ahmido/tenantpilot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
156df400f0
tenantpilot/.specify/memory/constitution.md
Ahmed Darrazi d156244f6c Feature: Global Search & Seed Data complete
2025-12-05 22:06:22 +01:00

3.3 KiB
Raw Blame History

TenantPilot Constitution

Core Principles

I. Server-First Architecture

All data fetching and mutations MUST use Next.js Server Actions. Client-side fetches are prohibited unless absolutely necessary (e.g., real-time updates). Server Components are preferred over Client Components. This ensures optimal performance, security, and SEO.

II. TypeScript Strict Mode (NON-NEGOTIABLE)

TypeScript strict mode is mandatory. All code must be fully typed with no any types. Type safety prevents runtime errors and improves developer experience. Interfaces and types must be explicitly defined for all data structures.

III. Drizzle ORM Integration

Database interactions MUST use Drizzle ORM exclusively. No raw SQL or other ORMs allowed. Schema definitions must be type-safe and migrations must be version-controlled. This ensures consistent data access patterns and type safety.

IV. Shadcn UI Components

UI components MUST use Shadcn UI library. Custom styling is allowed but must follow the design system. Tailwind CSS is the only allowed styling approach. This ensures consistent user experience and maintainable styling.

V. Azure AD Multi-Tenancy

Authentication MUST use Azure AD with multi-tenant support (tenantId: "common"). All users must authenticate through Azure AD. No alternative authentication methods allowed. This ensures enterprise-grade security and compliance.

Technology Stack

Required Technologies

  • Frontend: Next.js 16+ App Router
  • Styling: Tailwind CSS v4+ with Shadcn UI
  • Database: PostgreSQL with Drizzle ORM
  • Authentication: NextAuth.js v4 with Azure AD provider
  • Deployment: Docker with standalone build
  • Language: TypeScript strict mode

Prohibited Technologies

  • Client-side data fetching (axios, fetch in useEffect)
  • Raw SQL queries
  • Alternative ORMs (Prisma, TypeORM)
  • Alternative styling (CSS modules, styled-components)
  • Alternative auth providers (local auth, other OAuth)

Development Workflow

Code Review Requirements

  • All PRs must verify constitution compliance
  • Server Actions must be used for data operations
  • TypeScript strict mode violations are blocking
  • Shadcn UI components must be used for new UI elements

Testing Gates

  • Unit tests required for utility functions
  • Integration tests required for Server Actions
  • E2E tests required for critical user flows
  • Type coverage must be 100%

Deployment Approval

  • Docker build must succeed
  • All tests must pass
  • Constitution compliance verified
  • Security audit for Azure AD integration

Governance

Constitution supersedes all other practices. Amendments require:

  1. Documentation of change rationale
  2. Approval from technical lead
  3. Migration plan for existing code
  4. Update of dependent templates

All PRs/reviews must verify compliance with these principles. Complexity must be justified against server-first and type-safety requirements.

Version: 1.0.0 | Ratified: 2025-12-05 | Last Amended: 2025-12-05