| name | documentation-standards |
|---|---|
| description | Clear technical documentation — JSDoc, Mermaid, READMEs, ADRs, C4 diagrams, ISMS policy citations |
| license | MIT |
Applies when writing READMEs, documenting APIs/functions/classes, creating architecture docs, adding JSDoc, drawing diagrams, writing ADRs, documenting security policies, or writing user guides.
Aligned with the architecture-documentation expectations in Secure Development Policy §Architecture Documentation Matrix.
- ISMS References — security-relevant docs cite the applicable Hack23 policy
- JSDoc for Public APIs — every export gets
@param,@returns,@example(and@throwswhere relevant) - Include TypeScript types in JSDoc context (types live in code; JSDoc describes behavior)
- Working examples — every snippet compiles and matches current behavior
- Document exceptions —
@throwsfor every thrown error type - Mermaid diagrams — never screenshots; always include source
- Keep READMEs current — updates ship in the same PR as code changes
- Link authoritative external docs — React, Three.js, vitest, ISO/NIST/CIS
- Show anti-patterns —
❌examples beside✅for high-impact APIs - Accessible markdown — semantic headings, descriptive links, alt text for images
- Heading hierarchy — H1 → H2 → H3, never skip levels
- Specify code-block languages (
```typescript,```bash,```mermaid) - ADRs for lasting decisions — numbered, dated, status tracked (Proposed / Accepted / Deprecated / Superseded)
- No PII in examples — synthetic data only
| File | When | Purpose |
|---|---|---|
README.md |
Always | Overview, badges, quick start, classification |
SECURITY.md |
Always | Vulnerability reporting |
SECURITY_HEADERS.md |
Web | Runtime headers |
docs/ISMS_POLICY_MAPPING.md |
Always | Feature → policy |
docs/ARCHITECTURE.md |
Non-trivial | C4 Context / Container / Component |
docs/DATA_MODEL.md |
Stateful | Data structures |
docs/FLOWCHART.md |
Processes | Business flows |
docs/STATEDIAGRAM.md |
Stateful features | State transitions |
docs/FUTURE_*.md |
Roadmap | Future-state counterparts |
/**
* Calculates the active target count for a given game level.
*
* ISMS: Secure Development Policy §Phase 2 — Secure Coding
*
* @param level - Current game level (≥ 1)
* @returns Number of active targets (1–3) for the level
* @throws {RangeError} When `level` is not a finite integer ≥ 1
*
* @example
* ```typescript
* getTargetCountForLevel(1); // 1
* getTargetCountForLevel(5); // 2
* getTargetCountForLevel(8); // 3
* ```
*/
export function getTargetCountForLevel(level: number): number {
if (!Number.isFinite(level) || level < 1) {
throw new RangeError('level must be a finite integer ≥ 1');
}
if (level <= 3) return 1;
if (level <= 6) return 2;
return 3;
}```mermaid
graph TB
Player((Player)) -->|Plays| App[Target Shooter SPA]
App -->|Loads assets| CDN[(Bundled static assets)]
App -->|Audio| Howler[Howler.js]
App -->|Renders| Three[Three.js / WebGL]
```# ADR 0001 — Adopt Vitest for Unit Testing
- **Status:** Accepted (2025-11-10)
- **Context:** Need fast, ESM-native test runner compatible with Vite.
- **Decision:** Use Vitest with jsdom.
- **Consequences:** Faster feedback; minor migration from Jest APIs.
- **ISMS:** Secure Development Policy §Phase 3 — Security Testing// BAD: exported function with no JSDoc
export function calc(x: number) { return x * 2; }
// BAD: @example that contradicts behavior
/** @example calc("2"); // 4 */
export function calc(v: number): number { return v * 2; }
// BAD: screenshot-only diagram
// (not maintainable, not accessible, not diffable)- Every public export has JSDoc with a working
@example - Diagrams are Mermaid source (not images)
- All internal + external links resolve
- Heading hierarchy is correct (no skipped levels)
- Code blocks specify a language
- Security docs cite the applicable ISMS policy
- Anti-patterns shown for non-trivial APIs
- No PII or real-user data in examples