@evolith/core-domain 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +102 -0
- package/dist/domain/services/default-workflow-definition.js +4 -1
- package/dist/domain/services/default-workflow-definition.js.map +1 -1
- package/dist/gates/decision/gate-decision.js.map +1 -1
- package/package.json +1 -2
- package/rulesets/README.es.md +0 -170
- package/rulesets/README.md +0 -170
- package/rulesets/acl/README.es.md +0 -41
- package/rulesets/acl/README.md +0 -41
- package/rulesets/acl/anti-corruption-layer.rules.es.json +0 -99
- package/rulesets/acl/anti-corruption-layer.rules.json +0 -99
- package/rulesets/adr/ADR_COVERAGE.es.md +0 -133
- package/rulesets/adr/ADR_COVERAGE.md +0 -133
- package/rulesets/adr/README.es.md +0 -17
- package/rulesets/adr/README.md +0 -17
- package/rulesets/adr/adr-0002-hexagonal-architecture.rules.json +0 -103
- package/rulesets/adr/adr-0005-cicd-quality-gates.rules.json +0 -102
- package/rulesets/adr/adr-0010-multi-tenancy.rules.json +0 -129
- package/rulesets/adr/adr-0018-testing-pyramid.rules.json +0 -115
- package/rulesets/adr/adr-0032-protocol-selection.rules.json +0 -134
- package/rulesets/adr/adr-0040-multi-runtime.rules.json +0 -131
- package/rulesets/adr/adr-0050-gitflow-branching.rules.json +0 -176
- package/rulesets/adr/generated/adr-0001-monorepo-orchestration-principle.rules.json +0 -29
- package/rulesets/adr/generated/adr-0006-microservices-transition-via-sidecar-pattern.rules.json +0 -29
- package/rulesets/adr/generated/adr-0009-strict-dependency-pinning-and-automated-vulnerability-manage.rules.json +0 -29
- package/rulesets/adr/generated/adr-0011-fault-tolerance-and-resiliency-patterns.rules.json +0 -29
- package/rulesets/adr/generated/adr-0013-cloud-infrastructure-topology-and-disaster-recovery-dr.rules.json +0 -28
- package/rulesets/adr/generated/adr-0014-multi-layer-distributed-caching-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0015-event-driven-architecture-eda-for-intra-domain-communication.rules.json +0 -29
- package/rulesets/adr/generated/adr-0016-immutable-business-audit-trail-and-change-tracking.rules.json +0 -29
- package/rulesets/adr/generated/adr-0017-feature-flagging-strategy-for-progressive-delivery.rules.json +0 -28
- package/rulesets/adr/generated/adr-0019-tactical-design-patterns-for-future-proofing.rules.json +0 -29
- package/rulesets/adr/generated/adr-0020-identity-provider-abstraction-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-0024-centralized-configuration-feature-platform.rules.json +0 -28
- package/rulesets/adr/generated/adr-0025-feature-flag-provider-abstraction-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0028-self-hosted-open-source-hybrid-infrastructure.rules.json +0 -29
- package/rulesets/adr/generated/adr-0030-two-tier-distributed-gateway-model.rules.json +0 -28
- package/rulesets/adr/generated/adr-0031-schema-per-bounded-context-and-domain-event-catalog.rules.json +0 -29
- package/rulesets/adr/generated/adr-0033-transactional-outbox-pattern-for-async-messaging.rules.json +0 -28
- package/rulesets/adr/generated/adr-0034-cqrs-pattern-application-matrix.rules.json +0 -29
- package/rulesets/adr/generated/adr-0035-distributed-saga-pattern-implementation-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0036-message-bus-delivery-flow-control-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0037-enterprise-performance-concurrency-chaos-verification-strate.rules.json +0 -28
- package/rulesets/adr/generated/adr-0039-deployment-topology-abstraction-environment-switcher.rules.json +0 -29
- package/rulesets/adr/generated/adr-0041-dual-engine-policy-evaluation-native-opa.rules.json +0 -28
- package/rulesets/adr/generated/adr-0044-configurable-security-persistence-strategy-agnosticism-vs-na.rules.json +0 -29
- package/rulesets/adr/generated/adr-0045-microservice-extraction-readiness-criteria.rules.json +0 -29
- package/rulesets/adr/generated/adr-0046-unified-traceability-via-w3c-tracecontext.rules.json +0 -29
- package/rulesets/adr/generated/adr-0047-progressive-architecture-evolution-framework-modular-monolit.rules.json +0 -29
- package/rulesets/adr/generated/adr-0048-enterprise-taxonomy-standardization-and-reference-layout.rules.json +0 -28
- package/rulesets/adr/generated/adr-0049-naming-semantics-clean-code-policy-e2e-and-global.rules.json +0 -29
- package/rulesets/adr/generated/adr-0051-enterprise-database-engine-selection-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0052-unit-testing-isolation-strategy-mocks-vs-stubs.rules.json +0 -29
- package/rulesets/adr/generated/adr-0053-integration-and-e2e-testing-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0054-database-design-and-normalization-standards.rules.json +0 -29
- package/rulesets/adr/generated/adr-0055-microfrontends-architecture-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-0056-enterprise-naming-design-conventions-multi-language-multi-pl.rules.json +0 -29
- package/rulesets/adr/generated/adr-0057-architecture-intelligence-catalog.rules.json +0 -27
- package/rulesets/adr/generated/adr-0058-ai-consumable-architecture-knowledge.rules.json +0 -27
- package/rulesets/adr/generated/adr-0067-modular-monolith-persistence-boundaries.rules.json +0 -28
- package/rulesets/adr/generated/adr-0068-documentation-release-gitflow.rules.json +0 -29
- package/rulesets/adr/generated/adr-0069-ai-agent-context-protocol-integration.rules.json +0 -28
- package/rulesets/adr/generated/adr-0070-lean-root-repository-taxonomy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0071-domain-layer-base-class-and-inheritance-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0072-utc-date-storage-browser-timezone-detection-and-language-res.rules.json +0 -29
- package/rulesets/adr/generated/adr-0073-unified-cli-mcp-output-contract-and-gate-evidence-schema.rules.json +0 -29
- package/rulesets/adr/generated/adr-0074-evolith-core-api-native-exposure-layer.rules.json +0 -29
- package/rulesets/adr/generated/adr-0075-core-api-authentication-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-0076-domain-oriented-microservice-architecture-doma.rules.json +0 -28
- package/rulesets/adr/generated/adr-0077-masstransit-v9-commercial-pivot-stay-on-v8-monitor-opentrans.rules.json +0 -28
- package/rulesets/adr/generated/adr-0078-domain-financial-separation-governance.rules.json +0 -29
- package/rulesets/adr/generated/adr-0079-multi-topology-reference-corpus-and-topology-manifest-contra.rules.json +0 -29
- package/rulesets/adr/generated/adr-0080-remote-repository-reference-contract.rules.json +0 -29
- package/rulesets/adr/generated/adr-0081-agentic-ai-sandbox-isolation-boundary.rules.json +0 -29
- package/rulesets/adr/generated/adr-0082-agentic-ai-prompt-context-and-tool-trust-boundary.rules.json +0 -28
- package/rulesets/adr/generated/adr-0083-agentic-ai-action-authorization-and-audit.rules.json +0 -29
- package/rulesets/adr/generated/adr-0084-data-mesh-and-data-as-a-product.rules.json +0 -29
- package/rulesets/adr/generated/adr-0085-agnostic-opa-wasm-distribution-architecture.rules.json +0 -28
- package/rulesets/adr/generated/adr-0086-agentic-ai-telemetry-cost-control-standard.rules.json +0 -27
- package/rulesets/adr/generated/adr-0087-attribute-based-access-control-abac-for-agentic-tool-executi.rules.json +0 -29
- package/rulesets/adr/generated/adr-0088-sovereign-identity-for-agentic-ai.rules.json +0 -29
- package/rulesets/adr/generated/adr-0089-event-driven-agentic-workflow-pattern.rules.json +0 -28
- package/rulesets/adr/generated/adr-0090-rag-knowledge-governance-standard.rules.json +0 -29
- package/rulesets/adr/generated/adr-0091-workload-identity-token-rotation-standard.rules.json +0 -29
- package/rulesets/adr/generated/adr-0092-agent-infinite-loop-prevention-and-circuit-breaker-rules.rules.json +0 -29
- package/rulesets/adr/generated/adr-0093-concurrency-control-and-resource-locking-standard-for-mcp-to.rules.json +0 -29
- package/rulesets/adr/generated/adr-0094-multi-agent-handoff-and-task-delegation-standards.rules.json +0 -29
- package/rulesets/adr/generated/adr-0095-serverless-architecture-governance.rules.json +0 -29
- package/rulesets/adr/generated/adr-0096-edge-computing-architecture-governance.rules.json +0 -29
- package/rulesets/adr/generated/adr-0097-knowledge-lifecycle-governance-standard.rules.json +0 -29
- package/rulesets/adr/generated/adr-0098-rest-uri-versioning-and-deprecation-policy.rules.json +0 -29
- package/rulesets/adr/generated/adr-0099-opa-bundle-distribution-via-s3-minio.rules.json +0 -27
- package/rulesets/adr/generated/adr-ai-augmented-0001-harness-engineering-for-ai-augmented-development.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0002-mcp-integration-protocol-for-agent-tool-invocation.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0003-model-selection-governance-for-ai-augmented-workflows.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0004-agents-md-as-mandatory-repository-artifact.rules.json +0 -29
- package/rulesets/adr/generated/adr-ai-augmented-0005-human-in-the-loop-policy-for-autonomous-agent-operations.rules.json +0 -29
- package/rulesets/adr/generated/adr-android-0042-canonical-android-native-mobile-architecture.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0041-canonical-net-c-backend-architecture.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0060-net-multi-tenancy-dual-layer-strategy-ef-core-sql-server.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0061-transactional-event-lifecycle-in-ef-core.rules.json +0 -28
- package/rulesets/adr/generated/adr-dotnet-0062-net-immutable-audit-trail-via-ddl-triggers-delta-capture.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0063-b2b-request-idempotency-middleware-in-asp-net-core.rules.json +0 -28
- package/rulesets/adr/generated/adr-dotnet-0064-net-request-scope-observability-context-propagation.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0065-net-pii-safe-structured-logging-pipeline-serilog.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0066-net-lightweight-http-idempotency-via-imemorycache-idistribut.rules.json +0 -28
- package/rulesets/adr/generated/adr-dotnet-0069-net-grpc-service-setup-protobuf-contracts.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0070-net-api-endpoint-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-dotnet-0071-net-data-access-strategy-ef-core-as-default-orm-dapper-for-o.rules.json +0 -27
- package/rulesets/adr/generated/adr-dotnet-0072-net-aop-cross-cutting-concern-strategy-dispatchproxy-over-pi.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0003-strict-typescript-standards.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0004-frontend-offline-resilience.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0007-observability-with-opentelemetry-loki-and-jaeger.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0008-progressive-multi-module-evolution-with-api-gateway-and-bff-.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0012-advanced-authorization-rbac-abac-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0021-high-performance-authentication-graph-compilation.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0022-contextual-authentication-and-pluggable-output-projections.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0023-centralized-authorization-core-strategy.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0026-adaptive-mfa-and-passwordless-platform.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0027-dual-protocol-api-strategy-rest-grpc.rules.json +0 -28
- package/rulesets/adr/generated/adr-nodejs-0029-adoption-of-tactical-ddd-primitives-library.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0038-enterprise-error-handling-result-pattern-strategy.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0043-data-access-and-orm-strategy-for-node-js.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0044-frontend-clean-architecture-layer-boundaries-react.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0045-frontend-state-management-zustand-tanstack-query-dual-strate.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0046-prohibition-of-raw-technical-identifiers-in-user-interfaces.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0047-actionable-user-error-contract-and-correlated-diagnostics.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0048-feature-flag-system-scope-and-structured-criteria-model.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0074-monorepo-orchestration-with-nx.rules.json +0 -29
- package/rulesets/adr/generated/adr-nodejs-0075-application-gateway-bff-with-nestjs.rules.json +0 -29
- package/rulesets/architecture/README.es.md +0 -21
- package/rulesets/architecture/README.md +0 -21
- package/rulesets/architecture/opa/progressive-axis.rego +0 -50
- package/rulesets/cli/README.es.md +0 -17
- package/rulesets/cli/README.md +0 -17
- package/rulesets/cli/core-parity.rules.json +0 -61
- package/rulesets/cli/release-readiness.rules.json +0 -77
- package/rulesets/compliance-baseline/README.es.md +0 -26
- package/rulesets/compliance-baseline/README.md +0 -26
- package/rulesets/compliance-baseline/compliance-baseline.rules.json +0 -81
- package/rulesets/contracts/README.es.md +0 -19
- package/rulesets/contracts/README.md +0 -19
- package/rulesets/contracts/evolith-machine-contracts.json +0 -29
- package/rulesets/contracts/fixtures/gate-evidence.success.json +0 -10
- package/rulesets/contracts/fixtures/output-envelope.success.json +0 -23
- package/rulesets/cross-cutting/README.es.md +0 -14
- package/rulesets/cross-cutting/README.md +0 -14
- package/rulesets/cross-cutting/compliance-baseline.rules.json +0 -81
- package/rulesets/cross-cutting/definition-of-done.rules.json +0 -135
- package/rulesets/cross-cutting/engineering-manifesto.rules.json +0 -145
- package/rulesets/cross-cutting/repository-taxonomy.rules.json +0 -172
- package/rulesets/definition-of-done/README.es.md +0 -26
- package/rulesets/definition-of-done/README.md +0 -26
- package/rulesets/definition-of-done/definition-of-done.rules.json +0 -135
- package/rulesets/engineering-manifesto/README.es.md +0 -26
- package/rulesets/engineering-manifesto/README.md +0 -26
- package/rulesets/engineering-manifesto/engineering-manifesto.rules.json +0 -145
- package/rulesets/evidence/README.es.md +0 -12
- package/rulesets/evidence/README.md +0 -12
- package/rulesets/evidence/evidence-manifest.rules.json +0 -48
- package/rulesets/executive-scorecards/executive-scorecards.rules.es.json +0 -213
- package/rulesets/executive-scorecards/executive-scorecards.rules.json +0 -213
- package/rulesets/governance/README.es.md +0 -13
- package/rulesets/governance/README.md +0 -13
- package/rulesets/governance/abac-mcp-access.rules.es.json +0 -41
- package/rulesets/governance/abac-mcp-access.rules.json +0 -41
- package/rulesets/governance/executive-scorecards.rules.es.json +0 -213
- package/rulesets/governance/executive-scorecards.rules.json +0 -213
- package/rulesets/governance/inheritance.rules.json +0 -115
- package/rulesets/governance/knowledge-intake.rules.json +0 -18
- package/rulesets/governance/open-core-boundary.rules.es.json +0 -148
- package/rulesets/governance/open-core-boundary.rules.json +0 -148
- package/rulesets/governance/satellite-contracts.rules.json +0 -183
- package/rulesets/infrastructure/helm-enforcement.rules.json +0 -21
- package/rulesets/infrastructure/opa/helm-enforcement.rego +0 -25
- package/rulesets/infrastructure/opa/helm-enforcement.test.rego +0 -31
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.rego +0 -115
- package/rulesets/infrastructure/opa/opa-sidecar-bundle.test.rego +0 -66
- package/rulesets/infrastructure/opa-sidecar-bundle.rules.json +0 -18
- package/rulesets/mcp/README.es.md +0 -12
- package/rulesets/mcp/README.md +0 -12
- package/rulesets/mcp/protocol-compliance.rules.json +0 -57
- package/rulesets/observability/README.es.md +0 -12
- package/rulesets/observability/README.md +0 -12
- package/rulesets/observability/telemetry-evidence.rules.json +0 -48
- package/rulesets/opa/README.es.md +0 -22
- package/rulesets/opa/README.md +0 -22
- package/rulesets/opa/abac-mcp-tool-access.rego +0 -122
- package/rulesets/opa/abac-mcp-tool-access.test.rego +0 -33
- package/rulesets/opa/anti-corruption-layer.rego +0 -39
- package/rulesets/opa/anti-corruption-layer.test.rego +0 -118
- package/rulesets/opa/ci-cd.rego +0 -41
- package/rulesets/opa/ci-cd.test.rego +0 -23
- package/rulesets/opa/cicd-quality-gates.rego +0 -29
- package/rulesets/opa/cicd-quality-gates.test.rego +0 -54
- package/rulesets/opa/cli-core-parity.rego +0 -17
- package/rulesets/opa/cli-core-parity.test.rego +0 -39
- package/rulesets/opa/cli-readiness.rego +0 -32
- package/rulesets/opa/cli-readiness.test.rego +0 -23
- package/rulesets/opa/cli-release-readiness.rego +0 -21
- package/rulesets/opa/cli-release-readiness.test.rego +0 -46
- package/rulesets/opa/compliance-baseline.rego +0 -95
- package/rulesets/opa/compliance-baseline.test.rego +0 -89
- package/rulesets/opa/dod.rego +0 -42
- package/rulesets/opa/dod.test.rego +0 -250
- package/rulesets/opa/engineering-manifesto.rego +0 -78
- package/rulesets/opa/engineering-manifesto.test.rego +0 -133
- package/rulesets/opa/evidence.rego +0 -64
- package/rulesets/opa/evidence.test.rego +0 -23
- package/rulesets/opa/executive-scorecards.rego +0 -41
- package/rulesets/opa/executive-scorecards.test.rego +0 -60
- package/rulesets/opa/gitflow-branching.rego +0 -41
- package/rulesets/opa/gitflow-branching.test.rego +0 -60
- package/rulesets/opa/governance.rego +0 -39
- package/rulesets/opa/governance.test.rego +0 -23
- package/rulesets/opa/hexagonal-architecture.rego +0 -33
- package/rulesets/opa/hexagonal-architecture.test.rego +0 -57
- package/rulesets/opa/infrastructure/helm-enforcement.rego +0 -33
- package/rulesets/opa/infrastructure/opa-sidecar-bundle.rego +0 -42
- package/rulesets/opa/knowledge-intake.rego +0 -98
- package/rulesets/opa/knowledge-intake.test.rego +0 -50
- package/rulesets/opa/main.rego +0 -147
- package/rulesets/opa/main_test.rego +0 -149
- package/rulesets/opa/mcp.rego +0 -61
- package/rulesets/opa/mcp.test.rego +0 -27
- package/rulesets/opa/multi-runtime.rego +0 -33
- package/rulesets/opa/multi-runtime.test.rego +0 -53
- package/rulesets/opa/multi-tenancy.rego +0 -33
- package/rulesets/opa/multi-tenancy.test.rego +0 -53
- package/rulesets/opa/open-core-boundary.rego +0 -33
- package/rulesets/opa/open-core-boundary.test.rego +0 -60
- package/rulesets/opa/protocol-selection.rego +0 -29
- package/rulesets/opa/protocol-selection.test.rego +0 -46
- package/rulesets/opa/rbac/gate-role-enforcement.rego +0 -112
- package/rulesets/opa/repository-taxonomy.rego +0 -98
- package/rulesets/opa/repository-taxonomy.test.rego +0 -91
- package/rulesets/opa/satellite-contracts.rego +0 -42
- package/rulesets/opa/satellite-contracts.test.rego +0 -70
- package/rulesets/opa/schemas/abac-mcp-tool-access.input.schema.json +0 -21
- package/rulesets/opa/schemas/anti-corruption-layer.input.schema.json +0 -25
- package/rulesets/opa/schemas/ci-cd.input.schema.json +0 -27
- package/rulesets/opa/schemas/cicd-quality-gates.input.schema.json +0 -33
- package/rulesets/opa/schemas/cli-core-parity.input.schema.json +0 -30
- package/rulesets/opa/schemas/cli-readiness.input.schema.json +0 -28
- package/rulesets/opa/schemas/cli-release-readiness.input.schema.json +0 -26
- package/rulesets/opa/schemas/compliance-baseline.input.schema.json +0 -25
- package/rulesets/opa/schemas/dod.input.schema.json +0 -38
- package/rulesets/opa/schemas/engineering-manifesto.input.schema.json +0 -24
- package/rulesets/opa/schemas/evidence.input.schema.json +0 -35
- package/rulesets/opa/schemas/executive-scorecards.input.schema.json +0 -36
- package/rulesets/opa/schemas/gitflow-branching.input.schema.json +0 -36
- package/rulesets/opa/schemas/governance.input.schema.json +0 -19
- package/rulesets/opa/schemas/hexagonal-architecture.input.schema.json +0 -46
- package/rulesets/opa/schemas/knowledge-intake.input.schema.json +0 -57
- package/rulesets/opa/schemas/mcp.input.schema.json +0 -38
- package/rulesets/opa/schemas/multi-runtime.input.schema.json +0 -27
- package/rulesets/opa/schemas/multi-tenancy.input.schema.json +0 -27
- package/rulesets/opa/schemas/open-core-boundary.input.schema.json +0 -36
- package/rulesets/opa/schemas/protocol-selection.input.schema.json +0 -26
- package/rulesets/opa/schemas/repository-taxonomy.input.schema.json +0 -18
- package/rulesets/opa/schemas/satellite-contracts.input.schema.json +0 -38
- package/rulesets/opa/schemas/taxonomy.input.schema.json +0 -27
- package/rulesets/opa/schemas/testing-pyramid.input.schema.json +0 -42
- package/rulesets/opa/schemas/version-pinning.input.schema.json +0 -39
- package/rulesets/opa/sdlc/coverage.rego +0 -49
- package/rulesets/opa/sdlc/coverage.test.rego +0 -29
- package/rulesets/opa/sdlc/pyramid-distribution.rego +0 -31
- package/rulesets/opa/sdlc/pyramid-distribution.test.rego +0 -33
- package/rulesets/opa/taxonomy.rego +0 -51
- package/rulesets/opa/taxonomy.test.rego +0 -28
- package/rulesets/opa/telemetry-evidence.rego +0 -102
- package/rulesets/opa/testing-pyramid.rego +0 -49
- package/rulesets/opa/testing-pyramid.test.rego +0 -81
- package/rulesets/opa/version-pinning.rego +0 -99
- package/rulesets/opa/version-pinning.test.rego +0 -28
- package/rulesets/phase-gates/README.es.md +0 -28
- package/rulesets/phase-gates/README.md +0 -28
- package/rulesets/phase-gates/phase-gates.rules.json +0 -297
- package/rulesets/quality-thresholds/README.es.md +0 -28
- package/rulesets/quality-thresholds/README.md +0 -28
- package/rulesets/quality-thresholds/quality-thresholds.rules.json +0 -96
- package/rulesets/repository-taxonomy/README.es.md +0 -26
- package/rulesets/repository-taxonomy/README.md +0 -26
- package/rulesets/repository-taxonomy/repository-taxonomy.rules.json +0 -172
- package/rulesets/satellite-contracts/README.es.md +0 -27
- package/rulesets/satellite-contracts/README.md +0 -27
- package/rulesets/satellite-contracts/satellite-contracts.rules.json +0 -183
- package/rulesets/schema/README.es.md +0 -39
- package/rulesets/schema/README.md +0 -39
- package/rulesets/schema/adr.schema.json +0 -138
- package/rulesets/schema/agile-backlog.schema.json +0 -91
- package/rulesets/schema/ballpark-estimation.schema.json +0 -109
- package/rulesets/schema/build-vs-compose.schema.json +0 -98
- package/rulesets/schema/cli-impact-analysis.schema.json +0 -114
- package/rulesets/schema/discovery-canvas.schema.json +0 -92
- package/rulesets/schema/evolith-user-story.schema.json +0 -105
- package/rulesets/schema/evolith-yaml.schema.json +0 -191
- package/rulesets/schema/functional-story.schema.json +0 -111
- package/rulesets/schema/gate-evidence.schema.json +0 -85
- package/rulesets/schema/integration-evidence.schema.json +0 -47
- package/rulesets/schema/knowledge-intake.schema.json +0 -67
- package/rulesets/schema/knowledge-projection.schema.json +0 -24
- package/rulesets/schema/maturity-evidence.schema.json +0 -59
- package/rulesets/schema/observability-validation.schema.json +0 -85
- package/rulesets/schema/on-call-handoff.schema.json +0 -91
- package/rulesets/schema/output-envelope.schema.json +0 -102
- package/rulesets/schema/prd.schema.json +0 -117
- package/rulesets/schema/release-notes.schema.json +0 -138
- package/rulesets/schema/rollback-rehearsal.schema.json +0 -73
- package/rulesets/schema/ruleset-sdlc.schema.json +0 -59
- package/rulesets/schema/ruleset-standard.schema.json +0 -73
- package/rulesets/schema/security-scan-report.schema.json +0 -79
- package/rulesets/schema/source-registry.schema.json +0 -51
- package/rulesets/schema/technical-feasibility.schema.json +0 -66
- package/rulesets/schema/technical-story.schema.json +0 -112
- package/rulesets/schema/test-summary-report.schema.json +0 -158
- package/rulesets/schema/topology-composition.schema.json +0 -43
- package/rulesets/schema/topology-manifest.schema.json +0 -421
- package/rulesets/sdlc/README.es.md +0 -12
- package/rulesets/sdlc/README.md +0 -12
- package/rulesets/sdlc/default-workflow.yaml +0 -73
- package/rulesets/sdlc/dependency-pinning.rules.json +0 -183
- package/rulesets/sdlc/phase-gates.rules.json +0 -297
- package/rulesets/sdlc/quality-thresholds.rules.json +0 -96
- package/rulesets/topologies/README.es.md +0 -42
- package/rulesets/topologies/README.md +0 -42
- package/rulesets/topologies/agentic-ai/README.es.md +0 -142
- package/rulesets/topologies/agentic-ai/README.md +0 -142
- package/rulesets/topologies/agentic-ai/adoption.es.md +0 -37
- package/rulesets/topologies/agentic-ai/adoption.md +0 -37
- package/rulesets/topologies/agentic-ai/agent.config.schema.json +0 -100
- package/rulesets/topologies/agentic-ai/agentic-ai.rego +0 -46
- package/rulesets/topologies/agentic-ai/agentic-ai.rules.json +0 -109
- package/rulesets/topologies/agentic-ai/agentic-ai.test.rego +0 -68
- package/rulesets/topologies/agentic-ai/agentic-ai.wasm +0 -0
- package/rulesets/topologies/agentic-ai/cli/cli-flows.es.md +0 -35
- package/rulesets/topologies/agentic-ai/cli/cli-flows.md +0 -45
- package/rulesets/topologies/agentic-ai/evidence.es.md +0 -25
- package/rulesets/topologies/agentic-ai/evidence.md +0 -25
- package/rulesets/topologies/agentic-ai/evolution.es.md +0 -26
- package/rulesets/topologies/agentic-ai/evolution.md +0 -26
- package/rulesets/topologies/agentic-ai/fixtures/invalid-agent.config.json +0 -48
- package/rulesets/topologies/agentic-ai/fixtures/valid-agent.config.json +0 -48
- package/rulesets/topologies/agentic-ai/maturity.es.md +0 -33
- package/rulesets/topologies/agentic-ai/maturity.md +0 -33
- package/rulesets/topologies/agentic-ai/mcp/mcp-manifest.json +0 -100
- package/rulesets/topologies/agentic-ai/openapi/openapi.yaml +0 -187
- package/rulesets/topologies/agentic-ai/operations.es.md +0 -32
- package/rulesets/topologies/agentic-ai/operations.md +0 -32
- package/rulesets/topologies/agentic-ai/parity-fixtures/compliant.json +0 -18
- package/rulesets/topologies/agentic-ai/parity-fixtures/violation.json +0 -22
- package/rulesets/topologies/agentic-ai/patterns.es.md +0 -32
- package/rulesets/topologies/agentic-ai/patterns.md +0 -32
- package/rulesets/topologies/agentic-ai/resilience.es.md +0 -26
- package/rulesets/topologies/agentic-ai/resilience.md +0 -26
- package/rulesets/topologies/agentic-ai/runbooks.es.md +0 -48
- package/rulesets/topologies/agentic-ai/runbooks.md +0 -48
- package/rulesets/topologies/agentic-ai/security.es.md +0 -26
- package/rulesets/topologies/agentic-ai/security.md +0 -26
- package/rulesets/topologies/agentic-ai/topology.manifest.json +0 -127
- package/rulesets/topologies/data-mesh/README.es.md +0 -69
- package/rulesets/topologies/data-mesh/README.md +0 -69
- package/rulesets/topologies/data-mesh/adoption.es.md +0 -95
- package/rulesets/topologies/data-mesh/adoption.md +0 -95
- package/rulesets/topologies/data-mesh/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/data-mesh/cli/cli-flows.md +0 -53
- package/rulesets/topologies/data-mesh/data-mesh.rego +0 -11
- package/rulesets/topologies/data-mesh/data-mesh.rules.json +0 -100
- package/rulesets/topologies/data-mesh/data-mesh.test.rego +0 -107
- package/rulesets/topologies/data-mesh/data-mesh.wasm +0 -0
- package/rulesets/topologies/data-mesh/evidence.es.md +0 -111
- package/rulesets/topologies/data-mesh/evidence.md +0 -111
- package/rulesets/topologies/data-mesh/evolution.es.md +0 -67
- package/rulesets/topologies/data-mesh/evolution.md +0 -67
- package/rulesets/topologies/data-mesh/fixtures/invalid.topology.config.json +0 -12
- package/rulesets/topologies/data-mesh/fixtures/valid.topology.config.json +0 -12
- package/rulesets/topologies/data-mesh/maturity.es.md +0 -36
- package/rulesets/topologies/data-mesh/maturity.md +0 -36
- package/rulesets/topologies/data-mesh/mcp/mcp-manifest.json +0 -68
- package/rulesets/topologies/data-mesh/openapi/openapi.yaml +0 -186
- package/rulesets/topologies/data-mesh/operations.es.md +0 -63
- package/rulesets/topologies/data-mesh/operations.md +0 -63
- package/rulesets/topologies/data-mesh/parity-fixtures/compliant.json +0 -18
- package/rulesets/topologies/data-mesh/parity-fixtures/violation.json +0 -21
- package/rulesets/topologies/data-mesh/patterns.es.md +0 -67
- package/rulesets/topologies/data-mesh/patterns.md +0 -67
- package/rulesets/topologies/data-mesh/resilience.es.md +0 -64
- package/rulesets/topologies/data-mesh/resilience.md +0 -64
- package/rulesets/topologies/data-mesh/runbooks.es.md +0 -147
- package/rulesets/topologies/data-mesh/runbooks.md +0 -147
- package/rulesets/topologies/data-mesh/security.es.md +0 -66
- package/rulesets/topologies/data-mesh/security.md +0 -66
- package/rulesets/topologies/data-mesh/topology.config.schema.json +0 -30
- package/rulesets/topologies/data-mesh/topology.manifest.json +0 -107
- package/rulesets/topologies/edge-computing/README.es.md +0 -81
- package/rulesets/topologies/edge-computing/README.md +0 -81
- package/rulesets/topologies/edge-computing/adoption.es.md +0 -268
- package/rulesets/topologies/edge-computing/adoption.md +0 -268
- package/rulesets/topologies/edge-computing/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/edge-computing/cli/cli-flows.md +0 -53
- package/rulesets/topologies/edge-computing/edge-computing.rego +0 -41
- package/rulesets/topologies/edge-computing/edge-computing.rules.json +0 -50
- package/rulesets/topologies/edge-computing/edge-computing.test.rego +0 -33
- package/rulesets/topologies/edge-computing/edge-computing.wasm +0 -0
- package/rulesets/topologies/edge-computing/evidence.es.md +0 -263
- package/rulesets/topologies/edge-computing/evidence.md +0 -263
- package/rulesets/topologies/edge-computing/evolution.es.md +0 -257
- package/rulesets/topologies/edge-computing/evolution.md +0 -257
- package/rulesets/topologies/edge-computing/fixtures/invalid.topology.config.json +0 -6
- package/rulesets/topologies/edge-computing/fixtures/valid.topology.config.json +0 -6
- package/rulesets/topologies/edge-computing/maturity.es.md +0 -36
- package/rulesets/topologies/edge-computing/maturity.md +0 -36
- package/rulesets/topologies/edge-computing/mcp/mcp-manifest.json +0 -72
- package/rulesets/topologies/edge-computing/openapi/openapi.yaml +0 -187
- package/rulesets/topologies/edge-computing/operations.es.md +0 -148
- package/rulesets/topologies/edge-computing/operations.md +0 -148
- package/rulesets/topologies/edge-computing/parity-fixtures/compliant.json +0 -12
- package/rulesets/topologies/edge-computing/parity-fixtures/violation.json +0 -13
- package/rulesets/topologies/edge-computing/patterns.es.md +0 -291
- package/rulesets/topologies/edge-computing/patterns.md +0 -290
- package/rulesets/topologies/edge-computing/resilience.es.md +0 -232
- package/rulesets/topologies/edge-computing/resilience.md +0 -229
- package/rulesets/topologies/edge-computing/runbooks.es.md +0 -405
- package/rulesets/topologies/edge-computing/runbooks.md +0 -405
- package/rulesets/topologies/edge-computing/security.es.md +0 -218
- package/rulesets/topologies/edge-computing/security.md +0 -218
- package/rulesets/topologies/edge-computing/topology.config.schema.json +0 -13
- package/rulesets/topologies/edge-computing/topology.manifest.json +0 -113
- package/rulesets/topologies/event-driven/README.es.md +0 -71
- package/rulesets/topologies/event-driven/README.md +0 -71
- package/rulesets/topologies/event-driven/adoption.es.md +0 -67
- package/rulesets/topologies/event-driven/adoption.md +0 -67
- package/rulesets/topologies/event-driven/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/event-driven/cli/cli-flows.md +0 -53
- package/rulesets/topologies/event-driven/event-driven.rego +0 -11
- package/rulesets/topologies/event-driven/event-driven.rules.json +0 -100
- package/rulesets/topologies/event-driven/event-driven.test.rego +0 -107
- package/rulesets/topologies/event-driven/event-driven.wasm +0 -0
- package/rulesets/topologies/event-driven/evidence.es.md +0 -69
- package/rulesets/topologies/event-driven/evidence.md +0 -69
- package/rulesets/topologies/event-driven/evolution.es.md +0 -59
- package/rulesets/topologies/event-driven/evolution.md +0 -59
- package/rulesets/topologies/event-driven/fixtures/invalid.topology.config.json +0 -12
- package/rulesets/topologies/event-driven/fixtures/valid.topology.config.json +0 -12
- package/rulesets/topologies/event-driven/maturity.es.md +0 -36
- package/rulesets/topologies/event-driven/maturity.md +0 -36
- package/rulesets/topologies/event-driven/mcp/mcp-manifest.json +0 -68
- package/rulesets/topologies/event-driven/openapi/openapi.yaml +0 -186
- package/rulesets/topologies/event-driven/operations.es.md +0 -67
- package/rulesets/topologies/event-driven/operations.md +0 -67
- package/rulesets/topologies/event-driven/parity-fixtures/compliant.json +0 -18
- package/rulesets/topologies/event-driven/parity-fixtures/violation.json +0 -21
- package/rulesets/topologies/event-driven/patterns.es.md +0 -68
- package/rulesets/topologies/event-driven/patterns.md +0 -68
- package/rulesets/topologies/event-driven/resilience.es.md +0 -65
- package/rulesets/topologies/event-driven/resilience.md +0 -65
- package/rulesets/topologies/event-driven/runbooks.es.md +0 -79
- package/rulesets/topologies/event-driven/runbooks.md +0 -79
- package/rulesets/topologies/event-driven/security.es.md +0 -59
- package/rulesets/topologies/event-driven/security.md +0 -59
- package/rulesets/topologies/event-driven/topology.config.schema.json +0 -30
- package/rulesets/topologies/event-driven/topology.manifest.json +0 -109
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.es.json +0 -111
- package/rulesets/topologies/progressive-axis/distributed-modules/distributed-modules.rules.json +0 -111
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.es.json +0 -106
- package/rulesets/topologies/progressive-axis/microservices/microservices.rules.json +0 -106
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.es.json +0 -148
- package/rulesets/topologies/progressive-axis/modular-monolith/modular-monolith.rules.json +0 -148
- package/rulesets/topologies/serverless/README.es.md +0 -74
- package/rulesets/topologies/serverless/README.md +0 -74
- package/rulesets/topologies/serverless/adoption.es.md +0 -50
- package/rulesets/topologies/serverless/adoption.md +0 -50
- package/rulesets/topologies/serverless/cli/cli-flows.es.md +0 -41
- package/rulesets/topologies/serverless/cli/cli-flows.md +0 -53
- package/rulesets/topologies/serverless/evidence.es.md +0 -66
- package/rulesets/topologies/serverless/evidence.md +0 -66
- package/rulesets/topologies/serverless/evolution.es.md +0 -36
- package/rulesets/topologies/serverless/evolution.md +0 -36
- package/rulesets/topologies/serverless/fixtures/invalid.topology.config.json +0 -6
- package/rulesets/topologies/serverless/fixtures/valid.topology.config.json +0 -6
- package/rulesets/topologies/serverless/maturity.es.md +0 -36
- package/rulesets/topologies/serverless/maturity.md +0 -36
- package/rulesets/topologies/serverless/mcp/mcp-manifest.json +0 -72
- package/rulesets/topologies/serverless/openapi/openapi.yaml +0 -186
- package/rulesets/topologies/serverless/operations.es.md +0 -36
- package/rulesets/topologies/serverless/operations.md +0 -36
- package/rulesets/topologies/serverless/parity-fixtures/compliant.json +0 -13
- package/rulesets/topologies/serverless/parity-fixtures/violation.json +0 -15
- package/rulesets/topologies/serverless/patterns.es.md +0 -36
- package/rulesets/topologies/serverless/patterns.md +0 -36
- package/rulesets/topologies/serverless/resilience.es.md +0 -36
- package/rulesets/topologies/serverless/resilience.md +0 -36
- package/rulesets/topologies/serverless/runbooks.es.md +0 -68
- package/rulesets/topologies/serverless/runbooks.md +0 -68
- package/rulesets/topologies/serverless/security.es.md +0 -36
- package/rulesets/topologies/serverless/security.md +0 -36
- package/rulesets/topologies/serverless/serverless.rego +0 -32
- package/rulesets/topologies/serverless/serverless.rules.json +0 -33
- package/rulesets/topologies/serverless/serverless.test.rego +0 -28
- package/rulesets/topologies/serverless/serverless.wasm +0 -0
- package/rulesets/topologies/serverless/topology.config.schema.json +0 -28
- package/rulesets/topologies/serverless/topology.manifest.json +0 -114
|
@@ -1,103 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0002-hexagonal-architecture.rules.json",
|
|
4
|
-
"title": "ADR-0002 — Hexagonal Architecture (Ports & Adapters) Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0002 Clean Hexagonal Architecture. Mandatory structural pattern for all Evolith applications.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0002",
|
|
8
|
-
"adrTitle": "Clean Hexagonal Architecture with NestJS",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-08",
|
|
11
|
-
"effectiveDate": "2026-05-08",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "HXA-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "layer-structure",
|
|
17
|
-
"title": "Core (Domain) has zero framework dependencies",
|
|
18
|
-
"description": "The Core/Domain layer MUST contain only pure TypeScript classes. Zero imports from NestJS, TypeORM, Express, or any external SDK. Contains entities, value objects, and port interfaces only.",
|
|
19
|
-
"rationale": "ADR-0002 §Decision: Core is pure TypeScript. Framework coupling prevents domain extraction and pure testing.",
|
|
20
|
-
"validationQuery": "Static analysis: Core layer files import no framework packages (nestjs, typeorm, express, mongoose).",
|
|
21
|
-
"blocking": true,
|
|
22
|
-
"layer": "Core"
|
|
23
|
-
},
|
|
24
|
-
{
|
|
25
|
-
"id": "HXA-02",
|
|
26
|
-
"severity": "MUST",
|
|
27
|
-
"category": "layer-structure",
|
|
28
|
-
"title": "Application layer imports Core only",
|
|
29
|
-
"description": "Application layer (Use Cases) may import Core classes and NestJS DI decorators only. No infrastructure imports (database adapters, external SDKs).",
|
|
30
|
-
"rationale": "ADR-0002 §Decision: Application orchestrates Core logic. Infrastructure belongs in adapters.",
|
|
31
|
-
"validationQuery": "Application layer files import only Core layer and @nestjs/common decorators.",
|
|
32
|
-
"blocking": true,
|
|
33
|
-
"layer": "Application"
|
|
34
|
-
},
|
|
35
|
-
{
|
|
36
|
-
"id": "HXA-03",
|
|
37
|
-
"severity": "MUST",
|
|
38
|
-
"category": "layer-structure",
|
|
39
|
-
"title": "Infrastructure (Adapters) implements Core ports",
|
|
40
|
-
"description": "Infrastructure layer contains concrete implementations of Core port interfaces (TypeOrmUserRepository, BcryptPasswordHasher). All framework and SDK imports live exclusively here.",
|
|
41
|
-
"rationale": "ADR-0002 §Decision: Infrastructure is the adapter layer. It implements the ports defined by Core.",
|
|
42
|
-
"validationQuery": "Infrastructure files implement interfaces defined in Core layer. No domain logic lives here.",
|
|
43
|
-
"blocking": true,
|
|
44
|
-
"layer": "Infrastructure"
|
|
45
|
-
},
|
|
46
|
-
{
|
|
47
|
-
"id": "HXA-04",
|
|
48
|
-
"severity": "MUST",
|
|
49
|
-
"category": "dependency-direction",
|
|
50
|
-
"title": "Dependency direction: Infrastructure → Application → Core",
|
|
51
|
-
"description": "Dependency direction is strictly enforced: Infrastructure depends on Application, Application depends on Core. Never the reverse.",
|
|
52
|
-
"rationale": "ADR-0002 §Decision: Dependency inversion is the core principle of hexagonal architecture.",
|
|
53
|
-
"validationQuery": "eslint-plugin-boundaries or equivalent static analysis enforces no backward imports.",
|
|
54
|
-
"blocking": true,
|
|
55
|
-
"layer": "All"
|
|
56
|
-
},
|
|
57
|
-
{
|
|
58
|
-
"id": "HXA-05",
|
|
59
|
-
"severity": "MUST NOT",
|
|
60
|
-
"category": "aop-isolation",
|
|
61
|
-
"title": "AOP concerns prohibited in Core/Application layers",
|
|
62
|
-
"description": "Cross-cutting concerns (Logging, Auditing, OTel, Caching, Transactions) MUST NOT hard-couple third-party decorators or SDKs inside Core or Application layers. Prohibited: @SentryCapture, @OpentelemetrySpan, @Cacheable on UseCase methods.",
|
|
63
|
-
"rationale": "ADR-0002 §4: AOP isolation rule. Framework decorators in domain pollute the domain with infrastructure concerns.",
|
|
64
|
-
"validationQuery": "Core/Application classes have no imports from Sentry, OpenTelemetry SDK, caching libraries, or transaction managers.",
|
|
65
|
-
"blocking": true,
|
|
66
|
-
"layer": "Core, Application"
|
|
67
|
-
},
|
|
68
|
-
{
|
|
69
|
-
"id": "HXA-06",
|
|
70
|
-
"severity": "MUST",
|
|
71
|
-
"category": "aop-isolation",
|
|
72
|
-
"title": "AOP implemented exclusively in Infrastructure layer",
|
|
73
|
-
"description": "Cross-cutting concerns MUST be encapsulated exclusively inside NestJS Interceptors, Middleware, or Decorator Wrappers residing in the Infrastructure/Adapter layer, wrapping pure UseCase execution from the outside.",
|
|
74
|
-
"rationale": "ADR-0002 §4: AOP in adapters preserves domain purity while enabling observability.",
|
|
75
|
-
"validationQuery": "AOP implementations (interceptors, middleware, decorators) exist only in Infrastructure layer.",
|
|
76
|
-
"blocking": false,
|
|
77
|
-
"layer": "Infrastructure"
|
|
78
|
-
},
|
|
79
|
-
{
|
|
80
|
-
"id": "HXA-07",
|
|
81
|
-
"severity": "MUST",
|
|
82
|
-
"category": "testing",
|
|
83
|
-
"title": "Core domain tests run without framework bootstrap",
|
|
84
|
-
"description": "Pure domain tests (entities, value objects, port interfaces) MUST run in milliseconds with no database or framework setup. Tests must not execute IO or container startups.",
|
|
85
|
-
"rationale": "ADR-0002 §Consequences: Pure domain tests are fast and framework-independent.",
|
|
86
|
-
"validationQuery": "Domain unit tests execute without TestBed or testcontainer initialization. Average execution time < 50ms per test file.",
|
|
87
|
-
"blocking": false,
|
|
88
|
-
"layer": "Core"
|
|
89
|
-
}
|
|
90
|
-
],
|
|
91
|
-
"references": [
|
|
92
|
-
"reference/architecture/adrs/nodejs/0002-clean-architecture-nestjs.md",
|
|
93
|
-
"reference/architecture/adrs/nodejs/0003-strict-typescript-standards.md"
|
|
94
|
-
],
|
|
95
|
-
"exitCriteria": {
|
|
96
|
-
"description": "All HXA rules are validated in CI via eslint-plugin-boundaries and import analysis.",
|
|
97
|
-
"validationTools": [
|
|
98
|
-
"eslint-plugin-boundaries",
|
|
99
|
-
"dependency-cruiser",
|
|
100
|
-
"custom AST rules"
|
|
101
|
-
]
|
|
102
|
-
}
|
|
103
|
-
}
|
|
@@ -1,102 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0005-cicd-quality-gates.rules.json",
|
|
4
|
-
"title": "ADR-0005 — CI/CD Security Quality Gates Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0005 CI/CD Security Quality Gates. Mandatory gates for every merge to protected branches.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0005",
|
|
8
|
-
"adrTitle": "CI/CD Security Quality Gates with CodeQL",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-08",
|
|
11
|
-
"effectiveDate": "2026-05-08",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "CICD-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "security-scan",
|
|
17
|
-
"title": "CodeQL Static Analysis runs on every PR",
|
|
18
|
-
"description": "GitHub CodeQL must run on every pull request. Scans for OWASP Top 10 vulnerability patterns in TypeScript source code. PRs with High or Critical findings are BLOCKED from merging.",
|
|
19
|
-
"rationale": "ADR-0005 §Decision: Security enforced mechanically, not left to human review.",
|
|
20
|
-
"validationQuery": "CI pipeline includes CodeQL scan step. PRs with CRITICAL/HIGH findings cannot complete merge.",
|
|
21
|
-
"blocking": true,
|
|
22
|
-
"sla": {
|
|
23
|
-
"critical": "24 hours",
|
|
24
|
-
"high": "72 hours"
|
|
25
|
-
}
|
|
26
|
-
},
|
|
27
|
-
{
|
|
28
|
-
"id": "CICD-02",
|
|
29
|
-
"severity": "MUST",
|
|
30
|
-
"category": "dependency-scan",
|
|
31
|
-
"title": "Dependency vulnerability scan blocks merge",
|
|
32
|
-
"description": "npm audit --audit-level=high (or equivalent for other languages) runs in CI. Any dependency with a High or Critical CVE blocks the pipeline.",
|
|
33
|
-
"rationale": "ADR-0005 §Decision: Third-party dependencies can introduce known CVEs that go undetected without automated scanning.",
|
|
34
|
-
"validationQuery": "CI pipeline runs dependency audit. Pipeline fails on High/Critical CVE detection.",
|
|
35
|
-
"blocking": true
|
|
36
|
-
},
|
|
37
|
-
{
|
|
38
|
-
"id": "CICD-03",
|
|
39
|
-
"severity": "MUST",
|
|
40
|
-
"category": "secret-detection",
|
|
41
|
-
"title": "Secret detection enabled on repository",
|
|
42
|
-
"description": "GitHub's built-in secret scanning is enabled on the repository to detect accidentally committed API keys or credentials. Commits containing secrets are rejected.",
|
|
43
|
-
"rationale": "ADR-0005 §Decision: Secret detection prevents credential leakage at the source.",
|
|
44
|
-
"validationQuery": "Secret scanning is enabled in repository settings. Pre-commit hooks detect known secret patterns.",
|
|
45
|
-
"blocking": true
|
|
46
|
-
},
|
|
47
|
-
{
|
|
48
|
-
"id": "CICD-04",
|
|
49
|
-
"severity": "MUST",
|
|
50
|
-
"category": "pipeline-structure",
|
|
51
|
-
"title": "All quality gates execute before merge",
|
|
52
|
-
"description": "All quality gates (CodeQL, dependency scan, lint, tests, coverage) MUST complete successfully before a PR can merge. No merge with failing pipeline.",
|
|
53
|
-
"rationale": "ADR-0005 §Pipeline gates: Mechanical enforcement before merge.",
|
|
54
|
-
"validationQuery": "Protected branch requires all CI checks green. No override allowed without explicit waiver.",
|
|
55
|
-
"blocking": true
|
|
56
|
-
},
|
|
57
|
-
{
|
|
58
|
-
"id": "CICD-05",
|
|
59
|
-
"severity": "MUST",
|
|
60
|
-
"category": "documentation",
|
|
61
|
-
"title": "Security findings documented with justification",
|
|
62
|
-
"description": "False positive suppressions require documented justification comments in code. Suppressed findings must include a reason and an issue tracker reference.",
|
|
63
|
-
"rationale": "ADR-0005 §Consequences: False positives require manual suppression with documented justification.",
|
|
64
|
-
"validationQuery": "Suppressed findings have inline comments explaining justification and JIRA/Ticket reference.",
|
|
65
|
-
"blocking": false
|
|
66
|
-
},
|
|
67
|
-
{
|
|
68
|
-
"id": "CICD-06",
|
|
69
|
-
"severity": "MUST",
|
|
70
|
-
"category": "sla-compliance",
|
|
71
|
-
"title": "Critical findings resolved within 24 hours",
|
|
72
|
-
"description": "All Critical severity findings from CodeQL or dependency scans MUST be resolved within 24 hours of detection.",
|
|
73
|
-
"rationale": "ADR-0005 §SLA: Critical findings require immediate response.",
|
|
74
|
-
"validationQuery": "Issue tracker has Critical findings with age <= 24 hours or explicit SLA waiver.",
|
|
75
|
-
"blocking": false,
|
|
76
|
-
"enforcement": "Issue tracker integration or automated escalation"
|
|
77
|
-
},
|
|
78
|
-
{
|
|
79
|
-
"id": "CICD-07",
|
|
80
|
-
"severity": "MUST",
|
|
81
|
-
"category": "sla-compliance",
|
|
82
|
-
"title": "High findings resolved within 72 hours",
|
|
83
|
-
"description": "All High severity findings from CodeQL or dependency scans MUST be resolved within 72 hours of detection.",
|
|
84
|
-
"rationale": "ADR-0005 §SLA: High findings require timely response.",
|
|
85
|
-
"validationQuery": "Issue tracker has High findings with age <= 72 hours or explicit SLA waiver.",
|
|
86
|
-
"blocking": false
|
|
87
|
-
}
|
|
88
|
-
],
|
|
89
|
-
"references": [
|
|
90
|
-
"reference/architecture/adrs/core/0005-ci-cd-quality-codeql.md",
|
|
91
|
-
"reference/architecture/adrs/core/0009-strict-dependency-pinning-vulnerability-management.md"
|
|
92
|
-
],
|
|
93
|
-
"exitCriteria": {
|
|
94
|
-
"description": "All CI/CD gates pass. Protected branches enforce all checks. SLA compliance tracked.",
|
|
95
|
-
"validationTools": [
|
|
96
|
-
"GitHub Actions",
|
|
97
|
-
"CodeQL",
|
|
98
|
-
"npm audit",
|
|
99
|
-
"pre-commit hooks"
|
|
100
|
-
]
|
|
101
|
-
}
|
|
102
|
-
}
|
|
@@ -1,129 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0010-multi-tenancy.rules.json",
|
|
4
|
-
"title": "ADR-0010 — Multi-Tenancy Architecture Strategy Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0010 Multi-Tenancy Architecture. Conditional rules for products serving multiple tenants with dual-layer filtering.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0010",
|
|
8
|
-
"adrTitle": "Multi-Tenancy Architecture Strategy",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-08",
|
|
11
|
-
"effectiveDate": "2026-05-08",
|
|
12
|
-
"conditional": true,
|
|
13
|
-
"condition": "REQUIRED when product serves multiple tenants. Single-tenant products may defer.",
|
|
14
|
-
"rules": [
|
|
15
|
-
{
|
|
16
|
-
"id": "MTN-01",
|
|
17
|
-
"severity": "MUST",
|
|
18
|
-
"category": "filtering-layer",
|
|
19
|
-
"title": "Application-layer tenant filtering is primary",
|
|
20
|
-
"description": "Application-layer filtering (WHERE tenant_id = X) is the PRIMARY enforcement mechanism for tenant data isolation. Every query that returns tenant-owned data MUST include tenant_id filter.",
|
|
21
|
-
"rationale": "ADR-0010: Application-layer filtering as primary mechanism. Always filter by tenant context.",
|
|
22
|
-
"validationQuery": "All repository queries include tenant_id in WHERE clause. No raw queries that bypass application context.",
|
|
23
|
-
"blocking": true,
|
|
24
|
-
"layer": "Application"
|
|
25
|
-
},
|
|
26
|
-
{
|
|
27
|
-
"id": "MTN-02",
|
|
28
|
-
"severity": "MUST",
|
|
29
|
-
"category": "filtering-layer",
|
|
30
|
-
"title": "Database-native tenant enforcement is secondary",
|
|
31
|
-
"description": "Database-native enforcement (RLS policies, separate schemas) is the SECONDARY failsafe mechanism. Database enforcement supplements but does not replace application-layer filtering.",
|
|
32
|
-
"rationale": "ADR-0010: Dual-layer strategy. Database is failsafe, not primary.",
|
|
33
|
-
"validationQuery": "Database has RLS or schema-per-tenant. Application-layer filtering still enforced even when DB enforcement exists.",
|
|
34
|
-
"blocking": true,
|
|
35
|
-
"layer": "Infrastructure"
|
|
36
|
-
},
|
|
37
|
-
{
|
|
38
|
-
"id": "MTN-03",
|
|
39
|
-
"severity": "MUST",
|
|
40
|
-
"category": "context-propagation",
|
|
41
|
-
"title": "Tenant context propagated through all layers",
|
|
42
|
-
"description": "Tenant context (tenant_id) MUST be propagated through all layers without exception. Domain logic operates with explicit tenant context. No implicit tenant assumption.",
|
|
43
|
-
"rationale": "ADR-0010: Tenant context must be explicit and immutable for the duration of the request.",
|
|
44
|
-
"validationQuery": "TenantId passed as explicit parameter or via scoped context (not static). Domain methods signature includes tenant context.",
|
|
45
|
-
"blocking": true
|
|
46
|
-
},
|
|
47
|
-
{
|
|
48
|
-
"id": "MTN-04",
|
|
49
|
-
"severity": "MUST NOT",
|
|
50
|
-
"category": "data-isolation",
|
|
51
|
-
"title": "Cross-tenant data access prohibited",
|
|
52
|
-
"description": "Cross-tenant data access is strictly prohibited. No query, report, or export operation may access data from multiple tenants without explicit multi-tenant authorization.",
|
|
53
|
-
"rationale": "ADR-0010: Data isolation is non-negotiable. Cross-tenant access requires explicit corporate authorization.",
|
|
54
|
-
"validationQuery": "Audit logs verify no cross-tenant queries. Access control lists block cross-tenant operations.",
|
|
55
|
-
"blocking": true
|
|
56
|
-
},
|
|
57
|
-
{
|
|
58
|
-
"id": "MTN-05",
|
|
59
|
-
"severity": "MUST",
|
|
60
|
-
"category": "schema-per-tenant",
|
|
61
|
-
"title": "Multi-tenant schema strategy defined upfront",
|
|
62
|
-
"description": "The multi-tenant schema strategy (shared schema with tenant_id, separate schema per tenant, or separate database per tenant) MUST be defined before Phase 2 Design and documented in evolith.yaml.",
|
|
63
|
-
"rationale": "ADR-0010: Schema strategy affects all bounded contexts. Must be decided early.",
|
|
64
|
-
"validationQuery": "evolith.yaml specifies boundedContexts[].persistence strategy (shared-schema | schema-per-tenant | db-per-tenant).",
|
|
65
|
-
"blocking": true
|
|
66
|
-
},
|
|
67
|
-
{
|
|
68
|
-
"id": "MTN-06",
|
|
69
|
-
"severity": "MUST",
|
|
70
|
-
"category": "audit-trail",
|
|
71
|
-
"title": "Tenant-scoped audit trail maintained",
|
|
72
|
-
"description": "All tenant operations MUST be logged with tenant context. Audit trail enables compliance and security investigation per tenant.",
|
|
73
|
-
"rationale": "ADR-0010: Audit trail must be tenant-scoped for compliance and security.",
|
|
74
|
-
"validationQuery": "All audit logs include tenant_id field. Logs are immutable and retained per compliance requirements.",
|
|
75
|
-
"blocking": false,
|
|
76
|
-
"layer": "Infrastructure"
|
|
77
|
-
},
|
|
78
|
-
{
|
|
79
|
-
"id": "MTN-07",
|
|
80
|
-
"severity": "MUST",
|
|
81
|
-
"category": "data-migration",
|
|
82
|
-
"title": "Tenant migration path defined for schema changes",
|
|
83
|
-
"description": "When schema changes affect tenant data (new tenant column, migration scripts), the migration MUST include tenant-aware rollback and validation. No schema migration that breaks tenant data integrity.",
|
|
84
|
-
"rationale": "ADR-0010: Schema migrations in multi-tenant context are high-risk. Tenant data integrity must be preserved.",
|
|
85
|
-
"validationQuery": "Migration scripts include tenant validation tests. Rollback tested with tenant data present.",
|
|
86
|
-
"blocking": true
|
|
87
|
-
},
|
|
88
|
-
{
|
|
89
|
-
"id": "MTN-08",
|
|
90
|
-
"severity": "MUST",
|
|
91
|
-
"category": "external-api",
|
|
92
|
-
"title": "External APIs validate tenant context on every request",
|
|
93
|
-
"description": "Every API endpoint that handles tenant data MUST validate tenant context from authentication token or header. Requests without valid tenant context are rejected with 403 Forbidden.",
|
|
94
|
-
"rationale": "ADR-0010: API endpoints must enforce tenant context at the boundary.",
|
|
95
|
-
"validationQuery": "API middleware validates tenant_id from JWT/token on every request. Invalid tenant context returns 403.",
|
|
96
|
-
"blocking": true,
|
|
97
|
-
"layer": "Api"
|
|
98
|
-
}
|
|
99
|
-
],
|
|
100
|
-
"schemaStrategies": [
|
|
101
|
-
{
|
|
102
|
-
"strategy": "shared-schema",
|
|
103
|
-
"description": "All tenants share same database schema with tenant_id column",
|
|
104
|
-
"useWhen": "Low sensitivity, high tenant count"
|
|
105
|
-
},
|
|
106
|
-
{
|
|
107
|
-
"strategy": "schema-per-tenant",
|
|
108
|
-
"description": "Each tenant has own PostgreSQL schema",
|
|
109
|
-
"useWhen": "Moderate sensitivity, moderate tenant count"
|
|
110
|
-
},
|
|
111
|
-
{
|
|
112
|
-
"strategy": "db-per-tenant",
|
|
113
|
-
"description": "Each tenant has own database",
|
|
114
|
-
"useWhen": "High sensitivity, low tenant count, strong isolation required"
|
|
115
|
-
}
|
|
116
|
-
],
|
|
117
|
-
"references": [
|
|
118
|
-
"reference/architecture/adrs/core/0010-multi-tenancy-architecture-strategy.md",
|
|
119
|
-
"reference/architecture/adrs/dotnet/0060-dotnet-multi-tenancy-dual-layer-strategy.md"
|
|
120
|
-
],
|
|
121
|
-
"exitCriteria": {
|
|
122
|
-
"description": "All tenant-scoped queries include tenant_id filter. Database RLS enforced. Tenant context propagated through all layers.",
|
|
123
|
-
"validationTools": [
|
|
124
|
-
"SQL analysis",
|
|
125
|
-
"integration tests with tenant isolation",
|
|
126
|
-
"security scan"
|
|
127
|
-
]
|
|
128
|
-
}
|
|
129
|
-
}
|
|
@@ -1,115 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0018-testing-pyramid.rules.json",
|
|
4
|
-
"title": "ADR-0018 — Testing Pyramid and Quality Gates Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0018 Testing Pyramid. Enforces layered testing with distribution targets and blocking thresholds.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0018",
|
|
8
|
-
"adrTitle": "Testing Pyramid and Automated Quality Gates",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-08",
|
|
11
|
-
"effectiveDate": "2026-05-08",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "TPY-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "test-layer-distribution",
|
|
17
|
-
"title": "Test distribution follows 70/20/10 pyramid",
|
|
18
|
-
"description": "Test suite distribution MUST target: 70% unit tests, 20% integration tests, 10% E2E tests. Deviation beyond 5% tolerance requires written explanation in PR.",
|
|
19
|
-
"rationale": "ADR-0018 §Decision: Rigid test requirements prevent gradual regression. Pyramid distribution enforces coverage quality.",
|
|
20
|
-
"validationQuery": "CI reports test count by type. Distribution checked against target ±5% tolerance.",
|
|
21
|
-
"blocking": false,
|
|
22
|
-
"target": {
|
|
23
|
-
"unit": 70,
|
|
24
|
-
"integration": 20,
|
|
25
|
-
"e2e": 10,
|
|
26
|
-
"tolerance": 5
|
|
27
|
-
}
|
|
28
|
-
},
|
|
29
|
-
{
|
|
30
|
-
"id": "TPY-02",
|
|
31
|
-
"severity": "MUST",
|
|
32
|
-
"category": "unit-testing",
|
|
33
|
-
"title": "Unit tests dominate total test volume",
|
|
34
|
-
"description": "Unit tests MUST dominate the total test volume. Unit tests isolate pure core and application classes. Tests must not execute IO or container startups.",
|
|
35
|
-
"rationale": "ADR-0018 §Decision: Unit layer dominates total test volume using standard Jest executions isolating pure core and application classes.",
|
|
36
|
-
"validationQuery": "Unit test execution time < 50ms average. No testcontainer, database, or HTTP call in unit tests.",
|
|
37
|
-
"blocking": true,
|
|
38
|
-
"layer": "Core, Application"
|
|
39
|
-
},
|
|
40
|
-
{
|
|
41
|
-
"id": "TPY-03",
|
|
42
|
-
"severity": "MUST",
|
|
43
|
-
"category": "integration-testing",
|
|
44
|
-
"title": "Integration tests use ephemeral containers",
|
|
45
|
-
"description": "Integration tests MUST test persistence and gateway adapters against active databases using testcontainer engines (e.g., live PostgreSQL/Redis in ephemeral containers). No shared state between test runs.",
|
|
46
|
-
"rationale": "ADR-0018 §Decision: Integration layer uses testcontainers for safe, isolated database testing.",
|
|
47
|
-
"validationQuery": "Integration tests use ephemeral containers. No mutable shared database state across test runs.",
|
|
48
|
-
"blocking": false,
|
|
49
|
-
"layer": "Infrastructure"
|
|
50
|
-
},
|
|
51
|
-
{
|
|
52
|
-
"id": "TPY-04",
|
|
53
|
-
"severity": "MUST",
|
|
54
|
-
"category": "e2e-testing",
|
|
55
|
-
"title": "E2E tests cover full HTTP routes",
|
|
56
|
-
"description": "E2E tests deploy isolated supertest routines orchestrating full HTTP routes (Controller Service Database) testing actual external boundary security and transport.",
|
|
57
|
-
"rationale": "ADR-0018 §Decision: E2E layer tests complete HTTP integration from controller to database.",
|
|
58
|
-
"validationQuery": "E2E tests execute real HTTP requests against deployed service. No mocked services.",
|
|
59
|
-
"blocking": false,
|
|
60
|
-
"layer": "Api"
|
|
61
|
-
},
|
|
62
|
-
{
|
|
63
|
-
"id": "TPY-05",
|
|
64
|
-
"severity": "MUST",
|
|
65
|
-
"category": "coverage-threshold",
|
|
66
|
-
"title": "Business logic coverage >= 80%",
|
|
67
|
-
"description": "CI pipeline rigorously denies processing merge commits that collapse general test coverage thresholds underneath 80% for business logic.",
|
|
68
|
-
"rationale": "ADR-0018 §Decision: Binary gates enforce coverage minimums before code enters target branch.",
|
|
69
|
-
"validationQuery": "Coverage report shows business logic coverage >= 80%. CI fails below threshold.",
|
|
70
|
-
"blocking": true,
|
|
71
|
-
"threshold": 80
|
|
72
|
-
},
|
|
73
|
-
{
|
|
74
|
-
"id": "TPY-06",
|
|
75
|
-
"severity": "MUST",
|
|
76
|
-
"category": "per-layer-thresholds",
|
|
77
|
-
"title": "Per-layer coverage thresholds enforced",
|
|
78
|
-
"description": "Coverage thresholds are enforced per layer: Domain >= 95%, Application >= 85%, Infrastructure >= 60%, BFF/Controllers >= 70%. Aggregate coverage is insufficient.",
|
|
79
|
-
"rationale": "Senior Architectural Assessment finding: 70% aggregate can be reached with happy paths only. Layer differentiation is required for hexagonal architectures with rich domains.",
|
|
80
|
-
"validationQuery": "Jest/Istanbul configured with coverageThresholds by path pattern. Each layer meets its threshold.",
|
|
81
|
-
"blocking": true,
|
|
82
|
-
"layerThresholds": {
|
|
83
|
-
"Domain": 95,
|
|
84
|
-
"Application": 85,
|
|
85
|
-
"Infrastructure": 60,
|
|
86
|
-
"Api": 70
|
|
87
|
-
}
|
|
88
|
-
},
|
|
89
|
-
{
|
|
90
|
-
"id": "TPY-07",
|
|
91
|
-
"severity": "MUST NOT",
|
|
92
|
-
"category": "test-isolation",
|
|
93
|
-
"title": "Unit tests do not execute IO",
|
|
94
|
-
"description": "Unit tests MUST NOT execute IO operations (file system, network, database). Pure domain tests run in milliseconds with no external dependencies.",
|
|
95
|
-
"rationale": "ADR-0018 §Decision: Unit tests isolate pure core and application classes. IO would defeat isolation.",
|
|
96
|
-
"validationQuery": "Unit tests complete without network calls, file system access, or database connections. Mock all external dependencies.",
|
|
97
|
-
"blocking": true,
|
|
98
|
-
"layer": "Core, Application"
|
|
99
|
-
}
|
|
100
|
-
],
|
|
101
|
-
"references": [
|
|
102
|
-
"reference/architecture/adrs/core/0018-testing-pyramid-quality-gates.md",
|
|
103
|
-
"reference/architecture/adrs/core/0005-ci-cd-quality-codeql.md",
|
|
104
|
-
"reference/governance/sdlc/quality-gates.md"
|
|
105
|
-
],
|
|
106
|
-
"exitCriteria": {
|
|
107
|
-
"description": "Pyramid distribution validated per release. Coverage thresholds enforced in CI. SLA compliance tracked.",
|
|
108
|
-
"validationTools": [
|
|
109
|
-
"Jest",
|
|
110
|
-
"Istanbul",
|
|
111
|
-
"testcontainers",
|
|
112
|
-
"supertest"
|
|
113
|
-
]
|
|
114
|
-
}
|
|
115
|
-
}
|
|
@@ -1,134 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../schema/ruleset-standard.schema.json",
|
|
3
|
-
"$id": "https://evolith.dev/rulesets/adr/adr-0032-protocol-selection.rules.json",
|
|
4
|
-
"title": "ADR-0032 — API Protocol Selection Matrix Rules",
|
|
5
|
-
"description": "Machine-readable rules encoding ADR-0032 Protocol Selection Matrix. Mandatory protocol selection for internal, external, and BFF communication.",
|
|
6
|
-
"version": "1.0.0",
|
|
7
|
-
"adrId": "ADR-0032",
|
|
8
|
-
"adrTitle": "API Protocol Selection Matrix (REST vs gRPC vs GraphQL)",
|
|
9
|
-
"status": "Approved",
|
|
10
|
-
"date": "2026-05-11",
|
|
11
|
-
"effectiveDate": "2026-05-11",
|
|
12
|
-
"rules": [
|
|
13
|
-
{
|
|
14
|
-
"id": "PROT-01",
|
|
15
|
-
"severity": "MUST",
|
|
16
|
-
"category": "internal-communication",
|
|
17
|
-
"title": "Internal service-to-service uses gRPC",
|
|
18
|
-
"description": "MANDATE: gRPC (Protocol Buffers over HTTP/2) for all internal service-to-service communication between bounded contexts. Scope: synchronous calls where both services are owned by the organization.",
|
|
19
|
-
"rationale": "ADR-0032 §Decision: High performance, binary serialization, and strict type-safety through unified .proto contracts.",
|
|
20
|
-
"validationQuery": "Internal service calls use gRPC. No REST calls between internal bounded contexts (telemetry confirms).",
|
|
21
|
-
"blocking": true,
|
|
22
|
-
"scenario": "Machine-to-Machine (Internal)"
|
|
23
|
-
},
|
|
24
|
-
{
|
|
25
|
-
"id": "PROT-02",
|
|
26
|
-
"severity": "MUST",
|
|
27
|
-
"category": "external-communication",
|
|
28
|
-
"title": "Public and external APIs use REST",
|
|
29
|
-
"description": "MANDATE: REST (JSON over HTTPS) for all public third-party and external integration. Scope: external customer integrations, legacy corporate gateway connections, and global developer public APIs.",
|
|
30
|
-
"rationale": "ADR-0032 §Decision: Industry universality, trivial consumption, easiest debugging/testing, broad interactive documentation.",
|
|
31
|
-
"validationQuery": "Public API endpoints use REST/JSON. OpenAPI spec available for all public APIs.",
|
|
32
|
-
"blocking": true,
|
|
33
|
-
"scenario": "Public Third-Party & External Integration"
|
|
34
|
-
},
|
|
35
|
-
{
|
|
36
|
-
"id": "PROT-03",
|
|
37
|
-
"severity": "MUST",
|
|
38
|
-
"category": "bff-communication",
|
|
39
|
-
"title": "BFF uses REST primary, GraphQL targeted",
|
|
40
|
-
"description": "Default to REST for standard flows (CRUD commands). Adopt GraphQL strictly at the NestJS BFF level ONLY when a screen requires complex data aggregation (fetching Entities, associated Taxonomies, Audits, and relations simultaneously).",
|
|
41
|
-
"rationale": "ADR-0032 §Decision: Prevents mobile/web over-fetching and multiple sequential roundtrips for rich read scenarios.",
|
|
42
|
-
"validationQuery": "BFF uses REST for standard CRUD. GraphQL used only for aggregate read scenarios with documented justification.",
|
|
43
|
-
"blocking": false,
|
|
44
|
-
"scenario": "Frontend Portals & Dynamic BFF Orchestration"
|
|
45
|
-
},
|
|
46
|
-
{
|
|
47
|
-
"id": "PROT-04",
|
|
48
|
-
"severity": "MUST NOT",
|
|
49
|
-
"category": "graphql-isolation",
|
|
50
|
-
"title": "GraphQL resolvers never in domain layer",
|
|
51
|
-
"description": "GraphQL runtime logic MUST exist only within Tier-2 BFF application nodes. Core domain API definitions never natively support GraphQL resolvers. This prevents view-specific constraints from leaking into domain business logic.",
|
|
52
|
-
"rationale": "ADR-0032 §Architecture Guidelines: GraphQL isolation. Core domain must remain protocol-agnostic.",
|
|
53
|
-
"validationQuery": "No GraphQL resolvers in Core or Application layers. GraphQL exists only in BFF/Api layer.",
|
|
54
|
-
"blocking": true,
|
|
55
|
-
"scenario": "Domain Layer"
|
|
56
|
-
},
|
|
57
|
-
{
|
|
58
|
-
"id": "PROT-05",
|
|
59
|
-
"severity": "MUST",
|
|
60
|
-
"category": "protobuf-centralization",
|
|
61
|
-
"title": "Proto files centralized in Contracts library",
|
|
62
|
-
"description": "All internal gRPC service schemas (.proto) are hosted and versioned in a unified Contracts library (libs/contracts or similar) to prevent drifted interface models.",
|
|
63
|
-
"rationale": "ADR-0032 §Architecture Guidelines: Protobuf centralization prevents interface drift between services.",
|
|
64
|
-
"validationQuery": ".proto files exist in shared Contracts library. No duplicate .proto definitions across services.",
|
|
65
|
-
"blocking": true
|
|
66
|
-
},
|
|
67
|
-
{
|
|
68
|
-
"id": "PROT-06",
|
|
69
|
-
"severity": "SHOULD",
|
|
70
|
-
"category": "streaming",
|
|
71
|
-
"title": "File uploads/streams prefer gRPC streaming",
|
|
72
|
-
"description": "File uploads and streaming scenarios SHOULD use gRPC streaming capabilities for native streaming or REST multipart as fallback.",
|
|
73
|
-
"rationale": "ADR-0032 §Selection Decision Tree: Native streaming capability or simple multipart.",
|
|
74
|
-
"validationQuery": "Streaming endpoints evaluated for gRPC first, REST multipart as fallback.",
|
|
75
|
-
"blocking": false
|
|
76
|
-
},
|
|
77
|
-
{
|
|
78
|
-
"id": "PROT-07",
|
|
79
|
-
"severity": "MUST",
|
|
80
|
-
"category": "contract-versioning",
|
|
81
|
-
"title": "Breaking changes require version bump",
|
|
82
|
-
"description": "Breaking changes to inter-service contracts (gRPC .proto or REST OpenAPI) require a new major version. Consumer-driven contract tests must pass before merge.",
|
|
83
|
-
"rationale": "ADR-0032 §Decision: Contract versioning ensures backward compatibility during service evolution.",
|
|
84
|
-
"validationQuery": "Contract tests enforce backward compatibility. Breaking changes blocked by CI.",
|
|
85
|
-
"blocking": true
|
|
86
|
-
}
|
|
87
|
-
],
|
|
88
|
-
"protocolMatrix": [
|
|
89
|
-
{
|
|
90
|
-
"scenario": "Machine-to-Machine (Internal)",
|
|
91
|
-
"protocol": "gRPC",
|
|
92
|
-
"justification": "Low latency, binary compaction, strongly typed"
|
|
93
|
-
},
|
|
94
|
-
{
|
|
95
|
-
"scenario": "File Uploads/Streams",
|
|
96
|
-
"protocol": "gRPC / REST",
|
|
97
|
-
"justification": "Native streaming or simple multipart"
|
|
98
|
-
},
|
|
99
|
-
{
|
|
100
|
-
"scenario": "Public Open API / Developer Docs",
|
|
101
|
-
"protocol": "REST",
|
|
102
|
-
"justification": "Universal standard, easiest vendor adoption"
|
|
103
|
-
},
|
|
104
|
-
{
|
|
105
|
-
"scenario": "High-Density Aggregate Dashboards",
|
|
106
|
-
"protocol": "GraphQL",
|
|
107
|
-
"justification": "Resolves under-fetching / recursive lookups"
|
|
108
|
-
},
|
|
109
|
-
{
|
|
110
|
-
"scenario": "Low-Power Mobile Data Retrieval",
|
|
111
|
-
"protocol": "GraphQL",
|
|
112
|
-
"justification": "Client strictly defines data shape"
|
|
113
|
-
},
|
|
114
|
-
{
|
|
115
|
-
"scenario": "Standard CRUD",
|
|
116
|
-
"protocol": "REST",
|
|
117
|
-
"justification": "Predictable cacheability, native HTTP semantics"
|
|
118
|
-
}
|
|
119
|
-
],
|
|
120
|
-
"references": [
|
|
121
|
-
"reference/architecture/adrs/core/0032-api-protocol-decision-matrix-rest-grpc-graphql.md",
|
|
122
|
-
"reference/architecture/adrs/nodejs/0027-dual-protocol-rest-grpc-api-gateway.md",
|
|
123
|
-
"reference/architecture/adrs/core/0030-two-tier-distributed-gateway-model.md"
|
|
124
|
-
],
|
|
125
|
-
"exitCriteria": {
|
|
126
|
-
"description": "All inter-service communication uses correct protocol per matrix. Contracts centralized and versioned.",
|
|
127
|
-
"validationTools": [
|
|
128
|
-
"gRPC",
|
|
129
|
-
"OpenAPI",
|
|
130
|
-
"Pact",
|
|
131
|
-
"network traffic analysis"
|
|
132
|
-
]
|
|
133
|
-
}
|
|
134
|
-
}
|