Skip to content

STD-ARC-005: The Law of Domain Sovereignty

1. The Prime Directive

No Business Logic shall exist in the Application Layer (apps/*).

The Application Layer (Next.js, Marketing, SysOps) is strictly a Presentation & Orchestration Layer. It exists to:

  1. Receive User Input.
  2. Call a Domain Service.
  3. Render the Output.
  4. Handle Routing & Metadata.

It must NEVER:

  1. Import firebase-admin or db instances directly.
  2. Perform calculations (e.g., checking ledgers, validating votes).
  3. Modify data structures directly.

2. The Three Tiers (Strictly Enforced)

Tier Concept Location Responsibility
Tier 1 (Front) The View apps/platform/src/components/* Rendering HTML/CSS. 100% Client Logic.
Tier 2 (Middle) The Sovereign packages/modules/*/src/service.ts Business Logic. Validation, Authz, Calculation, transaction storage.
Tier 3 (Back) The Truth Firestore / Storage Raw Data Persistence. Managed only by Tier 2.

2.1 The "Forbidden Bridge"

Any import in apps/platform that looks like this is a violation:

import { db } from '@/lib/firebase'; // ILLEGAL in Page/Action
db.collection('users').add(...);     // ILLEGAL

The correct pattern is:

import { userService } from '@sd/mod-identity'; // LEGAL
userService.createUser(...);                    // LEGAL

3. The Server Action Role

Next.js Server Actions (actions/*.ts) are Controllers, not Logic.

  • Allowed: verifySession(), parseFormData(), service.call(), redirect().
  • Forbidden: if (balance < 0) throw Error. (This belongs in the Service).

4. Enforcement

  • Lint Rules: eslint-plugin-boundaries (Planned).
  • Code Review: Instant rejection for "Logic in UI".
  • Verification: Scripts scripts/verify/* bypass the UI to prove the Service works in isolation.