Part of #212.
Scope
Extract governance document generation from buildGovernance() in stackbilt-web/src/lib/scaffold-core.ts into packages/scaffold-core/src/governance/.
Files to create
| File |
Responsibility |
threat-model.ts |
buildThreatModel(classification, knowledge, profile, routes, bindings) → string |
adr.ts |
buildAdr(classification, knowledge, intention, projectType) → { adr001: string; adr002?: string } |
test-plan.ts |
buildTestPlan(classification, profile, routes) → string |
index.ts |
Re-exports buildGovernance(...) → GovernanceDocs |
Dependencies
classify/ (ClassifyResult, QualityProfile)knowledge/ (PatternKnowledge)
Tests
- Threat register always has ≥8 items
- ADR-002 only present for
ai-chat pattern
- Domain threats (PHI/PCI/PII/telephony) injected when intention contains relevant keywords
- All output is valid markdown (headings, no broken syntax)
Part of #212.
Scope
Extract governance document generation from
buildGovernance()instackbilt-web/src/lib/scaffold-core.tsintopackages/scaffold-core/src/governance/.Files to create
threat-model.tsbuildThreatModel(classification, knowledge, profile, routes, bindings) → stringadr.tsbuildAdr(classification, knowledge, intention, projectType) → { adr001: string; adr002?: string }test-plan.tsbuildTestPlan(classification, profile, routes) → stringindex.tsbuildGovernance(...) → GovernanceDocsDependencies
classify/(ClassifyResult, QualityProfile)knowledge/(PatternKnowledge)Tests
ai-chatpattern