max/ai-sdlc-standards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e323c45cb080f0d376ebfcfda313cbfedcea758c
ai-sdlc-standards/architecture/requirements.md
Max Mayfield e323c45cb0 Elevate requirements to organizational/architectural policy 
- Security: no IAM in service repos, no custom auth, no direct external calls
- Architecture: no cross-cloud SDKs, no cross-service DB access, no hardcoded tenant/env config
- DevOps: Foxtrot-compatible Helm (no custom ingress), no infra provisioning in service repos, no pinned infra versions
- Cost: resource tagging, no unbounded allocation, no per-tenant infra
- Updated checker and demo to match
- These are NOT static code analysis — they catch organizational policy violations that SonarQube/Checkstyle miss
2026-03-07 07:41:27 +00:00

2.0 KiB
Raw Blame History

Architecture Requirements

Phase: design Enforcement: informational

ARCH-001: No Cross-Cloud Dependencies

Services MUST NOT import cloud-provider-specific SDKs directly. All cloud interactions go through the platform abstraction layer.

Rule: No direct imports of com.amazonaws.*, com.google.cloud.*, or com.azure.* in service code. Use the platform's cloud-agnostic interfaces. If your service runs on AWS today, it must be deployable to GCP tomorrow without code changes.

Test: Scan imports for cloud-provider SDK packages outside the platform abstraction layer.

ARCH-002: No Cross-Service Database Access

Services MUST NOT directly query another service's database. All cross-service data access goes through APIs or events.

Rule: Each service owns its schema. No shared database connections, no cross-schema joins, no direct table access outside your service boundary. If you need data from another service, call its API or consume its events.

Test: Scan datasource configs and SQL for references to schemas/tables outside the service's declared ownership.

ARCH-003: No Hardcoded Tenant or Environment Configuration

Services MUST NOT contain hardcoded tenant IDs, environment URLs, or deployment-specific configuration in source code.

Rule: All tenant and environment config comes from the platform config plane (environment variables, config service, or Helm values). No if (tenant == "acme") logic. No https://prod.reltio.com literals.

Test: Scan for URL literals matching known environment patterns, hardcoded tenant identifiers, environment-switching conditionals.

ARCH-004: API Contract Versioning

All public API changes MUST maintain backward compatibility or follow the deprecation protocol (minimum 30-day dual-support window).

Rule: No removed fields, renamed endpoints, or changed response shapes without a versioned migration path. Breaking changes require a new API version.

Test: Diff OpenAPI specs between branches. Flag removed paths, removed required fields, or changed response types.

Reference in New Issue View Git Blame Copy Permalink