|
| 1 | +# ARCHITECTURE_FREEZE_CHECKLIST — eMCP |
| 2 | + |
| 3 | +Use this checklist before starting Phase 1 implementation. |
| 4 | + |
| 5 | +## 1. Contract Completeness |
| 6 | +- [ ] `PRD.md`, `SPEC.md`, `TOOLSET.md` are mutually consistent. |
| 7 | +- [ ] Gate A/B/C boundaries are explicit and conflict-free. |
| 8 | +- [ ] Namespace governance and ecosystem extension rules are finalized. |
| 9 | +- [ ] `initialize` metadata contract is mandatory and versioned. |
| 10 | + |
| 11 | +## 2. Security Baseline |
| 12 | +- [ ] `THREAT_MODEL.md` attack trees reviewed and approved. |
| 13 | +- [ ] `SECURITY_CHECKLIST.md` mapped to planned tests. |
| 14 | +- [ ] Model field allowlist policy is complete for all allowlisted models. |
| 15 | +- [ ] Error formatter contract (`401/403/409/413/415` + `trace_id`) is fixed. |
| 16 | + |
| 17 | +## 3. Runtime Governance |
| 18 | +- [ ] Tool uniqueness and handle uniqueness rules are frozen. |
| 19 | +- [ ] Rate-limit identity resolver algorithm is frozen. |
| 20 | +- [ ] Idempotency hash and conflict policy is frozen. |
| 21 | +- [ ] Streaming activation policy (`stream.enabled`) is frozen. |
| 22 | + |
| 23 | +## 4. Release/BC Governance |
| 24 | +- [ ] SemVer and Public Contract Stability sections approved. |
| 25 | +- [ ] Golden fixture governance (version bump + changelog + CI guard) approved. |
| 26 | +- [ ] Deprecation policy for breaking changes approved. |
| 27 | +- [ ] Upstream compatibility policy (`laravel/mcp ^0.5.x`) approved. |
| 28 | + |
| 29 | +## 5. Process Readiness |
| 30 | +- [ ] Formal platform audit (`PLATFORM_AUDIT.md`) approved. |
| 31 | +- [ ] Ownership assigned for platform, security, and release decisions. |
| 32 | +- [ ] Phase 1 backlog items trace to frozen contracts. |
| 33 | +- [ ] Any open architectural question has owner + resolution date. |
0 commit comments