// Clear technical documentation — JSDoc, Mermaid, READMEs, ADRs, C4 diagrams, ISMS policy citations
| name | documentation-standards |
| description | Clear technical documentation — JSDoc, Mermaid, READMEs, ADRs, C4 diagrams, ISMS policy citations |
| license | MIT |
Applies when writing READMEs, documenting APIs/functions/classes, creating architecture docs, adding JSDoc, drawing diagrams, writing ADRs, documenting security policies, or writing user guides.
Aligned with the architecture-documentation expectations in Secure Development Policy §Architecture Documentation Matrix.
@param, @returns, @example (and @throws where relevant)@throws for every thrown error type❌ examples beside ✅ for high-impact APIs ```typescript, ```bash, ```mermaid)| File | When | Purpose |
|---|---|---|
README.md | Always | Overview, badges, quick start, classification |
SECURITY.md | Always | Vulnerability reporting |
SECURITY_HEADERS.md | Web | Runtime headers |
docs/ISMS_POLICY_MAPPING.md | Always | Feature → policy |
docs/ARCHITECTURE.md | Non-trivial | C4 Context / Container / Component |
docs/DATA_MODEL.md | Stateful | Data structures |
docs/FLOWCHART.md | Processes | Business flows |
docs/STATEDIAGRAM.md | Stateful features | State transitions |
docs/FUTURE_*.md | Roadmap | Future-state counterparts |
/**
* Calculates the active target count for a given game level.
*
* ISMS: Secure Development Policy §Phase 2 — Secure Coding
*
* @param level - Current game level (≥ 1)
* @returns Number of active targets (1–3) for the level
* @throws {RangeError} When `level` is not a finite integer ≥ 1
*
* @example
* ```typescript
* getTargetCountForLevel(1); // 1
* getTargetCountForLevel(5); // 2
* getTargetCountForLevel(8); // 3
* ```
*/
export function getTargetCountForLevel(level: number): number {
if (!Number.isFinite(level) || level < 1) {
throw new RangeError('level must be a finite integer ≥ 1');
}
if (level <= 3) return 1;
if (level <= 6) return 2;
return 3;
}
```mermaid
graph TB
Player((Player)) -->|Plays| App[Target Shooter SPA]
App -->|Loads assets| CDN[(Bundled static assets)]
App -->|Audio| Howler[Howler.js]
App -->|Renders| Three[Three.js / WebGL]
```
# ADR 0001 — Adopt Vitest for Unit Testing
- **Status:** Accepted (2025-11-10)
- **Context:** Need fast, ESM-native test runner compatible with Vite.
- **Decision:** Use Vitest with jsdom.
- **Consequences:** Faster feedback; minor migration from Jest APIs.
- **ISMS:** Secure Development Policy §Phase 3 — Security Testing
// BAD: exported function with no JSDoc
export function calc(x: number) { return x * 2; }
// BAD: @example that contradicts behavior
/** @example calc("2"); // 4 */
export function calc(v: number): number { return v * 2; }
// BAD: screenshot-only diagram
// (not maintainable, not accessible, not diffable)
@exampleAI-assisted development governance — Copilot custom agents, MCP servers, change control, audit trail — per Hack23 ISMS AI Policy
Hack23 ISMS alignment — ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1, GDPR, NIS2, EU CRA — with policy citations
React re-render optimization, Three.js rendering performance, useMemo/useCallback, bundle size, 60 fps profiling, Lighthouse budgets
Three.js game development with React using @react-three/fiber and @react-three/drei — strict TypeScript, 60 fps, accessible
Defense-in-depth security principles — OWASP Top 10 prevention, input validation, secure error handling, encryption, least privilege
Vitest + Cypress + RTL — deterministic tests, ≥80% line / ≥70% branch coverage, ≥95% on security code, Three.js component testing