2. Constraints
Constraints are the non-negotiables — rules imposed from outside that the
architecture must respect. They are different from decisions (which are made)
and quality requirements (which are targeted).
Legal & regulatory
| Constraint |
Source |
Implication |
| Australian data residency (identity, biometrics, PII) |
Privacy Act 1988 + AFP guidance |
Primary Postgres + AI providers in ap-southeast-2 |
| Fair Work compliance |
Fair Work Act 2009 |
Award interpretation + modern award pay database integration (see ADR-016-F) |
| IRAP OFFICIAL:Sensitive (government customers) |
ISM controls |
Three-layer deployment (see ADR-007-F) |
| 7-year audit retention |
Fair Work record-keeping + tax law |
Event store = immutable audit log (see ADR-005-F) |
| WCAG 2.1 AA |
Commonwealth procurement |
Accessibility gates in CI |
Organisational
| Constraint |
Source |
Implication |
| 3-person team + AI assistance |
Commercial decision |
No speculative abstractions (42 Commandments); AI-assisted development baseline |
| 44-week roadmap to IRAP |
Customer commitments |
Phased delivery (brainstorm-10) |
| Commercial name: Hexis; internal codename: Finnest |
Branding |
Codebase uses finnest; customer-facing UI uses Hexis |
| No AI-hype disclosure to clients |
Commercial positioning |
"Dedicated senior team" narrative externally |
Technical
| Constraint |
Source |
Implication |
| Single PostgreSQL cluster |
ADR-002-F |
No Redis, Kafka, or Elasticsearch — Postgres does cache, pub/sub, queue, event store, search |
| Elixir/Phoenix primary stack |
ADR-001-F + ADR-0011 |
BEAM/OTP foundation; Flutter only for mobile |
| MCP at every domain boundary |
ADR-004-F |
Every domain publishes typed tools; agents and UI both consume via MCP |
| Hexagonal ports for external integrations |
ADR-006-F |
Every outbound API behind a behaviour with ≥2 adapters planned |
| Events-only cross-domain (one exception) |
ADR-005-F |
Compliance.check/2 is the sole synchronous cross-domain call |
| Maximum portability |
ADR-0004 |
No AWS-compute lock-in; works on any VPS / Kubernetes |
| Australian data residency for AI |
ADR-0010 |
IRAP tenant uses Bedrock Sydney only; commercial tenant may use Anthropic Direct |
Conventions
| Convention |
Details |
| Branching |
feat/story-F-NNN-* per ADR-015-F |
| Commits |
Conventional Commits format |
| Tests |
Test-first; ExUnit; CI-enforced coverage |
| Pre-commit gates |
mix format, mix credo --strict, mix sobelow, mix dialyzer, mix test — gate names documented in .claude/commands/azath.md |
| Documentation |
Decisions → ADRs; ideation → brainstorms; this site auto-publishes both |
For the complete set of enforcement gates see 10-GUARDRAILS.md.
For the philosophical basis of all of the above see 42-COMMANDMENTS.md.