690526:0905 ADR-023-229 dynamic prompt #02

2026-05-26 09:05:34 +07:00
parent fd3bee394c
commit b3d3f6db95
19 changed files with 499 additions and 244 deletions
@@ -130,25 +130,25 @@ Best practice — follow when possible:

 ## 🚫 Forbidden Actions

-| ❌ Forbidden                                    | ✅ Correct Approach                                     |
-| ----------------------------------------------- | ------------------------------------------------------- |
-| SQL Triggers for business logic                 | NestJS Service methods                                  |
-| `.env` files in production                      | `docker-compose.yml` environment section                |
-| TypeORM migration files                         | Edit schema SQL directly (ADR-009)                      |
-| Inventing table/column names                    | Verify against `lcbp3-v1.9.0-schema-02-tables.sql`      |
-| `any` TypeScript type                           | Proper types / generics                                 |
-| `console.log` in committed code                 | NestJS Logger (backend) / remove (frontend)             |
-| `req: any` in controllers                       | `RequestWithUser` typed interface                       |
-| `parseInt()` on UUID values                     | Use UUID string directly (ADR-019)                      |
-| Exposing INT PK in API responses                | UUIDv7 (ADR-019)                                        |
-| AI accessing DB/storage directly                | AI → DMS API → DB (ADR-023)                             |
-| Direct file operations bypassing StorageService | `StorageService` for all file moves                     |
-| Inline email/notification sending               | BullMQ queue job                                        |
-| Deploying without Release Gates                 | Complete `04-08-release-management-policy.md`           |
-| AI direct cloud API calls                       | On-premises Ollama only (ADR-023)                       |
-| AI outputs without human validation             | Human-in-the-loop validation required (ADR-023)         |
-| n8n calling Ollama/Qdrant directly              | n8n → DMS API → BullMQ → Ollama/Qdrant (ADR-023A)       |
-| Qdrant query without `projectPublicId` filter   | `QdrantService.search(projectPublicId, ...)` (ADR-023A) |
+| ❌ Forbidden                                    | ✅ Correct Approach                                     | ⚠️ Why                                               |
+| ----------------------------------------------- | ------------------------------------------------------- | ---------------------------------------------------- |
+| SQL Triggers for business logic                 | NestJS Service methods                                  | Untestable; bypasses audit log                       |
+| `.env` files in production                      | `docker-compose.yml` environment section                | Secrets exposed in version control                   |
+| TypeORM migration files                         | Edit schema SQL directly (ADR-009)                      | Migration drift risk; schema managed via SQL delta   |
+| Inventing table/column names                    | Verify against `schema-02-tables.sql`                   | Schema mismatch causes silent runtime errors         |
+| `any` TypeScript type                           | Proper types / generics                                 | Defeats strict mode; hides runtime type errors       |
+| `console.log` in committed code                 | NestJS Logger (backend) / remove (frontend)             | Log flooding in production; risk of data leakage     |
+| `req: any` in controllers                       | `RequestWithUser` typed interface                       | Type safety lost; auth context unreachable           |
+| `parseInt()` on UUID values                     | Use UUID string directly (ADR-019)                      | `"0195…"` parsed to integer `19` — silently wrong    |
+| Exposing INT PK in API responses                | UUIDv7 `publicId` (ADR-019)                             | Leaks row count; enables DB enumeration attacks      |
+| AI accessing DB/storage directly                | AI → DMS API → DB (ADR-023/023A)                        | Bypasses RBAC, audit trail, and validation layer     |
+| Direct file operations bypassing StorageService | `StorageService` for all file moves                     | Orphaned files; broken ClamAV scan; no audit trail   |
+| Inline email/notification sending               | BullMQ queue job (ADR-008)                              | Blocks request thread; no retry on transient failure |
+| Deploying without Release Gates                 | Complete `04-08-release-management-policy.md`           | Unverified deploy risks data loss in production      |
+| AI direct cloud API calls                       | On-premises Ollama only (ADR-023/023A)                  | Data privacy violation; no audit control             |
+| AI outputs without human validation             | Human-in-the-loop validation required (ADR-023/023A)    | Unvalidated AI metadata corrupts document records    |
+| n8n calling Ollama/Qdrant directly              | n8n → DMS API → BullMQ → Ollama (ADR-023A)              | Bypasses audit log, RBAC, and error handling layer   |
+| Qdrant query without `projectPublicId` filter   | `QdrantService.search(projectPublicId, ...)` (ADR-023A) | Cross-project data leak via vector search            |

 ---