AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
# Cost & Tagging Requirements
Phase: deployment
Enforcement: informational
2026-03-07 07:41:27 +00:00
## COST-001: Standard Resource Tagging
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
All cloud resources MUST include the organization's standard tag set for cost attribution.
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
**Rule:** Every resource that supports tagging must include: `team` , `service` , `environment` , `cost-center` . These are used for chargeback and cost allocation dashboards.
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
**Test:** Parse IaC files, verify tag block contains all four required keys.
2026-03-07 07:41:27 +00:00
## COST-002: No Unbounded Resource Allocation
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
Service configurations MUST define resource ceilings. No open-ended scaling or storage without limits.
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
**Rule:** Auto-scaling must have explicit maximums. Storage must have lifecycle policies. Compute must have resource limits. "Unlimited" is not a valid configuration.
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
**Test:** Check scaling configs for `maxReplicas` /`maxCapacity` . Check storage for lifecycle rules.
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
## COST-003: No Dedicated Infrastructure Per Tenant
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
Services MUST NOT provision tenant-specific infrastructure (dedicated databases, queues, or compute per customer).
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
**Rule:** Multi-tenancy is handled at the application layer, not the infrastructure layer. Tenant isolation through data partitioning, not resource duplication. Exceptions require FinOps approval.
AI SDLC Standards: cross-cutting requirements mono repo
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
2026-03-07 07:31:16 +00:00
2026-03-07 07:41:27 +00:00
**Test:** Scan IaC and Helm values for tenant-specific resource naming patterns or parameterized infrastructure per tenant.
