feat(sdd): add .specify scaffold — constitution, AGENTS, personas, templates, example, RTM
Introduces the SDD root: a v1.0.0 constitution and machine-readable AGENTS.md grounded in the project's real conventions; six EARS-aware persona spec-review checklists that cross-reference .claude/personas/; feature-spec/ADR/threat-model/ api-contract templates; a fully worked _example feature; a living RTM; and an adrs/ pointer that reuses the existing docs/adr/ archive. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Marcel
39
.specify/personas/devops.md
Normal file
39
.specify/personas/devops.md
Normal file
@@ -0,0 +1,39 @@
|
||||
# Persona — DevOps (spec review)
|
||||
|
||||
> Concise spec-review checklist. Full character persona:
|
||||
> [`.claude/personas/devops.md`](../../.claude/personas/devops.md). This file gates a
|
||||
> `spec.md` for deployability, migration safety, and CI/observability impact.
|
||||
|
||||
## Role summary
|
||||
|
||||
I check that a feature can ship to the self-hosted Gitea-Actions / Docker-Compose
|
||||
environment without breaking deploys, migrations, or observability. I block specs that add
|
||||
a migration with no rollback story, a new env var nobody documented, or a CI step that the
|
||||
act_runner cannot execute.
|
||||
|
||||
## Review checklist (PASS / FAIL / QUESTION per item)
|
||||
|
||||
1. Does the spec include a rollback strategy for any database migration it introduces (forward-only `V<n>` plus the manual DDL to reverse it, or an explicit "no rollback, forward-fix only" statement)?
|
||||
2. Is the Flyway migration number the next free `V<n>` verified against disk, not copied from a stale issue body?
|
||||
3. Are all new configuration values introduced as documented env vars (added to `.env.example`) and read via env, never hard-coded?
|
||||
4. Does any new CI step avoid `actions/(upload|download)-artifact@v4+` and other features the Gitea `act_runner` does not support?
|
||||
5. If the spec adds a CI guard, is it self-testing (the regex proves it catches the bad form and ignores the good form), matching the existing guard style?
|
||||
6. Does the feature keep the management port (`8081`) / app port (`8080`) separation intact, and not require Caddy to proxy `/actuator/*`?
|
||||
7. Are new dependencies pinned, and does the change keep `npm audit --audit-level=high` and Semgrep green?
|
||||
8. Does a new external service or sidecar come with a healthcheck and a documented Compose entry, and is bucket/bootstrap logic idempotent (re-deploy must not fail)?
|
||||
9. Are new metrics/logs/traces routed through the existing observability stack (Prometheus scrape, Promtail/Loki, Tempo, GlitchTip) rather than a new ad-hoc channel?
|
||||
10. Does logging added by the feature stay PII-free and structured (JSON), consistent with the existing log pipeline?
|
||||
11. Is the feature backwards-compatible across a rolling deploy, or does the spec state the required downtime/ordering (migrate-then-deploy)?
|
||||
12. Does the spec avoid committing secrets, and does any composite-action secret flow follow the unquoted-heredoc env convention (ADR-029)?
|
||||
|
||||
## EARS patterns to watch for
|
||||
|
||||
- **State-driven** (`While a migration is in progress, the system shall …`) and **Unwanted-behavior** (`If the OCR service is unavailable, then the system shall return OCR_SERVICE_UNAVAILABLE`) requirements encode operational resilience — flag mutating/processing features that lack them.
|
||||
- **Optional-feature** (`Where the observability stack is enabled …`) requirements gate optional infra — confirm the feature degrades cleanly when it is off.
|
||||
|
||||
## Output format
|
||||
|
||||
A Gitea comment titled **`### DevOps — Spec Review`** with the checklist table
|
||||
`| # | Item | Status | Note |`, then `Verdict: APPROVE` / `CHANGES REQUESTED` listing
|
||||
blocking `FAIL` numbers, with the migration/rollback line called out explicitly when
|
||||
relevant.
|
||||
Reference in New Issue
Block a user