Guiding principles for Spanda Platform architecture and contribution decisions.
Parent: platform-architecture.md
The Entity Model is the canonical foundation. Robots, missions, packages, providers, humans, devices, fleets, wearables, and facilities are specialized entities — not parallel data structures.
Do: Extend EntityRecord and entity kinds in spanda-config.
Don’t: Introduce RobotRecord or blueprint-local inventory types.
Dependencies flow downward. Interfaces aggregate; blueprints compose; services operate; core defines; runtime executes; compiler analyzes.
When tempted to import upward, extract a trait or type to the lower layer first.
See dependency-rules.md.
The workspace stays minimal. Domain behavior belongs in registry packages unless it is language syntax, compiler infrastructure, runtime execution, entity infrastructure, verification contracts, or core APIs.
See lean-core.md.
Each platform service answers one operational question. Readiness gates; assurance evidences; diagnosis explains; trust scores; telemetry records.
See platform-services.md.
Solution blueprints import packages and call CLI/API surfaces. They do not add workspace crates or platform features.
If a blueprint needs a capability, implement it in the platform first.
CLI JSON, REST, gRPC, and SDKs share entity and readiness payloads. Avoid duplicated DTOs that drift.
Version all public API surfaces (path prefix, proto semver, crate/npm/PyPI semver).
Subsystems publish to the common event model. Features that need audit, replay, or Control Center visibility must emit events — not ad-hoc logs only.
See event-model.md.
Provider traits live in core/runtime; implementations live in packages. Official packages under
packages/registry/ are the default integration path for ROS2, MQTT, vision, fleet, etc.
Safety types (ActionProposal vs SafeAction), units, hardware verification, and capability
traceability are compiler/runtime concerns — not optional lint rules.
Operational readiness and assurance are first-class gates. Deployment paths (spanda verify,
readiness API, OTA rollout) consume the same evaluation engines.
See readiness.md, ci-verify.md.
Architecture decisions are worthless without enforcement.
architecture-manifest.yamlvalidate_architecture.py in CIvalidate_documentation.pyPlatform Architecture v2.1 reached zero production upward waivers (Rust and TypeScript) and zero SCC waivers after Phases 1–8. New violations are blocked in CI; waivers are an exception path requiring architecture review — not a permanent escape hatch.
Before merging a feature, confirm: