# DevOps Requirements

Phase: deployment
Enforcement: informational (graduating to blocking Q3 2026)

## OPS-001: Health Check Endpoint

Every deployable service MUST expose a `/health` or `/actuator/health` endpoint that returns 200 when healthy.

**Rule:** New services must include a health check. Existing services adding deployment config must verify health endpoint exists.

**Test:** Check that service has a health endpoint registered (grep for health route registration).

## OPS-002: Structured Logging

All log statements MUST use structured logging (JSON format) with at minimum: timestamp, level, service name, correlation ID.

**Rule:** No `System.out.println`, `console.log` for production logging. Use the logging framework with structured output.

**Test:** Grep for `System.out.print`, `System.err.print`, raw `console.log` in non-test source files.

## OPS-003: Resource Limits

All Kubernetes deployment manifests MUST specify CPU and memory requests and limits.

**Rule:** No unbounded resource consumption. Every container spec must have `resources.requests` and `resources.limits`.

**Test:** Parse YAML deployment files, verify `resources` block present with both `requests` and `limits`.

## OPS-004: Rollback Safety

Database migrations MUST be backward-compatible with the previous service version (N-1 compatibility).

**Rule:** No column renames or drops without a multi-step migration. Additive changes only in a single release.

**Test:** Scan migration SQL for `DROP COLUMN`, `RENAME COLUMN`, `ALTER TYPE` — flag for manual review.