ArchPilotExecutable architecture guardrails

Search docs

Docs search

Validation rule

Back to Rule Catalog
AP-DOC-002Documentation

RBAC or role-based access control mentioned in overview

Checks that architecture overview documentation mentions RBAC or role-based access control where expected.

warningsetup-gapNo auto-fix

How to fix

  1. Update the architecture overview with RBAC context.
  2. Link to authorization docs or ADRs.
  3. Mention the modules or services responsible for access-control decisions.

What it means

The architecture overview is missing expected access-control context.

Why it matters

Access-control assumptions affect module boundaries, API behavior, and governance workflows.

Common causes

  • RBAC was implemented after the overview was written.
  • The overview uses product language without naming role-based access control.
  • Security and authorization notes live in a separate doc that is not linked.

Example bad pattern

The overview describes users and organizations but omits authorization boundaries.

Example good pattern

The overview names RBAC and links the relevant auth modules and ADRs.

Related files/config

  • docs/architecture/overview.md
  • docs/adrs

Related CLI commands

  • archpilot validate
  • archpilot validate --ci

Related docs

Rule CatalogPolicy & ADR Workflows
AP-DOC-002 - RBAC or role-based access control mentioned in overview | ArchPilot Docs