From d71c0b2a36253fee9e8b8c7dc97cca3e5447d535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Ren=C3=A9=20White=20Enciso?= Date: Tue, 24 Feb 2026 04:42:38 -0600 Subject: [PATCH] chore(repo): initialize project's repository structure - Adds src/tests/docs scaffolding - Preserves Stage 1 planning tasks - Adds local AI orchestration folders (.agile, tasks) - Applies GitFlow development base branch --- .gitignore | 2 ++ docs/architecture/module-map.puml | 33 +++++++++++++++++++ docs/architecture/repository-charter.md | 26 +++++++++++++++ docs/domain/identity-domain-boundaries.md | 22 +++++++++++++ docs/migration/policy-behavior-invariants.md | 10 ++++++ .../service-to-domain-migration-map.md | 14 ++++++++ docs/provisioning/checklist.md | 19 +++++++++++ 7 files changed, 126 insertions(+) create mode 100644 .gitignore create mode 100644 docs/architecture/module-map.puml create mode 100644 docs/architecture/repository-charter.md create mode 100644 docs/domain/identity-domain-boundaries.md create mode 100644 docs/migration/policy-behavior-invariants.md create mode 100644 docs/migration/service-to-domain-migration-map.md create mode 100644 docs/provisioning/checklist.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..31c7257 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.tasks/ +.agile/ diff --git a/docs/architecture/module-map.puml b/docs/architecture/module-map.puml new file mode 100644 index 0000000..8e95a8f --- /dev/null +++ b/docs/architecture/module-map.puml @@ -0,0 +1,33 @@ +@startuml +skinparam shadowing false +skinparam packageStyle rectangle + +title thalos-domain module map + +package "thalos-domain" { + package "Policies" { + class IdentityPolicyEvaluator + class PolicyContextDecision + } + package "TokenRules" { + class TokenIssuancePolicy + class TokenFallbackPolicy + } + package "Abstractions" { + interface IIdentityDomainDecision + } +} + +package "building-block-identity" { + class EvaluateIdentityPolicyRequest + class IssueIdentityTokenRequest +} + +EvaluateIdentityPolicyRequest ..> IdentityPolicyEvaluator +IssueIdentityTokenRequest ..> TokenIssuancePolicy + +note bottom +Domain logic only. +No transport or persistence implementation. +end note +@enduml diff --git a/docs/architecture/repository-charter.md b/docs/architecture/repository-charter.md new file mode 100644 index 0000000..06e926c --- /dev/null +++ b/docs/architecture/repository-charter.md @@ -0,0 +1,26 @@ +# Thalos Domain Repository Charter + +## Purpose +`thalos-domain` owns identity domain decisions and policies that are currently mixed into service application components. + +## Ownership +- Identity domain ownership remains strictly inside Thalos. +- Thalos domain defines policy and token decision semantics. + +## Scope +- Identity policy decision rules +- Token issuance decision policies +- Domain-level identity context evaluation + +## Out of Scope +- Transport wiring (gRPC/REST) +- Persistence providers/repositories +- BFF edge concerns + +## Dependency Boundary +Allowed direction: +- `blueprint-platform` -> `building-block-identity` -> `thalos-domain` + +Forbidden: +- Domain references to DAL, Service, or BFF +- Dependencies on `legacy/` diff --git a/docs/domain/identity-domain-boundaries.md b/docs/domain/identity-domain-boundaries.md new file mode 100644 index 0000000..4f84ea1 --- /dev/null +++ b/docs/domain/identity-domain-boundaries.md @@ -0,0 +1,22 @@ +# Identity Domain Boundary Rules + +## Domain Owns +- Identity policy decision rules +- Token issuance decision policies +- Identity decision invariants + +## Service Owns +- Use-case orchestration +- Transport adaptation + +## DAL Owns +- Persistence/retrieval +- Technical translation + +## BFF Owns +- Edge contract handling +- Service client adaptation + +## Forbidden +- Domain references to DAL/Service/BFF +- Domain transport or persistence implementation diff --git a/docs/migration/policy-behavior-invariants.md b/docs/migration/policy-behavior-invariants.md new file mode 100644 index 0000000..8c84ef2 --- /dev/null +++ b/docs/migration/policy-behavior-invariants.md @@ -0,0 +1,10 @@ +# Policy Behavior Invariants + +## Invariants +- Equivalent policy inputs produce equivalent policy decisions. +- Token decision fallback behavior remains stable until explicitly revised. +- Service transport contracts remain stable during domain extraction. + +## Validation Approach +- Capture pre/post decision examples for policy and token flows. +- Validate delegation path: service orchestrates, domain decides. diff --git a/docs/migration/service-to-domain-migration-map.md b/docs/migration/service-to-domain-migration-map.md new file mode 100644 index 0000000..14fbb95 --- /dev/null +++ b/docs/migration/service-to-domain-migration-map.md @@ -0,0 +1,14 @@ +# Thalos Service to Domain Migration Map + +## Candidate Migrations + +| Current Location | Target Domain Area | Ownership Outcome | +|---|---|---| +| service policy evaluation decision branches | Domain/PolicyDecisions | Domain owns policy decision semantics | +| service token issuance decision branches | Domain/TokenPolicies | Domain owns token policy semantics | +| service-level identity context decision mapping | Domain/ContextRules | Service remains orchestration-only | + +## Service After Extraction +- Orchestration-only use cases +- Delegation to domain decision abstractions +- No direct identity decision ownership diff --git a/docs/provisioning/checklist.md b/docs/provisioning/checklist.md new file mode 100644 index 0000000..5ccc66c --- /dev/null +++ b/docs/provisioning/checklist.md @@ -0,0 +1,19 @@ +# Stage 7 Provisioning Checklist - thalos-domain + +## Preconditions +- [ ] Identity ownership rule verified (Thalos-only). +- [ ] Dependency direction verified against rules/15-workspace-dependency-graph.md. + +## Provisioning Scope +- [ ] Create domain-only module structure. +- [ ] Define domain contracts and policy abstractions. +- [ ] Publish domain ownership boundaries and non-goals. + +## Guardrails +- [ ] No runtime wiring changes. +- [ ] No DAL/provider implementation. +- [ ] No BFF transport concerns. + +## Handoff +- [ ] Service delegation plan documented. +- [ ] DAL alignment plan documented.