# Rules for developing software deliverables at TSYS Group
*Adopt these principles and checklist items for every TSYS Group software deliverable—clear, testable, and production-ready.*  

**Core Constraints**
- Only perform host operations for:
    - git workflows (clone, fetch, commit, push, branch, tag)
    - Docker and Docker Compose (build, run, compose up/down, network operations)
- All development and runtime tasks must be performed inside Docker containers.
- Expose only the main application web interface to external networks; all other services/ports remain internal to the per-stack Docker network.

**Containerization & Deployment**
- Ship the application as a Docker container image.
- Provide and maintain a canonical docker-compose.yml that describes service dependencies, networks, volumes, and healthchecks.
- Ensure the container:
    - builds reproducibly
    - starts reliably
    - passes automated smoke tests before any release or QA signoff

**Testing, QA & Reliability**
- Follow Test-Driven Development (TDD) for all new features and bug fixes.
- Create comprehensive automated test suites (unit, integration, E2E where applicable).
- Maintain very high test coverage and ensure all tests pass in CI before merging.
- Treat all warnings as errors; configure CI to fail on warnings where practical.
- Include CI jobs that:
    - build the container
    - run linting
    - run tests
    - perform smoke/startup checks

**Security & Compliance**
- Adhere to best practices for security, QA, engineering, and SRE/DevOps.
- Ensure compliance with applicable regimes (PCI, GDPR, SOC, FedRAMP, accessibility standards).
- Design for least privilege in containers and networks; avoid exposing credentials/secrets in images or source.
- Integrate static analysis, dependency scanning, and container image vulnerability scanning into CI.

**Accessibility**
- Prioritize accessibility from the start; satisfy applicable accessibility guidelines required by US Government contracts.
- Include accessibility checks in test and QA processes.

**Code Quality & Maintainability**
- Lint all artifacts (code, configuration, Dockerfiles, YAML).
- Do not incur technical debt; add required tests, docs, and refactors as part of the change.
- Maintain clear, organized repository and docs. Keep docker-compose.yml and runbooks up to date.

**Operational/SRE Requirements**
- Provide healthchecks and metrics-friendly endpoints where applicable.
- Document startup, configuration, and rollback procedures.
- Ensure containers start quickly and deterministically for orchestration and smoke tests.

**Acceptance Checklist (must be satisfied before “done”)**
- [ ] Code follows TDD and has adequate tests
- [ ] Linting passes with zero warnings
- [ ] Container image builds reproducibly
- [ ] Container starts and passes smoke tests locally and in CI
- [ ] docker-compose.yml reflects current service topology
- [ ] Vulnerability and dependency scans show no critical issues
- [ ] Accessibility and applicable compliance checks pass
- [ ] Documentation and runbooks updated
- [ ] No outstanding technical debt items left untracked

Follow this checklist and principles for every change to ensure secure, testable, and production-ready deliverables.