feat: add entity exposure detection (v0.3.0)

Implement entity exposure detection to prevent domain entities from leaking to API responses. Detects when controllers/routes return domain entities instead of DTOs. Features: - EntityExposure value object with detailed suggestions - IEntityExposureDetector interface in domain layer - EntityExposureDetector implementation in infrastructure - Integration into AnalyzeProject use case - CLI display with helpful suggestions - 24 comprehensive unit tests (98% coverage) - Examples for bad and good patterns Detection scope: - Infrastructure layer only (controllers, routes, handlers, resolvers, gateways) - Identifies PascalCase entities without Dto/Request/Response suffixes - Parses async methods with Promise<T> return types - Provides step-by-step remediation suggestions Test coverage: - EntityExposureDetector: 98.07% - Overall project: 90.6% statements, 83.97% branches - 218 tests passing BREAKING CHANGE: Version bump to 0.3.0
2025-12-28 07:16:53 +05:00 · 2025-11-24 13:51:12 +05:00
parent a3cd71070e
commit f46048172f
14 changed files with 893 additions and 17 deletions
--- a/packages/guardian/src/cli/index.ts
+++ b/packages/guardian/src/cli/index.ts
@@ -39,6 +39,7 @@ program
                circularDependencyViolations,
                namingViolations,
                frameworkLeakViolations,
+                entityExposureViolations,
                metrics,
            } = result

@@ -126,6 +127,33 @@ program
                })
            }

+            // Entity exposure violations
+            if (options.architecture && entityExposureViolations.length > 0) {
+                console.log(
+                    `\n🎭 Found ${String(entityExposureViolations.length)} entity exposure(s):\n`,
+                )
+
+                entityExposureViolations.forEach((ee, index) => {
+                    const location = ee.line ? `${ee.file}:${String(ee.line)}` : ee.file
+                    console.log(`${String(index + 1)}. ${location}`)
+                    console.log(`   Entity: ${ee.entityName}`)
+                    console.log(`   Return Type: ${ee.returnType}`)
+                    if (ee.methodName) {
+                        console.log(`   Method: ${ee.methodName}`)
+                    }
+                    console.log(`   Layer: ${ee.layer}`)
+                    console.log(`   Rule: ${ee.rule}`)
+                    console.log(`   ${ee.message}`)
+                    console.log("   💡 Suggestion:")
+                    ee.suggestion.split("\n").forEach((line) => {
+                        if (line.trim()) {
+                            console.log(`      ${line}`)
+                        }
+                    })
+                    console.log("")
+                })
+            }
+
            // Hardcode violations
            if (options.hardcode && hardcodeViolations.length > 0) {
                console.log(
@@ -151,7 +179,8 @@ program
                hardcodeViolations.length +
                circularDependencyViolations.length +
                namingViolations.length +
-                frameworkLeakViolations.length
+                frameworkLeakViolations.length +
+                entityExposureViolations.length

            if (totalIssues === 0) {
                console.log(CLI_MESSAGES.NO_ISSUES)