max/ai-sdlc-standards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e323c45cb080f0d376ebfcfda313cbfedcea758c
ai-sdlc-standards/architecture/requirements.md
Max Mayfield e323c45cb0 Elevate requirements to organizational/architectural policy 
- Security: no IAM in service repos, no custom auth, no direct external calls
- Architecture: no cross-cloud SDKs, no cross-service DB access, no hardcoded tenant/env config
- DevOps: Foxtrot-compatible Helm (no custom ingress), no infra provisioning in service repos, no pinned infra versions
- Cost: resource tagging, no unbounded allocation, no per-tenant infra
- Updated checker and demo to match
- These are NOT static code analysis — they catch organizational policy violations that SonarQube/Checkstyle miss
2026-03-07 07:41:27 +00:00

37 lines
2.0 KiB
Markdown
Raw Blame History

# Architecture Requirements
Phase: design
Enforcement: informational
## ARCH-001: No Cross-Cloud Dependencies
Services MUST NOT import cloud-provider-specific SDKs directly. All cloud interactions go through the platform abstraction layer.
**Rule:** No direct imports of `com.amazonaws.*`, `com.google.cloud.*`, or `com.azure.*` in service code. Use the platform's cloud-agnostic interfaces. If your service runs on AWS today, it must be deployable to GCP tomorrow without code changes.
**Test:** Scan imports for cloud-provider SDK packages outside the platform abstraction layer.
## ARCH-002: No Cross-Service Database Access
Services MUST NOT directly query another service's database. All cross-service data access goes through APIs or events.
**Rule:** Each service owns its schema. No shared database connections, no cross-schema joins, no direct table access outside your service boundary. If you need data from another service, call its API or consume its events.
**Test:** Scan datasource configs and SQL for references to schemas/tables outside the service's declared ownership.
## ARCH-003: No Hardcoded Tenant or Environment Configuration
Services MUST NOT contain hardcoded tenant IDs, environment URLs, or deployment-specific configuration in source code.
**Rule:** All tenant and environment config comes from the platform config plane (environment variables, config service, or Helm values). No `if (tenant == "acme")` logic. No `https://prod.reltio.com` literals.
**Test:** Scan for URL literals matching known environment patterns, hardcoded tenant identifiers, environment-switching conditionals.
## ARCH-004: API Contract Versioning
All public API changes MUST maintain backward compatibility or follow the deprecation protocol (minimum 30-day dual-support window).
**Rule:** No removed fields, renamed endpoints, or changed response shapes without a versioned migration path. Breaking changes require a new API version.
**Test:** Diff OpenAPI specs between branches. Flag removed paths, removed required fields, or changed response types.
Reference in New Issue View Git Blame Copy Permalink