diff options
| -rw-r--r-- | todo.org | 69 |
1 files changed, 24 insertions, 45 deletions
@@ -799,14 +799,14 @@ Each item below is a one-line summary of a sub-TODO further down. Tick the box w - [ ] [#B] =brainstorm=: timebox + research/source rules for high-stakes designs **** Architecture -- [ ] [#B] =arch-decide=: timeless examples, drop unverifiable claims -- [ ] [#B] =arch-decide=: standardize statuses + immutability language -- [ ] [#B] =arch-design=: threat modeling + privacy/compliance as first-class inputs -- [ ] [#B] =arch-design=: separate paradigms from tactical patterns -- [ ] [#B] =arch-document=: arc42/Q42 quality scenarios -- [ ] [#B] =arch-document=: staleness + ownership metadata for generated docs -- [ ] [#B] =arch-evaluate=: confidence levels for framework-agnostic findings -- [ ] [#B] =arch-evaluate=: report skipped tool checks explicitly +- [X] [#B] =arch-decide=: timeless examples, drop unverifiable claims +- [X] [#B] =arch-decide=: standardize statuses + immutability language +- [X] [#B] =arch-design=: threat modeling + privacy/compliance as first-class inputs +- [X] [#B] =arch-design=: separate paradigms from tactical patterns +- [X] [#B] =arch-document=: arc42/Q42 quality scenarios +- [X] [#B] =arch-document=: staleness + ownership metadata for generated docs +- [X] [#B] =arch-evaluate=: confidence levels for framework-agnostic findings +- [X] [#B] =arch-evaluate=: report skipped tool checks explicitly **** C4 modeling - [X] [#A] =c4-analyze= + =c4-diagram=: notation/output fallback (not draw.io-only) @@ -969,58 +969,37 @@ claims about markets, regulations, tools, vendors, or current APIs require fresh sources. The design doc should distinguish researched facts from assumptions. -*** TODO [#A] =arch-decide=: make examples technically timeless and avoid unverifiable claims +*** 2026-05-22 Fri @ 14:59:32 -0500 Made arch-decide examples timeless + required citations -The sample ADRs include claims such as MongoDB lacking ACID for multi-document -transactions "at decision time." Examples age and can teach stale facts. Replace -with either clearly dated examples or domain-neutral placeholders, and require -references for real technical claims in generated ADRs. +Dated the MongoDB multi-document-transaction example (scoped to 2024-01) with a backing reference, and added a "Cite, don't assert" Do: every concrete technical claim about a tool/version/platform carries a link, doc, version, or "checked YYYY-MM" date, or gets a domain-neutral placeholder — so unsourced "X can't do Y" doesn't rot into stale fact. -*** TODO [#A] =arch-decide=: standardize statuses and immutability language +*** 2026-05-22 Fri @ 14:59:32 -0500 Standardized arch-decide ADR statuses + immutability rule -The skill mixes Accepted, Decided, Deprecated, Superseded, Rejected, and "Not -Accepted." Pick a canonical status set and state that accepted ADR content is -not edited except for status/link metadata; changed decisions get new ADRs that -supersede old ones. +Declared a canonical five-status set (Proposed, Accepted, Rejected, Deprecated, Superseded) with an explicit "no synonyms" line, and spelled out the immutability rule in the Don'ts: an accepted ADR's body is frozen, only status/link metadata changes, a changed decision gets a new superseding ADR and the old one stays as the historical record. -*** TODO [#A] =arch-design=: add threat modeling and privacy/compliance as first-class design inputs +*** 2026-05-22 Fri @ 14:59:32 -0500 Added Trust/Data/Compliance phase to arch-design -Security appears as one quality attribute, but architecture design should also -ask about trust boundaries, data classification, abuse cases, privacy -constraints, compliance evidence, and operational ownership. These influence -architecture early and should not wait for =security-check=. +Added a new Phase 4 (Trust, Data, and Compliance) before the paradigm shortlist: trust boundaries, data classification, abuse/misuse cases, privacy constraints, compliance evidence, and operational ownership — surfaced early so the architecture is drawn around them, not retrofitted by a downstream =security-check=. Threaded into the workflow list, brief template (new §6), review checklist, and anti-patterns. -*** TODO [#A] =arch-design=: separate architecture paradigms from tactical patterns +*** 2026-05-22 Fri @ 14:59:32 -0500 Split paradigms from tactical patterns in arch-design -The candidate table mixes paradigms (modular monolith, microservices, -event-driven) with tactical or partial patterns (DDD, CQRS, event sourcing). -Revise the matrix so candidates can compose patterns rather than treating each -as a mutually exclusive architecture choice. +Split Phase 5's single mixed table into Step 1 (pick one paradigm: monolith/microservices/layered/event-driven/serverless/pipeline/space-based) and Step 2 (compose tactical patterns: DDD, hexagonal, CQRS, event sourcing — several or none, often per-module), with composition examples and an anti-pattern against treating DDD/CQRS as alternatives to a paradigm. Recommendation + brief now name a paradigm plus composed patterns. -*** TODO [#A] =arch-document=: strengthen quality scenarios using arc42/Q42 structure +*** 2026-05-22 Fri @ 14:59:32 -0500 Expanded arch-document quality scenarios to the Q42 six-part template -Section 10 currently says "Under [condition], the system should [response] -within [measure]." Expand to a compact quality-scenario template: source, -stimulus, environment, artifact, response, response measure. This better -matches architecture-quality practice and makes requirements testable. +Replaced §10's thin "Under [condition]..." template with the arc42/Q42 six-part structure (source, stimulus, environment, artifact, response, response measure), each glossed, with the cart-checkout example rewritten across all six parts. A one-line prose form stays acceptable once all six parts are recoverable. -*** TODO [#A] =arch-document=: add staleness and ownership metadata to generated docs +*** 2026-05-22 Fri @ 14:59:32 -0500 Added staleness/ownership metadata to arch-document output -arc42 docs are living documents. Add owner, source commit/date, review cadence, -and "known stale when..." notes per section or in the README so generated docs -do not become authoritative after the code has moved on. +Added a per-section metadata block (owner, generated-against SHA + date, review cadence, "stale-when" conditions) as an HTML-comment header plus a visible Doc-status note, with field-fill guidance, and a whole-document Doc Status table replacing the README's "Last Updated" stub. Wired into the review checklist and an "Undated docs" anti-pattern. -*** TODO [#A] =arch-evaluate=: add confidence levels for framework-agnostic findings +*** 2026-05-22 Fri @ 14:59:32 -0500 Added confidence levels to arch-evaluate findings -Claude-read import graphs and public API comparisons can be incomplete in large -or dynamic languages. Add confidence/provenance per finding and require "not -fully checked because..." when scale or dynamic imports limit certainty. +Added a "Confidence and Provenance" subsection: every framework-agnostic finding carries High/Medium/Low + how it was determined, with a required "Not fully checked because..." note when scale, runtime imports, reflection, or dynamic dispatch cap certainty. Updated the example findings and review checklist; a finding with no note now asserts a full read. -*** TODO [#A] =arch-evaluate=: report skipped tool checks explicitly +*** 2026-05-22 Fri @ 14:59:32 -0500 Made arch-evaluate report skipped tool checks explicitly -The workflow says skip unconfigured language-specific tools silently, but the -review checklist also wants checks run. For audit usefulness, list detected -languages and "tool not configured" entries under Info instead of silent skips. +Replaced "skip silently" with explicit reporting: for each detected language whose tool isn't configured or can't run, emit an Info "tool not configured / not run" finding (with an example) so the audit shows what was and wasn't verified. A check that didn't run no longer reads as a pass. Updated workflow step 4 and the review checklist. *** 2026-05-22 Fri @ 14:51:37 -0500 Added notation/output fallback to c4-analyze + c4-diagram |