STD-ARC-003: Code Architecture & Security
1. Context
To prevent "Toxic Import" loops, runtime crashes, and data corruption in the Monorepo.
2. The Standard (The Floor)
- [MUST] ESM Strictness: Internal imports MUST include
.js extension (e.g., import { X } from './utils.js').
- [MUST] Dependency Isolation: Client components MUST NOT import server-only libraries (
fs, firebase-admin).
- [MUST] Server Boundary: Server Actions (
.ts files in platform) MUST start with 'use server'; and import 'server-only';.
- [MUST] Explicit Dependencies: Do not rely on hoisting. If you use a lib, distinct it in
package.json.
3. Best Practices (The Path)
- [SHOULD] Firebase Wrapper: Use
import { getAdmin } from '@sd/foundation-firebase-admin' instead of firebase-admin directly.
- [SHOULD] Data Defensiveness: Check
doc.data() existence before access.
- [SHOULD] Timestamp Format: Use Milliseconds (Number) for schema boundaries. Convert
Timestamp to number immediately.
5. Version History
| Version |
Date |
Author |
Change |
| 1.0 |
2026-01-25 |
AI |
Extracted from .cursorrules |
Version History
| Version |
Date |
Author |
Change |
| 0.1.0 |
2026-01-26 |
Antigravity |
Initial Audit & Metadata Injection |