ASAASA Standard

Adoption

ASA defines what should be true. Adoption is how a team gets there and keeps it there. The standard is implementation-agnostic — there is no required tool, vendor, or workflow.

Adoption Paths

1. Process-based adoption

Teams read the standard, map their codebase against the three protection layers, and identify gaps manually. Simplest starting point for small teams or early-stage apps.

2. Tooling-based adoption

Automated scanning tools verify compliance against Phase 1 checks on demand. Provides consistent PASS/FAIL results organized by layer and priority.

3. CI/CD enforcement

Safety checks run automatically on every pull request. Unsafe changes are blocked before they reach the main branch. For active Phase 1 checks, this is typically the most robust adoption model.

4. Expert review

Manual validation that covers what static analysis cannot: business context, ownership verification, privilege escalation paths, and flow correctness.

Adoption Stages

Stage 1 — Assessment

Run an initial scan. Understand current state across Production Foundation and Slice Architecture. Prioritize findings by P0, P1, P2.

Stage 2 — Remediation

Address critical gaps. Focus on P0 findings first. Verify fixes with a follow-up scan.

Stage 3 — Enforcement

Integrate checks into CI/CD. Prevent regressions from returning. New code must pass the same checks.

Stage 4 — Ongoing

Maintain enforcement as the product evolves. Add Business Logic Protection as critical flows are identified.

Adopting Each Layer

Production Foundation

Start here. Run Phase 1 checks (24 checks). Address all P0 findings before launch. Integrate into CI/CD to prevent regression.

Slice Architecture

Prioritize when the codebase is growing. Run Phase 1 checks (8 checks). Address cross-slice imports and oversized files first.

Business Logic Protection

Not covered by automated Phase 1 checks. Start manually: identify 3–5 most critical flows, define scenarios, write E2E tests, add to CI/CD.

What ASA Does Not Prescribe

The standard defines what must be true, not how to achieve it. ASA does not require:

  • A specific framework, language, or runtime
  • A specific CI/CD provider
  • A specific tooling vendor
  • A specific directory structure beyond the slice model

Vibecodiq

Vibecodiq is one implementation path aligned with the ASA standard. It provides automated scanning, CI/CD guard integration, expert assessment, and an ASA-aligned production foundation for teams starting from scratch. Vibecodiq is not the only way to implement ASA. It is one way.