archetecture security fix
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
# Documentation Audit
|
||||
|
||||
Date: 2026-05-26
|
||||
|
||||
## Purpose
|
||||
|
||||
This note records the cleanup applied to the `docs/project-design` folder after comparing it with the live codebase.
|
||||
|
||||
## Drift That Was Removed
|
||||
|
||||
The older design docs included several features or assumptions that are not active in the current implementation:
|
||||
|
||||
- Clerk-based employee auth and webhooks
|
||||
- Clerk-based team invite acceptance
|
||||
- renter self-service signup/login as an active user flow
|
||||
- renter email verification as an active flow
|
||||
- a separate white-label company public-site frontend app
|
||||
- multi-currency SaaS subscription checkout beyond `MAD`
|
||||
- marketing routes such as `/about`, `/contact`, and `/blog`
|
||||
- outdated API file paths under `apps/api/src/routes/*`
|
||||
|
||||
## Current Documentation Rule
|
||||
|
||||
The `docs/project-design` files should describe only one of two things:
|
||||
|
||||
1. current implemented behavior
|
||||
2. explicit future plans, clearly labeled as plans
|
||||
|
||||
They should not describe removed systems as if they are still live.
|
||||
|
||||
## Current References
|
||||
|
||||
Use these documents as the current implementation references:
|
||||
|
||||
- `api-routes.md`
|
||||
- `schema.md`
|
||||
- `FEATURES.md`
|
||||
- `PAGES.md`
|
||||
- `INTEGRATION.md`
|
||||
|
||||
Use the execution-plan documents only as future/planning material, not as evidence that a feature is already shipped.
|
||||
Reference in New Issue
Block a user