Quality Attributes & NFRs¶
This page consolidates the non-functional requirements (NFRs) and quality attributes that govern the ConnectSoft AI Software Factory and the SaaS products it generates. Where other architecture pages describe how a concern is built, this page states the measurable targets it must meet and where each target is enforced and observed.
Target Architecture — Final-State Design
The targets below describe the intended final-state service levels. They are the contract that platform observability.md pages, the SLO/SLA Compliance Agent, and CI quality gates measure against. Numeric targets are baseline defaults; editions and tenant tiers may tighten them.
Quality attribute model¶
flowchart TB
subgraph attributes [Quality Attributes]
perf["Performance"]
scale["Scalability"]
avail["Availability & Reliability"]
sec["Security"]
maint["Maintainability"]
cost["Cost-Efficiency"]
end
subgraph enforcement [Enforced & Observed By]
slo["SLOs / Error Budgets"]
gates["CI Quality Gates"]
policy["Governance Policies"]
telemetry["OpenTelemetry + App Insights"]
end
attributes --> enforcement
enforcement --> feedback["Observability & Feedback Platform"]
feedback --> knowledge["Knowledge Platform<br/>Runtime Memory"]
knowledge --> generation["Better Future Generation"]
Hold "Alt" / "Option" to enable pan & zoom
Attribute targets¶
| Attribute | Target / SLO | Primary tactic | Where enforced | How measured |
|---|---|---|---|---|
| API latency (sync) | p95 < 300 ms, p99 < 800 ms for interactive APIs | Stateless services, Redis hot cache, async offload | Platform apis.md + gateway |
OTEL request spans, App Insights |
| Event processing latency | p95 < 5 s from publish to consume | KEDA-scaled workers, partitioned subscriptions | Worker pools (workers.md) |
cs-trace-id span stitching |
| Throughput | Scale linearly to target tenant/project volume | Horizontal scale, queue-depth autoscaling | AKS HPA + KEDA | Service Bus queue depth, RPS |
| Availability (platform) | 99.9% monthly for factory control surfaces | Multi-AZ, health probes, graceful degradation | Deployment Topology | Uptime + synthetic probes |
| Availability (generated prod SaaS) | 99.9%+ per edition SLA | Inherited resilience patterns + DR | Runtime Cloud | Per-tenant SLO dashboards |
| Durability | No committed artifact/event loss | Immutable envelopes, Git source of truth, Blob versioning | Data Architecture | Backup verification, replay tests |
| Security | Zero high/critical findings shipped | RBAC/ABAC, secret scanning, audit | Security Architecture | Scan gates, audit completeness |
| Maintainability | Generated code passes quality gates | Clean Architecture + DDD, templates, linting | Testing & Quality Strategy | Coverage, complexity, lint score |
| Tenant isolation | No cross-tenant data access | Tenant guards in every handler | Multi-Tenancy | Isolation tests, audit review |
| Cost-efficiency | Spend within per-project/tenant budget | Right-sizing, scale-to-zero, LLM cost controls | Runtime Cloud | Cost telemetry per projectId/tenantId |
Quality attribute scenarios¶
NFRs are validated as concrete, testable scenarios (stimulus → response → measure), not as adjectives.
| Attribute | Stimulus | Response | Measure |
|---|---|---|---|
| Performance | 200 concurrent context-package requests | Service serves from Redis hot cache, no DB saturation | p95 < 300 ms, 0 errors |
| Scalability | Service Bus queue depth spikes 10x | KEDA scales worker replicas out, then back in | Backlog cleared within SLA, no message loss |
| Availability | One AKS availability zone fails | Traffic reschedules to healthy zones | < 1 min disruption, no data loss |
| Resilience | Downstream LLM/API returns 5xx | Circuit breaker opens, retry with backoff, fallback | Run completes or degrades gracefully, no cascade |
| Security | Generated artifact contains a secret | SecretScanWorker blocks before repository commit |
Secret never reaches Git, audit entry emitted |
| Cost | Project exceeds its cost budget | Cost alert + optimization recommendation raised | Alert within budget window, action proposed |
Pillar alignment¶
- Traceability — every NFR measurement is keyed by the standard dimensions (
traceId,tenantId,projectId,moduleId) defined in the Metadata Schema, so any breach is traceable to a workflow, module, and tenant. - Reusability — targets are met largely by reusing templates and
ConnectSoft.Extensions.*libraries that bake in caching, health checks, and resilience. - Autonomy — the SLO/SLA Compliance Agent and Load & Performance Testing Agent evaluate these attributes automatically.
- Governance — NFR breaches and risk acceptances are policy-governed and recorded as Architecture Decision Records when they change a target.
- Observability — all targets resolve to SLOs with error budgets in the Observability Architecture.
- Multi-tenant scale — every target is expressed per tenant/edition where relevant, preserving isolation under load.