feat(enforcement): compile Structurizr/C4 models to executable boundary rules (GT-528)#173
Conversation
…ry rules (GT-528) C4/Structurizr models describe intended architecture but never verify it against code. compileC4ToBoundaryRules turns a normalized C4Model (elements with path/importPrefix + allowed relationships) into GT-526 EditBoundaryRules, deriving the denylist from the model's allowlist — an element may only depend on what it declares; everything else is forbidden. ruleId `C4-<id>` + the element's adrRef give traceability. The diagram becomes executable: the rules feed the edit-time gate (GT-526) and PR/CI. Verified end-to-end: a src/domain edit importing src/infrastructure → blocked. core-domain 933/933 (+5), tsc clean, tracking guard green. GT-528 IN-PROGRESS; remaining is parsing the raw Structurizr .dsl / JSON export into the normalized C4Model. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
📊 Bilingual Coverage ImpactPR Changes
Repository Coverage
✅ Good: All EN changes have ES counterparts. Generated by GitHub Actions |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f5c91fa6ef
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| appliesTo: element.path, | ||
| forbiddenImports, |
There was a problem hiding this comment.
Normalize generated boundary prefixes
When a normalized C4 model uses natural path/import prefixes like src/domain or src/app (as the new spec does), these values are passed directly into evaluateEdit, whose matching is plain startsWith. In repos with sibling names that share a prefix, e.g. src/domain-shared/foo.ts or an import from src/application/..., the generated C4-domain/C4-app rule can apply to or forbid the sibling even though it is outside the modeled element, producing false blocking violations. Please emit segment-safe prefixes here (or require/normalize trailing separators) before handing them to the edit gate.
Useful? React with 👍 / 👎.
Los modelos C4/Structurizr describen la arquitectura intencional pero nunca la verifican contra el código — el diagrama es documentación muerta.
compileC4ToBoundaryRulesconvierte unC4Modelnormalizado (elementos conpath/importPrefix+ relaciones permitidas) enEditBoundaryRulede GT-526, derivando el denylist desde el allowlist del modelo: un elemento solo puede depender de lo que declara; el resto queda prohibido.ruleIdC4-<id>+adrRefdel elemento dan trazabilidad.El diagrama se vuelve ejecutable: las reglas alimentan el gate edit-time (GT-526) y el PR/CI. Verificado end-to-end: un edit de
src/domainque importasrc/infrastructure→ bloqueado.Estado
core-domain 933/933 (+5), tsc limpio, guard 532/478. GT-528 IN-PROGRESS; resta parsear el
.dslcrudo de Structurizr / su export JSON alC4Modelnormalizado.🤖 Generated with Claude Code