Terminology

Consistent vocabulary across all ASA layers, checks, reports, and tooling. The same terms appear in scan results, documentation, and expert assessments.

Cross-Layer Terms

PASS

The check found no evidence of the specified gap under its current detection logic.

FAIL

The check found evidence of the specified gap or violation.

P0 — Critical

Immediate risk of data breach, revenue fraud, or privilege escalation. Must be addressed before production.

P1 — Important

Significant gap that should be addressed before scaling or growth.

P2 — Recommended

Best practice improvement. Low immediate risk, but increases long-term stability.

Phase 1

The current active check set — 32 automated checks across Production Foundation and Slice Architecture. Business Logic Protection is part of the ASA model but has no active checks in Phase 1.

Blast radius

The scope of impact when a change introduces a regression. A well-isolated system has bounded blast radius.

Enforcement

Automated, continuous verification that safety rules hold. Enforcement runs whether or not someone remembers to run it.

Production Foundation

Foundation breach

A gap in a critical production system — auth, billing, admin, or environment configuration — that creates immediate risk.

Unsafe auth path

A code path where authentication or authorization is missing, bypassed, or performed only on the client side.

Unsafe billing path

A code path where payment processing can be tampered, bypassed, or fulfilled without verified webhook confirmation.

Permission gap

A missing ownership check, role verification, or Row Level Security policy that allows unauthorized data access.

Unverified webhook

A webhook handler that processes events without verifying the signature — allowing forged events to trigger real business actions.

Secret exposure

A secret key (API key, service_role key, Stripe key) present in client-side code or committed to version control.

RLS

Row Level Security — Supabase/PostgreSQL feature that restricts which rows a user can read or write. Missing RLS can allow authenticated users to access rows they should not access.

Business Logic Protection

Planned layer — terms defined for consistency with future phases.

Critical flow

A user flow whose failure means the product stops delivering its core value — onboarding, checkout, subscription management, approval, fulfillment.

Logic regression

A change that breaks a critical flow without breaking infrastructure checks. Auth is fine, billing is secure, but the product no longer does what the founder expects.

Flow drift

Gradual divergence between the intended behavior of a critical flow and its actual behavior after multiple AI-assisted changes.

Unprotected critical flow

A founder-critical flow with no automated verification — it can regress silently.

Slice Architecture

Slice

ASA's fundamental structural unit. A self-contained vertical feature with hard boundaries. Slices are designed not to depend on other slices.

Boundary violation

A forbidden import between slices. One feature's code directly imports from another feature's internal code.

Cross-slice dependency

A dependency between two slices. Creates coupling — a change to one slice can break another.

Architecture drift

Gradual loss of structural boundaries over time, as AI-generated changes add code wherever is convenient rather than where it belongs.

AI wall

The point where architectural decay has progressed so far that every AI-generated change introduces regressions. A consequence of unchecked architecture drift.

Oversized slice

A slice or file that has grown beyond the complexity bound — making it difficult for AI tools to reason about it coherently.

Thin page

A page file that delegates business logic to feature modules. Safe target for AI modification.

Metrics

Trust Score

A 0–100 score measuring how many Production Foundation checks the app passes. Graded A–F. Higher is better.

AI Chaos Index

A 0–100 score measuring structural risk in Slice Architecture checks. Higher means more chaos. 0 = minimal structural risk.