reachableceo/ReachableCEO-AI-Homedir-Public
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6028ef506314f8db2b3e53a74cd6d494ee524a62
ReachableCEO-AI-Homedir-Public/databank/collab/intake/inbox/DevelopmentRules.md
ReachableCEO 6028ef5063 progress snapshot
2025-10-25 16:28:14 -05:00

3.2 KiB
Raw Blame History

Rules for developing software deliverables at TSYS Group

Adopt these principles and checklist items for every TSYS Group software deliverable—clear, testable, and production-ready.

Core Constraints

  • Only perform host operations for:
    • git workflows (clone, fetch, commit, push, branch, tag)
    • Docker and Docker Compose (build, run, compose up/down, network operations)
  • All development and runtime tasks must be performed inside Docker containers.
  • Expose only the main application web interface to external networks; all other services/ports remain internal to the per-stack Docker network.

Containerization & Deployment

  • Ship the application as a Docker container image.
  • Provide and maintain a canonical docker-compose.yml that describes service dependencies, networks, volumes, and healthchecks.
  • Ensure the container:
    • builds reproducibly
    • starts reliably
    • passes automated smoke tests before any release or QA signoff

Testing, QA & Reliability

  • Follow Test-Driven Development (TDD) for all new features and bug fixes.
  • Create comprehensive automated test suites (unit, integration, E2E where applicable).
  • Maintain very high test coverage and ensure all tests pass in CI before merging.
  • Treat all warnings as errors; configure CI to fail on warnings where practical.
  • Include CI jobs that:
    • build the container
    • run linting
    • run tests
    • perform smoke/startup checks

Security & Compliance

  • Adhere to best practices for security, QA, engineering, and SRE/DevOps.
  • Ensure compliance with applicable regimes (PCI, GDPR, SOC, FedRAMP, accessibility standards).
  • Design for least privilege in containers and networks; avoid exposing credentials/secrets in images or source.
  • Integrate static analysis, dependency scanning, and container image vulnerability scanning into CI.

Accessibility

  • Prioritize accessibility from the start; satisfy applicable accessibility guidelines required by US Government contracts.
  • Include accessibility checks in test and QA processes.

Code Quality & Maintainability

  • Lint all artifacts (code, configuration, Dockerfiles, YAML).
  • Do not incur technical debt; add required tests, docs, and refactors as part of the change.
  • Maintain clear, organized repository and docs. Keep docker-compose.yml and runbooks up to date.

Operational/SRE Requirements

  • Provide healthchecks and metrics-friendly endpoints where applicable.
  • Document startup, configuration, and rollback procedures.
  • Ensure containers start quickly and deterministically for orchestration and smoke tests.

Acceptance Checklist (must be satisfied before “done”)

  • Code follows TDD and has adequate tests
  • Linting passes with zero warnings
  • Container image builds reproducibly
  • Container starts and passes smoke tests locally and in CI
  • docker-compose.yml reflects current service topology
  • Vulnerability and dependency scans show no critical issues
  • Accessibility and applicable compliance checks pass
  • Documentation and runbooks updated
  • No outstanding technical debt items left untracked

Follow this checklist and principles for every change to ensure secure, testable, and production-ready deliverables.