This is a finding from https://github.com/krokoko/cairn (action item CA-03).
Component
Tooling / CI
Describe the feature
Add mechanical module-boundary enforcement that encodes the AGENTS.md routing table as code, using eslint-plugin-boundaries or dependency-cruiser, plus madge --circular for circular-dependency detection. Start the boundary rules in warn mode, snapshot the current baseline, then flip to error once the baseline is clean.
Boundaries to enforce (from AGENTS.md):
- Handler layer (
cdk/src/handlers/) can't import stack/construct internals (cdk/src/stacks/, cdk/src/constructs/).
- CLI (
cli/src/) can't import CDK internals.
- No circular dependencies anywhere.
Use case
The AGENTS.md layering rules are prose, not mechanically enforced (AI007 / AI003). Nothing stops an agent — or a human — from introducing an import that violates the intended architecture, and circular dependencies go undetected. A boundary linter turns the routing table into a binding fitness function that catches architectural drift at PR time instead of in review.
Proposed solution
- Add
eslint-plugin-boundaries (or dependency-cruiser) to cdk / cli and encode the AGENTS.md routing table as boundary rules.
- Add
madge --circular as a fast check (pre-commit + CI).
- Land the rules in warn mode; record the current violation baseline.
- Once the baseline is clean, flip to error and add to the required
build check.
Acceptance criteria
Other information
Source reports: readiness-roadmap.md, verification-strategy.md (§"Architecture Fitness Functions", maturity 0→3), ai-smells-gates-report.md (AI003/AI007). Effort: S–M. Calibrate permissively — agents route around hard blockers, so introduce the error line only after the code is behind it. Per ADR-003 this issue needs the approved label before work begins.
Component
Tooling / CI
Describe the feature
Add mechanical module-boundary enforcement that encodes the
AGENTS.mdrouting table as code, usingeslint-plugin-boundariesordependency-cruiser, plusmadge --circularfor circular-dependency detection. Start the boundary rules in warn mode, snapshot the current baseline, then flip to error once the baseline is clean.Boundaries to enforce (from
AGENTS.md):cdk/src/handlers/) can't import stack/construct internals (cdk/src/stacks/,cdk/src/constructs/).cli/src/) can't import CDK internals.Use case
The
AGENTS.mdlayering rules are prose, not mechanically enforced (AI007 / AI003). Nothing stops an agent — or a human — from introducing an import that violates the intended architecture, and circular dependencies go undetected. A boundary linter turns the routing table into a binding fitness function that catches architectural drift at PR time instead of in review.Proposed solution
eslint-plugin-boundaries(ordependency-cruiser) tocdk/cliand encode theAGENTS.mdrouting table as boundary rules.madge --circularas a fast check (pre-commit + CI).buildcheck.Acceptance criteria
AGENTS.mdrouting table (handler↛stack/construct internals; CLI↛CDK internals).madge --circularruns in pre-commit and CI; zero circular deps in the clean baseline.buildcheck.Other information
Source reports:
readiness-roadmap.md,verification-strategy.md(§"Architecture Fitness Functions", maturity 0→3),ai-smells-gates-report.md(AI003/AI007). Effort: S–M. Calibrate permissively — agents route around hard blockers, so introduce the error line only after the code is behind it. Per ADR-003 this issue needs theapprovedlabel before work begins.