The Sentinel Guardian: Enforcing Architectural Dictatorship
How we used custom static analysis rules to stop an $8M data leak and physically prevent developers from bypassing the Sovereign Authority.
The Law is Not a Suggestion
In complex legacy systems, “Architectural Standards” are often just polite requests. We tell developers not to touch the old tables, we document the new API, and we pray they listen. But prayer is not an engineering strategy.
When a $8,000,000 discrepancy was detected in our Treasury due to legacy data contamination, we realized that we didn’t need a better manual. We needed a Sentinel.
The Mess: The Silent Bypass
In the erpbsg-legado ecosystem, the transition from V4 to V5 created a “Double Truth” problem. New sovereign branches were supposed to use the Ledger, but legacy code (and tired developers) were still querying the old tickets table.
This was not a bug; it was a Sovereignty Violation. Every direct query to the old world was an act of sabotage against the financial truth of the Bastion.
// The dangerous bypass (Old World)
$sql = "SELECT SUM(total) FROM tickets WHERE id_sucursal = 31";
// This query was silent, fast, and 100% WRONG for V5 branches.The Strategy: The Machine as Legislator
We decided to move from “Trust” to “Enforcement.” The strategy was to build an automated guardian within our CI/CD pipeline using PHPStan.
The goal was to create a rule that would:
- Identify Intent: Detect if a file is marked as
@sovereign. - Intercept Calls: Block calls to forbidden legacy methods.
- Detect Stealth: Scan raw SQL strings for forbidden table names (
tickets). - Enforce the Bridge: Force every developer to pass through the
SovereignTreasuryAuthority.
The Craft: Encoding the Guard
The breakthrough was the NoLegacyTicketsAccessRule. This is not a simple regex; it’s a deep scan of the Abstract Syntax Tree (AST). The machine now understands the meaning of the code before it ever hits production.
// core/Sentinel/Rules/NoLegacyTicketsAccessRule.php
public function processNode(Node $node, Scope $scope): array {
// 1. Is this a @sovereign context?
if (!$this->isSovereignContext($scope)) return [];
// 2. Are they using the forbidden table in a string?
if ($node instanceof Node\Scalar\String_) {
if (preg_match('/\bfrom\s+tickets\b/', strtolower($node->value))) {
return [RuleErrorBuilder::message("🚨 BYPASS DETECTADO: Access to 'tickets' table is forbidden in @sovereign context.")
->tip("Use SovereignTreasuryAuthority.")->build()];
}
}
}By tagging a class with @sovereign, the developer effectively hands the keys to the Sentinel.
The Result: 100% Financial Integrity
The result was immediate and violent. PHPStan threw 42 errors across the codebase, identifying every hidden bypass that had been poisoning our numbers for months.
We no longer have to audit the treasury manually. The Sentinel Guardian ensures that it is physically impossible to merge code that violates the Sovereignty of the Ledger.
Engineering as Art is the beauty of a system that cannot be forced to lie.
dammgo labs - Engineering as Art.