documentation update with module guidelines
This commit is contained in:
@@ -268,6 +268,34 @@
|
||||
"requirement": "MUST check existing CSS layers (base, components, layout, pages) for suitable classes before writing new rules. MUST use existing app-* component classes as the basis and only add additive overrides. MUST NOT duplicate declarations already defined in shared component or layout files.",
|
||||
"source": "tools/codex-skills/core-guardrails/references/boundaries-ui.md"
|
||||
},
|
||||
{
|
||||
"id": "GR-MOD-001",
|
||||
"area": "core",
|
||||
"title": "Module classes must use MintyPHP\\Module\\ namespace",
|
||||
"requirement": "All PHP classes under modules/<id>/lib/ MUST use the MintyPHP\\Module\\<Name>\\ namespace. MUST NOT use core namespaces (MintyPHP\\Service\\, MintyPHP\\Repository\\, MintyPHP\\Support\\, MintyPHP\\Http\\). Enforced by ModuleStructureContractTest::testModuleClassesUseModuleNamespace.",
|
||||
"source": "docs/reference-module-manifest-contract.md"
|
||||
},
|
||||
{
|
||||
"id": "GR-MOD-002",
|
||||
"area": "core",
|
||||
"title": "Module runtime fingerprint must be current",
|
||||
"requirement": "After any module/manifest/APP_ENABLED_MODULES change, MUST run php bin/module-runtime-sync.php before serving requests. web/index.php validates the runtime fingerprint and fails fast if stale. MUST NOT bypass or remove the fingerprint check.",
|
||||
"source": "docs/reference-module-manifest-contract.md"
|
||||
},
|
||||
{
|
||||
"id": "GR-MOD-003",
|
||||
"area": "ui",
|
||||
"title": "Module UI only via platform slots",
|
||||
"requirement": "Module UI contributions MUST use platform slots (aside.tab_panel, topbar.right_item, layout.head_style, layout.body_end_template, runtime.component, search.resource_item). MUST NOT add module-specific markup to core templates. Enforced by NoBookmarksHardcodingTest and NoAddressBookHardcodingTest.",
|
||||
"source": "docs/reference-module-manifest-contract.md"
|
||||
},
|
||||
{
|
||||
"id": "GR-SEC-007",
|
||||
"area": "security",
|
||||
"title": "API requests must not start PHP sessions",
|
||||
"requirement": "API requests (api/ prefix) MUST NOT trigger Session::start(), remember-me cookie handling, or session timeout redirects. API authentication is handled by ApiBootstrap.php with Bearer tokens. web/index.php enforces this via channel detection before session initialization.",
|
||||
"source": "docs/reference-module-manifest-contract.md"
|
||||
},
|
||||
{
|
||||
"id": "GR-UI-017",
|
||||
"area": "ui",
|
||||
|
||||
Reference in New Issue
Block a user