docs
This commit is contained in:
@@ -5,6 +5,8 @@ It applies to all write operations (create, update, delete).
|
||||
|
||||
There are no exceptions.
|
||||
|
||||
Authoritative contract: [`WEBSITE_CONTRACT.md`](docs/architecture/website/WEBSITE_CONTRACT.md:1).
|
||||
|
||||
⸻
|
||||
|
||||
Core Principle
|
||||
@@ -13,6 +15,21 @@ Read and Write paths are different.
|
||||
|
||||
What is displayed is never sent back.
|
||||
|
||||
## Non-negotiable write boundary
|
||||
|
||||
All writes MUST enter the system through **Next.js Server Actions**.
|
||||
|
||||
Forbidden:
|
||||
|
||||
- client components performing write HTTP requests
|
||||
- client components calling API clients for mutations
|
||||
|
||||
Allowed:
|
||||
|
||||
- client submits intent (FormData, button action)
|
||||
- server action performs UX validation
|
||||
- server action calls the API
|
||||
|
||||
⸻
|
||||
|
||||
High-Level Flow
|
||||
@@ -153,4 +170,4 @@ Summary
|
||||
• Read Flow: DTO → ViewModel → UI
|
||||
• Write Flow: UI → Command DTO → Core
|
||||
|
||||
What is shown is never sent back.
|
||||
What is shown is never sent back.
|
||||
|
||||
Reference in New Issue
Block a user