You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/product/requirements.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -49,7 +49,7 @@ language references, compiler docs, and examples.
49
49
| PRD-021 | Provide a dependency-free fast local development loop. | High | Implemented |`gowdk dev` polls discovered inputs without production dependencies, compares content hashes, caches watched input snapshots between ticks, rebuilds only on real input changes, incrementally renders page/component/layout affected SPA output when possible, falls back to full builds for config/CSS/source-set/app/binary/WASM changes, serves the generated output, live reloads browsers after successful rebuilds, keeps the last successful output after failed rebuilds, and can build/restart generated app targets. SPA/app generation skips identical file writes. |
50
50
| PRD-022 | Allow generated app output to compile to a WASM deploy artifact. | Medium | Partial |`gowdk build --wasm <file>` and `Build.Targets[].WASM` compile the generated app with `GOOS=js GOARCH=wasm`. CI verifies the emitted artifact is a real WASM module by checking the WebAssembly magic header. This remains separate from component-level browser island assets emitted for `wasm` components; host runtime/loader integration is deploy-platform owned. |
51
51
| PRD-023 | Keep current documentation aligned with implemented CLI, config, compiler, language, routing, deployment, and examples. | High | Implemented |`README.md`, `docs/getting-started.md`, `docs/cookbook/README.md`, reference docs, language docs, compiler docs, and `examples/README.md` describe current support, link to the right source of truth, and call out planned behavior. |
52
-
| PRD-024 | Require project config before compiling or validating `.gwdk` code. | High | Implemented |`check`, `audit`, `manifest`, `sitemap`, `routes`, `build`, and `dev` require `gowdk.config.go`in the current directory or an explicit `--config <file>`, even when explicit `.gwdk` file paths are provided. Project-aware `build`, `check`, and `dev` execute importable configs through a cached native helper instead of serializing `gowdk.Config`. |
52
+
| PRD-024 | Require project config before compiling or validating `.gwdk` code. | High | Implemented |`check`, `audit`, `manifest`, `sitemap`, `routes`, `build`, and `dev` require `gowdk.config.go`discovered upward from the current directory or explicit source paths, `--project-root <dir>`, or an explicit `--config <file>`, even when explicit `.gwdk` file paths are provided. Project-aware `build`, `check`, and `dev` execute importable configs through a cached native helper instead of serializing `gowdk.Config`. |
53
53
| PRD-025 | Keep framework integrations optional and outside compiler/runtime core. | Medium | Implemented | Generated apps expose standard `net/http` handlers and framework-neutral code by default. Optional `runtime/adapters/chi`, `runtime/adapters/echo`, `runtime/adapters/gin`, and `runtime/adapters/fiber` nested modules wrap the same generated `http.Handler`; route-aware Chi/Echo/Gin mounting can consume generated OpenAPI metadata, and docs cover middleware overlap and Fiber adaptor caveats. |
54
54
| PRD-026 | Provide declarative security posture and baseline audit gating. | High | Partial | `internal/securitymanifest` projects validated IR into a route/endpoint/contract/frontend posture, `internal/auditspec` evaluates the built-in baseline plus declared `*.audit.gwdk` policies, `gowdk audit` reports human/JSON findings with registry-backed severities and exits non-zero on error findings, and `gowdk build` evaluates the same baseline before writing output plus scans final emitted artifact files after generation. Production builds fail on error-severity findings unless `--allow-insecure` is set; non-production builds print a warning summary. The baseline covers action/command/state-changing API CSRF, guardless action/fragment/command/query endpoints, public-by-omission APIs, roleless contracts, bundle secret leaks, client-visible guardless routes, and raw-HTML sinks, and auth-addon session mode posture; policy rules can require headers. `gowdk audit --emit-tests` writes readable standalone `_test.go` posture tests without overwriting user-owned files unless `--force` is passed, and `--run` builds a temporary generated app and executes its generated app audit test through `runtime/testkit` without auto-authorizing app-owned custom guards. Richer role fixture injection and deeper browser/data-flow analysis remain planned; authentication, sessions, RBAC storage, and backend resource authorization stay app-owned by design. |
55
55
| PRD-027 | Provide opt-in browser presentation-event fanout without adding WebSocket dependencies to the root module. | Medium | Implemented |`FeatureRealtime` and `addons/realtime` provide config and `gowdk add realtime` wiring for presentation-event fanout. Dependency-free SSE fanout remains in the root module through `runtime/contracts/sse` and `realtime.NewSSE`; WebSocket fanout remains isolated in the nested `runtime/contracts/websocketfanout` module. Docs cover SSE versus WebSocket setup, deployment caveats, and the M14 boundary for live DOM reactivity. |
0 commit comments