gov_violations[_]
-}
-
-violations[v] {
-	v := abac_violations[_]
-}
-
-violations[v] {
-	v := acl_violations[_]
-}
-
-violations[v] {
-	v := cicd_qg_violations[_]
-}
-
-violations[v] {
-	v := cli_cp_violations[_]
-}
-
-violations[v] {
-	v := cli_rr_violations[_]
-}
-
-violations[v] {
-	v := cb_violations[_]
-}
-
-violations[v] {
-	v := dod_violations[_]
-}
-
-violations[v] {
-	v := em_violations[_]
-}
-
-violations[v] {
-	v := exec_violations[_]
-}
-
-violations[v] {
-	v := git_violations[_]
-}
-
-violations[v] {
-	v := hxa_violations[_]
-}
-
-violations[v] {
-	v := ki_violations[_]
-}
-
-violations[v] {
-	v := runt_violations[_]
-}
-
-violations[v] {
-	v := mtn_violations[_]
-}
-
-violations[v] {
-	v := ocb_violations[_]
-}
-
-violations[v] {
-	v := prot_violations[_]
-}
-
-violations[v] {
-	v := repo_tax_violations[_]
-}
-
-violations[v] {
-	v := svc_violations[_]
-}
-
-violations[v] {
-	v := tpy_violations[_]
-}
-
-violations[v] {
-	v := telemetry_violations[_]
-}
-
-violations[v] {
-	v := helm_violations[_]
-}
-
-violations[v] {
-	v := opa_sidecar_violations[_]
-}

package/rulesets/opa/main_test.rego

@@ -1,149 +0,0 @@
-package evolith.main_test
-
-import data.evolith.main
-
-test_empty_violations {
-	violations := main.violations with data.evolith.version_pinning.violations as {}
-		with data.evolith.taxonomy.violations as {}
-		with data.evolith.cli_readiness.violations as {}
-		with data.evolith.evidence.violations as {}
-		with data.evolith.mcp.violations as {}
-		with data.evolith.ci_cd.violations as {}
-		with data.evolith.governance.violations as {}
-		with data.evolith.abac.violations as {}
-		with data.evolith.acl.violations as {}
-		with data.evolith.cicd_quality_gates.violations as {}
-		with data.evolith.cli_core_parity.violations as {}
-		with data.evolith.cli_release_readiness.violations as {}
-		with data.evolith.compliance_baseline.violations as {}
-		with data.evolith.dod.violations as {}
-		with data.evolith.engineering_manifesto.violations as {}
-		with data.evolith.executive_scorecards.violations as {}
-		with data.evolith.gitflow_branching.violations as {}
-		with data.evolith.hexagonal_architecture.violations as {}
-		with data.evolith.knowledge_intake.violations as {}
-		with data.evolith.multi_runtime.violations as {}
-		with data.evolith.multi_tenancy.violations as {}
-		with data.evolith.open_core_boundary.violations as {}
-		with data.evolith.protocol_selection.violations as {}
-		with data.evolith.repository_taxonomy.violations as {}
-		with data.evolith.satellite_contracts.violations as {}
-		with data.evolith.testing_pyramid.violations as {}
-
-	count(violations) == 0
-}
-
-test_single_source_violations {
-	violations := main.violations with data.evolith.version_pinning.violations as {{"id": "DEP-01", "message": "fail"}}
-		with data.evolith.taxonomy.violations as {}
-		with data.evolith.cli_readiness.violations as {}
-		with data.evolith.evidence.violations as {}
-		with data.evolith.mcp.violations as {}
-		with data.evolith.ci_cd.violations as {}
-		with data.evolith.governance.violations as {}
-		with data.evolith.abac.violations as {}
-		with data.evolith.acl.violations as {}
-		with data.evolith.cicd_quality_gates.violations as {}
-		with data.evolith.cli_core_parity.violations as {}
-		with data.evolith.cli_release_readiness.violations as {}
-		with data.evolith.compliance_baseline.violations as {}
-		with data.evolith.dod.violations as {}
-		with data.evolith.engineering_manifesto.violations as {}
-		with data.evolith.executive_scorecards.violations as {}
-		with data.evolith.gitflow_branching.violations as {}
-		with data.evolith.hexagonal_architecture.violations as {}
-		with data.evolith.knowledge_intake.violations as {}
-		with data.evolith.multi_runtime.violations as {}
-		with data.evolith.multi_tenancy.violations as {}
-		with data.evolith.open_core_boundary.violations as {}
-		with data.evolith.protocol_selection.violations as {}
-		with data.evolith.repository_taxonomy.violations as {}
-		with data.evolith.satellite_contracts.violations as {}
-		with data.evolith.testing_pyramid.violations as {}
-
-	count(violations) == 1
-	violations[_].id == "DEP-01"
-}
-
-test_multi_source_violations {
-	violations := main.violations with data.evolith.version_pinning.violations as {{"id": "DEP-01", "message": "fail1"}}
-		with data.evolith.taxonomy.violations as {}
-		with data.evolith.cli_readiness.violations as {}
-		with data.evolith.evidence.violations as {}
-		with data.evolith.mcp.violations as {}
-		with data.evolith.ci_cd.violations as {{"id": "DEP-04", "message": "fail2"}}
-		with data.evolith.governance.violations as {}
-		with data.evolith.abac.violations as {}
-		with data.evolith.acl.violations as {}
-		with data.evolith.cicd_quality_gates.violations as {}
-		with data.evolith.cli_core_parity.violations as {}
-		with data.evolith.cli_release_readiness.violations as {}
-		with data.evolith.compliance_baseline.violations as {}
-		with data.evolith.dod.violations as {}
-		with data.evolith.engineering_manifesto.violations as {}
-		with data.evolith.executive_scorecards.violations as {}
-		with data.evolith.gitflow_branching.violations as {}
-		with data.evolith.hexagonal_architecture.violations as {}
-		with data.evolith.knowledge_intake.violations as {}
-		with data.evolith.multi_runtime.violations as {}
-		with data.evolith.multi_tenancy.violations as {}
-		with data.evolith.open_core_boundary.violations as {}
-		with data.evolith.protocol_selection.violations as {}
-		with data.evolith.repository_taxonomy.violations as {}
-		with data.evolith.satellite_contracts.violations as {}
-		with data.evolith.testing_pyramid.violations as {}
-
-	count(violations) == 2
-	violations[_].id == "DEP-01"
-	violations[_].id == "DEP-04"
-}
-
-test_new_policy_violations {
-	violations := main.violations with data.evolith.version_pinning.violations as {}
-		with data.evolith.taxonomy.violations as {}
-		with data.evolith.cli_readiness.violations as {}
-		with data.evolith.evidence.violations as {}
-		with data.evolith.mcp.violations as {}
-		with data.evolith.ci_cd.violations as {}
-		with data.evolith.governance.violations as {}
-		with data.evolith.abac.violations as {{"id": "ABAC-01", "message": "abac fail"}}
-		with data.evolith.acl.violations as {{"id": "ACL-01", "message": "acl fail"}}
-		with data.evolith.cicd_quality_gates.violations as {{"id": "CICD-01", "message": "cicd fail"}}
-		with data.evolith.cli_core_parity.violations as {{"id": "CLI-PAR-01", "message": "parity fail"}}
-		with data.evolith.cli_release_readiness.violations as {{"id": "CLI-RR-01", "message": "release fail"}}
-		with data.evolith.compliance_baseline.violations as {{"id": "CB-VAL-01", "message": "compliance fail"}}
-		with data.evolith.dod.violations as {{"id": "DOD-01", "message": "dod fail"}}
-		with data.evolith.engineering_manifesto.violations as {{"id": "EM-S-01", "message": "manifesto fail"}}
-		with data.evolith.executive_scorecards.violations as {{"id": "DORA-01", "message": "dora fail"}}
-		with data.evolith.gitflow_branching.violations as {{"id": "GIT-01", "message": "gitflow fail"}}
-		with data.evolith.hexagonal_architecture.violations as {{"id": "HXA-01", "message": "hexagonal fail"}}
-		with data.evolith.knowledge_intake.violations as {{"id": "KI-R01", "message": "ki fail"}}
-		with data.evolith.multi_runtime.violations as {{"id": "RUNT-01", "message": "runtime fail"}}
-		with data.evolith.multi_tenancy.violations as {{"id": "MTN-01", "message": "tenancy fail"}}
-		with data.evolith.open_core_boundary.violations as {{"id": "OCB-01", "message": "ocb fail"}}
-		with data.evolith.protocol_selection.violations as {{"id": "PROT-01", "message": "protocol fail"}}
-		with data.evolith.repository_taxonomy.violations as {{"id": "TAX-05", "message": "taxonomy fail"}}
-		with data.evolith.satellite_contracts.violations as {{"id": "SVC-01", "message": "satellite fail"}}
-		with data.evolith.testing_pyramid.violations as {{"id": "TPY-01", "message": "testing fail"}}
-
-	count(violations) == 19
-	violations[_].id == "ABAC-01"
-	violations[_].id == "ACL-01"
-	violations[_].id == "CICD-01"
-	violations[_].id == "CLI-PAR-01"
-	violations[_].id == "CLI-RR-01"
-	violations[_].id == "CB-VAL-01"
-	violations[_].id == "DOD-01"
-	violations[_].id == "EM-S-01"
-	violations[_].id == "DORA-01"
-	violations[_].id == "GIT-01"
-	violations[_].id == "HXA-01"
-	violations[_].id == "KI-R01"
-	violations[_].id == "RUNT-01"
-	violations[_].id == "MTN-01"
-	violations[_].id == "OCB-01"
-	violations[_].id == "PROT-01"
-	violations[_].id == "TAX-05"
-	violations[_].id == "SVC-01"
-	violations[_].id == "TPY-01"
-}

package/rulesets/opa/mcp.rego

@@ -1,61 +0,0 @@
-package evolith.mcp
-
-smoke_keys := [k | input.core.evidence[k]; contains(k, "mcp")]
-
-violations[{"id": "MCP-01", "message": "Run .harness/scripts/mcp-smoke.mjs to generate evidence"}] {
-    count(smoke_keys) == 0
-}
-
-violations[{"id": "MCP-02", "message": "Run .harness/scripts/mcp-smoke.mjs to generate evidence"}] {
-    count(smoke_keys) == 0
-}
-
-violations[{"id": "MCP-03", "message": "Run .harness/scripts/mcp-smoke.mjs to generate evidence"}] {
-    count(smoke_keys) == 0
-}
-
-violations[{"id": "MCP-01", "message": "Evidence missing results field"}] {
-    count(smoke_keys) > 0
-    smoke := input.core.evidence[smoke_keys[0]]
-    not smoke.results
-}
-
-violations[{"id": "MCP-01", "message": "initialize response missing from evidence"}] {
-    count(smoke_keys) > 0
-    smoke := input.core.evidence[smoke_keys[0]]
-    smoke.results
-    not smoke.results["initialize"]
-}
-
-violations[{"id": "MCP-02", "message": "tools/list response missing from evidence"}] {
-    count(smoke_keys) > 0
-    smoke := input.core.evidence[smoke_keys[0]]
-    smoke.results
-    not smoke.results["tools/list"]
-}
-
-violations[{"id": "MCP-03", "message": "resources/list response missing from evidence"}] {
-    count(smoke_keys) > 0
-    smoke := input.core.evidence[smoke_keys[0]]
-    smoke.results
-    not smoke.results["resources/list"]
-}
-
-violations[{"id": "MCP-04", "message": "MCP server.ts not found"}] {
-    not input.core.cli.mcpServerSource
-}
-
-violations[{"id": "MCP-04", "message": "MCP transport config missing apiKey or local-only restriction"}] {
-    src := input.core.cli.mcpServerSource
-    not contains(src, "apiKey")
-    not contains(src, "local-only")
-    not contains(src, "localhost")
-}
-
-violations[{"id": "MCP-05", "message": "MCP tool calls SHOULD emit latency, success, failure, and error class metrics — no metrics instrumentation detected in MCP server source"}] {
-    src := input.core.cli.mcpServerSource
-    not contains(src, "latency")
-    not contains(src, "metrics")
-    not contains(src, "histogram")
-    not contains(src, "counter")
-}

package/rulesets/opa/mcp.test.rego

@@ -1,27 +0,0 @@
-package evolith.mcp_test
-
-import data.evolith.mcp
-
-test_complete_mcp_has_no_violations {
-  input := {"core": {"cli": {"mcpServerSource": "apiKey localhost"}, "evidence": {"mcp-smoke.json": {"results": {"initialize": {}, "tools/list": {}, "resources/list": {}}, "status": "passed"}}}}
-  violations := mcp.violations with input as input
-  count(violations) == 0
-}
-
-test_missing_mcp_evidence_is_rejected {
-  input := {"core": {"cli": {"mcpServerSource": ""}, "evidence": {}}}
-  violations := mcp.violations with input as input
-  violations[_].id == "MCP-01"
-}
-
-test_missing_server_source_is_rejected {
-  input := {"core": {"cli": {"mcpServerSource": ""}, "evidence": {"mcp-smoke.json": {"results": {"initialize": {}, "tools/list": {}, "resources/list": {}}, "status": "passed"}}}}
-  violations := mcp.violations with input as input
-  violations[_].id == "MCP-04"
-}
-
-test_missing_resources_list_is_rejected {
-  input := {"core": {"cli": {"mcpServerSource": "apiKey"}, "evidence": {"mcp-smoke.json": {"results": {"initialize": {}, "tools/list": {}}, "status": "passed"}}}}
-  violations := mcp.violations with input as input
-  violations[_].id == "MCP-03"
-}

package/rulesets/opa/multi-runtime.rego

@@ -1,33 +0,0 @@
-package evolith.multi_runtime
-
-violations[{"id": "RUNT-01", "message": "Runtime selection not documented or justified by workload profile"}] {
-    not input.satellite.runtime.selectionDocumented
-}
-
-violations[{"id": "RUNT-02", "message": "Web APIs/BFF not using Node.js/TypeScript — required for I/O-bound workloads"}] {
-    input.satellite.runtime.webApisNotNodeJs
-}
-
-violations[{"id": "RUNT-03", "message": "High compute/batch workloads not using .NET (C#) — required for compute-bound workloads"}] {
-    input.satellite.runtime.highComputeNotDotNet
-}
-
-violations[{"id": "RUNT-05", "message": "Direct runtime dependency detected — cross-runtime calls must go through protocol boundaries"}] {
-    input.satellite.runtime.hasDirectRuntimeDependency
-}
-
-violations[{"id": "RUNT-06", "message": "Synchronous inter-runtime communication not using gRPC"}] {
-    input.satellite.runtime.syncInteropNotGrpc
-}
-
-violations[{"id": "RUNT-04", "message": "Mobile workloads with hardware access (camera, GPS, sensors) must use Android/Kotlin — not cross-platform web wrappers"}] {
-    input.satellite.runtime.mobileHardwareNotKotlin
-}
-
-violations[{"id": "RUNT-07", "message": "Asynchronous inter-runtime communication must use a message broker (Kafka, RabbitMQ, NATS) — direct async calls between runtimes are prohibited"}] {
-    input.satellite.runtime.asyncInteropNotMessageBroker
-}
-
-violations[{"id": "RUNT-08", "message": "Inter-runtime contracts not centrally stored and versioned"}] {
-    not input.satellite.runtime.contractsCentralized
-}

package/rulesets/opa/multi-runtime.test.rego

@@ -1,53 +0,0 @@
-package evolith.multi_runtime_test
-
-import data.evolith.multi_runtime
-
-compliant_input := {"satellite": {"runtime": {
-  "selectionDocumented": true,
-  "webApisNotNodeJs": false,
-  "highComputeNotDotNet": false,
-  "hasDirectRuntimeDependency": false,
-  "syncInteropNotGrpc": false,
-  "contractsCentralized": true,
-}}}
-
-test_compliant_multi_runtime_has_no_violations {
-  violations := multi_runtime.violations with input as compliant_input
-  count(violations) == 0
-}
-
-test_runtime_selection_not_documented_is_rejected {
-  i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/runtime/selectionDocumented", "value": false}])
-  violations := multi_runtime.violations with input as i
-  violations[_].id == "RUNT-01"
-}
-
-test_web_apis_not_nodejs_is_rejected {
-  i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/runtime/webApisNotNodeJs", "value": true}])
-  violations := multi_runtime.violations with input as i
-  violations[_].id == "RUNT-02"
-}
-
-test_high_compute_not_dotnet_is_rejected {
-  i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/runtime/highComputeNotDotNet", "value": true}])
-  violations := multi_runtime.violations with input as i
-  violations[_].id == "RUNT-03"
-}
-
-test_direct_runtime_dependency_is_rejected {
-  i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/runtime/hasDirectRuntimeDependency", "value": true}])
-  violations := multi_runtime.violations with input as i
-  violations[_].id == "RUNT-05"
-}
-
-test_sync_interop_not_grpc_is_rejected {
-  i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/runtime/syncInteropNotGrpc", "value": true}])
-  violations := multi_runtime.violations with input as i
-  violations[_].id == "RUNT-06"
-}
-
-test_contracts_not_centralized_is_rejected {
-  i := json.patch(compliant_input, [{"op": "replace", "path": "/satellite/runtime/contractsCentralized", "value": false}])
-  violations := multi_runtime.violations with input as i
-  violations[_].id == "RUNT-08"
-}

package/rulesets/opa/multi-tenancy.rego

@@ -1,33 +0,0 @@
-package evolith.multi_tenancy
-
-violations[{"id": "MTN-01", "message": "Application-layer tenant filtering not applied — all queries must include tenant_id filter"}] {
-    not input.satellite.multiTenancy.applicationFiltering
-}
-
-violations[{"id": "MTN-02", "message": "Database-native tenant enforcement (RLS) not enabled as secondary failsafe"}] {
-    not input.satellite.multiTenancy.databaseEnforcement
-}
-
-violations[{"id": "MTN-03", "message": "Tenant context not propagated through all layers"}] {
-    not input.satellite.multiTenancy.tenantContextPropagation
-}
-
-violations[{"id": "MTN-04", "message": "Cross-tenant data access detected — strictly prohibited"}] {
-    input.satellite.multiTenancy.crossTenantAccess
-}
-
-violations[{"id": "MTN-05", "message": "Multi-tenant schema strategy not defined in evolith.yaml"}] {
-    not input.satellite.multiTenancy.schemaStrategyDefined
-}
-
-violations[{"id": "MTN-06", "message": "Tenant-scoped audit trail not maintained — all tenant data mutations must be logged with tenant context and actor"}] {
-    not input.satellite.multiTenancy.tenantAuditTrailEnabled
-}
-
-violations[{"id": "MTN-07", "message": "Tenant migration path not defined — schema changes affecting tenant isolation must have a documented migration path"}] {
-    not input.satellite.multiTenancy.tenantMigrationPathDefined
-}
-
-violations[{"id": "MTN-08", "message": "External APIs do not validate tenant context on every request"}] {
-    not input.satellite.multiTenancy.apiTenantValidation
-}