| Package structure, dependency direction | rules/architecture.md |
| Authorization contracts, services, boundaries | rules/authorization.md |
| Permission registration, naming, lifecycle | rules/permissions.md |
| Role registration, assignment, hierarchy | rules/roles.md |
| System-level privileges, break-glass access | rules/privileges.md |
| User/role/permission/tenant suspensions | rules/suspensions.md |
| Role/permission/privilege inheritance | rules/inheritance.md |
| Resolution pipelines, conflict handling | rules/permission-resolution.md |
| Policy integration, discovery, boundaries | rules/policies.md |
| Public/internal APIs, REST endpoints, versioning | rules/api-design.md |
| Command architecture, naming, UX, safety | rules/artisan-commands.md |
| Audit logging, immutable trails, compliance | rules/audit-logs.md |
| Permission/role/event/command/cache naming | rules/naming-conventions.md |
| Tenant isolation, scoped permissions | rules/multi-tenancy.md |
| Cache invalidation, warming, consistency | rules/caching.md |
| Privilege escalation prevention, secure defaults | rules/security.md |
| Role/permission/privilege/suspension/cache events | rules/events.md |
| Package, cache, driver, tenant configuration | rules/configuration.md |
| Custom providers, drivers, resolvers | rules/extensibility.md |
| Permission, authorization, security testing | rules/testing.md |
| Lookup optimization, query tuning, scaling | rules/performance.md |
| Migrations, seeding, synchronization | rules/migrations-seeding.md |
| Public API stability, deprecation, upgrade paths | rules/backward-compatibility.md |
| Public API docs, extension docs, upgrade guides | rules/documentation.md |
| Middleware architecture, resolution, wildcards | rules/middleware.md |
| Blade directives, aliases, registration | rules/blade-directives.md |
| Model conventions, pivots, observers, factories | rules/models.md |
| Error responses, HTTP status codes, exit codes | rules/error-handling.md |