Rule Catalog

Flags controllers that contain business decisions instead of delegating to application services.

Flags repository/data-access code that contains domain or workflow decisions.

Flags application services that directly reach persistence APIs where a repository boundary is expected.

Flags files whose responsibilities do not match the package or module they live in.

Flags services that appear to own too many workflows or responsibilities.

Checks that the configured module root exists and contains the expected module directories.

Reports when ArchPilot falls back from a specific implementation profile to default validation behavior.

Checks that the architecture overview document exists.

Checks that expected module baseline artifacts are present.

Checks that registered module paths exist as directories.

Checks that every registered module contract file resolves.

Checks that module contract identity and field shape align with the registry.

Checks that registered module public entrypoints match the public surfaces declared in module contracts.

Checks that the project rule configuration file can be parsed and used.

Checks that the ArchPilot project configuration is valid JSON.

Checks that project identity fields are present and usable.

Flags direct circular dependencies between modules.

Flags dependencies blocked by dependency rule configuration.

Flags cross-module imports that do not use a public module entrypoint.

Flags an actual cross-module import that is not declared in the source module contract.

Flags imports that reach into another module's internals instead of its public entrypoint.

Flags a module contract dependency that no longer appears in implementation imports.

Flags modules with no declared or actual inbound/outbound module dependencies.

Flags dependency cycles that emerge through multiple module hops.

Flags modules with a high number of inbound dependencies.

Flags dependencies that point against the configured architecture layer direction.

Flags dependencies between components that violate the configured cross-component policy.

Checks that an OpenAPI contract is present for REST API review.

Checks that GraphQL endpoint exposure is documented when OpenAPI is used as the API review artifact.

Flags collection endpoints that do not expose clear pagination or bounded result controls.

Flags bulk API operations that lack clear safeguards.

Flags APIs that expose persistence entities or internal DTOs across the external boundary.

Flags REST resources that use inconsistent naming, shape, or operation patterns.

Flags API routes or contracts that do not follow the repository's versioning strategy.

Flags API behavior whose implementation and contract appear to have drifted apart.

Flags protected operations without clear authorization enforcement evidence.

Flags resource endpoints that enforce authorization inconsistently across operations.

Flags authorization logic placed in a layer that makes enforcement hard to reuse or audit.

Checks that same-schema multi-tenant tables include tenant discriminator evidence.

Checks that the SQL baseline artifact exists for database validation.

Flags domain objects that appear to expose data without owning behavior or invariants.

Flags code that reaches across aggregate boundaries instead of using the owning boundary.

Flags domain or service boundaries that appear too broad for one aggregate responsibility.

Flags business rules repeated across controllers, services, repositories, or UI code.

Flags workflows that modify multiple aggregates without clear coordination.

Checks that the configured ADR directory exists.

Checks that ADR files include a top-level title.

Checks that ADR files include a recognized decision status.

Checks that key architecture topics have ADR coverage.

Checks that different-schema tenant modeling decisions are captured in an ADR.

Checks that architecture overview documentation mentions RBAC or role-based access control where expected.

Checks that suppression entries include a reason.

Flags suppression entries whose expiry date has passed.

Reports suppression entries that no longer match an active finding.

Flags duplicate suppression entries.

Checks that suppression expiry dates use a valid format.

Flags events that appear to be published without any subscribed handler.

Flags event chains that may loop back to their starting workflow.

Flags events used like immediate synchronous calls between modules.

Flags event names that do not follow the repository's event naming convention.

Flags query paths where multi-tenant SQL lacks clear tenant-filter evidence.

Flags broad SELECT * usage in paths where explicit projection is safer.

Flags list/query paths without obvious limit or pagination controls.

Flags database access that reaches into another module's owned data boundary directly.

Flags collection workflows that appear to query inside a loop.

Flags query flows that load broad collections and filter or aggregate them in memory.

Flags queries that load full entities when only a small subset of fields is used.

Flags request flows that repeat the same or similar query multiple times.

Flags risky architecture changes that lack ADR evidence.

Flags risky changes without rollback plan evidence.

Flags risky changes without staged rollout or feature-flag evidence.

Flags request or workflow paths where tenant context is not clearly propagated.

Flags data access without clear tenant-scoping enforcement.

Flags flows that may combine or expose data across tenant boundaries.

Reports missing or inconsistent documentation for the tenant isolation model.

Flags transactions that appear to wrap more work than necessary.

Flags transactions initiated from transport-layer code.

Flags workflows where transactions may be nested or composed unsafely.

Flags transactions that include slow external or asynchronous work.