GREACT/KIS-TOiR
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1ea297dfc17afea27a9ea7e269341764cb6e9a9
KIS-TOiR/prompts/validation-rules.md
MaKarin d1ea297dfc chore: harden generation context baseline
2026-03-22 18:34:22 +03:00

3.1 KiB
Raw Blame History

Validation Rules

Validation is now a lightweight automated gate instead of a prose-only checklist.

Commands

  • npm run generate:domain-summary
  • npm run validate:generation
  • npm run validate:generation:runtime

Prompt-Gate Alignment Rule

  • Every invariant described as required in the active prompt corpus must either be enforced by this gate or be called out explicitly as a manual/runtime-only check.
  • Validation must not stay silent about a violation that the prompts describe as forbidden.
  • Validation must not report green buildability when build verification was skipped.

Gate groups

Build checks

  • at least one domain/*.dsl file exists
  • required artifacts exist
  • Prisma schema exists
  • frontend/backend env contracts exist
  • frontend/backend framework workspace files exist
  • domain-summary.json matches the current DSL
  • project .env.example files keep the working domain-based Keycloak examples unless explicitly overridden
  • server/ remains a valid Nest workspace
  • client/ remains a valid Vite workspace
  • generation must not pass validation if framework scaffolding files were deleted and replaced by a hand-written minimal skeleton
  • if dependencies are installed, build verification runs for server/ and client/
  • if dependencies are missing, build verification is reported as skipped with reason instead of green

Auth checks

  • frontend auth seam files exist
  • backend auth seam files exist
  • 401 and 403 semantics stay split
  • auth code keeps the required Keycloak/JWT contracts
  • JWKS resolution chain matches the contract:
    1. explicit KEYCLOAK_JWKS_URL
    2. OIDC discovery
    3. certs fallback

Natural-key checks

  • response records expose id
  • route/update contracts use the real primary key
  • natural-key sort/update paths do not regress to a fake physical id

Realm checks

  • a root *-realm.json artifact exists
  • realm roles exist
  • audience delivery exists
  • required claims are explicit
  • SPA/backend client structure is explicit

Runtime checks

  • compose topology stays PostgreSQL-only
  • Prisma lifecycle scripts remain in place
  • /health stays public
  • backend can execute npm run build inside server/
  • frontend can execute npm run build inside client/ after dependencies are installed
  • client/server .env.example stay aligned with the working runtime defaults:
    • https://sso.greact.ru
    • toir
    • toir-frontend
    • toir-backend
    • https://toir-frontend.greact.ru
  • optional runtime execution mode runs:
    • npx prisma generate
    • npx prisma migrate dev
    • npx prisma db seed

Scaffold checks

  • backend initialization starts from official Nest CLI scaffolding
  • frontend initialization starts from official Vite React TypeScript scaffolding
  • feature generation happens after scaffold creation, not instead of scaffold creation
  • repair happens before generation when workspace is degraded
  • required framework configs and entry files must survive subsequent LLM edits

The automated gate is intentionally small. It enforces the critical reproducibility contract without turning the repository into a test platform or a generator engine.

Reference in New Issue View Git Blame Copy Permalink