## Be Nice

First of all, be nice. 😊

You probably are super nice if you were added to the team, but it's worth mentioning it. 🤓

### When Things are Difficult

When things are great, everything is easier, so that doesn't need much instructions. But when things are difficult, here are some guidelines.

If there's a security flaw in your code, it will still exist.

Hiding the documentation just makes it more difficult to understand how to interact with your API, and could make it more difficult for you to debug it in production. It could be considered simply a form of [Security through obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity).

A downside of this structure is that it is difficult to do focused work on the Gradle UI.

## Decision

Introduce a "UI" architecture module to the core platform, and move the user interaction services to this new module.

This includes:

* **Harder code search and refactoring**: Searching for identifiers, method names, or documentation becomes more difficult when multiple spellings exist for the same concept
* **Inconsistent API surface**: Public APIs with mixed spelling conventions appear less professional and polished

 *   <li>hasNext();
 *   <li>remove();
 *   <li>next();
 * </ol>
 *
 * <p>This particular order of operations may be unrealistic, and testing all 3^5 of them may be
 * thought of as overkill; however, it's difficult to determine which proper subset of this massive
 * set would be sufficient to expose any possible bug. Brute force is simpler.
 *
 * <p>To use this class the concrete subclass must implement the {@link

## Context

The Gradle code base is essentially a large monolith, without strong internal boundaries.
This has a number of negative effects on productivity, including:

- Unclear ownership of code.
- Difficult to focus on one particular area.
- Unintended coupling between areas of the code, including tests.

## Decision

Organize the Gradle code base into a set of coarse-grained "architecture modules".

            fail("Constructor with Context parameter should exist");
        }
    }

    // Note: This test is simplified because complex Tomcat Context mocking
    // is difficult to maintain due to frequent API changes.
    // The focus is on testing the class structure and basic functionality
    // that can be verified without full integration testing.

     * we must exclude each transitive dependency of each direct dependency.
     * <p>
     * Determining the transitive deps of a dependency which has been resolved as
     * non-transitive is difficult because the process of resolving removes the
     * transitive deps. To sidestep this issue, we create a configuration per
     * direct dependency version. This specially named and unique configuration

# Security { #security }

There are many ways to handle security, authentication and authorization.

And it normally is a complex and "difficult" topic.

In many frameworks and systems just handling security and authentication takes a big amount of effort and code (in many cases it can be 50% or more of all the code written).

 *   <li>hasNext();
 *   <li>remove();
 *   <li>next();
 * </ol>
 *
 * <p>This particular order of operations may be unrealistic, and testing all 3^5 of them may be
 * thought of as overkill; however, it's difficult to determine which proper subset of this massive
 * set would be sufficient to expose any possible bug. Brute force is simpler.
 *
 * <p>To use this class the concrete subclass must implement the {@link