max/ai-sdlc-standards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Elevate requirements to organizational/architectural policy

Browse Source 
- Security: no IAM in service repos, no custom auth, no direct external calls
- Architecture: no cross-cloud SDKs, no cross-service DB access, no hardcoded tenant/env config
- DevOps: Foxtrot-compatible Helm (no custom ingress), no infra provisioning in service repos, no pinned infra versions
- Cost: resource tagging, no unbounded allocation, no per-tenant infra
- Updated checker and demo to match
- These are NOT static code analysis — they catch organizational policy violations that SonarQube/Checkstyle miss
This commit is contained in:
Max Mayfield
2026-03-07 07:41:27 +00:00
parent a7728c6266
commit e323c45cb0
10 changed files with 265 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.demo/dependencies.txt Normal file
View File

@@ -0,0 +1,6 @@
# ARCH-001 VIOLATION: Direct cloud SDK dependencies
com.amazonaws:aws-java-sdk-s3:1.12.400
com.google.cloud:google-cloud-storage:2.20.0
# SEC-002 VIOLATION: JWT library for custom auth
io.jsonwebtoken:jjwt:0.9.1