rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61)
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61) Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
This commit was merged in pull request #61.
This commit is contained in:
+11
-11
@@ -1,4 +1,4 @@
|
||||
# Secure Development Lifecycle (SDLC) — CapaKraken
|
||||
# Secure Development Lifecycle (SDLC) — Nexus
|
||||
|
||||
> Version: 1.0 | Date: 2026-03-27
|
||||
|
||||
@@ -14,22 +14,22 @@ Feature Branch -> Pull Request -> CI Pipeline -> Code Review -> Merge to main ->
|
||||
|
||||
Every pull request must pass:
|
||||
|
||||
1. **TypeScript strict check**: `pnpm --filter @capakraken/web exec tsc --noEmit`
|
||||
1. **TypeScript strict check**: `pnpm --filter @nexus/web exec tsc --noEmit`
|
||||
2. **Linting**: `pnpm lint` (ESLint with strict rules)
|
||||
3. **Unit tests**: `pnpm test:unit` (Vitest, engine + staffing packages)
|
||||
4. **E2E tests**: Playwright tests for critical user flows
|
||||
|
||||
## Security Gates
|
||||
|
||||
| Gate | Tool | Stage |
|
||||
|------|------|-------|
|
||||
| Type safety | TypeScript strict mode | Build |
|
||||
| Input validation | Zod schemas on all tRPC procedures | Build + Runtime |
|
||||
| Dependency vulnerabilities | Dependabot + `pnpm audit` | PR + Weekly |
|
||||
| Audit logging | `createAuditEntry()` required for data mutations | Code review |
|
||||
| RBAC enforcement | `requirePermission()` on new procedures | Code review |
|
||||
| No hardcoded secrets | PR review checklist | Code review |
|
||||
| SQL injection prevention | Prisma ORM (parameterized queries only) | Architecture |
|
||||
| Gate | Tool | Stage |
|
||||
| -------------------------- | ------------------------------------------------ | --------------- |
|
||||
| Type safety | TypeScript strict mode | Build |
|
||||
| Input validation | Zod schemas on all tRPC procedures | Build + Runtime |
|
||||
| Dependency vulnerabilities | Dependabot + `pnpm audit` | PR + Weekly |
|
||||
| Audit logging | `createAuditEntry()` required for data mutations | Code review |
|
||||
| RBAC enforcement | `requirePermission()` on new procedures | Code review |
|
||||
| No hardcoded secrets | PR review checklist | Code review |
|
||||
| SQL injection prevention | Prisma ORM (parameterized queries only) | Architecture |
|
||||
|
||||
## PR Review Checklist
|
||||
|
||||
|
||||
Reference in New Issue
Block a user