Validate Architecture
Purpose
Validate architecture documents for completeness, quality, and adherence to best practices. Generates comprehensive validation report with quality score, identified gaps, and prioritized recommendations for improvement.
Core Principles:
-
Comprehensive checklists: Cover all architectural dimensions
-
Objective scoring: Consistent, repeatable quality measurement
-
Actionable feedback: Specific, prioritized improvements
-
Adapt to context: Different criteria for different project types
Prerequisites
-
Architecture document exists (docs/architecture.md or specified path)
-
Architecture follows standard structure (see create-architecture skill)
Workflow
- Load Architecture Document
Action: Read architecture document using bmad-commands
Execute:
python .claude/skills/bmad-commands/scripts/read_file.py
--path {architecture_file}
--output json
Parse document to extract:
-
Present sections
-
Technology stack components
-
ADRs count and quality
-
NFRs coverage
-
Security considerations
-
Scalability mentions
- Detect Project Type
Auto-detect from architecture content:
Frontend indicators:
-
Component architecture section
-
State management discussion
-
UI/routing mentions
-
Frontend technologies (React, Vue, etc.)
Backend indicators:
-
API design section
-
Service layer architecture
-
Database/data layer
-
Backend technologies (Node, Python, etc.)
Fullstack indicators:
-
Both frontend and backend sections
-
Integration/API contract sections
-
End-to-end authentication flow
-
Full stack technologies (Next.js, etc.)
If unable to detect: Prompt for project_type parameter
- Run Completeness Checklist
Validate required sections based on project type:
Universal Sections (All Types)
-
✅ System Overview (purpose, users, features)
-
✅ Technology Stack (with justifications)
-
✅ Deployment Architecture
-
✅ Security Architecture
-
✅ Architecture Decision Records (≥3)
Frontend-Specific Sections
-
✅ Component Architecture
-
✅ State Management Strategy
-
✅ Routing Design
-
✅ Styling Approach
-
✅ Build & Deployment Pipeline
Backend-Specific Sections
-
✅ API Design (REST/GraphQL/tRPC)
-
✅ Service Layer Architecture
-
✅ Data Architecture & Modeling
-
✅ Integration Patterns
-
✅ Error Handling Strategy
Fullstack-Specific Sections
-
✅ End-to-End Integration
-
✅ API Contracts/Type Safety
-
✅ Authentication & Authorization Flow
-
✅ Frontend-Backend Communication
-
✅ Unified Deployment Strategy
Score: +10 points per required section present
See: references/validation-rules.md for complete validation criteria and scoring rubrics
- Validate Technology Stack
Check that all technology choices:
-
✅ Are documented (not just mentioned)
-
✅ Have justifications (why this choice?)
-
✅ List alternatives considered
-
✅ Explain trade-offs
-
✅ Are appropriate for project scale
Scoring:
-
All choices justified: +15 points
-
Most choices justified: +10 points
-
Some justified: +5 points
-
None justified: 0 points
Flag unjustified technologies as gaps
- Assess NFR Coverage
Verify Non-Functional Requirements addressed:
NFR Category Required Elements
Performance Response time targets, optimization strategies
Scalability User growth plan, bottleneck identification
Security Auth/authz, encryption, compliance
Reliability Availability targets, fault tolerance
Maintainability Code organization, testing strategy
Scoring:
-
All NFRs addressed: +15 points
-
Most NFRs addressed: +10 points
-
Some NFRs addressed: +5 points
-
Few/none addressed: 0 points
See: references/validation-rules.md for NFR validation criteria
- Evaluate ADRs Quality
Check Architecture Decision Records:
Quantity:
-
≥10 ADRs: +10 points
-
5-9 ADRs: +7 points
-
3-4 ADRs: +5 points
-
<3 ADRs: 0 points
Quality (sample 3-5 ADRs):
-
✅ Context clearly stated
-
✅ Decision explicitly stated
-
✅ Alternatives considered (≥2)
-
✅ Rationale provided
-
✅ Consequences documented
Well-formed ADRs: +5 points Partial ADRs: +2 points Poor ADRs: 0 points
- Check Security Posture
Validate security considerations:
-
✅ Authentication mechanism defined
-
✅ Authorization strategy documented
-
✅ Data encryption (at rest, in transit)
-
✅ Input validation approach
-
✅ Security best practices mentioned
-
✅ Compliance requirements (if applicable)
Scoring:
-
Comprehensive security: +10 points
-
Basic security: +5 points
-
Minimal security: 0 points
Critical gap: Missing security section
- Assess Scalability Planning
Check scalability considerations:
-
✅ User growth projections
-
✅ Scaling strategy (horizontal/vertical)
-
✅ Bottleneck identification
-
✅ Load balancing approach
-
✅ Database scaling plan
-
✅ Caching strategy
Scoring:
-
Detailed scalability plan: +10 points
-
Basic scalability mentions: +5 points
-
No scalability planning: 0 points
- Validate Deployment Strategy
Check deployment architecture:
-
✅ Deployment platform specified
-
✅ Environment strategy (dev, staging, prod)
-
✅ CI/CD pipeline outlined
-
✅ Monitoring and observability
-
✅ Backup and disaster recovery
Scoring:
-
Comprehensive deployment: +10 points
-
Basic deployment: +5 points
-
Missing deployment: 0 points
- Calculate Quality Score
Total possible points: 100
Score breakdown:
-
Completeness (sections): 30-40 points (varies by type)
-
Technology justifications: 15 points
-
NFR coverage: 15 points
-
ADRs quantity & quality: 15 points
-
Security posture: 10 points
-
Scalability planning: 10 points
-
Deployment strategy: 10 points
Quality Grades:
-
90-100: Excellent (A)
-
80-89: Good (B)
-
70-79: Acceptable (C)
-
60-69: Needs Improvement (D)
-
<60: Insufficient (F)
Validation passes if score ≥70
- Identify Gaps
Categorize identified gaps:
Critical Gaps (blocking):
-
Missing security section
-
No technology justifications
-
Fewer than 3 ADRs
-
Zero NFR coverage
Major Gaps (important):
-
Missing key sections for project type
-
Poor ADR quality
-
Minimal security details
-
No scalability planning
Minor Gaps (nice-to-have):
-
Incomplete deployment details
-
Missing diagrams
-
Light monitoring discussion
Priority: Critical → Major → Minor
- Generate Recommendations
Based on identified gaps, provide actionable recommendations:
Recommendation format:
Priority: Critical | Major | Minor Gap: [Specific missing element] Recommendation: [Concrete action to take] Impact: [Why this matters] Effort: [Estimated time to address]
Example:
Priority: Critical Gap: Security architecture section missing Recommendation: Add security architecture section covering authentication, authorization, encryption, and input validation Impact: Security is fundamental for production readiness Effort: 2-3 hours
See: references/templates.md for recommendation and report templates
- Generate Validation Report
Create comprehensive validation report:
Architecture Validation Report
Architecture: [file path] Project Type: [detected type] Validation Date: [timestamp] Validation Result: PASS | FAIL
Quality Score: [score]/100
Grade: [A/B/C/D/F]
Score Breakdown:
- Completeness: [X]/40
- Technology Stack: [X]/15
- NFR Coverage: [X]/15
- ADRs: [X]/15
- Security: [X]/10
- Scalability: [X]/10
- Deployment: [X]/10
Sections Present
✅ System Overview ✅ Component Architecture (Frontend) ✅ Technology Stack ❌ Security Architecture (MISSING) ⚠️ Scalability Plan (Incomplete)
Gaps Identified
Critical Gaps
- Security architecture section missing
- No NFR coverage
Major Gaps
- Only 2 ADRs (minimum 3 required)
- Technology choices not justified
Minor Gaps
- Monitoring not discussed
- Disaster recovery not mentioned
Recommendations
1. Add Security Architecture (Critical)
Gap: Security section missing Action: Document authentication, authorization, encryption, input validation Impact: Production readiness blocker Effort: 2-3 hours
2. Address NFRs (Critical)
Gap: Zero NFR coverage Action: Add sections for performance targets, scalability plan, reliability targets Impact: Architecture may not meet requirements Effort: 1-2 hours
[... continue for all gaps ...]
Summary
Overall Assessment: [Summary paragraph]
Next Steps:
- Address all critical gaps
- Address major gaps
- Re-run validation
- Proceed to implementation when score ≥70
Validation Tool: BMAD Enhanced validate-architecture skill Validated by: Winston (Architect)
Common Scenarios
Scenario 1: High-Quality Architecture (Score 85+)
Result: PASS with minor recommendations Action: Proceed to implementation, optionally address minor gaps
Scenario 2: Acceptable Architecture (Score 70-79)
Result: PASS with major recommendations Action: Address major gaps before implementation
Scenario 3: Insufficient Architecture (Score <70)
Result: FAIL Action: Address all critical and major gaps, then re-validate
Scenario 4: Missing Critical Sections
Result: FAIL (auto-fail for missing critical sections) Action: Add missing sections, re-validate
Strict Mode
When enabled (--strict):
-
Minimum score: 80 (instead of 70)
-
All major gaps must be addressed
-
ADR quality rigorously checked
-
More detailed NFR validation
Use strict mode for:
-
Production systems
-
High-complexity projects
-
Compliance-sensitive applications
-
Enterprise deployments
Best Practices
-
Run early and often - Validate during architecture creation, not after
-
Address critical gaps immediately - Don't proceed with critical gaps
-
Iterate - Re-validate after addressing gaps
-
Use as checklist - Reference validation checklist while creating architecture
-
Don't over-optimize - Score of 70-80 is usually sufficient for implementation
Reference Files
-
references/validation-rules.md
-
Comprehensive validation rules, scoring criteria, and rubrics for all dimensions
-
references/templates.md
-
Validation report templates, recommendation formats, and output structures
-
references/examples.md
-
Complete validation examples showing PASS (85/100), borderline PASS (72/100), and FAIL (42/100) scenarios
When to Escalate
Escalate to user when:
-
Architecture file not found or unreadable
-
Unable to detect project type automatically
-
Score is below 50 (major rework needed)
-
Critical compliance issues detected
-
Architecture deviates significantly from standards
Part of BMAD Enhanced Quality Suite