10. Quality Requirements¶
The nineteen architectural drivers in architecture/architecture.md §Architectural Drivers serve as Finnest's quality-attribute tree. Each maps to measurable acceptance criteria.
Top-tier quality attributes¶
| Attribute | Target | Verified by |
|---|---|---|
| Security (IRAP OFFICIAL:Sensitive) | ISM controls met; session ≤ 15 min; FIDO2 mandatory | IRAP assessor audit (Week 44) |
| Compliance | Non-compliant workers blocked synchronously at write in 5 domains | ADR-011-F; integration tests |
| Multi-tenant isolation | org_id leakage → P0 incident; agents never reused across tenants |
architecture_test suite (STORY-F-007) |
| AI cost ceiling | ≥70 % of queries served at $0; per-org circuit-breaker at configured ceiling | BudgetGuard instrumentation, weekly cost digest |
| Disaster recovery | RPO ≤ 15 min, RTO ≤ 4 hr | Multi-AZ RDS + cross-region snapshot; rehearsed quarterly |
| Audit immutability | 7-year retention; hash chain unbroken | Trigger-enforced; audit probe (STORY-F-016) |
| Financial precision | Zero floats in pay / billing / margin / awards | Credo custom rule + code review |
| Accessibility | WCAG 2.1 AA across all screens | Axe-core in CI; manual audit pre-GA |
Second-tier quality attributes¶
| Attribute | Target |
|---|---|
| Performance — health probe | /health < 50 ms in-process |
| Performance — readiness probe | /ready ≤ 150 ms including SELECT 1 |
| Performance — p95 page render | < 500 ms commercial, < 1000 ms IRAP (proxy overhead) |
| Observability | 100 % request tracing with correlation ID; structured JSON logs |
| Deployability | Zero-downtime deploy; any branch → integration host in ≤ 10 min |
| Test coverage | ≥ 80 % for tier-1 apps; ≥ 70 % for tier-2+; branch coverage on compliance gates |
Non-goals (what Finnest does NOT optimise for)¶
Writing these down explicitly prevents accidental over-engineering:
- Not a high-throughput write system. A large org has thousands of shift writes/day, not thousands per second. No sharding.
- Not a global system. Single-region Australian deploy. No geo-routing.
- Not a streaming analytics platform. Events are for audit and cross- domain comms, not real-time dashboards. Dashboards query materialised views.
- Not a general-purpose developer platform. No public API in Phase 0; MCP tools are internal-use-only.
How quality gates are enforced¶
Every quality target has at least one enforcement mechanism from this list:
- CI gate — build fails if violated (format, credo, sobelow, dialyzer, tests, coverage)
- Architecture test —
architecture_testsuite; compile-time contract checks via theBoundarylibrary (STORY-F-002) - Runtime probe —
/health,/ready, plus per-domain MCP tool health checks - Peer review — the 42 Commandments (ADR-013-F)
- Periodic audit — compliance assessor (IRAP), accessibility audit (internal)
See 10-GUARDRAILS.md for the full enforcement catalogue (177 individual guardrails).