Package com.cloudforge.core.interfaces

Interface FrameworkRules<T>

Type Parameters:
T - the context type (e.g., SystemContext in cloudforge-api)
All Known Implementing Classes:
AdvancedMonitoringRules, CdnApiSecurityRules, ComputeSecurityRules, ConfigurationValidationRules, DatabaseSecurityRules, ElbSecurityRules, GdprOrganizationalRules, GdprRules, HipaaOrganizationalRules, HipaaRules, IamSecurityRules, IncidentResponseRules, Iso27001Rules, KeyManagementRules, LambdaSecurityRules, MessagingSecurityRules, PciDssRules, Soc2Rules, ThreatProtectionRules
public interface FrameworkRules<T>
Interface for pluggable compliance framework validators.

Implementations of this interface define compliance validation rules for specific frameworks (HIPAA, PCI-DSS, SOC2, etc.) or cross-framework concerns (key management, database security, monitoring).

This interface uses a generic type parameter to avoid coupling the core module to specific implementation details. Concrete implementations in cloudforge-api will use SystemContext as the type parameter.

Implementation Pattern:


 @ComplianceFramework(value = "FEDRAMP", priority = 50)
 public final class FedRampRules implements FrameworkRules<SystemContext> {
     @Override
     public void install(SystemContext ctx) {
         ctx.getNode().addValidation(() -> {
             List<ComplianceRule> rules = new ArrayList<>();

             // Add validation rules
             rules.add(ComplianceRule.pass("FEDRAMP-AC-2", "Account Management"));

             // Return failures
             return rules.stream()
                 .filter(r -> !r.passed())
                 .map(ComplianceRule::toErrorString)
                 .flatMap(Optional::stream)
                 .toList();
         });
     }
 }

Discovery:

Framework implementations are automatically discovered via the ComplianceFramework annotation and loaded by the CloudForge compliance system.

Since:
3.0.0

  • Method Summary

    Modifier and Type
    Method
    Description
    default boolean
    alwaysLoad()
    Check if this framework should always be loaded.
    default String
    description()
    Get the framework description.
    default String
    displayName()
    Get the human-readable display name for this framework.
    default String
    frameworkId()
    Get the framework identifier from the ComplianceFramework annotation.
    void
    install(T ctx)
    Install compliance validation rules into the CDK construct tree.
    default int
    priority()
    Get the load priority for this framework.

  • Method Details

    • install

      void install(T ctx)
      Install compliance validation rules into the CDK construct tree.

      This method is called during CDK synthesis to register validation rules for the compliance framework. Implementations should use ctx.getNode().addValidation() to add CDK validations.

      Parameters:
      ctx - the system context containing deployment configuration and CDK stack

    • frameworkId

      default String frameworkId()
      Get the framework identifier from the ComplianceFramework annotation.
      Returns:
      the framework identifier (e.g., "HIPAA", "PCI-DSS")

    • displayName

      default String displayName()
      Get the human-readable display name for this framework.
      Returns:
      the display name, defaulting to frameworkId() if not specified

    • description

      default String description()
      Get the framework description.
      Returns:
      the framework description

    • priority

      default int priority()
      Get the load priority for this framework.
      Returns:
      the priority (lower values load first)

    • alwaysLoad

      default boolean alwaysLoad()
      Check if this framework should always be loaded.
      Returns:
      true if this framework loads regardless of configuration