documentation update with module guidelines

This commit is contained in:
2026-03-18 22:58:15 +01:00
parent 476f688bd8
commit 5da506a20f
5 changed files with 137 additions and 12 deletions

View File

@@ -268,6 +268,34 @@
"requirement": "MUST check existing CSS layers (base, components, layout, pages) for suitable classes before writing new rules. MUST use existing app-* component classes as the basis and only add additive overrides. MUST NOT duplicate declarations already defined in shared component or layout files.",
"source": "tools/codex-skills/core-guardrails/references/boundaries-ui.md"
},
{
"id": "GR-MOD-001",
"area": "core",
"title": "Module classes must use MintyPHP\\Module\\ namespace",
"requirement": "All PHP classes under modules/<id>/lib/ MUST use the MintyPHP\\Module\\<Name>\\ namespace. MUST NOT use core namespaces (MintyPHP\\Service\\, MintyPHP\\Repository\\, MintyPHP\\Support\\, MintyPHP\\Http\\). Enforced by ModuleStructureContractTest::testModuleClassesUseModuleNamespace.",
"source": "docs/reference-module-manifest-contract.md"
},
{
"id": "GR-MOD-002",
"area": "core",
"title": "Module runtime fingerprint must be current",
"requirement": "After any module/manifest/APP_ENABLED_MODULES change, MUST run php bin/module-runtime-sync.php before serving requests. web/index.php validates the runtime fingerprint and fails fast if stale. MUST NOT bypass or remove the fingerprint check.",
"source": "docs/reference-module-manifest-contract.md"
},
{
"id": "GR-MOD-003",
"area": "ui",
"title": "Module UI only via platform slots",
"requirement": "Module UI contributions MUST use platform slots (aside.tab_panel, topbar.right_item, layout.head_style, layout.body_end_template, runtime.component, search.resource_item). MUST NOT add module-specific markup to core templates. Enforced by NoBookmarksHardcodingTest and NoAddressBookHardcodingTest.",
"source": "docs/reference-module-manifest-contract.md"
},
{
"id": "GR-SEC-007",
"area": "security",
"title": "API requests must not start PHP sessions",
"requirement": "API requests (api/ prefix) MUST NOT trigger Session::start(), remember-me cookie handling, or session timeout redirects. API authentication is handled by ApiBootstrap.php with Bearer tokens. web/index.php enforces this via channel detection before session initialization.",
"source": "docs/reference-module-manifest-contract.md"
},
{
"id": "GR-UI-017",
"area": "ui",