feat: add module definition completeness validation and permissions

Add new validation rules MOD-020 to MOD-023 for module definition completeness and standardize permissions across all modules. Changes: - Add MOD-020: Module definitions must have required attributes - Add MOD-021: Modules with menus should have features - Add MOD-022: Feature modules should have permissions - Add MOD-023: Modules with routers should use get_*_with_routers pattern Module permissions added: - analytics: view, export, manage_dashboards - billing: view_tiers, manage_tiers, view_subscriptions, manage_subscriptions, view_invoices - cart: view, manage - checkout: view_settings, manage_settings - cms: view_pages, manage_pages, view_media, manage_media, manage_themes - loyalty: view_programs, manage_programs, view_rewards, manage_rewards - marketplace: view_integration, manage_integration, sync_products - messaging: view_messages, send_messages, manage_templates - payments: view_gateways, manage_gateways, view_transactions Module improvements: - Complete cart module with features and permissions - Complete checkout module with features and permissions - Add features to catalog module - Add version to cms module - Fix loyalty platform_router attachment - Add path definitions to payments module - Remove empty scheduled_tasks from dev_tools module Documentation: - Update module-system.md with new validation rules - Update architecture-rules.md with MOD-020 to MOD-023 Tests: - Add unit tests for module definition completeness - Add tests for permission structure validation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 18:23:04 +01:00
parent 30a5c75e74
commit 967f08e4ba
50 changed files with 1014 additions and 66 deletions
--- a/docs/development/architecture-rules.md
+++ b/docs/development/architecture-rules.md
@@ -850,6 +850,93 @@ Use mobile-first responsive classes.

 ---

+## Module Structure Rules
+
+Module rules enforce consistent structure and completeness across all modules in `app/modules/`.
+
+### MOD-020: Module Definition Completeness
+**Severity:** Warning
+
+Module definitions should include required attributes: code, name, description, version, and features.
+
+```python
+# ✅ Good - Complete definition
+module = ModuleDefinition(
+    code="billing",
+    name="Billing & Subscriptions",
+    description="Platform subscription management",
+    version="1.0.0",
+    features=["subscription_management", "billing_history"],
+    permissions=[...],
+)
+
+# ❌ Bad - Missing features
+module = ModuleDefinition(
+    code="billing",
+    name="Billing",
+    description="...",
+    version="1.0.0",
+    # Missing features and permissions
+)
+```
+
+### MOD-021: Modules with Menus Should Have Features
+**Severity:** Warning
+
+If a module defines menu items or menu sections, it should also define features.
+
+```python
+# ❌ Bad - Has menus but no features
+module = ModuleDefinition(
+    code="billing",
+    menus={FrontendType.ADMIN: [...]},
+    # Missing features!
+)
+```
+
+### MOD-022: Feature Modules Should Have Permissions
+**Severity:** Info
+
+Modules with features should define permissions for RBAC, unless:
+- `is_internal=True` (internal tools)
+- Storefront-only module (session-based, no admin UI)
+
+```python
+# ✅ Good - Features with permissions
+module = ModuleDefinition(
+    code="billing",
+    features=["subscription_management"],
+    permissions=[
+        PermissionDefinition(
+            id="billing.view_subscriptions",
+            label_key="billing.permissions.view_subscriptions",
+            description_key="billing.permissions.view_subscriptions_desc",
+            category="billing",
+        ),
+    ],
+)
+```
+
+### MOD-023: Router Pattern Consistency
+**Severity:** Info
+
+Modules with routers should use the `get_*_with_routers()` pattern for lazy imports.
+
+```python
+# ✅ Good - Lazy router pattern
+def _get_admin_router():
+    from app.modules.billing.routes.api.admin import admin_router
+    return admin_router
+
+def get_billing_module_with_routers() -> ModuleDefinition:
+    billing_module.admin_router = _get_admin_router()
+    return billing_module
+```
+
+See [Module System Architecture](../architecture/module-system.md) for complete MOD-001 to MOD-019 rules.
+
+---
+
 ## Security & Multi-Tenancy Rules

 ### Multi-Tenancy Rules
@@ -1030,20 +1117,21 @@ All rules are defined in `.architecture-rules.yaml`. To modify rules:

 ## Summary Statistics

-| Category | Rules | Errors | Warnings |
-|----------|-------|--------|----------|
-| Backend | 20 | 15 | 5 |
-| Frontend JS | 7 | 6 | 1 |
-| Frontend Templates | 8 | 4 | 4 |
-| Frontend Macros | 5 | 2 | 3 |
-| Frontend Components | 1 | 0 | 1 |
-| Frontend Styling | 4 | 1 | 3 |
-| Naming | 5 | 3 | 2 |
-| Security | 5 | 5 | 0 |
-| Quality | 3 | 2 | 1 |
-| **Total** | **58** | **38** | **20** |
+| Category | Rules | Errors | Warnings | Info |
+|----------|-------|--------|----------|------|
+| Backend | 20 | 15 | 5 | 0 |
+| Module Structure | 23 | 7 | 10 | 6 |
+| Frontend JS | 7 | 6 | 1 | 0 |
+| Frontend Templates | 8 | 4 | 4 | 0 |
+| Frontend Macros | 5 | 2 | 3 | 0 |
+| Frontend Components | 1 | 0 | 1 | 0 |
+| Frontend Styling | 4 | 1 | 3 | 0 |
+| Naming | 5 | 3 | 2 | 0 |
+| Security | 5 | 5 | 0 | 0 |
+| Quality | 3 | 2 | 1 | 0 |
+| **Total** | **81** | **45** | **30** | **6** |

 ---

-**Last Updated:** 2025-12-21
-**Version:** 2.4
+**Last Updated:** 2026-02-02
+**Version:** 2.5