docs: 禁止线上版本契约阻塞业务

This commit is contained in:
Codex
2026-07-12 16:45:48 +02:00
parent e66f60f691
commit e01418e7e1
8 changed files with 25 additions and 0 deletions
+8
View File
@@ -24,6 +24,14 @@ When declared validation dependencies are missing, install them with the reposit
The following practices are not acceptable as the long-term or hidden source of a working environment:
- 微服务线上契约与版本校验必须非阻塞:
- 服务间的契约版本、源码版本、镜像版本、`commitId`、provenance 或部署对齐检查只能产生结构化 warning、OTel 事件和运维诊断;
- 这些检查不得拒绝、暂停、降级或延迟用户业务请求,也不得成为 admission、readiness、dispatch、CI/CD public gate 或 Web/CLI 可用性门禁;
- 接收方必须按当前业务语义解析请求,并对可安全归一化的旧字段、冗余字段和版本差异做兼容归一化,同时记录 warning;
- 只有业务数据本身无法解释、违反安全/权限边界或会造成不可逆损害时才允许拒绝,并返回与具体业务字段相关的 typed error
- 禁止把版本、commit 或契约漂移包装成 `schema-invalid``503` 或其他用户阻塞错误;
- CI/CD、status 和 observability 可以报告版本漂移,但只能作为修复提示,不能压过真实业务成功证据。
- Hand editing D601 runtime files, k3s manifests, ConfigMaps, Deployments or container env values and treating the live result as source of truth.
- Rebuilding backend-core, frontend, k3sctl-adapter or other managed services from a dirty worktree on the master server, D601 or an operator machine.
- Copying large local shell scripts, generated manifests, Docker images or application source to D601 as the main deployment mechanism.