docs

2026-01-11 14:42:54 +01:00
parent 2f0b83f030
commit 90b6e73a22
27 changed files with 980 additions and 2513 deletions
--- a/docs/architecture/api/GUARDS.md
+++ b/docs/architecture/api/GUARDS.md
@@ -0,0 +1,47 @@
+# Guards (API Enforcement)
+
+This document defines **Guards** as API enforcement mechanisms.
+
+Shared contract: [`docs/architecture/shared/BLOCKERS_AND_GUARDS.md`](docs/architecture/shared/BLOCKERS_AND_GUARDS.md:1)
+
+## 1) Definition
+
+A Guard is an API mechanism that enforces access or execution rules.
+
+If a Guard denies execution, the request does not reach application logic.
+
+## 2) Responsibilities
+
+Guards MAY:
+
+- block requests entirely
+- return HTTP errors (401, 403, 429)
+- enforce authentication and authorization
+- enforce rate limits
+- enforce feature availability
+- protect against abuse and attacks
+
+Guards MUST:
+
+- be deterministic
+- be authoritative
+- be security-relevant
+
+## 3) Restrictions
+
+Guards MUST NOT:
+
+- depend on website/client state
+- contain UI logic
+- attempt to improve UX
+- assume the client behaved correctly
+
+## 4) Common Guards
+
+- AuthGuard
+- RolesGuard
+- PermissionsGuard
+- Throttler/RateLimit guards
+- CSRF guards
+- Feature availability guards
+