(llm-first): context budget, validation, and eval harness, orchestration general-prompt

prompts/runtime-rules.md

@@ -1,96 +1,86 @@
 # Runtime Rules
 
-This repository keeps the current LLM-first CRUD generation architecture as the primary working baseline and strengthens the existing pipeline instead of replacing it.
+<!-- prompt-version: 2.0 -->
+<!-- applies-to: docker-compose.yml, server/.env.example, client/.env.example -->
+<!-- validated-by: tools/validate-generation.mjs §validateRuntimeContractChecks -->
 
-## Baseline runtime topology
+Use this document during the **Preparation / Discovery** and **Auth / Runtime / Realm** stages defined in `prompts/general-prompt.md`.
 
-- `server/` is the active backend target output path.
-- `client/` is the active frontend target output path.
-- Docker scope remains PostgreSQL only.
-- Keycloak remains external to the repository runtime.
-- The project remains LLM-first: markdown knowledge blocks in `prompts/` orchestrate generation, while active generated/maintained code lives in `server/` and `client/`.
+## Purpose
 
-## Required input and derived artifacts
+Define the runtime topology, environment defaults, scaffold expectations, and bootstrap sequence for a buildable generated workspace.
 
-- Source of truth:
-  - `domain/*.dsl`
-- Required derived artifacts:
-  - `domain-summary.json`
-  - root-level `*-realm.json`
+## Mandatory Inputs
 
-`domain-summary.json` exists to stabilize generation and validation; it must be regenerated from the DSL and treated as non-authoritative.
+- `prompts/general-prompt.md`
+- `prompts/auth-rules.md` when runtime changes affect auth defaults or seams
+- current repository runtime/auth defaults
 
-## Output contract
+`api-summary.json` is an auxiliary artifact only. Refresh it when validator/tooling requires freshness checks or when a compact inventory helps discovery. Do not treat it as the runtime source of truth.
 
-The strengthened baseline must produce and keep aligned:
+## Expected Outputs
 
-- `server/prisma/schema.prisma`
-- backend/frontend env examples
-- backend/frontend auth seams
-- root `.gitignore`, `server/.gitignore`, `client/.gitignore`
 - `docker-compose.yml`
-- `domain-summary.json`
-- root-level realm import artifact
+- `server/.env.example`
+- `client/.env.example`
+- a buildable NestJS workspace under `server/`
+- a buildable Vite React TypeScript workspace under `client/`
+- any validator-required auxiliary artifacts such as `api-summary.json`
 
-## Concrete runtime examples
+## Baseline Runtime Topology
 
-Use these as the baseline examples for this project unless the prompt explicitly overrides them:
+- `server/` is the backend output path
+- `client/` is the frontend output path
+- Docker scope stays PostgreSQL-only
+- Keycloak remains external to repository runtime
+- the project remains LLM-first and prompt-driven
 
-- Backend:
-  - `PORT=3000`
-  - `DATABASE_URL="postgresql://postgres:postgres@localhost:5432/toir"`
-  - `CORS_ALLOWED_ORIGINS="http://localhost:5173,https://toir-frontend.greact.ru"`
-  - `KEYCLOAK_ISSUER_URL="https://sso.greact.ru/realms/toir"`
-  - `KEYCLOAK_AUDIENCE="toir-backend"`
-- Frontend:
-  - `VITE_API_URL=http://localhost:3000`
-  - `VITE_KEYCLOAK_URL=https://sso.greact.ru`
-  - `VITE_KEYCLOAK_REALM=toir`
-  - `VITE_KEYCLOAK_CLIENT_ID=toir-frontend`
+## Concrete Runtime Defaults
 
-These example values come from the already working runtime shape and are preferred over local-only Keycloak placeholders.
+Backend:
 
-## Runtime bootstrap
+- `PORT=3000`
+- `DATABASE_URL="postgresql://postgres:postgres@localhost:5432/toir"`
+- `CORS_ALLOWED_ORIGINS="http://localhost:5173,https://toir-frontend.greact.ru"`
+- `KEYCLOAK_ISSUER_URL="https://sso.greact.ru/realms/toir"`
+- `KEYCLOAK_AUDIENCE="toir-backend"`
 
-1. Import the root-level realm artifact into Keycloak.
-2. Start PostgreSQL with `docker compose up -d`.
-3. From `server/` run:
-   - initialize or repair the workspace with official Nest CLI scaffolding if required before generating domain code
-   - `npm install`
-   - `npx prisma generate`
-   - `npx prisma migrate dev`
-   - `npx prisma db seed`
-   - `npm run build`
-   - `npm run start`
-4. From `client/` run:
-   - initialize or repair the workspace with official Vite React TypeScript scaffolding if required before generating app code
-   - `npm install`
-   - `npm run build`
-   - `npm run dev`
+Frontend:
 
-## Recovery and completion rules
+- `VITE_API_URL=http://localhost:3000`
+- `VITE_KEYCLOAK_URL=https://sso.greact.ru`
+- `VITE_KEYCLOAK_REALM=toir`
+- `VITE_KEYCLOAK_CLIENT_ID=toir-frontend`
 
-- Repair degraded framework workspaces before applying any new domain-derived generation changes.
-- Do not mark generation complete while `server/` or `client/` remains non-buildable.
-- If dependency installation has not happened yet, buildability may be reported as skipped, but it must never be reported as green without verification.
-- Runtime/bootstrap instructions are reusable project baseline rules; TOiR names remain examples, not the only supported domain project.
+## Scaffold Expectations
 
-## Scaffold expectations
+- new or repaired backend workspaces start from the official Nest CLI
+- new or repaired frontend workspaces start from the official Vite React TypeScript CLI
+- Prisma initialization uses the official Prisma CLI when relevant
+- the LLM may customize generated code after scaffold creation, but must not replace official initialization with ad hoc file creation
 
-- NestJS workspace creation should follow the official Nest CLI path for new applications and resource scaffolding.
-- Vite frontend creation should follow the official Vite `create-vite` path for React TypeScript applications.
-- The LLM may customize generated code after scaffold creation, but must not replace official workspace initialization with ad hoc file creation.
+## Runtime Bootstrap
 
-## Common generation failures to avoid
+1. import `toir-realm.json` into Keycloak
+2. start PostgreSQL with `docker compose up -d`
+3. from `server/`:
+   - repair or create the workspace with official Nest CLI if needed
+   - install dependencies
+   - run Prisma commands required by the schema stage
+   - run `npm run build`
+   - run `npm run start`
+4. from `client/`:
+   - repair or create the workspace with official Vite CLI if needed
+   - install dependencies
+   - run `npm run build`
+   - run `npm run dev`
 
-- starting feature generation before scaffold repair
-- leaving deleted framework config files unrepaired because the current diff looks smaller
-- accepting a form-only validation pass while buildability is unknown
-- binding runtime rules to one project-specific DSL filename instead of `domain/*.dsl`
+## Completion Expectations
 
-## Baseline intent
+Runtime preparation is incomplete if any of the following is true:
 
-- No new generator engine
-- No compiler platform
-- No planner/emitter/runtime redesign
-- Only the current LLM-first pipeline, strengthened by summary, realm, and validation artifacts
+- `server/` is missing or not buildable as a NestJS workspace
+- `client/` is missing or not buildable as a Vite React TypeScript workspace
+- framework scaffolding was hand-built instead of created or repaired from official CLIs
+- shared env defaults drift from the repository auth/runtime contract
+- runtime success is claimed without actual build verification