ailabs/puaros
1
0
Fork 0
mirror of https://github.com/samiyev/puaros.git synced 2025-12-27 23:06:54 +05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ailabs:v0.7.5
Branches Tags
ailabs:main
ailabs:ipuaro-v0.30.2 ailabs:ipuaro-v0.30.1 ailabs:ipuaro-v0.30.0 ailabs:ipuaro-v0.29.0 ailabs:ipuaro-v0.28.0 ailabs:ipuaro-v0.27.0 ailabs:ipuaro-v0.26.0 ailabs:ipuaro-v0.25.0 ailabs:ipuaro-v0.24.0 ailabs:ipuaro-v0.23.0 ailabs:ipuaro-v0.22.5 ailabs:ipuaro-v0.22.4 ailabs:ipuaro-v0.22.3 ailabs:ipuaro-v0.22.2 ailabs:ipuaro-v0.22.1 ailabs:ipuaro-v0.21.4 ailabs:ipuaro-v0.21.1 ailabs:ipuaro-v0.21.0 ailabs:ipuaro-v0.20.0 ailabs:ipuaro-v0.19.0 ailabs:ipuaro-v0.18.0 ailabs:ipuaro-v0.17.0 ailabs:ipuaro-v0.16.0 ailabs:ipuaro-v0.15.0 ailabs:ipuaro-v0.14.0 ailabs:ipuaro-v0.13.0 ailabs:ipuaro-v0.12.0 ailabs:ipuaro-v0.11.0 ailabs:ipuaro-v0.10.0 ailabs:ipuaro-v0.9.0 ailabs:ipuaro-v0.8.0 ailabs:ipuaro-v0.7.0 ailabs:ipuaro-v0.6.0 ailabs:ipuaro-v0.5.0 ailabs:ipuaro-v0.4.0 ailabs:guardian-v0.9.4 ailabs:ipuaro-v0.3.1 ailabs:ipuaro-v0.3.0 ailabs:ipuaro-v0.2.0 ailabs:ipuaro-v0.1.1 ailabs:guardian-v0.9.3 ailabs:ipuaro-v0.1.0 ailabs:v0.9.1 ailabs:v0.9.0 ailabs:v0.8.1 ailabs:v0.8.0 ailabs:v0.7.9 ailabs:v0.7.8 ailabs:v0.7.7 ailabs:v0.7.6 ailabs:v0.7.5 ailabs:v0.7.4 ailabs:v0.7.3 ailabs:v0.7.2 ailabs:v0.7.1 ailabs:v0.7.0 ailabs:v0.6.4 ailabs:v0.6.3 ailabs:v0.6.2 ailabs:v0.6.1 ailabs:v0.6.0 ailabs:v0.5.2 ailabs:v0.5.1 ailabs:v0.5.0 ailabs:v0.1.0 ailabs:v0.3.0 ailabs:v0.2.0
...
compare: ailabs:v0.9.1
Branches Tags
ailabs:main
ailabs:ipuaro-v0.30.2 ailabs:ipuaro-v0.30.1 ailabs:ipuaro-v0.30.0 ailabs:ipuaro-v0.29.0 ailabs:ipuaro-v0.28.0 ailabs:ipuaro-v0.27.0 ailabs:ipuaro-v0.26.0 ailabs:ipuaro-v0.25.0 ailabs:ipuaro-v0.24.0 ailabs:ipuaro-v0.23.0 ailabs:ipuaro-v0.22.5 ailabs:ipuaro-v0.22.4 ailabs:ipuaro-v0.22.3 ailabs:ipuaro-v0.22.2 ailabs:ipuaro-v0.22.1 ailabs:ipuaro-v0.21.4 ailabs:ipuaro-v0.21.1 ailabs:ipuaro-v0.21.0 ailabs:ipuaro-v0.20.0 ailabs:ipuaro-v0.19.0 ailabs:ipuaro-v0.18.0 ailabs:ipuaro-v0.17.0 ailabs:ipuaro-v0.16.0 ailabs:ipuaro-v0.15.0 ailabs:ipuaro-v0.14.0 ailabs:ipuaro-v0.13.0 ailabs:ipuaro-v0.12.0 ailabs:ipuaro-v0.11.0 ailabs:ipuaro-v0.10.0 ailabs:ipuaro-v0.9.0 ailabs:ipuaro-v0.8.0 ailabs:ipuaro-v0.7.0 ailabs:ipuaro-v0.6.0 ailabs:ipuaro-v0.5.0 ailabs:ipuaro-v0.4.0 ailabs:guardian-v0.9.4 ailabs:ipuaro-v0.3.1 ailabs:ipuaro-v0.3.0 ailabs:ipuaro-v0.2.0 ailabs:ipuaro-v0.1.1 ailabs:guardian-v0.9.3 ailabs:ipuaro-v0.1.0 ailabs:v0.9.1 ailabs:v0.9.0 ailabs:v0.8.1 ailabs:v0.8.0 ailabs:v0.7.9 ailabs:v0.7.8 ailabs:v0.7.7 ailabs:v0.7.6 ailabs:v0.7.5 ailabs:v0.7.4 ailabs:v0.7.3 ailabs:v0.7.2 ailabs:v0.7.1 ailabs:v0.7.0 ailabs:v0.6.4 ailabs:v0.6.3 ailabs:v0.6.2 ailabs:v0.6.1 ailabs:v0.6.0 ailabs:v0.5.2 ailabs:v0.5.1 ailabs:v0.5.0 ailabs:v0.1.0 ailabs:v0.3.0 ailabs:v0.2.0

14 Commits
v0.7.5 ... v0.9.1

Author SHA1 Message Date
imfozilbek
b953956181 docs: update CHANGELOG.md for v0.9.1 2025-11-26 17:39:21 +05:00
imfozilbek
af094eb54a refactor: migrate hardcode detector from regex to AST-based analysis 
- Replace regex-based matchers with tree-sitter AST traversal
- Add duplicate value tracking across files
- Implement boolean literal detection
- Add value type classification (email, url, ip, api_key, etc.)
- Improve context awareness with AST node analysis
- Reduce false positives with better constant detection

Breaking changes removed:
- BraceTracker.ts
- ExportConstantAnalyzer.ts
- MagicNumberMatcher.ts
- MagicStringMatcher.ts

New components added:
- AstTreeTraverser for AST walking
- DuplicateValueTracker for cross-file tracking
- AstContextChecker for node context analysis
- AstNumberAnalyzer, AstStringAnalyzer, AstBooleanAnalyzer
- ValuePatternMatcher for type detection

Test coverage: 87.97% statements, 96.75% functions
 2025-11-26 17:38:30 +05:00
imfozilbek
656571860e docs: add Anemic Model Detection documentation to WHY.md and RESEARCH_CITATIONS.md 2025-11-26 00:44:12 +05:00
imfozilbek
a6b4c69b75 feat: add anemic model detection and refactor hardcoded values (v0.9.0) 2025-11-26 00:09:48 +05:00
imfozilbek
1d6c2a0e00 refactor: extract all hardcoded values to constants (v0.8.1) 
Fix all 63 hardcoded value issues from Guardian self-check:
- Remove hardcoded Slack token from documentation
- Remove aws-sdk framework leak from domain layer
- Rename 4 pipeline files to verb-noun convention
- Extract 57 magic strings to SecretExamples.ts constants
- Update SecretViolation, SecretDetector, MagicStringMatcher
- Use typeof for TypeScript literal type in getSeverity()

Result: 0 issues in Guardian self-check (was 63)
All 566 tests passing, build successful
 2025-11-25 19:06:33 +05:00
imfozilbek
db8a97202e chore: update pnpm-lock.yaml for secretlint dependencies 
Add lockfile changes for @secretlint packages:
- @secretlint/node@11.2.5
- @secretlint/core@11.2.5
- @secretlint/types@11.2.5
- @secretlint/secretlint-rule-preset-recommend@11.2.5
 2025-11-25 18:30:40 +05:00
imfozilbek
0b1cc5a79a feat: add secret detection with Secretlint (v0.8.0) 
Add critical security feature to detect 350+ types of hardcoded secrets
using industry-standard Secretlint library.

Features:
- Detect AWS keys, GitHub tokens, NPM tokens, SSH keys, API keys, etc.
- All secrets marked as CRITICAL severity
- Context-aware remediation suggestions per secret type
- New SecretDetector using @secretlint/node
- New SecretViolation value object (100% test coverage)
- CLI output with "🔐 Secrets" section
- Async pipeline support for secret detection

Tests:
- Added 47 new tests (566 total, 100% pass rate)
- Coverage: 93.3% statements, 83.74% branches
- SecretViolation: 23 tests, 100% coverage
- SecretDetector: 24 tests

Dependencies:
- @secretlint/node: 11.2.5
- @secretlint/core: 11.2.5
- @secretlint/types: 11.2.5
- @secretlint/secretlint-rule-preset-recommend: 11.2.5
 2025-11-25 18:27:27 +05:00
imfozilbek
8d400c9517 refactor: extract detector logic into focused strategy classes 
Refactored three largest detectors to improve maintainability and reduce complexity:

- AggregateBoundaryDetector: 381 → 162 lines (57% reduction)
- HardcodeDetector: 459 → 89 lines (81% reduction)
- RepositoryPatternDetector: 479 → 106 lines (78% reduction)

Added 13 new strategy classes:
- FolderRegistry - centralized DDD folder name management
- AggregatePathAnalyzer - path parsing and aggregate extraction
- ImportValidator - import validation logic
- BraceTracker - brace and bracket counting
- ConstantsFileChecker - constants file detection
- ExportConstantAnalyzer - export const analysis
- MagicNumberMatcher - magic number detection
- MagicStringMatcher - magic string detection
- OrmTypeMatcher - ORM type matching
- MethodNameValidator - repository method validation
- RepositoryFileAnalyzer - file role detection
- RepositoryViolationDetector - violation detection logic

All 519 tests passing, zero ESLint errors, no breaking changes.
 2025-11-25 17:41:32 +05:00
imfozilbek
9fb9beb311 docs: mark v0.7.8 as published to npm 2025-11-25 17:23:54 +05:00
imfozilbek
5a43fbf116 test: add comprehensive E2E test suite for v0.7.8 
- Add 62 new E2E tests (21 + 22 + 19)
- AnalyzeProject.e2e.test.ts: full pipeline testing
- CLI.e2e.test.ts: CLI smoke tests with process spawning
- JSONOutput.e2e.test.ts: JSON structure validation
- 100% test pass rate achieved (519/519 tests)
- Update ROADMAP.md and CHANGELOG.md
- Bump version to 0.7.8
 2025-11-25 17:20:56 +05:00
imfozilbek
669e764718 docs: mark v0.7.7 as published to npm 2025-11-25 16:52:00 +05:00
imfozilbek
0b9b8564bf test: improve test coverage for domain files from 46-58% to 92-100% 
- Add 31 tests for SourceFile.ts (46% → 100%)
- Add 31 tests for ProjectPath.ts (50% → 100%)
- Add 18 tests for ValueObject.ts (25% → 100%)
- Add 32 tests for RepositoryViolation.ts (58% → 92.68%)
- Total test count: 345 → 457 tests (all passing)
- Overall coverage: 95.4% statements, 86.25% branches, 96.68% functions
- Update version to 0.7.7
- Update ROADMAP.md and CHANGELOG.md
 2025-11-25 16:50:00 +05:00
imfozilbek
0da25d9046 docs: mark v0.7.6 as published to npm 2025-11-25 16:31:23 +05:00
imfozilbek
7fea9a8fdb refactor: split CLI module into focused formatters and groupers 
- Created cli/groupers/ViolationGrouper.ts for severity filtering
- Created cli/formatters/OutputFormatter.ts for violation formatting
- Created cli/formatters/StatisticsFormatter.ts for metrics display
- Reduced cli/index.ts from 484 to 260 lines (46% reduction)
- All 345 tests pass, CLI output identical to before
- No breaking changes
 2025-11-25 16:30:04 +05:00
65 changed files with 10210 additions and 1465 deletions
Expand all files Collapse all files

17
README.md
View File

@@ -4,7 +4,7 @@ A TypeScript monorepo for code quality and analysis tools.
## Packages
- **[@puaros/guardian](./packages/guardian)** - Code quality guardian for vibe coders and enterprise teams. Detects hardcoded values, circular dependencies, and architecture violations. Perfect for AI-assisted development and enforcing Clean Architecture at scale.
- **[@puaros/guardian](./packages/guardian)** - Research-backed code quality guardian for vibe coders and enterprise teams. Detects hardcoded values, secrets, circular dependencies, architecture violations, and anemic domain models. Every rule is based on academic research, industry standards (OWASP, SonarQube), and authoritative books (Martin Fowler, Uncle Bob, Eric Evans). Perfect for AI-assisted development and enforcing Clean Architecture at scale.
## Prerequisites
@@ -147,6 +147,21 @@ The `@puaros/guardian` package is a code quality analyzer for both individual de
- **CLI Tool**: Command-line interface with `guardian` command
- **CI/CD Integration**: JSON/Markdown output for automation pipelines
### 📚 Research-Backed Rules
Guardian's detection rules are based on decades of software engineering research and industry best practices:
- **Academic Research**: MIT Course 6.031, ScienceDirect peer-reviewed studies (2020-2023), IEEE papers on Technical Debt
- **Industry Standards**: SonarQube (400,000+ organizations), Google/Airbnb/Microsoft style guides, OWASP security standards
- **Authoritative Books**:
- Clean Architecture (Robert C. Martin, 2017)
- Implementing Domain-Driven Design (Vaughn Vernon, 2013)
- Domain-Driven Design (Eric Evans, 2003)
- Patterns of Enterprise Application Architecture (Martin Fowler, 2002)
- **Security Standards**: OWASP Secrets Management, GitHub Secret Scanning (350+ patterns)
**Every rule links to research citations** - see [Why Guardian's Rules Matter](./packages/guardian/docs/WHY.md) and [Full Research Citations](./packages/guardian/docs/RESEARCH_CITATIONS.md) for complete academic papers, books, and expert references.
### Use Cases
**For Vibe Coders:**

258
packages/guardian/CHANGELOG.md
View File

@@ -5,6 +5,264 @@ All notable changes to @samiyev/guardian will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.9.1] - 2025-11-26
### Changed
- 🔄 **Refactored hardcode detector** - Migrated from regex-based to AST-based analysis:
- Replaced regex pattern matching with tree-sitter Abstract Syntax Tree traversal
- Improved accuracy with AST node context awareness (exports, types, tests)
- Reduced false positives with better constant and context detection
- Added duplicate value tracking across files for better insights
- Implemented boolean literal detection (magic-boolean type)
- Added value type classification (email, url, ip_address, api_key, uuid, version, color, etc.)
- New modular architecture with specialized analyzers:
- `AstTreeTraverser` - AST walking with "almost constants" detection
- `DuplicateValueTracker` - Cross-file duplicate tracking
- `AstContextChecker` - Node context analysis (reduced nesting depth)
- `AstNumberAnalyzer`, `AstStringAnalyzer`, `AstBooleanAnalyzer` - Specialized analyzers
- `ValuePatternMatcher` - Value type pattern detection
### Removed
- 🗑️ **Deprecated regex components** - Removed old regex-based detection strategies:
- `BraceTracker.ts` - Replaced by AST context checking
- `ExportConstantAnalyzer.ts` - Replaced by AstContextChecker
- `MagicNumberMatcher.ts` - Replaced by AstNumberAnalyzer
- `MagicStringMatcher.ts` - Replaced by AstStringAnalyzer
### Quality
-**All tests pass** - 629/629 tests passing (added 51 new tests)
-**Test coverage** - 87.97% statements, 96.75% functions
-**Build successful** - TypeScript compilation with no errors
-**Linter** - 0 errors, 5 acceptable warnings (complexity, params)
-**Code size** - Net reduction: -40 lines (more features, less code)
## [0.9.0] - 2025-11-26
### Added
- 🏛️ **Anemic Model Detection** - NEW feature to detect anemic domain models lacking business logic:
- Detects entities with only getters/setters (violates DDD principles)
- Identifies classes with public setters (breaks encapsulation)
- Analyzes method-to-property ratio to find data-heavy, logic-light classes
- Provides detailed suggestions: add business methods, move logic from services, encapsulate invariants
- New `AnemicModelDetector` infrastructure component
- New `AnemicModelViolation` value object with rich example fixes
- New `IAnemicModelDetector` domain interface
- Integrated into CLI with detailed violation reports
- 12 comprehensive tests for anemic model detection
- 📦 **New shared constants** - Centralized constants for better code maintainability:
- `CLASS_KEYWORDS` - TypeScript class and method keywords (constructor, public, private, protected)
- `EXAMPLE_CODE_CONSTANTS` - Documentation example code strings (ORDER_STATUS_PENDING, ORDER_STATUS_APPROVED, CANNOT_APPROVE_ERROR)
- `ANEMIC_MODEL_MESSAGES` - 8 suggestion messages for fixing anemic models
- 📚 **Example files** - Added DDD examples demonstrating anemic vs rich domain models:
- `examples/bad/domain/entities/anemic-model-only-getters-setters.ts`
- `examples/bad/domain/entities/anemic-model-public-setters.ts`
- `examples/good-architecture/domain/entities/Customer.ts`
- `examples/good-architecture/domain/entities/Order.ts`
### Changed
- ♻️ **Refactored hardcoded values** - Extracted all remaining hardcoded values to centralized constants:
- Updated `AnemicModelDetector.ts` to use `CLASS_KEYWORDS` constants
- Updated `AnemicModelViolation.ts` to use `EXAMPLE_CODE_CONSTANTS` for example fix strings
- Replaced local constants with shared constants from `shared/constants`
- Improved code maintainability and consistency
- 🎯 **Enhanced violation detection pipeline** - Added anemic model detection to `ExecuteDetection.ts`
- 📊 **Updated API** - Added anemic model violations to response DTO
- 🔧 **CLI improvements** - Added anemic model section to output formatting
### Quality
-**Guardian self-check** - 0 issues (was 5) - 100% clean codebase
-**All tests pass** - 578/578 tests passing (added 12 new tests)
-**Build successful** - TypeScript compilation with no errors
-**Linter clean** - 0 errors, 3 acceptable warnings (complexity, params)
-**Format verified** - All files properly formatted with 4-space indentation
## [0.8.1] - 2025-11-25
### Fixed
- 🧹 **Code quality improvements** - Fixed all 63 hardcoded value issues detected by Guardian self-check:
- Fixed 1 CRITICAL: Removed hardcoded Slack token from documentation examples
- Fixed 1 HIGH: Removed aws-sdk framework leak from domain layer examples
- Fixed 4 MEDIUM: Renamed pipeline files to follow verb-noun convention
- Fixed 57 LOW: Extracted all magic strings to reusable constants
### Added
- 📦 **New constants file** - `domain/constants/SecretExamples.ts`:
- 32 secret keyword constants (AWS, GitHub, NPM, SSH, Slack, etc.)
- 15 secret type name constants
- 7 example secret values for documentation
- Regex patterns and encoding constants
### Changed
- ♻️ **Refactored pipeline naming** - Updated use case files to follow naming conventions:
- `DetectionPipeline.ts``ExecuteDetection.ts`
- `FileCollectionStep.ts``CollectFiles.ts`
- `ParsingStep.ts``ParseSourceFiles.ts`
- `ResultAggregator.ts``AggregateResults.ts`
- Added `Aggregate`, `Collect`, `Parse` to `USE_CASE_VERBS` list
- 🔧 **Updated 3 core files to use constants**:
- `SecretViolation.ts`: All secret examples use constants, `getSeverity()` returns `typeof SEVERITY_LEVELS.CRITICAL`
- `SecretDetector.ts`: All secret keywords use constants
- `MagicStringMatcher.ts`: Regex patterns extracted to constants
- 📝 **Test updates** - Updated 2 tests to match new example fix messages
### Quality
-**Guardian self-check** - 0 issues (was 63) - 100% clean codebase
-**All tests pass** - 566/566 tests passing
-**Build successful** - TypeScript compilation with no errors
-**Linter clean** - 0 errors, 2 acceptable warnings (complexity, params)
-**Format verified** - All files properly formatted with 4-space indentation
## [0.8.0] - 2025-11-25
### Added
- 🔐 **Secret Detection** - NEW CRITICAL security feature using industry-standard Secretlint:
- Detects 350+ types of hardcoded secrets (AWS keys, GitHub tokens, NPM tokens, SSH keys, API keys, etc.)
- All secrets marked as **CRITICAL severity** for immediate attention
- Context-aware remediation suggestions for each secret type
- Integrated seamlessly with existing detectors
- New `SecretDetector` infrastructure component using `@secretlint/node`
- New `SecretViolation` value object with rich examples
- New `ISecretDetector` domain interface
- CLI output with "🔐 Found X hardcoded secrets - CRITICAL SECURITY RISK" section
- Added dependencies: `@secretlint/node`, `@secretlint/core`, `@secretlint/types`, `@secretlint/secretlint-rule-preset-recommend`
### Changed
- 🔄 **Pipeline async support** - `DetectionPipeline.execute()` now async for secret detection
- 📊 **Test suite expanded** - Added 47 new tests (23 for SecretViolation, 24 for SecretDetector)
- Total: 566 tests (was 519), 100% pass rate
- Coverage: 93.3% statements, 83.74% branches, 98.17% functions
- SecretViolation: 100% coverage
- 📝 **Documentation updated**:
- README.md: Added Secret Detection section with examples
- ROADMAP.md: Marked v0.8.0 as released
- Updated package description to mention secrets detection
### Security
- 🛡️ **Prevents credentials in version control** - catches AWS, GitHub, NPM, SSH, Slack, GCP secrets before commit
- ⚠️ **CRITICAL violations** - all hardcoded secrets immediately flagged with highest severity
- 💡 **Smart remediation** - provides specific guidance per secret type (environment variables, secret managers, etc.)
## [0.7.9] - 2025-11-25
### Changed
- ♻️ **Refactored large detectors** - significantly improved maintainability and reduced complexity:
- **AggregateBoundaryDetector**: Reduced from 381 to 162 lines (57% reduction)
- **HardcodeDetector**: Reduced from 459 to 89 lines (81% reduction)
- **RepositoryPatternDetector**: Reduced from 479 to 106 lines (78% reduction)
- Extracted 13 focused strategy classes for single responsibilities
- All 519 tests pass, no breaking changes
- Zero ESLint errors (1 pre-existing warning unrelated to refactoring)
- Improved code organization and separation of concerns
### Added
- 🏗️ **13 new strategy classes** for focused responsibilities:
- `FolderRegistry` - Centralized DDD folder name management
- `AggregatePathAnalyzer` - Path parsing and aggregate extraction
- `ImportValidator` - Import validation logic
- `BraceTracker` - Brace and bracket counting
- `ConstantsFileChecker` - Constants file detection
- `ExportConstantAnalyzer` - Export const analysis
- `MagicNumberMatcher` - Magic number detection
- `MagicStringMatcher` - Magic string detection
- `OrmTypeMatcher` - ORM type matching
- `MethodNameValidator` - Repository method validation
- `RepositoryFileAnalyzer` - File role detection
- `RepositoryViolationDetector` - Violation detection logic
- Enhanced testability with smaller, focused classes
### Improved
- 📊 **Code quality metrics**:
- Reduced cyclomatic complexity across all three detectors
- Better separation of concerns with strategy pattern
- More maintainable and extensible codebase
- Easier to add new detection patterns
- Improved code readability and self-documentation
## [0.7.8] - 2025-11-25
### Added
- 🧪 **Comprehensive E2E test suite** - full pipeline and CLI integration tests:
- Added `tests/e2e/AnalyzeProject.e2e.test.ts` - 21 tests for full analysis pipeline
- Added `tests/e2e/CLI.e2e.test.ts` - 22 tests for CLI command execution and output
- Added `tests/e2e/JSONOutput.e2e.test.ts` - 19 tests for JSON structure validation
- Total of 62 new E2E tests covering all major use cases
- Tests validate `examples/good-architecture/` returns zero violations
- Tests validate `examples/bad/` detects specific violations
- CLI smoke tests with process spawning and output verification
- JSON serialization and structure validation for all violation types
- Total test count increased from 457 to 519 tests
- **100% test pass rate achieved** 🎉 (519/519 tests passing)
### Changed
- 🔧 **Improved test robustness**:
- E2E tests handle exit codes gracefully (CLI exits with non-zero when violations found)
- Added helper function `runCLI()` for consistent error handling
- Made validation tests conditional for better reliability
- Fixed metrics structure assertions to match actual implementation
- Enhanced error handling in CLI process spawning tests
### Fixed
- 🐛 **Test reliability improvements**:
- Fixed CLI tests expecting zero exit codes when violations present
- Updated metrics assertions to use correct field names (totalFiles, totalFunctions, totalImports, layerDistribution)
- Corrected violation structure property names in E2E tests
- Made bad example tests conditional to handle empty results gracefully
## [0.7.7] - 2025-11-25
### Added
- 🧪 **Comprehensive test coverage for under-tested domain files**:
- Added 31 tests for `SourceFile.ts` - coverage improved from 46% to 100%
- Added 31 tests for `ProjectPath.ts` - coverage improved from 50% to 100%
- Added 18 tests for `ValueObject.ts` - coverage improved from 25% to 100%
- Added 32 tests for `RepositoryViolation.ts` - coverage improved from 58% to 92.68%
- Total test count increased from 345 to 457 tests
- Overall coverage improved to 95.4% statements, 86.25% branches, 96.68% functions
- All tests pass with no breaking changes
### Changed
- 📊 **Improved code quality and maintainability**:
- Enhanced test suite for core domain entities and value objects
- Better coverage of edge cases and error handling
- Increased confidence in domain layer correctness
## [0.7.6] - 2025-11-25
### Changed
- ♻️ **Refactored CLI module** - improved maintainability and separation of concerns:
- Split 484-line `cli/index.ts` into focused modules
- Created `cli/groupers/ViolationGrouper.ts` for severity grouping and filtering (29 lines)
- Created `cli/formatters/OutputFormatter.ts` for violation formatting (190 lines)
- Created `cli/formatters/StatisticsFormatter.ts` for metrics and summary (58 lines)
- Reduced `cli/index.ts` from 484 to 260 lines (46% reduction)
- All 345 tests pass, CLI output identical to before
- No breaking changes
## [0.7.5] - 2025-11-25
### Changed

46
packages/guardian/README.md
View File

@@ -72,14 +72,41 @@ Code quality guardian for vibe coders and enterprise teams - because AI writes f
- Prevents "new Repository()" anti-pattern
- 📚 *Based on: Martin Fowler's Repository Pattern, DDD (Evans 2003)* → [Why?](./docs/WHY.md#repository-pattern)
🔒 **Aggregate Boundary Validation** ✨ NEW
🔒 **Aggregate Boundary Validation**
- Detects direct entity references across DDD aggregates
- Enforces reference-by-ID or Value Object pattern
- Prevents tight coupling between aggregates
- Supports multiple folder structures (domain/aggregates/*, domain/*, domain/entities/*)
- Filters allowed imports (value-objects, events, repositories, services)
- Critical severity for maintaining aggregate independence
- 📚 *Based on: Domain-Driven Design (Evans 2003), Implementing DDD (Vernon 2013)* → [Why?](./docs/WHY.md#aggregate-boundaries)
- 📚 *Based on: Domain-Driven Design (Evans 2003), Implementing DDD (Vernon 2013)* → [Why?](./docs/WHY.md#aggregate-boundary-validation)
🔐 **Secret Detection** ✨ NEW in v0.8.0
- Detects 350+ types of hardcoded secrets using industry-standard Secretlint
- Catches AWS keys, GitHub tokens, NPM tokens, SSH keys, API keys, and more
- All secrets marked as **CRITICAL severity** - immediate security risk
- Context-aware remediation suggestions for each secret type
- Prevents credentials from reaching version control
- Integrates seamlessly with existing detectors
- 📚 *Based on: OWASP Secrets Management, GitHub Secret Scanning (350+ patterns), security standards* → [Why?](./docs/WHY.md#secret-detection)
🩺 **Anemic Domain Model Detection** ✨ NEW in v0.9.0
- Detects entities with only getters/setters (data bags without behavior)
- Identifies public setters anti-pattern in domain entities
- Calculates methods-to-properties ratio for behavioral analysis
- Enforces rich domain models over anemic models
- Suggests moving business logic from services to entities
- Medium severity - architectural code smell
- 📚 *Based on: Martin Fowler's "Anemic Domain Model" (2003), DDD (Evans 2003), Transaction Script vs Domain Model patterns* → [Why?](./docs/WHY.md#anemic-domain-model-detection)
🎯 **Severity-Based Prioritization**
- Automatic sorting by severity: CRITICAL → HIGH → MEDIUM → LOW
- Filter by severity level: `--only-critical` or `--min-severity high`
- Focus on what matters most: secrets and circular dependencies first
- Visual severity indicators with color-coded labels (🔴🟠🟡🟢)
- Smart categorization based on impact to production
- Enables gradual technical debt reduction
- 📚 *Based on: SonarQube severity classification, IEEE/ScienceDirect research on Technical Debt prioritization* → [Why?](./docs/WHY.md#severity-based-prioritization)
🏗️ **Clean Architecture Enforcement**
- Built with DDD principles
@@ -366,6 +393,15 @@ const result = await analyzeProject({
})
console.log(`Found ${result.hardcodeViolations.length} hardcoded values`)
console.log(`Found ${result.secretViolations.length} hardcoded secrets 🔐`)
// Check for critical security issues first!
result.secretViolations.forEach((violation) => {
console.log(`🔐 CRITICAL: ${violation.file}:${violation.line}`)
console.log(` Secret Type: ${violation.secretType}`)
console.log(` ${violation.message}`)
console.log(` ⚠️ Rotate this secret immediately!`)
})
result.hardcodeViolations.forEach((violation) => {
console.log(`${violation.file}:${violation.line}`)
@@ -394,9 +430,9 @@ npx @samiyev/guardian check ./src --verbose
npx @samiyev/guardian check ./src --no-hardcode # Skip hardcode detection
npx @samiyev/guardian check ./src --no-architecture # Skip architecture checks
# Filter by severity
npx @samiyev/guardian check ./src --min-severity high # Show high, critical only
npx @samiyev/guardian check ./src --only-critical # Show only critical issues
# Filter by severity (perfect for finding secrets first!)
npx @samiyev/guardian check ./src --only-critical # Show only critical issues (secrets, circular deps)
npx @samiyev/guardian check ./src --min-severity high # Show high and critical only
# Limit detailed output (useful for large codebases)
npx @samiyev/guardian check ./src --limit 10 # Show first 10 violations per category

135
packages/guardian/ROADMAP.md
View File

@@ -2,7 +2,20 @@
This document outlines the current features and future plans for @puaros/guardian.
## Current Version: 0.7.5 ✅ RELEASED
## Current Version: 0.9.0 ✅ RELEASED
**Released:** 2025-11-26
### What's New in 0.9.0
- 🏛️ **Anemic Model Detection** - NEW feature to detect anemic domain models lacking business logic
-**100% clean codebase** - Guardian now passes its own self-check with 0 issues
- 📦 **New shared constants** - Added CLASS_KEYWORDS and EXAMPLE_CODE_CONSTANTS
-**All 578 tests passing** - Added 12 new tests for anemic model detection
---
## Previous Version: 0.8.1 ✅ RELEASED
**Released:** 2025-11-25
@@ -333,100 +346,128 @@ application/use-cases/
---
### Version 0.7.6 - Refactor CLI Module 🔧
### Version 0.7.6 - Refactor CLI Module 🔧 ✅ RELEASED
**Released:** 2025-11-25
**Priority:** MEDIUM
**Scope:** Single session (~128K tokens)
Split `cli/index.ts` (470 lines) into focused formatters.
Split `cli/index.ts` (484 lines) into focused formatters.
**Problem:**
- CLI file has 470 lines
- CLI file has 484 lines
- Mixing: command setup, formatting, grouping, statistics
**Solution:**
```
cli/
├── index.ts # Commands only (~100 lines)
├── index.ts # Commands only (260 lines)
├── formatters/
│ ├── OutputFormatter.ts # Violation formatting
│ └── StatisticsFormatter.ts
│ ├── OutputFormatter.ts # Violation formatting (190 lines)
│ └── StatisticsFormatter.ts # Metrics & summary (58 lines)
├── groupers/
│ └── ViolationGrouper.ts # Sorting & grouping
│ └── ViolationGrouper.ts # Sorting & grouping (29 lines)
```
**Deliverables:**
- [ ] Extract formatters and groupers
- [ ] Reduce `cli/index.ts` to ~100-150 lines
- [ ] CLI output identical to before
- [ ] Publish to npm
- Extract formatters and groupers
- Reduce `cli/index.ts` from 484 to 260 lines (46% reduction)
- CLI output identical to before
- ✅ All 345 tests pass, no breaking changes
- ✅ Publish to npm
---
### Version 0.7.7 - Improve Test Coverage 🧪
### Version 0.7.7 - Improve Test Coverage 🧪 ✅ RELEASED
**Released:** 2025-11-25
**Priority:** MEDIUM
**Scope:** Single session (~128K tokens)
Increase coverage for under-tested domain files.
**Current State:**
| File | Coverage |
|------|----------|
| SourceFile.ts | 46% |
| ProjectPath.ts | 50% |
| ValueObject.ts | 25% |
| RepositoryViolation.ts | 58% |
**Results:**
| File | Before | After |
|------|--------|-------|
| SourceFile.ts | 46% | 100% ✅ |
| ProjectPath.ts | 50% | 100% ✅ |
| ValueObject.ts | 25% | 100% ✅ |
| RepositoryViolation.ts | 58% | 92.68% ✅ |
**Deliverables:**
- [ ] SourceFile.ts → 80%+
- [ ] ProjectPath.ts → 80%+
- [ ] ValueObject.ts → 80%+
- [ ] RepositoryViolation.ts → 80%+
- [ ] Publish to npm
- SourceFile.ts → 100% (31 tests)
- ProjectPath.ts → 100% (31 tests)
- ValueObject.ts → 100% (18 tests)
- RepositoryViolation.ts → 92.68% (32 tests)
- ✅ All 457 tests passing
- ✅ Overall coverage: 95.4% statements, 86.25% branches, 96.68% functions
- ✅ Publish to npm
---
### Version 0.7.8 - Add E2E Tests 🧪
### Version 0.7.8 - Add E2E Tests 🧪 ✅ RELEASED
**Released:** 2025-11-25
**Priority:** MEDIUM
**Scope:** Single session (~128K tokens)
Add integration tests for full pipeline and CLI.
**Deliverables:**
- [ ] E2E test: `AnalyzeProject` full pipeline
- [ ] CLI smoke test (spawn process, check output)
- [ ] Test `examples/good-architecture/` → 0 violations
- [ ] Test `examples/bad/` → specific violations
- [ ] Test JSON output format
- [ ] Publish to npm
- E2E test: `AnalyzeProject` full pipeline (21 tests)
- CLI smoke test (spawn process, check output) (22 tests)
- Test `examples/good-architecture/` → 0 violations
- Test `examples/bad/` → specific violations
- Test JSON output format (19 tests)
- ✅ 519 total tests (519 passing, **100% pass rate** 🎉)
- ✅ Comprehensive E2E coverage for API and CLI
- ✅ 3 new E2E test files with full pipeline coverage
- ✅ Publish to npm
---
### Version 0.7.9 - Refactor Large Detectors 🔧 (Optional)
### Version 0.7.9 - Refactor Large Detectors 🔧 ✅ RELEASED
**Released:** 2025-11-25
**Priority:** LOW
**Scope:** Single session (~128K tokens)
Refactor largest detectors to reduce complexity.
Refactored largest detectors to reduce complexity and improve maintainability.
**Targets:**
| Detector | Lines | Complexity |
|----------|-------|------------|
| RepositoryPatternDetector | 479 | 35 |
| HardcodeDetector | 459 | 41 |
| AggregateBoundaryDetector | 381 | 47 |
**Results:**
| Detector | Before | After | Reduction |
|----------|--------|-------|-----------|
| AggregateBoundaryDetector | 381 lines | 162 lines | 57% ✅ |
| HardcodeDetector | 459 lines | 89 lines | 81% ✅ |
| RepositoryPatternDetector | 479 lines | 106 lines | 78% ✅ |
**Deliverables:**
- [ ] Extract regex patterns into strategies
- [ ] Reduce cyclomatic complexity < 25
- [ ] Publish to npm
**Implemented Features:**
- Extracted 13 strategy classes for focused responsibilities
- ✅ Reduced file sizes by 57-81%
- ✅ Improved code organization and maintainability
- ✅ All 519 tests passing
- ✅ Zero ESLint errors, 1 pre-existing warning
- ✅ No breaking changes
**New Strategy Classes:**
- `FolderRegistry` - Centralized DDD folder name management
- `AggregatePathAnalyzer` - Path parsing and aggregate extraction
- `ImportValidator` - Import validation logic
- `BraceTracker` - Brace and bracket counting
- `ConstantsFileChecker` - Constants file detection
- `ExportConstantAnalyzer` - Export const analysis
- `MagicNumberMatcher` - Magic number detection
- `MagicStringMatcher` - Magic string detection
- `OrmTypeMatcher` - ORM type matching
- `MethodNameValidator` - Repository method validation
- `RepositoryFileAnalyzer` - File role detection
- `RepositoryViolationDetector` - Violation detection logic
---
### Version 0.8.0 - Secret Detection 🔐
**Target:** Q1 2025
### Version 0.8.0 - Secret Detection 🔐 ✅ RELEASED
**Released:** 2025-11-25
**Priority:** CRITICAL
Detect hardcoded secrets (API keys, tokens, credentials) using industry-standard Secretlint library.
@@ -2072,4 +2113,4 @@ Until we reach 1.0.0, minor version bumps (0.x.0) may include breaking changes a
---
**Last Updated:** 2025-11-25
**Current Version:** 0.7.4
**Current Version:** 0.7.7

314
packages/guardian/docs/RESEARCH_CITATIONS.md
View File

@@ -16,6 +16,10 @@ This document provides authoritative sources, academic papers, industry standard
8. [General Software Quality Standards](#8-general-software-quality-standards)
9. [Code Complexity Metrics](#9-code-complexity-metrics)
10. [Additional Authoritative Sources](#10-additional-authoritative-sources)
11. [Anemic Domain Model Detection](#11-anemic-domain-model-detection)
12. [Aggregate Boundary Validation (DDD Tactical Patterns)](#12-aggregate-boundary-validation-ddd-tactical-patterns)
13. [Secret Detection & Security](#13-secret-detection--security)
14. [Severity-Based Prioritization & Technical Debt](#14-severity-based-prioritization--technical-debt)
---
@@ -503,22 +507,318 @@ This document provides authoritative sources, academic papers, industry standard
---
## 11. Anemic Domain Model Detection
### Martin Fowler's Original Blog Post (2003)
**Blog Post: "Anemic Domain Model"** (November 25, 2003)
- Author: Martin Fowler
- Published: November 25, 2003
- Described as an anti-pattern related to domain driven design and application architecture
- Basic symptom: domain objects have hardly any behavior, making them little more than bags of getters and setters
- Reference: [Martin Fowler - Anemic Domain Model](https://martinfowler.com/bliki/AnemicDomainModel.html)
**Key Problems Identified:**
- "The basic symptom of an Anemic Domain Model is that at first blush it looks like the real thing"
- "There are objects, many named after the nouns in the domain space, and these objects are connected with the rich relationships and structure that true domain models have"
- "The catch comes when you look at the behavior, and you realize that there is hardly any behavior on these objects"
- "This is contrary to the basic idea of object-oriented design; which is to combine data and process together"
**Why It's an Anti-pattern:**
- Fowler argues that anemic domain models incur all of the costs of a domain model, without yielding any of the benefits
- The logic that should be in a domain object is domain logic - validations, calculations, business rules
- Separating data from behavior violates core OOP principles
- Reference: [Wikipedia - Anemic Domain Model](https://en.wikipedia.org/wiki/Anemic_domain_model)
### Rich Domain Model vs Transaction Script
**Martin Fowler: Transaction Script Pattern**
- Transaction Script organizes business logic by procedures where each procedure handles a single request
- Good for simple logic with not-null checks and basic calculations
- Reference: [Martin Fowler - Transaction Script](https://martinfowler.com/eaaCatalog/transactionScript.html)
**When to Use Rich Domain Model:**
- If you have complicated and everchanging business rules involving validation, calculations, and derivations
- Object model handles complex domain logic better than procedural scripts
- Reference: [InformIT - Domain Logic Patterns](https://www.informit.com/articles/article.aspx?p=1398617&seqNum=2)
**Comparison:**
- Transaction Script is better for simple logic
- Domain Model is better when things get complicated with complex business rules
- You can refactor from Transaction Script to Domain Model, but it's a harder change
- Reference: [Medium - Transaction Script vs Domain Model](https://medium.com/@vibstudio_7040/transaction-script-active-record-and-domain-model-the-good-the-bad-and-the-ugly-c5b80a733305)
### Domain-Driven Design Context
**Eric Evans: Domain-Driven Design** (2003)
- Entities should have both identity and behavior
- Rich domain models place business logic within domain entities
- Anemic models violate DDD principles by separating data from behavior
- Reference: Already covered in Section 10 - [Domain-Driven Design Book](#domain-driven-design)
**Community Discussion:**
- Some argue anemic models can follow SOLID design principles
- However, consensus among DDD practitioners aligns with Fowler's anti-pattern view
- Reference: [Stack Overflow - Anemic Domain Model Anti-Pattern](https://stackoverflow.com/questions/6293981/concrete-examples-on-why-the-anemic-domain-model-is-considered-an-anti-pattern)
---
## 12. Aggregate Boundary Validation (DDD Tactical Patterns)
### Eric Evans: Domain-Driven Design (2003)
**Original Book Definition:**
- Aggregate: "A cluster of associated objects that we treat as a unit for the purpose of data changes"
- An aggregate defines a consistency boundary around one or more entities
- Exactly one entity in an aggregate is the root
- Reference: [Microsoft Learn - Tactical DDD](https://learn.microsoft.com/en-us/azure/architecture/microservices/model/tactical-ddd)
**DDD Reference Document** (2015)
- Official Domain-Driven Design Reference by Eric Evans
- Contains comprehensive definitions of Aggregates and boundaries
- Reference: [Domain Language - DDD Reference PDF](https://www.domainlanguage.com/wp-content/uploads/2016/05/DDD_Reference_2015-03.pdf)
### Vaughn Vernon: Implementing Domain-Driven Design (2013)
**Chapter 10: Aggregates** (Page 347)
- Author: Vaughn Vernon
- Publisher: Addison-Wesley
- ISBN: 978-0321834577
- Available at: [Amazon - Implementing DDD](https://www.amazon.com/Implementing-Domain-Driven-Design-Vaughn-Vernon/dp/0321834577)
**Key Rules from the Chapter:**
- **Rule: Model True Invariants in Consistency Boundaries**
- **Rule: Design Small Aggregates**
- **Rule: Reference Other Aggregates by Identity**
- **Rule: Use Eventual Consistency Outside the Boundary**
**Effective Aggregate Design Series:**
- Three-part essay series by Vaughn Vernon
- Available as downloadable PDFs
- Licensed under Creative Commons Attribution-NoDerivs 3.0
- Reference: [Kalele - Effective Aggregate Design](https://kalele.io/effective-aggregate-design/)
**Appendix A: Aggregates and Event Sourcing:**
- Additional coverage of aggregate patterns
- Practical implementation guidance
- Reference: Available in the book
### Tactical DDD Patterns
**Microsoft Azure Architecture Center:**
- "Using tactical DDD to design microservices"
- Official Microsoft documentation on aggregate boundaries
- Comprehensive guide for microservices architecture
- Reference: [Microsoft Learn - Tactical DDD](https://learn.microsoft.com/en-us/azure/architecture/microservices/model/tactical-ddd)
**SOCADK Design Practice Repository:**
- Summaries of artifacts, templates, and techniques for tactical DDD
- Practical examples of aggregate boundary enforcement
- Reference: [SOCADK - Tactical DDD](https://socadk.github.io/design-practice-repository/activities/DPR-TacticDDD.html)
### Why Aggregate Boundaries Matter
**Transactional Boundary:**
- What makes it an aggregate is the transactional boundary
- Changes to aggregate must be atomic
- Ensures consistency within the boundary
- Reference: [Medium - Mastering Aggregate Design](https://medium.com/ssense-tech/ddd-beyond-the-basics-mastering-aggregate-design-26591e218c8c)
**Cross-Aggregate References:**
- Aggregates should only reference other aggregates by ID, not direct entity references
- Prevents tight coupling between aggregates
- Maintains clear boundaries
- Reference: [Lev Gorodinski - Two Sides of DDD](http://gorodinski.com/blog/2013/03/11/the-two-sides-of-domain-driven-design/)
---
## 13. Secret Detection & Security
### OWASP Standards
**OWASP Secrets Management Cheat Sheet**
- Official OWASP best practices and guidelines for secrets management
- Comprehensive coverage of hardcoded credentials risks
- Reference: [OWASP - Secrets Management](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
**OWASP DevSecOps Guideline**
- Section on Secrets Management (v-0.2)
- Integration with CI/CD pipelines
- Reference: [OWASP - DevSecOps Secrets](https://owasp.org/www-project-devsecops-guideline/latest/01a-Secrets-Management)
**OWASP Password Management: Hardcoded Password**
- Vulnerability documentation on hardcoded passwords
- "It is never a good idea to hardcode a password"
- Makes fixing the problem extremely difficult
- Reference: [OWASP - Hardcoded Password Vulnerability](https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password)
### Key Security Principles
**Don't Hardcode Secrets:**
- Secrets should not be hardcoded
- Should not be unencrypted
- Should not be stored in source code
- Reference: [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
**Centralized Management:**
- Growing need to centralize storage, provisioning, auditing, rotation, and management of secrets
- Control access and prevent secrets from leaking
- Use purpose-built tools for encryption-at-rest
- Reference: [OWASP SAMM - Secret Management](https://owaspsamm.org/model/implementation/secure-deployment/stream-b/)
**Prevention Tools:**
- Use pre-commit hooks to prevent secrets from entering codebase
- Automated scanning in CI/CD pipelines
- Reference: [GitHub OWASP Secrets Management](https://github.com/dominikdesmit/owasp-secrets-management)
### GitHub Secret Scanning
**Official GitHub Documentation:**
- About Secret Scanning: Automated detection of secrets in repositories
- Scans for patterns and heuristics matching known types of secrets
- Reference: [GitHub Docs - Secret Scanning](https://docs.github.com/code-security/secret-scanning/about-secret-scanning)
**How It Works:**
- Automatically scans repository contents for sensitive data (API keys, passwords, tokens)
- Scans commits, issues, and pull requests continuously
- Real-time alerts to repository administrators
- Reference: [GitHub Docs - Keeping Secrets Secure](https://docs.github.com/en/code-security/secret-scanning)
**AI-Powered Detection:**
- Copilot Secret Scanning uses large language models (LLMs)
- Identifies unstructured secrets (generic passwords) in source code
- Enhances detection beyond pattern matching
- Reference: [GitHub Docs - Copilot Secret Scanning](https://docs.github.com/en/code-security/secret-scanning/copilot-secret-scanning)
**Supported Patterns:**
- 350+ secret patterns detected
- AWS, GitHub, NPM, SSH, GCP, Slack, Basic Auth, JWT tokens
- Reference: [GitHub Docs - Supported Patterns](https://docs.github.com/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)
### Mobile Security
**OWASP Mobile Security:**
- "Secrets security is the most important issue for mobile applications"
- Only safe way: keep secrets off the client side entirely
- Move sensitive information to backend
- Reference: [GitGuardian - OWASP Top 10 Mobile](https://blog.gitguardian.com/owasp-top-10-for-mobile-secrets/)
### Third-Party Tools
**GitGuardian:**
- Secrets security and non-human identity governance
- Enterprise-grade secret detection
- Reference: [GitGuardian Official Site](https://www.gitguardian.com/)
**Yelp detect-secrets:**
- Open-source enterprise-friendly secret detection
- Prevent secrets in code
- Reference: [GitHub - Yelp detect-secrets](https://github.com/Yelp/detect-secrets)
---
## 14. Severity-Based Prioritization & Technical Debt
### Academic Research on Technical Debt Prioritization
**Systematic Literature Review** (2020)
- Title: "A systematic literature review on Technical Debt prioritization"
- Analyzed 557 unique papers, included 44 primary studies
- Finding: "Technical Debt prioritization research is preliminary and there is no consensus on what the important factors are and how to measure them"
- Reference: [ScienceDirect - TD Prioritization](https://www.sciencedirect.com/science/article/pii/S016412122030220X)
**IEEE Conference Paper** (2021)
- Title: "Technical Debt Prioritization: Taxonomy, Methods Results, and Practical Characteristics"
- Systematic mapping review of 112 studies, resulting in 51 unique papers
- Classified methods in two-level taxonomy with 10 categories
- Reference: [IEEE Xplore - TD Prioritization](https://ieeexplore.ieee.org/document/9582595/)
**Identifying Severity of Technical Debt** (2023)
- Journal: Software Quality Journal
- Title: "Identifying the severity of technical debt issues based on semantic and structural information"
- Problem: "Existing studies mainly focus on detecting TD through source code or comments but usually ignore the severity degree of TD issues"
- Proposed approach combining semantic and structural information
- Reference: [Springer - TD Severity](https://link.springer.com/article/10.1007/s11219-023-09651-3)
### SonarQube Severity Classification
**Current Severity Levels** (SonarQube 10.2+)
- Severity levels: **info, low, medium, high, and blocker**
- Reference: [SonarQube Docs - Metrics Definition](https://docs.sonarsource.com/sonarqube-server/user-guide/code-metrics/metrics-definition)
**High/Blocker Severity:**
- An issue with significant probability of severe unintended consequences
- Should be fixed immediately
- Includes bugs leading to production crashes
- Security flaws allowing attackers to extract sensitive data or execute malicious code
- Reference: [SonarQube Docs - Metrics](https://docs.sonarsource.com/sonarqube-server/10.8/user-guide/code-metrics/metrics-definition)
**Medium Severity:**
- Quality flaw that can highly impact developer's productivity
- Uncovered code, duplicated blocks, unused parameters
- Reference: [SonarQube Documentation](https://docs.sonarsource.com/sonarqube-server/10.8/user-guide/code-metrics/metrics-definition)
**Low Severity:**
- Quality flaw with slight impact on developer productivity
- Lines too long, switch statements with few cases
- Reference: [SonarQube Documentation](https://docs.sonarsource.com/sonarqube-server/10.8/user-guide/code-metrics/metrics-definition)
**Info Severity:**
- No expected impact on application
- Informational purposes only
- Reference: [SonarQube Documentation](https://docs.sonarsource.com/sonarqube-server/10.8/user-guide/code-metrics/metrics-definition)
### Legacy SonarQube Classification (pre-10.2)
**Five Severity Levels:**
- **BLOCKER**: Bug with high probability to impact behavior in production (memory leak, unclosed JDBC connection)
- **CRITICAL**: Bug with low probability to impact production behavior OR security flaw (empty catch block, SQL injection)
- **MAJOR**: Quality flaw highly impacting developer productivity (uncovered code, duplicated blocks, unused parameters)
- **MINOR**: Quality flaw slightly impacting developer productivity (lines too long, switch statements < 3 cases)
- **INFO**: Informational only
- Reference: [SonarQube Community - Severity Categories](https://community.sonarsource.com/t/sonarqube-severity-categories/115287)
### Research on Impact and Effectiveness
**Empirical Study** (2020)
- Title: "Some SonarQube issues have a significant but small effect on faults and changes"
- Published in: ScienceDirect (Information and Software Technology)
- Large-scale empirical study on SonarQube issue impact
- Reference: [ScienceDirect - SonarQube Issues](https://www.sciencedirect.com/science/article/abs/pii/S0164121220301734)
**Machine Learning for Prioritization** (2024)
- Recent approaches: "Development teams could integrate models into CI/CD pipelines"
- Automatically flag potential TD issues during code reviews
- Prioritize based on severity
- Reference: [arXiv - Technical Debt Management](https://arxiv.org/html/2403.06484v1)
### Multiple-Case Study
**Aligning TD with Business Objectives** (2018)
- Title: "Aligning Technical Debt Prioritization with Business Objectives: A Multiple-Case Study"
- Demonstrates importance of priority-based technical debt management
- Reference: [ResearchGate - TD Business Alignment](https://www.researchgate.net/publication/328903587_Aligning_Technical_Debt_Prioritization_with_Business_Objectives_A_Multiple-Case_Study)
---
## Conclusion
The code quality detection rules implemented in Guardian are firmly grounded in:
1. **Academic Research**: Peer-reviewed papers on software maintainability, complexity metrics, and code quality
2. **Industry Standards**: ISO/IEC 25010, SonarQube rules, Google and Airbnb style guides
1. **Academic Research**: Peer-reviewed papers on software maintainability, complexity metrics, code quality, technical debt prioritization, and severity classification
2. **Industry Standards**: ISO/IEC 25010, SonarQube rules, OWASP security guidelines, Google and Airbnb style guides
3. **Authoritative Books**:
- Robert C. Martin's "Clean Architecture" (2017)
- Vaughn Vernon's "Implementing Domain-Driven Design" (2013)
- Eric Evans' "Domain-Driven Design" (2003)
- Martin Fowler's "Patterns of Enterprise Application Architecture" (2002)
- Martin Fowler's "Refactoring" (1999, 2018)
- Steve McConnell's "Code Complete" (1993, 2004)
4. **Expert Guidance**: Martin Fowler, Robert C. Martin (Uncle Bob), Eric Evans, Alistair Cockburn, Kent Beck
5. **Open Source Tools**: ArchUnit, SonarQube, ESLint - widely adopted in enterprise environments
4. **Expert Guidance**: Martin Fowler, Robert C. Martin (Uncle Bob), Eric Evans, Vaughn Vernon, Alistair Cockburn, Kent Beck
5. **Security Standards**: OWASP Secrets Management, GitHub Secret Scanning, GitGuardian best practices
6. **Open Source Tools**: ArchUnit, SonarQube, ESLint, Secretlint - widely adopted in enterprise environments
These rules represent decades of software engineering wisdom, empirical research, and battle-tested practices from the world's leading software organizations and thought leaders.
These rules represent decades of software engineering wisdom, empirical research, security best practices, and battle-tested practices from the world's leading software organizations and thought leaders.
---
@@ -545,8 +845,8 @@ These rules represent decades of software engineering wisdom, empirical research
---
**Document Version**: 1.0
**Last Updated**: 2025-11-24
**Document Version**: 1.1
**Last Updated**: 2025-11-26
**Questions or want to contribute research?**
- 📧 Email: fozilbek.samiyev@gmail.com
- 🐙 GitHub: https://github.com/samiyev/puaros/issues

207
packages/guardian/docs/WHY.md
View File

@@ -10,6 +10,10 @@ Guardian's detection rules are not invented - they're based on decades of softwa
- [Entity Exposure](#entity-exposure)
- [Repository Pattern](#repository-pattern)
- [Naming Conventions](#naming-conventions)
- [Anemic Domain Model Detection](#anemic-domain-model-detection)
- [Aggregate Boundary Validation](#aggregate-boundary-validation)
- [Secret Detection](#secret-detection)
- [Severity-Based Prioritization](#severity-based-prioritization)
- [Full Research Citations](#full-research-citations)
---
@@ -319,6 +323,192 @@ Consistent naming:
---
## Anemic Domain Model Detection
### Why it matters
Anemic domain models violate core OOP principles:
-**No behavior** - Entities become data bags with only getters/setters
-**Logic in services** - Business logic scattered across service layers
-**Violates OOP** - Separates data from behavior
-**Higher complexity** - Loses benefits of domain modeling
### Who says so?
**Martin Fowler's Original Anti-Pattern:**
- **Blog Post: "Anemic Domain Model"** (November 25, 2003)
> "The basic symptom of an Anemic Domain Model is that at first blush it looks like the real thing. There are objects, many named after the nouns in the domain space... The catch comes when you look at the behavior, and you realize that there is hardly any behavior on these objects."
- Published over 20 years ago, still relevant today
- [Read Fowler's post](https://martinfowler.com/bliki/AnemicDomainModel.html)
**Why It's an Anti-pattern:**
> "This is contrary to the basic idea of object-oriented design; which is to combine data and process together."
- Incurs all costs of domain model without any benefits
- Logic should be in domain objects: validations, calculations, business rules
- [Wikipedia - Anemic Domain Model](https://en.wikipedia.org/wiki/Anemic_domain_model)
**Rich Domain Model vs Transaction Script:**
- **Transaction Script**: Good for simple logic (Fowler, 2002)
- **Rich Domain Model**: Better for complex, ever-changing business rules
- Can refactor from Transaction Script to Domain Model, but it's harder than starting right
- [Martin Fowler - Transaction Script](https://martinfowler.com/eaaCatalog/transactionScript.html)
**Domain-Driven Design Context:**
- **Eric Evans (2003)**: Entities should have both identity AND behavior
- Anemic models violate DDD by separating data from behavior
- [Stack Overflow discussion](https://stackoverflow.com/questions/6293981/concrete-examples-on-why-the-anemic-domain-model-is-considered-an-anti-pattern)
[Read full research →](./RESEARCH_CITATIONS.md#11-anemic-domain-model-detection)
---
## Aggregate Boundary Validation
### Why it matters
Proper aggregate boundaries ensure:
-**Consistency** - Atomic changes within boundaries
-**Low coupling** - Aggregates are loosely connected
-**Clear transactions** - One aggregate = one transaction
-**Maintainability** - Boundaries prevent complexity spread
### The Rules
**Vaughn Vernon's Four Rules (2013):**
1. **Model True Invariants in Consistency Boundaries**
2. **Design Small Aggregates**
3. **Reference Other Aggregates by Identity**
4. **Use Eventual Consistency Outside the Boundary**
### Who says so?
**Eric Evans: Domain-Driven Design (2003)**
- **Original Definition**:
> "A cluster of associated objects that we treat as a unit for the purpose of data changes"
- An aggregate defines a consistency boundary
- Exactly one entity is the aggregate root
- [Microsoft Learn - Tactical DDD](https://learn.microsoft.com/en-us/azure/architecture/microservices/model/tactical-ddd)
**Vaughn Vernon: Implementing Domain-Driven Design (2013)**
- **Chapter 10: Aggregates** (Page 347)
- ISBN: 978-0321834577
- Comprehensive rules for aggregate design
- Three-part essay series: "Effective Aggregate Design"
- [Available at Kalele](https://kalele.io/effective-aggregate-design/)
**Why Boundaries Matter:**
- **Transactional Boundary**: Changes must be atomic
- **Reference by ID**: No direct entity references across aggregates
- **Prevents tight coupling**: Maintains clear boundaries
- [Medium - Mastering Aggregate Design](https://medium.com/ssense-tech/ddd-beyond-the-basics-mastering-aggregate-design-26591e218c8c)
**Microsoft Azure Documentation:**
- Official guide for microservices architecture
- Comprehensive aggregate boundary patterns
- [Microsoft Learn - Tactical DDD](https://learn.microsoft.com/en-us/azure/architecture/microservices/model/tactical-ddd)
[Read full research →](./RESEARCH_CITATIONS.md#12-aggregate-boundary-validation-ddd-tactical-patterns)
---
## Secret Detection
### Why it matters
Hardcoded secrets create critical security risks:
- 🔴 **Data breaches** - Exposed credentials lead to unauthorized access
- 🔴 **Production incidents** - Leaked tokens cause service disruptions
- 🔴 **Compliance violations** - GDPR, PCI-DSS, SOC 2 requirements
- 🔴 **Impossible to rotate** - Secrets in code are difficult to change
### Who says so?
**OWASP Security Standards:**
- **OWASP Secrets Management Cheat Sheet**
> "Secrets should not be hardcoded, should not be unencrypted, and should not be stored in source code."
- Official best practices from OWASP Foundation
- [Read the cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
- **OWASP Hardcoded Password Vulnerability**
> "It is never a good idea to hardcode a password, as it allows all of the project's developers to view the password and makes fixing the problem extremely difficult."
- [OWASP Documentation](https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password)
**GitHub Secret Scanning:**
- **Official GitHub Documentation**
- Automatically scans 350+ secret patterns
- Detects AWS, GitHub, NPM, SSH, GCP, Slack tokens
- AI-powered detection with Copilot Secret Scanning
- [GitHub Docs](https://docs.github.com/code-security/secret-scanning/about-secret-scanning)
**Key Security Principles:**
- **Centralized Management**: Use purpose-built secret management tools
- **Prevention Tools**: Pre-commit hooks to prevent secrets entering codebase
- **Encryption at Rest**: Never store secrets in plaintext
- [OWASP SAMM - Secret Management](https://owaspsamm.org/model/implementation/secure-deployment/stream-b/)
**Mobile Security:**
- OWASP: "Secrets security is the most important issue for mobile applications"
- Only safe way: keep secrets off the client side entirely
- [GitGuardian - OWASP Top 10 Mobile](https://blog.gitguardian.com/owasp-top-10-for-mobile-secrets/)
[Read full research →](./RESEARCH_CITATIONS.md#13-secret-detection--security)
---
## Severity-Based Prioritization
### Why it matters
Severity classification enables:
-**Focus on critical issues** - Fix what matters most first
-**Reduced technical debt** - Prioritize based on impact
-**Better CI/CD integration** - Fail builds on critical issues only
-**Team efficiency** - Don't waste time on low-impact issues
### Who says so?
**Academic Research:**
- **Systematic Literature Review (2020)**
- Title: "A systematic literature review on Technical Debt prioritization"
- Analyzed 557 papers, included 44 primary studies
- Finding: Need for consensus on severity factors
- [ScienceDirect](https://www.sciencedirect.com/science/article/pii/S016412122030220X)
- **IEEE Conference Paper (2021)**
- "Technical Debt Prioritization: Taxonomy, Methods Results"
- Reviewed 112 studies
- Classified methods in 10 categories
- [IEEE Xplore](https://ieeexplore.ieee.org/document/9582595/)
- **Software Quality Journal (2023)**
- "Identifying the severity of technical debt issues"
- Problem: Most studies ignore severity degree
- Proposed semantic + structural approach
- [Springer](https://link.springer.com/article/10.1007/s11219-023-09651-3)
**SonarQube Industry Standard:**
- **Current Classification (10.2+)**:
- **Blocker/High**: Severe unintended consequences, fix immediately
- **Medium**: Impacts developer productivity
- **Low**: Slight impact on productivity
- **Info**: No expected impact
- [SonarQube Docs](https://docs.sonarsource.com/sonarqube-server/user-guide/code-metrics/metrics-definition)
**Real-World Impact:**
- Development teams integrate models into CI/CD pipelines
- Automatically flag potential TD issues during code reviews
- Prioritize based on severity
- [arXiv - Technical Debt Management](https://arxiv.org/html/2403.06484v1)
**Business Alignment:**
- "Aligning Technical Debt Prioritization with Business Objectives" (2018)
- Multiple-case study demonstrating importance
- [ResearchGate](https://www.researchgate.net/publication/328903587_Aligning_Technical_Debt_Prioritization_with_Business_Objectives_A_Multiple-Case_Study)
[Read full research →](./RESEARCH_CITATIONS.md#14-severity-based-prioritization--technical-debt)
---
## Full Research Citations
For complete academic papers, books, and authoritative sources, see:
@@ -354,8 +544,9 @@ Guardian's rules align with international standards:
Guardian's rules are backed by:
**5 Seminal Books** (1993-2017)
**6 Seminal Books** (1993-2017)
- Clean Architecture (Robert C. Martin, 2017)
- Implementing Domain-Driven Design (Vaughn Vernon, 2013)
- Domain-Driven Design (Eric Evans, 2003)
- Patterns of Enterprise Application Architecture (Martin Fowler, 2002)
- Refactoring (Martin Fowler, 1999)
@@ -363,9 +554,16 @@ Guardian's rules are backed by:
**Academic Research** (1976-2024)
- MIT Course 6.031
- ScienceDirect peer-reviewed studies
- ScienceDirect peer-reviewed studies (2020-2023)
- IEEE Conference papers on Technical Debt
- Software Quality Journal (2023)
- Cyclomatic Complexity (Thomas McCabe, 1976)
**Security Standards**
- OWASP Secrets Management Cheat Sheet
- GitHub Secret Scanning (350+ patterns)
- OWASP Top 10 for Mobile
**International Standards**
- ISO/IEC 25010:2011
@@ -373,10 +571,11 @@ Guardian's rules are backed by:
- Google, Microsoft, Airbnb style guides
- SonarQube (400,000+ organizations)
- AWS documentation
- GitHub security practices
**Thought Leaders**
- Martin Fowler, Robert C. Martin (Uncle Bob), Eric Evans
- Alistair Cockburn, Kent Beck, Thomas McCabe
- Vaughn Vernon, Alistair Cockburn, Kent Beck, Thomas McCabe
---
@@ -388,4 +587,4 @@ Guardian's rules are backed by:
---
*Last updated: 2025-11-24*
*Last updated: 2025-11-26*

38
packages/guardian/examples/bad/domain/entities/anemic-model-only-getters-setters.ts Normal file
View File

@@ -0,0 +1,38 @@
/**
* BAD EXAMPLE: Anemic Domain Model
*
* This Order class only has getters and setters without any business logic.
* All business logic is likely scattered in services (procedural approach).
*
* This violates Domain-Driven Design principles.
*/
class Order {
private status: string
private total: number
private items: any[]
getStatus(): string {
return this.status
}
setStatus(status: string): void {
this.status = status
}
getTotal(): number {
return this.total
}
setTotal(total: number): void {
this.total = total
}
getItems(): any[] {
return this.items
}
setItems(items: any[]): void {
this.items = items
}
}

34
packages/guardian/examples/bad/domain/entities/anemic-model-public-setters.ts Normal file
View File

@@ -0,0 +1,34 @@
/**
* BAD EXAMPLE: Anemic Domain Model with Public Setters
*
* This User class has public setters which is an anti-pattern in DDD.
* Public setters allow uncontrolled state changes without validation or business rules.
*
* This violates Domain-Driven Design principles and encapsulation.
*/
class User {
private email: string
private password: string
private status: string
public setEmail(email: string): void {
this.email = email
}
public getEmail(): string {
return this.email
}
public setPassword(password: string): void {
this.password = password
}
public setStatus(status: string): void {
this.status = status
}
public getStatus(): string {
return this.status
}
}

139
packages/guardian/examples/good-architecture/domain/entities/Customer.ts Normal file
View File

@@ -0,0 +1,139 @@
/**
* GOOD EXAMPLE: Rich Domain Model with Business Logic
*
* This Customer class encapsulates business rules and state transitions.
* No public setters - all changes go through business methods.
*
* This follows Domain-Driven Design and encapsulation principles.
*/
interface Address {
street: string
city: string
country: string
postalCode: string
}
interface DomainEvent {
type: string
data: any
}
class Customer {
private readonly id: string
private email: string
private isActive: boolean
private loyaltyPoints: number
private address: Address | null
private readonly events: DomainEvent[] = []
constructor(id: string, email: string) {
this.id = id
this.email = email
this.isActive = true
this.loyaltyPoints = 0
this.address = null
}
public activate(): void {
if (this.isActive) {
throw new Error("Customer is already active")
}
this.isActive = true
this.events.push({
type: "CustomerActivated",
data: { customerId: this.id },
})
}
public deactivate(reason: string): void {
if (!this.isActive) {
throw new Error("Customer is already inactive")
}
this.isActive = false
this.events.push({
type: "CustomerDeactivated",
data: { customerId: this.id, reason },
})
}
public changeEmail(newEmail: string): void {
if (!this.isValidEmail(newEmail)) {
throw new Error("Invalid email format")
}
if (this.email === newEmail) {
return
}
const oldEmail = this.email
this.email = newEmail
this.events.push({
type: "EmailChanged",
data: { customerId: this.id, oldEmail, newEmail },
})
}
public updateAddress(address: Address): void {
if (!this.isValidAddress(address)) {
throw new Error("Invalid address")
}
this.address = address
this.events.push({
type: "AddressUpdated",
data: { customerId: this.id },
})
}
public addLoyaltyPoints(points: number): void {
if (points <= 0) {
throw new Error("Points must be positive")
}
if (!this.isActive) {
throw new Error("Cannot add points to inactive customer")
}
this.loyaltyPoints += points
this.events.push({
type: "LoyaltyPointsAdded",
data: { customerId: this.id, points },
})
}
public redeemLoyaltyPoints(points: number): void {
if (points <= 0) {
throw new Error("Points must be positive")
}
if (this.loyaltyPoints < points) {
throw new Error("Insufficient loyalty points")
}
this.loyaltyPoints -= points
this.events.push({
type: "LoyaltyPointsRedeemed",
data: { customerId: this.id, points },
})
}
public getEmail(): string {
return this.email
}
public getLoyaltyPoints(): number {
return this.loyaltyPoints
}
public getAddress(): Address | null {
return this.address ? { ...this.address } : null
}
public getEvents(): DomainEvent[] {
return [...this.events]
}
private isValidEmail(email: string): boolean {
return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)
}
private isValidAddress(address: Address): boolean {
return !!address.street && !!address.city && !!address.country && !!address.postalCode
}
}
export { Customer }

104
packages/guardian/examples/good-architecture/domain/entities/Order.ts Normal file
View File

@@ -0,0 +1,104 @@
/**
* GOOD EXAMPLE: Rich Domain Model
*
* This Order class contains business logic and enforces business rules.
* State changes are made through business methods, not setters.
*
* This follows Domain-Driven Design principles.
*/
type OrderStatus = "pending" | "approved" | "rejected" | "shipped"
interface OrderItem {
productId: string
quantity: number
price: number
}
interface DomainEvent {
type: string
data: any
}
class Order {
private readonly id: string
private status: OrderStatus
private items: OrderItem[]
private readonly events: DomainEvent[] = []
constructor(id: string, items: OrderItem[]) {
this.id = id
this.status = "pending"
this.items = items
}
public approve(): void {
if (!this.canBeApproved()) {
throw new Error("Cannot approve order in current state")
}
this.status = "approved"
this.events.push({
type: "OrderApproved",
data: { orderId: this.id },
})
}
public reject(reason: string): void {
if (!this.canBeRejected()) {
throw new Error("Cannot reject order in current state")
}
this.status = "rejected"
this.events.push({
type: "OrderRejected",
data: { orderId: this.id, reason },
})
}
public ship(): void {
if (!this.canBeShipped()) {
throw new Error("Order must be approved before shipping")
}
this.status = "shipped"
this.events.push({
type: "OrderShipped",
data: { orderId: this.id },
})
}
public addItem(item: OrderItem): void {
if (this.status !== "pending") {
throw new Error("Cannot modify approved or shipped order")
}
this.items.push(item)
}
public calculateTotal(): number {
return this.items.reduce((sum, item) => sum + item.price * item.quantity, 0)
}
public getStatus(): OrderStatus {
return this.status
}
public getItems(): OrderItem[] {
return [...this.items]
}
public getEvents(): DomainEvent[] {
return [...this.events]
}
private canBeApproved(): boolean {
return this.status === "pending" && this.items.length > 0
}
private canBeRejected(): boolean {
return this.status === "pending"
}
private canBeShipped(): boolean {
return this.status === "approved"
}
}
export { Order }

8
packages/guardian/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@samiyev/guardian",
"version": "0.7.5",
"description": "Research-backed code quality guardian for AI-assisted development. Detects hardcodes, circular deps, framework leaks, entity exposure, and 8 architecture violations. Enforces Clean Architecture/DDD principles. Works with GitHub Copilot, Cursor, Windsurf, Claude, ChatGPT, Cline, and any AI coding tool.",
"version": "0.9.0",
"description": "Research-backed code quality guardian for AI-assisted development. Detects hardcodes, secrets, circular deps, framework leaks, entity exposure, and 9 architecture violations. Enforces Clean Architecture/DDD principles. Works with GitHub Copilot, Cursor, Windsurf, Claude, ChatGPT, Cline, and any AI coding tool.",
"keywords": [
"puaros",
"guardian",
@@ -82,6 +82,10 @@
"guardian": "./bin/guardian.js"
},
"dependencies": {
"@secretlint/core": "^11.2.5",
"@secretlint/node": "^11.2.5",
"@secretlint/secretlint-rule-preset-recommend": "^11.2.5",
"@secretlint/types": "^11.2.5",
"commander": "^12.1.0",
"simple-git": "^3.30.0",
"tree-sitter": "^0.21.1",

13
packages/guardian/src/api.ts
View File

@@ -12,6 +12,9 @@ import { IEntityExposureDetector } from "./domain/services/IEntityExposureDetect
import { IDependencyDirectionDetector } from "./domain/services/IDependencyDirectionDetector"
import { IRepositoryPatternDetector } from "./domain/services/RepositoryPatternDetectorService"
import { IAggregateBoundaryDetector } from "./domain/services/IAggregateBoundaryDetector"
import { ISecretDetector } from "./domain/services/ISecretDetector"
import { IAnemicModelDetector } from "./domain/services/IAnemicModelDetector"
import { IDuplicateValueTracker } from "./domain/services/IDuplicateValueTracker"
import { FileScanner } from "./infrastructure/scanners/FileScanner"
import { CodeParser } from "./infrastructure/parsers/CodeParser"
import { HardcodeDetector } from "./infrastructure/analyzers/HardcodeDetector"
@@ -21,6 +24,9 @@ import { EntityExposureDetector } from "./infrastructure/analyzers/EntityExposur
import { DependencyDirectionDetector } from "./infrastructure/analyzers/DependencyDirectionDetector"
import { RepositoryPatternDetector } from "./infrastructure/analyzers/RepositoryPatternDetector"
import { AggregateBoundaryDetector } from "./infrastructure/analyzers/AggregateBoundaryDetector"
import { SecretDetector } from "./infrastructure/analyzers/SecretDetector"
import { AnemicModelDetector } from "./infrastructure/analyzers/AnemicModelDetector"
import { DuplicateValueTracker } from "./infrastructure/analyzers/DuplicateValueTracker"
import { ERROR_MESSAGES } from "./shared/constants"
/**
@@ -79,6 +85,9 @@ export async function analyzeProject(
new DependencyDirectionDetector()
const repositoryPatternDetector: IRepositoryPatternDetector = new RepositoryPatternDetector()
const aggregateBoundaryDetector: IAggregateBoundaryDetector = new AggregateBoundaryDetector()
const secretDetector: ISecretDetector = new SecretDetector()
const anemicModelDetector: IAnemicModelDetector = new AnemicModelDetector()
const duplicateValueTracker: IDuplicateValueTracker = new DuplicateValueTracker()
const useCase = new AnalyzeProject(
fileScanner,
codeParser,
@@ -89,6 +98,9 @@ export async function analyzeProject(
dependencyDirectionDetector,
repositoryPatternDetector,
aggregateBoundaryDetector,
secretDetector,
anemicModelDetector,
duplicateValueTracker,
)
const result = await useCase.execute(options)
@@ -112,5 +124,6 @@ export type {
DependencyDirectionViolation,
RepositoryPatternViolation,
AggregateBoundaryViolation,
AnemicModelViolation,
ProjectMetrics,
} from "./application/use-cases/AnalyzeProject"

66
packages/guardian/src/application/use-cases/AnalyzeProject.ts
View File

@@ -9,12 +9,15 @@ import { IEntityExposureDetector } from "../../domain/services/IEntityExposureDe
import { IDependencyDirectionDetector } from "../../domain/services/IDependencyDirectionDetector"
import { IRepositoryPatternDetector } from "../../domain/services/RepositoryPatternDetectorService"
import { IAggregateBoundaryDetector } from "../../domain/services/IAggregateBoundaryDetector"
import { ISecretDetector } from "../../domain/services/ISecretDetector"
import { IAnemicModelDetector } from "../../domain/services/IAnemicModelDetector"
import { IDuplicateValueTracker } from "../../domain/services/IDuplicateValueTracker"
import { SourceFile } from "../../domain/entities/SourceFile"
import { DependencyGraph } from "../../domain/entities/DependencyGraph"
import { FileCollectionStep } from "./pipeline/FileCollectionStep"
import { ParsingStep } from "./pipeline/ParsingStep"
import { DetectionPipeline } from "./pipeline/DetectionPipeline"
import { ResultAggregator } from "./pipeline/ResultAggregator"
import { CollectFiles } from "./pipeline/CollectFiles"
import { ParseSourceFiles } from "./pipeline/ParseSourceFiles"
import { ExecuteDetection } from "./pipeline/ExecuteDetection"
import { AggregateResults } from "./pipeline/AggregateResults"
import {
ERROR_MESSAGES,
HARDCODE_TYPES,
@@ -42,6 +45,8 @@ export interface AnalyzeProjectResponse {
dependencyDirectionViolations: DependencyDirectionViolation[]
repositoryPatternViolations: RepositoryPatternViolation[]
aggregateBoundaryViolations: AggregateBoundaryViolation[]
secretViolations: SecretViolation[]
anemicModelViolations: AnemicModelViolation[]
metrics: ProjectMetrics
}
@@ -58,8 +63,9 @@ export interface HardcodeViolation {
type:
| typeof HARDCODE_TYPES.MAGIC_NUMBER
| typeof HARDCODE_TYPES.MAGIC_STRING
| typeof HARDCODE_TYPES.MAGIC_BOOLEAN
| typeof HARDCODE_TYPES.MAGIC_CONFIG
value: string | number
value: string | number | boolean
file: string
line: number
column: number
@@ -163,6 +169,32 @@ export interface AggregateBoundaryViolation {
severity: SeverityLevel
}
export interface SecretViolation {
rule: typeof RULES.SECRET_EXPOSURE
secretType: string
file: string
line: number
column: number
message: string
suggestion: string
severity: SeverityLevel
}
export interface AnemicModelViolation {
rule: typeof RULES.ANEMIC_MODEL
className: string
file: string
layer: string
line?: number
methodCount: number
propertyCount: number
hasOnlyGettersSetters: boolean
hasPublicSetters: boolean
message: string
suggestion: string
severity: SeverityLevel
}
export interface ProjectMetrics {
totalFiles: number
totalFunctions: number
@@ -178,10 +210,10 @@ export class AnalyzeProject extends UseCase<
AnalyzeProjectRequest,
ResponseDto<AnalyzeProjectResponse>
> {
private readonly fileCollectionStep: FileCollectionStep
private readonly parsingStep: ParsingStep
private readonly detectionPipeline: DetectionPipeline
private readonly resultAggregator: ResultAggregator
private readonly fileCollectionStep: CollectFiles
private readonly parsingStep: ParseSourceFiles
private readonly detectionPipeline: ExecuteDetection
private readonly resultAggregator: AggregateResults
constructor(
fileScanner: IFileScanner,
@@ -193,11 +225,14 @@ export class AnalyzeProject extends UseCase<
dependencyDirectionDetector: IDependencyDirectionDetector,
repositoryPatternDetector: IRepositoryPatternDetector,
aggregateBoundaryDetector: IAggregateBoundaryDetector,
secretDetector: ISecretDetector,
anemicModelDetector: IAnemicModelDetector,
duplicateValueTracker: IDuplicateValueTracker,
) {
super()
this.fileCollectionStep = new FileCollectionStep(fileScanner)
this.parsingStep = new ParsingStep(codeParser)
this.detectionPipeline = new DetectionPipeline(
this.fileCollectionStep = new CollectFiles(fileScanner)
this.parsingStep = new ParseSourceFiles(codeParser)
this.detectionPipeline = new ExecuteDetection(
hardcodeDetector,
namingConventionDetector,
frameworkLeakDetector,
@@ -205,8 +240,11 @@ export class AnalyzeProject extends UseCase<
dependencyDirectionDetector,
repositoryPatternDetector,
aggregateBoundaryDetector,
secretDetector,
anemicModelDetector,
duplicateValueTracker,
)
this.resultAggregator = new ResultAggregator()
this.resultAggregator = new AggregateResults()
}
public async execute(
@@ -224,7 +262,7 @@ export class AnalyzeProject extends UseCase<
rootDir: request.rootDir,
})
const detectionResult = this.detectionPipeline.execute({
const detectionResult = await this.detectionPipeline.execute({
sourceFiles,
dependencyGraph,
})

8
packages/guardian/src/application/use-cases/pipeline/ResultAggregator.ts → packages/guardian/src/application/use-cases/pipeline/AggregateResults.ts
View File

@@ -3,6 +3,7 @@ import { DependencyGraph } from "../../../domain/entities/DependencyGraph"
import type {
AggregateBoundaryViolation,
AnalyzeProjectResponse,
AnemicModelViolation,
ArchitectureViolation,
CircularDependencyViolation,
DependencyDirectionViolation,
@@ -12,6 +13,7 @@ import type {
NamingConventionViolation,
ProjectMetrics,
RepositoryPatternViolation,
SecretViolation,
} from "../AnalyzeProject"
export interface AggregationRequest {
@@ -27,12 +29,14 @@ export interface AggregationRequest {
dependencyDirectionViolations: DependencyDirectionViolation[]
repositoryPatternViolations: RepositoryPatternViolation[]
aggregateBoundaryViolations: AggregateBoundaryViolation[]
secretViolations: SecretViolation[]
anemicModelViolations: AnemicModelViolation[]
}
/**
* Pipeline step responsible for building final response DTO
*/
export class ResultAggregator {
export class AggregateResults {
public execute(request: AggregationRequest): AnalyzeProjectResponse {
const metrics = this.calculateMetrics(
request.sourceFiles,
@@ -52,6 +56,8 @@ export class ResultAggregator {
dependencyDirectionViolations: request.dependencyDirectionViolations,
repositoryPatternViolations: request.repositoryPatternViolations,
aggregateBoundaryViolations: request.aggregateBoundaryViolations,
secretViolations: request.secretViolations,
anemicModelViolations: request.anemicModelViolations,
metrics,
}
}

2
packages/guardian/src/application/use-cases/pipeline/FileCollectionStep.ts → packages/guardian/src/application/use-cases/pipeline/CollectFiles.ts
View File

@@ -16,7 +16,7 @@ export interface FileCollectionResult {
/**
* Pipeline step responsible for file collection and basic parsing
*/
export class FileCollectionStep {
export class CollectFiles {
constructor(private readonly fileScanner: IFileScanner) {}
public async execute(request: FileCollectionRequest): Promise<FileCollectionResult> {

141
packages/guardian/src/application/use-cases/pipeline/DetectionPipeline.ts → packages/guardian/src/application/use-cases/pipeline/ExecuteDetection.ts
View File

@@ -5,8 +5,12 @@ import { IEntityExposureDetector } from "../../../domain/services/IEntityExposur
import { IDependencyDirectionDetector } from "../../../domain/services/IDependencyDirectionDetector"
import { IRepositoryPatternDetector } from "../../../domain/services/RepositoryPatternDetectorService"
import { IAggregateBoundaryDetector } from "../../../domain/services/IAggregateBoundaryDetector"
import { ISecretDetector } from "../../../domain/services/ISecretDetector"
import { IAnemicModelDetector } from "../../../domain/services/IAnemicModelDetector"
import { IDuplicateValueTracker } from "../../../domain/services/IDuplicateValueTracker"
import { SourceFile } from "../../../domain/entities/SourceFile"
import { DependencyGraph } from "../../../domain/entities/DependencyGraph"
import { HardcodedValue } from "../../../domain/value-objects/HardcodedValue"
import {
LAYERS,
REPOSITORY_VIOLATION_TYPES,
@@ -17,6 +21,7 @@ import {
} from "../../../shared/constants"
import type {
AggregateBoundaryViolation,
AnemicModelViolation,
ArchitectureViolation,
CircularDependencyViolation,
DependencyDirectionViolation,
@@ -25,6 +30,7 @@ import type {
HardcodeViolation,
NamingConventionViolation,
RepositoryPatternViolation,
SecretViolation,
} from "../AnalyzeProject"
export interface DetectionRequest {
@@ -42,12 +48,14 @@ export interface DetectionResult {
dependencyDirectionViolations: DependencyDirectionViolation[]
repositoryPatternViolations: RepositoryPatternViolation[]
aggregateBoundaryViolations: AggregateBoundaryViolation[]
secretViolations: SecretViolation[]
anemicModelViolations: AnemicModelViolation[]
}
/**
* Pipeline step responsible for running all detectors
*/
export class DetectionPipeline {
export class ExecuteDetection {
constructor(
private readonly hardcodeDetector: IHardcodeDetector,
private readonly namingConventionDetector: INamingConventionDetector,
@@ -56,9 +64,14 @@ export class DetectionPipeline {
private readonly dependencyDirectionDetector: IDependencyDirectionDetector,
private readonly repositoryPatternDetector: IRepositoryPatternDetector,
private readonly aggregateBoundaryDetector: IAggregateBoundaryDetector,
private readonly secretDetector: ISecretDetector,
private readonly anemicModelDetector: IAnemicModelDetector,
private readonly duplicateValueTracker: IDuplicateValueTracker,
) {}
public execute(request: DetectionRequest): DetectionResult {
public async execute(request: DetectionRequest): Promise<DetectionResult> {
const secretViolations = await this.detectSecrets(request.sourceFiles)
return {
violations: this.sortBySeverity(this.detectViolations(request.sourceFiles)),
hardcodeViolations: this.sortBySeverity(this.detectHardcode(request.sourceFiles)),
@@ -83,6 +96,10 @@ export class DetectionPipeline {
aggregateBoundaryViolations: this.sortBySeverity(
this.detectAggregateBoundaryViolations(request.sourceFiles),
),
secretViolations: this.sortBySeverity(secretViolations),
anemicModelViolations: this.sortBySeverity(
this.detectAnemicModels(request.sourceFiles),
),
}
}
@@ -137,7 +154,10 @@ export class DetectionPipeline {
}
private detectHardcode(sourceFiles: SourceFile[]): HardcodeViolation[] {
const violations: HardcodeViolation[] = []
const allHardcodedValues: {
value: HardcodedValue
file: SourceFile
}[] = []
for (const file of sourceFiles) {
const hardcodedValues = this.hardcodeDetector.detectAll(
@@ -146,23 +166,53 @@ export class DetectionPipeline {
)
for (const hardcoded of hardcodedValues) {
violations.push({
rule: RULES.HARDCODED_VALUE,
type: hardcoded.type,
value: hardcoded.value,
file: file.path.relative,
line: hardcoded.line,
column: hardcoded.column,
context: hardcoded.context,
suggestion: {
constantName: hardcoded.suggestConstantName(),
location: hardcoded.suggestLocation(file.layer),
},
severity: VIOLATION_SEVERITY_MAP.HARDCODE,
})
allHardcodedValues.push({ value: hardcoded, file })
}
}
this.duplicateValueTracker.clear()
for (const { value, file } of allHardcodedValues) {
this.duplicateValueTracker.track(value, file.path.relative)
}
const violations: HardcodeViolation[] = []
for (const { value, file } of allHardcodedValues) {
const duplicateLocations = this.duplicateValueTracker.getDuplicateLocations(
value.value,
value.type,
)
const enrichedValue = duplicateLocations
? HardcodedValue.create(
value.value,
value.type,
value.line,
value.column,
value.context,
value.valueType,
duplicateLocations.filter((loc) => loc.file !== file.path.relative),
)
: value
if (enrichedValue.shouldSkip(file.layer)) {
continue
}
violations.push({
rule: RULES.HARDCODED_VALUE,
type: enrichedValue.type,
value: enrichedValue.value,
file: file.path.relative,
line: enrichedValue.line,
column: enrichedValue.column,
context: enrichedValue.context,
suggestion: {
constantName: enrichedValue.suggestConstantName(),
location: enrichedValue.suggestLocation(file.layer),
},
severity: VIOLATION_SEVERITY_MAP.HARDCODE,
})
}
return violations
}
@@ -365,6 +415,63 @@ export class DetectionPipeline {
return violations
}
private async detectSecrets(sourceFiles: SourceFile[]): Promise<SecretViolation[]> {
const violations: SecretViolation[] = []
for (const file of sourceFiles) {
const secretViolations = await this.secretDetector.detectAll(
file.content,
file.path.relative,
)
for (const secret of secretViolations) {
violations.push({
rule: RULES.SECRET_EXPOSURE,
secretType: secret.secretType,
file: file.path.relative,
line: secret.line,
column: secret.column,
message: secret.getMessage(),
suggestion: secret.getSuggestion(),
severity: "critical",
})
}
}
return violations
}
private detectAnemicModels(sourceFiles: SourceFile[]): AnemicModelViolation[] {
const violations: AnemicModelViolation[] = []
for (const file of sourceFiles) {
const anemicModels = this.anemicModelDetector.detectAnemicModels(
file.content,
file.path.relative,
file.layer,
)
for (const anemicModel of anemicModels) {
violations.push({
rule: RULES.ANEMIC_MODEL,
className: anemicModel.className,
file: file.path.relative,
layer: anemicModel.layer,
line: anemicModel.line,
methodCount: anemicModel.methodCount,
propertyCount: anemicModel.propertyCount,
hasOnlyGettersSetters: anemicModel.hasOnlyGettersSetters,
hasPublicSetters: anemicModel.hasPublicSetters,
message: anemicModel.getMessage(),
suggestion: anemicModel.getSuggestion(),
severity: VIOLATION_SEVERITY_MAP.ANEMIC_MODEL,
})
}
}
return violations
}
private sortBySeverity<T extends { severity: SeverityLevel }>(violations: T[]): T[] {
return violations.sort((a, b) => {
return SEVERITY_ORDER[a.severity] - SEVERITY_ORDER[b.severity]

2
packages/guardian/src/application/use-cases/pipeline/ParsingStep.ts → packages/guardian/src/application/use-cases/pipeline/ParseSourceFiles.ts
View File

@@ -15,7 +15,7 @@ export interface ParsingResult {
/**
* Pipeline step responsible for AST parsing and dependency graph construction
*/
export class ParsingStep {
export class ParseSourceFiles {
constructor(private readonly codeParser: ICodeParser) {}
public execute(request: ParsingRequest): ParsingResult {

235
packages/guardian/src/cli/formatters/OutputFormatter.ts Normal file
View File

@@ -0,0 +1,235 @@
import { SEVERITY_LEVELS, type SeverityLevel } from "../../shared/constants"
import type {
AggregateBoundaryViolation,
AnemicModelViolation,
ArchitectureViolation,
CircularDependencyViolation,
DependencyDirectionViolation,
EntityExposureViolation,
FrameworkLeakViolation,
HardcodeViolation,
NamingConventionViolation,
RepositoryPatternViolation,
SecretViolation,
} from "../../application/use-cases/AnalyzeProject"
import { SEVERITY_DISPLAY_LABELS, SEVERITY_SECTION_HEADERS } from "../constants"
import { ViolationGrouper } from "../groupers/ViolationGrouper"
const SEVERITY_LABELS: Record<SeverityLevel, string> = {
[SEVERITY_LEVELS.CRITICAL]: SEVERITY_DISPLAY_LABELS.CRITICAL,
[SEVERITY_LEVELS.HIGH]: SEVERITY_DISPLAY_LABELS.HIGH,
[SEVERITY_LEVELS.MEDIUM]: SEVERITY_DISPLAY_LABELS.MEDIUM,
[SEVERITY_LEVELS.LOW]: SEVERITY_DISPLAY_LABELS.LOW,
}
const SEVERITY_HEADER: Record<SeverityLevel, string> = {
[SEVERITY_LEVELS.CRITICAL]: SEVERITY_SECTION_HEADERS.CRITICAL,
[SEVERITY_LEVELS.HIGH]: SEVERITY_SECTION_HEADERS.HIGH,
[SEVERITY_LEVELS.MEDIUM]: SEVERITY_SECTION_HEADERS.MEDIUM,
[SEVERITY_LEVELS.LOW]: SEVERITY_SECTION_HEADERS.LOW,
}
export class OutputFormatter {
private readonly grouper = new ViolationGrouper()
displayGroupedViolations<T extends { severity: SeverityLevel }>(
violations: T[],
displayFn: (v: T, index: number) => void,
limit?: number,
): void {
const grouped = this.grouper.groupBySeverity(violations)
const severities: SeverityLevel[] = [
SEVERITY_LEVELS.CRITICAL,
SEVERITY_LEVELS.HIGH,
SEVERITY_LEVELS.MEDIUM,
SEVERITY_LEVELS.LOW,
]
let totalDisplayed = 0
const totalAvailable = violations.length
for (const severity of severities) {
const items = grouped.get(severity)
if (items && items.length > 0) {
console.warn(SEVERITY_HEADER[severity])
console.warn(`Found ${String(items.length)} issue(s)\n`)
const itemsToDisplay =
limit !== undefined ? items.slice(0, limit - totalDisplayed) : items
itemsToDisplay.forEach((item, index) => {
displayFn(item, totalDisplayed + index)
})
totalDisplayed += itemsToDisplay.length
if (limit !== undefined && totalDisplayed >= limit) {
break
}
}
}
if (limit !== undefined && totalAvailable > limit) {
console.warn(
`\n⚠ Showing first ${String(limit)} of ${String(totalAvailable)} issues (use --limit to adjust)\n`,
)
}
}
formatArchitectureViolation(v: ArchitectureViolation, index: number): void {
console.log(`${String(index + 1)}. ${v.file}`)
console.log(` Severity: ${SEVERITY_LABELS[v.severity]}`)
console.log(` Rule: ${v.rule}`)
console.log(` ${v.message}`)
console.log("")
}
formatCircularDependency(cd: CircularDependencyViolation, index: number): void {
console.log(`${String(index + 1)}. ${cd.message}`)
console.log(` Severity: ${SEVERITY_LABELS[cd.severity]}`)
console.log(" Cycle path:")
cd.cycle.forEach((file, i) => {
console.log(` ${String(i + 1)}. ${file}`)
})
console.log(` ${String(cd.cycle.length + 1)}. ${cd.cycle[0]} (back to start)`)
console.log("")
}
formatNamingViolation(nc: NamingConventionViolation, index: number): void {
console.log(`${String(index + 1)}. ${nc.file}`)
console.log(` Severity: ${SEVERITY_LABELS[nc.severity]}`)
console.log(` File: ${nc.fileName}`)
console.log(` Layer: ${nc.layer}`)
console.log(` Type: ${nc.type}`)
console.log(` Message: ${nc.message}`)
if (nc.suggestion) {
console.log(` 💡 Suggestion: ${nc.suggestion}`)
}
console.log("")
}
formatFrameworkLeak(fl: FrameworkLeakViolation, index: number): void {
console.log(`${String(index + 1)}. ${fl.file}`)
console.log(` Severity: ${SEVERITY_LABELS[fl.severity]}`)
console.log(` Package: ${fl.packageName}`)
console.log(` Category: ${fl.categoryDescription}`)
console.log(` Layer: ${fl.layer}`)
console.log(` Rule: ${fl.rule}`)
console.log(` ${fl.message}`)
console.log(` 💡 Suggestion: ${fl.suggestion}`)
console.log("")
}
formatEntityExposure(ee: EntityExposureViolation, index: number): void {
const location = ee.line ? `${ee.file}:${String(ee.line)}` : ee.file
console.log(`${String(index + 1)}. ${location}`)
console.log(` Severity: ${SEVERITY_LABELS[ee.severity]}`)
console.log(` Entity: ${ee.entityName}`)
console.log(` Return Type: ${ee.returnType}`)
if (ee.methodName) {
console.log(` Method: ${ee.methodName}`)
}
console.log(` Layer: ${ee.layer}`)
console.log(` Rule: ${ee.rule}`)
console.log(` ${ee.message}`)
console.log(" 💡 Suggestion:")
ee.suggestion.split("\n").forEach((line) => {
if (line.trim()) {
console.log(` ${line}`)
}
})
console.log("")
}
formatDependencyDirection(dd: DependencyDirectionViolation, index: number): void {
console.log(`${String(index + 1)}. ${dd.file}`)
console.log(` Severity: ${SEVERITY_LABELS[dd.severity]}`)
console.log(` From Layer: ${dd.fromLayer}`)
console.log(` To Layer: ${dd.toLayer}`)
console.log(` Import: ${dd.importPath}`)
console.log(` ${dd.message}`)
console.log(` 💡 Suggestion: ${dd.suggestion}`)
console.log("")
}
formatRepositoryPattern(rp: RepositoryPatternViolation, index: number): void {
console.log(`${String(index + 1)}. ${rp.file}`)
console.log(` Severity: ${SEVERITY_LABELS[rp.severity]}`)
console.log(` Layer: ${rp.layer}`)
console.log(` Type: ${rp.violationType}`)
console.log(` Details: ${rp.details}`)
console.log(` ${rp.message}`)
console.log(` 💡 Suggestion: ${rp.suggestion}`)
console.log("")
}
formatAggregateBoundary(ab: AggregateBoundaryViolation, index: number): void {
const location = ab.line ? `${ab.file}:${String(ab.line)}` : ab.file
console.log(`${String(index + 1)}. ${location}`)
console.log(` Severity: ${SEVERITY_LABELS[ab.severity]}`)
console.log(` From Aggregate: ${ab.fromAggregate}`)
console.log(` To Aggregate: ${ab.toAggregate}`)
console.log(` Entity: ${ab.entityName}`)
console.log(` Import: ${ab.importPath}`)
console.log(` ${ab.message}`)
console.log(" 💡 Suggestion:")
ab.suggestion.split("\n").forEach((line) => {
if (line.trim()) {
console.log(` ${line}`)
}
})
console.log("")
}
formatSecretViolation(sv: SecretViolation, index: number): void {
const location = `${sv.file}:${String(sv.line)}:${String(sv.column)}`
console.log(`${String(index + 1)}. ${location}`)
console.log(` Severity: ${SEVERITY_LABELS[sv.severity]} ⚠️`)
console.log(` Secret Type: ${sv.secretType}`)
console.log(` ${sv.message}`)
console.log(" 🔐 CRITICAL: Rotate this secret immediately!")
console.log(" 💡 Suggestion:")
sv.suggestion.split("\n").forEach((line) => {
if (line.trim()) {
console.log(` ${line}`)
}
})
console.log("")
}
formatHardcodeViolation(hc: HardcodeViolation, index: number): void {
console.log(`${String(index + 1)}. ${hc.file}:${String(hc.line)}:${String(hc.column)}`)
console.log(` Severity: ${SEVERITY_LABELS[hc.severity]}`)
console.log(` Type: ${hc.type}`)
console.log(` Value: ${JSON.stringify(hc.value)}`)
console.log(` Context: ${hc.context.trim()}`)
console.log(` 💡 Suggested: ${hc.suggestion.constantName}`)
console.log(` 📁 Location: ${hc.suggestion.location}`)
console.log("")
}
formatAnemicModelViolation(am: AnemicModelViolation, index: number): void {
const location = am.line ? `${am.file}:${String(am.line)}` : am.file
console.log(`${String(index + 1)}. ${location}`)
console.log(` Severity: ${SEVERITY_LABELS[am.severity]}`)
console.log(` Class: ${am.className}`)
console.log(` Layer: ${am.layer}`)
console.log(
` Methods: ${String(am.methodCount)} | Properties: ${String(am.propertyCount)}`,
)
if (am.hasPublicSetters) {
console.log(" ⚠️ Has public setters (DDD anti-pattern)")
}
if (am.hasOnlyGettersSetters) {
console.log(" ⚠️ Only getters/setters (no business logic)")
}
console.log(` ${am.message}`)
console.log(" 💡 Suggestion:")
am.suggestion.split("\n").forEach((line) => {
if (line.trim()) {
console.log(` ${line}`)
}
})
console.log("")
}
}

59
packages/guardian/src/cli/formatters/StatisticsFormatter.ts Normal file
View File

@@ -0,0 +1,59 @@
import { CLI_LABELS, CLI_MESSAGES } from "../constants"
interface ProjectMetrics {
totalFiles: number
totalFunctions: number
totalImports: number
layerDistribution: Record<string, number>
}
export class StatisticsFormatter {
displayMetrics(metrics: ProjectMetrics): void {
console.log(CLI_MESSAGES.METRICS_HEADER)
console.log(` ${CLI_LABELS.FILES_ANALYZED} ${String(metrics.totalFiles)}`)
console.log(` ${CLI_LABELS.TOTAL_FUNCTIONS} ${String(metrics.totalFunctions)}`)
console.log(` ${CLI_LABELS.TOTAL_IMPORTS} ${String(metrics.totalImports)}`)
if (Object.keys(metrics.layerDistribution).length > 0) {
console.log(CLI_MESSAGES.LAYER_DISTRIBUTION_HEADER)
for (const [layer, count] of Object.entries(metrics.layerDistribution)) {
console.log(` ${layer}: ${String(count)} ${CLI_LABELS.FILES}`)
}
}
}
displaySummary(totalIssues: number, verbose: boolean): void {
if (totalIssues === 0) {
console.log(CLI_MESSAGES.NO_ISSUES)
process.exit(0)
} else {
console.log(
`${CLI_MESSAGES.ISSUES_TOTAL} ${String(totalIssues)} ${CLI_LABELS.ISSUES_TOTAL}`,
)
console.log(CLI_MESSAGES.TIP)
if (verbose) {
console.log(CLI_MESSAGES.HELP_FOOTER)
}
process.exit(1)
}
}
displaySeverityFilterMessage(onlyCritical: boolean, minSeverity?: string): void {
if (onlyCritical) {
console.log("\n🔴 Filtering: Showing only CRITICAL severity issues\n")
} else if (minSeverity) {
console.log(
`\n⚠ Filtering: Showing ${minSeverity.toUpperCase()} severity and above\n`,
)
}
}
displayError(message: string): void {
console.error(`\n❌ ${CLI_MESSAGES.ERROR_PREFIX}`)
console.error(message)
console.error("")
process.exit(1)
}
}

29
packages/guardian/src/cli/groupers/ViolationGrouper.ts Normal file
View File

@@ -0,0 +1,29 @@
import { SEVERITY_ORDER, type SeverityLevel } from "../../shared/constants"
export class ViolationGrouper {
groupBySeverity<T extends { severity: SeverityLevel }>(
violations: T[],
): Map<SeverityLevel, T[]> {
const grouped = new Map<SeverityLevel, T[]>()
for (const violation of violations) {
const existing = grouped.get(violation.severity) ?? []
existing.push(violation)
grouped.set(violation.severity, existing)
}
return grouped
}
filterBySeverity<T extends { severity: SeverityLevel }>(
violations: T[],
minSeverity?: SeverityLevel,
): T[] {
if (!minSeverity) {
return violations
}
const minSeverityOrder = SEVERITY_ORDER[minSeverity]
return violations.filter((v) => SEVERITY_ORDER[v.severity] <= minSeverityOrder)
}
}

353
packages/guardian/src/cli/index.ts
View File

@@ -11,92 +11,11 @@ import {
CLI_MESSAGES,
CLI_OPTIONS,
DEFAULT_EXCLUDES,
SEVERITY_DISPLAY_LABELS,
SEVERITY_SECTION_HEADERS,
} from "./constants"
import { SEVERITY_LEVELS, SEVERITY_ORDER, type SeverityLevel } from "../shared/constants"
const SEVERITY_LABELS: Record<SeverityLevel, string> = {
[SEVERITY_LEVELS.CRITICAL]: SEVERITY_DISPLAY_LABELS.CRITICAL,
[SEVERITY_LEVELS.HIGH]: SEVERITY_DISPLAY_LABELS.HIGH,
[SEVERITY_LEVELS.MEDIUM]: SEVERITY_DISPLAY_LABELS.MEDIUM,
[SEVERITY_LEVELS.LOW]: SEVERITY_DISPLAY_LABELS.LOW,
}
const SEVERITY_HEADER: Record<SeverityLevel, string> = {
[SEVERITY_LEVELS.CRITICAL]: SEVERITY_SECTION_HEADERS.CRITICAL,
[SEVERITY_LEVELS.HIGH]: SEVERITY_SECTION_HEADERS.HIGH,
[SEVERITY_LEVELS.MEDIUM]: SEVERITY_SECTION_HEADERS.MEDIUM,
[SEVERITY_LEVELS.LOW]: SEVERITY_SECTION_HEADERS.LOW,
}
function groupBySeverity<T extends { severity: SeverityLevel }>(
violations: T[],
): Map<SeverityLevel, T[]> {
const grouped = new Map<SeverityLevel, T[]>()
for (const violation of violations) {
const existing = grouped.get(violation.severity) ?? []
existing.push(violation)
grouped.set(violation.severity, existing)
}
return grouped
}
function filterBySeverity<T extends { severity: SeverityLevel }>(
violations: T[],
minSeverity?: SeverityLevel,
): T[] {
if (!minSeverity) {
return violations
}
const minSeverityOrder = SEVERITY_ORDER[minSeverity]
return violations.filter((v) => SEVERITY_ORDER[v.severity] <= minSeverityOrder)
}
function displayGroupedViolations<T extends { severity: SeverityLevel }>(
violations: T[],
displayFn: (v: T, index: number) => void,
limit?: number,
): void {
const grouped = groupBySeverity(violations)
const severities: SeverityLevel[] = [
SEVERITY_LEVELS.CRITICAL,
SEVERITY_LEVELS.HIGH,
SEVERITY_LEVELS.MEDIUM,
SEVERITY_LEVELS.LOW,
]
let totalDisplayed = 0
const totalAvailable = violations.length
for (const severity of severities) {
const items = grouped.get(severity)
if (items && items.length > 0) {
console.warn(SEVERITY_HEADER[severity])
console.warn(`Found ${String(items.length)} issue(s)\n`)
const itemsToDisplay =
limit !== undefined ? items.slice(0, limit - totalDisplayed) : items
itemsToDisplay.forEach((item, index) => {
displayFn(item, totalDisplayed + index)
})
totalDisplayed += itemsToDisplay.length
if (limit !== undefined && totalDisplayed >= limit) {
break
}
}
}
if (limit !== undefined && totalAvailable > limit) {
console.warn(
`\n⚠ Showing first ${String(limit)} of ${String(totalAvailable)} issues (use --limit to adjust)\n`,
)
}
}
import { SEVERITY_LEVELS, type SeverityLevel } from "../shared/constants"
import { ViolationGrouper } from "./groupers/ViolationGrouper"
import { OutputFormatter } from "./formatters/OutputFormatter"
import { StatisticsFormatter } from "./formatters/StatisticsFormatter"
const program = new Command()
@@ -150,6 +69,10 @@ program
.option(CLI_OPTIONS.ONLY_CRITICAL, CLI_DESCRIPTIONS.ONLY_CRITICAL_OPTION, false)
.option(CLI_OPTIONS.LIMIT, CLI_DESCRIPTIONS.LIMIT_OPTION)
.action(async (path: string, options) => {
const grouper = new ViolationGrouper()
const outputFormatter = new OutputFormatter()
const statsFormatter = new StatisticsFormatter()
try {
console.log(CLI_MESSAGES.ANALYZING)
@@ -169,6 +92,8 @@ program
dependencyDirectionViolations,
repositoryPatternViolations,
aggregateBoundaryViolations,
secretViolations,
anemicModelViolations,
} = result
const minSeverity: SeverityLevel | undefined = options.onlyCritical
@@ -182,270 +107,187 @@ program
: undefined
if (minSeverity) {
violations = filterBySeverity(violations, minSeverity)
hardcodeViolations = filterBySeverity(hardcodeViolations, minSeverity)
circularDependencyViolations = filterBySeverity(
violations = grouper.filterBySeverity(violations, minSeverity)
hardcodeViolations = grouper.filterBySeverity(hardcodeViolations, minSeverity)
circularDependencyViolations = grouper.filterBySeverity(
circularDependencyViolations,
minSeverity,
)
namingViolations = filterBySeverity(namingViolations, minSeverity)
frameworkLeakViolations = filterBySeverity(frameworkLeakViolations, minSeverity)
entityExposureViolations = filterBySeverity(entityExposureViolations, minSeverity)
dependencyDirectionViolations = filterBySeverity(
namingViolations = grouper.filterBySeverity(namingViolations, minSeverity)
frameworkLeakViolations = grouper.filterBySeverity(
frameworkLeakViolations,
minSeverity,
)
entityExposureViolations = grouper.filterBySeverity(
entityExposureViolations,
minSeverity,
)
dependencyDirectionViolations = grouper.filterBySeverity(
dependencyDirectionViolations,
minSeverity,
)
repositoryPatternViolations = filterBySeverity(
repositoryPatternViolations = grouper.filterBySeverity(
repositoryPatternViolations,
minSeverity,
)
aggregateBoundaryViolations = filterBySeverity(
aggregateBoundaryViolations = grouper.filterBySeverity(
aggregateBoundaryViolations,
minSeverity,
)
secretViolations = grouper.filterBySeverity(secretViolations, minSeverity)
anemicModelViolations = grouper.filterBySeverity(anemicModelViolations, minSeverity)
if (options.onlyCritical) {
console.log("\n🔴 Filtering: Showing only CRITICAL severity issues\n")
} else {
console.log(
`\n⚠ Filtering: Showing ${minSeverity.toUpperCase()} severity and above\n`,
)
}
statsFormatter.displaySeverityFilterMessage(
options.onlyCritical,
options.minSeverity,
)
}
// Display metrics
console.log(CLI_MESSAGES.METRICS_HEADER)
console.log(` ${CLI_LABELS.FILES_ANALYZED} ${String(metrics.totalFiles)}`)
console.log(` ${CLI_LABELS.TOTAL_FUNCTIONS} ${String(metrics.totalFunctions)}`)
console.log(` ${CLI_LABELS.TOTAL_IMPORTS} ${String(metrics.totalImports)}`)
statsFormatter.displayMetrics(metrics)
if (Object.keys(metrics.layerDistribution).length > 0) {
console.log(CLI_MESSAGES.LAYER_DISTRIBUTION_HEADER)
for (const [layer, count] of Object.entries(metrics.layerDistribution)) {
console.log(` ${layer}: ${String(count)} ${CLI_LABELS.FILES}`)
}
}
// Architecture violations
if (options.architecture && violations.length > 0) {
console.log(
`\n${CLI_MESSAGES.VIOLATIONS_HEADER} ${String(violations.length)} ${CLI_LABELS.ARCHITECTURE_VIOLATIONS}`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
violations,
(v, index) => {
console.log(`${String(index + 1)}. ${v.file}`)
console.log(` Severity: ${SEVERITY_LABELS[v.severity]}`)
console.log(` Rule: ${v.rule}`)
console.log(` ${v.message}`)
console.log("")
(v, i) => {
outputFormatter.formatArchitectureViolation(v, i)
},
limit,
)
}
// Circular dependency violations
if (options.architecture && circularDependencyViolations.length > 0) {
console.log(
`\n${CLI_MESSAGES.CIRCULAR_DEPS_HEADER} ${String(circularDependencyViolations.length)} ${CLI_LABELS.CIRCULAR_DEPENDENCIES}`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
circularDependencyViolations,
(cd, index) => {
console.log(`${String(index + 1)}. ${cd.message}`)
console.log(` Severity: ${SEVERITY_LABELS[cd.severity]}`)
console.log(" Cycle path:")
cd.cycle.forEach((file, i) => {
console.log(` ${String(i + 1)}. ${file}`)
})
console.log(
` ${String(cd.cycle.length + 1)}. ${cd.cycle[0]} (back to start)`,
)
console.log("")
(cd, i) => {
outputFormatter.formatCircularDependency(cd, i)
},
limit,
)
}
// Naming convention violations
if (options.architecture && namingViolations.length > 0) {
console.log(
`\n${CLI_MESSAGES.NAMING_VIOLATIONS_HEADER} ${String(namingViolations.length)} ${CLI_LABELS.NAMING_VIOLATIONS}`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
namingViolations,
(nc, index) => {
console.log(`${String(index + 1)}. ${nc.file}`)
console.log(` Severity: ${SEVERITY_LABELS[nc.severity]}`)
console.log(` File: ${nc.fileName}`)
console.log(` Layer: ${nc.layer}`)
console.log(` Type: ${nc.type}`)
console.log(` Message: ${nc.message}`)
if (nc.suggestion) {
console.log(` 💡 Suggestion: ${nc.suggestion}`)
}
console.log("")
(nc, i) => {
outputFormatter.formatNamingViolation(nc, i)
},
limit,
)
}
// Framework leak violations
if (options.architecture && frameworkLeakViolations.length > 0) {
console.log(
`\n🏗 Found ${String(frameworkLeakViolations.length)} framework leak(s)`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
frameworkLeakViolations,
(fl, index) => {
console.log(`${String(index + 1)}. ${fl.file}`)
console.log(` Severity: ${SEVERITY_LABELS[fl.severity]}`)
console.log(` Package: ${fl.packageName}`)
console.log(` Category: ${fl.categoryDescription}`)
console.log(` Layer: ${fl.layer}`)
console.log(` Rule: ${fl.rule}`)
console.log(` ${fl.message}`)
console.log(` 💡 Suggestion: ${fl.suggestion}`)
console.log("")
(fl, i) => {
outputFormatter.formatFrameworkLeak(fl, i)
},
limit,
)
}
// Entity exposure violations
if (options.architecture && entityExposureViolations.length > 0) {
console.log(
`\n🎭 Found ${String(entityExposureViolations.length)} entity exposure(s)`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
entityExposureViolations,
(ee, index) => {
const location = ee.line ? `${ee.file}:${String(ee.line)}` : ee.file
console.log(`${String(index + 1)}. ${location}`)
console.log(` Severity: ${SEVERITY_LABELS[ee.severity]}`)
console.log(` Entity: ${ee.entityName}`)
console.log(` Return Type: ${ee.returnType}`)
if (ee.methodName) {
console.log(` Method: ${ee.methodName}`)
}
console.log(` Layer: ${ee.layer}`)
console.log(` Rule: ${ee.rule}`)
console.log(` ${ee.message}`)
console.log(" 💡 Suggestion:")
ee.suggestion.split("\n").forEach((line) => {
if (line.trim()) {
console.log(` ${line}`)
}
})
console.log("")
(ee, i) => {
outputFormatter.formatEntityExposure(ee, i)
},
limit,
)
}
// Dependency direction violations
if (options.architecture && dependencyDirectionViolations.length > 0) {
console.log(
`\n⚠ Found ${String(dependencyDirectionViolations.length)} dependency direction violation(s)`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
dependencyDirectionViolations,
(dd, index) => {
console.log(`${String(index + 1)}. ${dd.file}`)
console.log(` Severity: ${SEVERITY_LABELS[dd.severity]}`)
console.log(` From Layer: ${dd.fromLayer}`)
console.log(` To Layer: ${dd.toLayer}`)
console.log(` Import: ${dd.importPath}`)
console.log(` ${dd.message}`)
console.log(` 💡 Suggestion: ${dd.suggestion}`)
console.log("")
(dd, i) => {
outputFormatter.formatDependencyDirection(dd, i)
},
limit,
)
}
// Repository pattern violations
if (options.architecture && repositoryPatternViolations.length > 0) {
console.log(
`\n📦 Found ${String(repositoryPatternViolations.length)} repository pattern violation(s)`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
repositoryPatternViolations,
(rp, index) => {
console.log(`${String(index + 1)}. ${rp.file}`)
console.log(` Severity: ${SEVERITY_LABELS[rp.severity]}`)
console.log(` Layer: ${rp.layer}`)
console.log(` Type: ${rp.violationType}`)
console.log(` Details: ${rp.details}`)
console.log(` ${rp.message}`)
console.log(` 💡 Suggestion: ${rp.suggestion}`)
console.log("")
(rp, i) => {
outputFormatter.formatRepositoryPattern(rp, i)
},
limit,
)
}
// Aggregate boundary violations
if (options.architecture && aggregateBoundaryViolations.length > 0) {
console.log(
`\n🔒 Found ${String(aggregateBoundaryViolations.length)} aggregate boundary violation(s)`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
aggregateBoundaryViolations,
(ab, index) => {
const location = ab.line ? `${ab.file}:${String(ab.line)}` : ab.file
console.log(`${String(index + 1)}. ${location}`)
console.log(` Severity: ${SEVERITY_LABELS[ab.severity]}`)
console.log(` From Aggregate: ${ab.fromAggregate}`)
console.log(` To Aggregate: ${ab.toAggregate}`)
console.log(` Entity: ${ab.entityName}`)
console.log(` Import: ${ab.importPath}`)
console.log(` ${ab.message}`)
console.log(" 💡 Suggestion:")
ab.suggestion.split("\n").forEach((line) => {
if (line.trim()) {
console.log(` ${line}`)
}
})
console.log("")
(ab, i) => {
outputFormatter.formatAggregateBoundary(ab, i)
},
limit,
)
}
if (secretViolations.length > 0) {
console.log(
`\n🔐 Found ${String(secretViolations.length)} hardcoded secret(s) - CRITICAL SECURITY RISK`,
)
outputFormatter.displayGroupedViolations(
secretViolations,
(sv, i) => {
outputFormatter.formatSecretViolation(sv, i)
},
limit,
)
}
if (anemicModelViolations.length > 0) {
console.log(
`\n🩺 Found ${String(anemicModelViolations.length)} anemic domain model(s)`,
)
outputFormatter.displayGroupedViolations(
anemicModelViolations,
(am, i) => {
outputFormatter.formatAnemicModelViolation(am, i)
},
limit,
)
}
// Hardcode violations
if (options.hardcode && hardcodeViolations.length > 0) {
console.log(
`\n${CLI_MESSAGES.HARDCODE_VIOLATIONS_HEADER} ${String(hardcodeViolations.length)} ${CLI_LABELS.HARDCODE_VIOLATIONS}`,
)
displayGroupedViolations(
outputFormatter.displayGroupedViolations(
hardcodeViolations,
(hc, index) => {
console.log(
`${String(index + 1)}. ${hc.file}:${String(hc.line)}:${String(hc.column)}`,
)
console.log(` Severity: ${SEVERITY_LABELS[hc.severity]}`)
console.log(` Type: ${hc.type}`)
console.log(` Value: ${JSON.stringify(hc.value)}`)
console.log(` Context: ${hc.context.trim()}`)
console.log(` 💡 Suggested: ${hc.suggestion.constantName}`)
console.log(` 📁 Location: ${hc.suggestion.location}`)
console.log("")
(hc, i) => {
outputFormatter.formatHardcodeViolation(hc, i)
},
limit,
)
}
// Summary
const totalIssues =
violations.length +
hardcodeViolations.length +
@@ -455,28 +297,13 @@ program
entityExposureViolations.length +
dependencyDirectionViolations.length +
repositoryPatternViolations.length +
aggregateBoundaryViolations.length
aggregateBoundaryViolations.length +
secretViolations.length +
anemicModelViolations.length
if (totalIssues === 0) {
console.log(CLI_MESSAGES.NO_ISSUES)
process.exit(0)
} else {
console.log(
`${CLI_MESSAGES.ISSUES_TOTAL} ${String(totalIssues)} ${CLI_LABELS.ISSUES_TOTAL}`,
)
console.log(CLI_MESSAGES.TIP)
if (options.verbose) {
console.log(CLI_MESSAGES.HELP_FOOTER)
}
process.exit(1)
}
statsFormatter.displaySummary(totalIssues, options.verbose)
} catch (error) {
console.error(`\n❌ ${CLI_MESSAGES.ERROR_PREFIX}`)
console.error(error instanceof Error ? error.message : String(error))
console.error("")
process.exit(1)
statsFormatter.displayError(error instanceof Error ? error.message : String(error))
}
})

20
packages/guardian/src/domain/constants/Messages.ts
View File

@@ -60,3 +60,23 @@ export const AGGREGATE_VIOLATION_MESSAGES = {
AVOID_DIRECT_REFERENCE: "3. Avoid direct entity references to maintain aggregate independence",
MAINTAIN_INDEPENDENCE: "4. Each aggregate should be independently modifiable and deployable",
}
export const SECRET_VIOLATION_MESSAGES = {
USE_ENV_VARIABLES: "1. Use environment variables for sensitive data (process.env.API_KEY)",
USE_SECRET_MANAGER:
"2. Use secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)",
NEVER_COMMIT_SECRETS: "3. Never commit secrets to version control",
ROTATE_IF_EXPOSED: "4. If secret was committed, rotate it immediately",
USE_GITIGNORE: "5. Add secret files to .gitignore (.env, credentials.json, etc.)",
}
export const ANEMIC_MODEL_MESSAGES = {
REMOVE_PUBLIC_SETTERS: "1. Remove public setters - they allow uncontrolled state changes",
USE_METHODS_FOR_CHANGES: "2. Use business methods instead (approve(), cancel(), addItem())",
ENCAPSULATE_INVARIANTS: "3. Encapsulate business rules and invariants in methods",
ADD_BUSINESS_METHODS: "1. Add business logic methods to the entity",
MOVE_LOGIC_FROM_SERVICES:
"2. Move business logic from services to domain entities where it belongs",
ENCAPSULATE_BUSINESS_RULES: "3. Encapsulate business rules inside entity methods",
USE_DOMAIN_EVENTS: "4. Use domain events to communicate state changes",
}

79
packages/guardian/src/domain/constants/SecretExamples.ts Normal file
View File

@@ -0,0 +1,79 @@
/**
* Secret detection constants
* All hardcoded strings related to secret detection and examples
*/
export const SECRET_KEYWORDS = {
AWS: "aws",
GITHUB: "github",
NPM: "npm",
SSH: "ssh",
PRIVATE_KEY: "private key",
SLACK: "slack",
API_KEY: "api key",
APIKEY: "apikey",
ACCESS_KEY: "access key",
SECRET: "secret",
TOKEN: "token",
PASSWORD: "password",
USER: "user",
BOT: "bot",
RSA: "rsa",
DSA: "dsa",
ECDSA: "ecdsa",
ED25519: "ed25519",
BASICAUTH: "basicauth",
GCP: "gcp",
GOOGLE: "google",
PRIVATEKEY: "privatekey",
PERSONAL_ACCESS_TOKEN: "personal access token",
OAUTH: "oauth",
} as const
export const SECRET_TYPE_NAMES = {
AWS_ACCESS_KEY: "AWS Access Key",
AWS_SECRET_KEY: "AWS Secret Key",
AWS_CREDENTIAL: "AWS Credential",
GITHUB_PERSONAL_ACCESS_TOKEN: "GitHub Personal Access Token",
GITHUB_OAUTH_TOKEN: "GitHub OAuth Token",
GITHUB_TOKEN: "GitHub Token",
NPM_TOKEN: "NPM Token",
GCP_SERVICE_ACCOUNT_KEY: "GCP Service Account Key",
SSH_RSA_PRIVATE_KEY: "SSH RSA Private Key",
SSH_DSA_PRIVATE_KEY: "SSH DSA Private Key",
SSH_ECDSA_PRIVATE_KEY: "SSH ECDSA Private Key",
SSH_ED25519_PRIVATE_KEY: "SSH Ed25519 Private Key",
SSH_PRIVATE_KEY: "SSH Private Key",
SLACK_BOT_TOKEN: "Slack Bot Token",
SLACK_USER_TOKEN: "Slack User Token",
SLACK_TOKEN: "Slack Token",
BASIC_AUTH_CREDENTIALS: "Basic Authentication Credentials",
API_KEY: "API Key",
AUTHENTICATION_TOKEN: "Authentication Token",
PASSWORD: "Password",
SECRET: "Secret",
SENSITIVE_DATA: "Sensitive Data",
} as const
export const SECRET_EXAMPLE_VALUES = {
AWS_ACCESS_KEY_ID: "AKIA1234567890ABCDEF",
AWS_SECRET_ACCESS_KEY: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
GITHUB_TOKEN: "ghp_1234567890abcdefghijklmnopqrstuv",
NPM_TOKEN: "npm_abc123xyz",
SLACK_TOKEN: "xoxb-<token-here>",
API_KEY: "sk_live_XXXXXXXXXXXXXXXXXXXX_example_key",
HARDCODED_SECRET: "hardcoded-secret-value",
} as const
export const FILE_ENCODING = {
UTF8: "utf-8",
} as const
export const REGEX_ESCAPE_PATTERN = {
DOLLAR_AMPERSAND: "\\$&",
} as const
export const DYNAMIC_IMPORT_PATTERN_PARTS = {
QUOTE_START: '"`][^',
QUOTE_END: "`]+['\"",
} as const

29
packages/guardian/src/domain/services/IAnemicModelDetector.ts Normal file
View File

@@ -0,0 +1,29 @@
import { AnemicModelViolation } from "../value-objects/AnemicModelViolation"
/**
* Interface for detecting anemic domain model violations in the codebase
*
* Anemic domain models are entities that contain only getters/setters
* without business logic. This anti-pattern violates Domain-Driven Design
* principles and leads to procedural code scattered in services.
*/
export interface IAnemicModelDetector {
/**
* Detects anemic model violations in the given code
*
* Analyzes classes in domain/entities to identify:
* - Classes with only getters and setters (no business logic)
* - Classes with public setters (DDD anti-pattern)
* - Classes with low method-to-property ratio
*
* @param code - Source code to analyze
* @param filePath - Path to the file being analyzed
* @param layer - The architectural layer of the file (domain, application, infrastructure, shared)
* @returns Array of detected anemic model violations
*/
detectAnemicModels(
code: string,
filePath: string,
layer: string | undefined,
): AnemicModelViolation[]
}

55
packages/guardian/src/domain/services/IDuplicateValueTracker.ts Normal file
View File

@@ -0,0 +1,55 @@
import { HardcodedValue } from "../value-objects/HardcodedValue"
export interface ValueLocation {
file: string
line: number
context: string
}
export interface DuplicateInfo {
value: string | number | boolean
locations: ValueLocation[]
count: number
}
/**
* Interface for tracking duplicate hardcoded values across files
*
* Helps identify values that are used in multiple places
* and should be extracted to a shared constant.
*/
export interface IDuplicateValueTracker {
/**
* Adds a hardcoded value to tracking
*/
track(violation: HardcodedValue, filePath: string): void
/**
* Gets all duplicate values (values used in 2+ places)
*/
getDuplicates(): DuplicateInfo[]
/**
* Gets duplicate locations for a specific value
*/
getDuplicateLocations(value: string | number | boolean, type: string): ValueLocation[] | null
/**
* Checks if a value is duplicated
*/
isDuplicate(value: string | number | boolean, type: string): boolean
/**
* Gets statistics about duplicates
*/
getStats(): {
totalValues: number
duplicateValues: number
duplicatePercentage: number
}
/**
* Clears all tracked values
*/
clear(): void
}

34
packages/guardian/src/domain/services/ISecretDetector.ts Normal file
View File

@@ -0,0 +1,34 @@
import { SecretViolation } from "../value-objects/SecretViolation"
/**
* Interface for detecting hardcoded secrets in source code
*
* Detects sensitive data like API keys, tokens, passwords, and credentials
* that should never be hardcoded in source code. Uses industry-standard
* Secretlint library for pattern matching.
*
* All detected secrets are marked as CRITICAL severity violations.
*
* @example
* ```typescript
* const detector: ISecretDetector = new SecretDetector()
* const violations = await detector.detectAll(
* 'const AWS_KEY = "AKIA1234567890ABCDEF"',
* 'src/config/aws.ts'
* )
*
* violations.forEach(v => {
* console.log(v.getMessage()) // "Hardcoded AWS Access Key detected"
* })
* ```
*/
export interface ISecretDetector {
/**
* Detect all types of hardcoded secrets in the provided code
*
* @param code - Source code to analyze
* @param filePath - Path to the file being analyzed
* @returns Array of secret violations found
*/
detectAll(code: string, filePath: string): Promise<SecretViolation[]>
}

240
packages/guardian/src/domain/value-objects/AnemicModelViolation.ts Normal file
View File

@@ -0,0 +1,240 @@
import { ValueObject } from "./ValueObject"
import { ANEMIC_MODEL_MESSAGES } from "../constants/Messages"
import { EXAMPLE_CODE_CONSTANTS } from "../../shared/constants"
interface AnemicModelViolationProps {
readonly className: string
readonly filePath: string
readonly layer: string
readonly line?: number
readonly methodCount: number
readonly propertyCount: number
readonly hasOnlyGettersSetters: boolean
readonly hasPublicSetters: boolean
}
/**
* Represents an anemic domain model violation in the codebase
*
* Anemic domain model occurs when entities have only getters/setters
* without business logic. This violates Domain-Driven Design principles
* and leads to procedural code instead of object-oriented design.
*
* @example
* ```typescript
* // Bad: Anemic model with only getters/setters
* const violation = AnemicModelViolation.create(
* 'Order',
* 'src/domain/entities/Order.ts',
* 'domain',
* 10,
* 4,
* 2,
* true,
* true
* )
*
* console.log(violation.getMessage())
* // "Class 'Order' is anemic: 4 methods (all getters/setters) for 2 properties"
* ```
*/
export class AnemicModelViolation extends ValueObject<AnemicModelViolationProps> {
private constructor(props: AnemicModelViolationProps) {
super(props)
}
public static create(
className: string,
filePath: string,
layer: string,
line: number | undefined,
methodCount: number,
propertyCount: number,
hasOnlyGettersSetters: boolean,
hasPublicSetters: boolean,
): AnemicModelViolation {
return new AnemicModelViolation({
className,
filePath,
layer,
line,
methodCount,
propertyCount,
hasOnlyGettersSetters,
hasPublicSetters,
})
}
public get className(): string {
return this.props.className
}
public get filePath(): string {
return this.props.filePath
}
public get layer(): string {
return this.props.layer
}
public get line(): number | undefined {
return this.props.line
}
public get methodCount(): number {
return this.props.methodCount
}
public get propertyCount(): number {
return this.props.propertyCount
}
public get hasOnlyGettersSetters(): boolean {
return this.props.hasOnlyGettersSetters
}
public get hasPublicSetters(): boolean {
return this.props.hasPublicSetters
}
public getMessage(): string {
if (this.props.hasPublicSetters) {
return `Class '${this.props.className}' has public setters (anti-pattern in DDD)`
}
if (this.props.hasOnlyGettersSetters) {
return `Class '${this.props.className}' is anemic: ${String(this.props.methodCount)} methods (all getters/setters) for ${String(this.props.propertyCount)} properties`
}
const ratio = this.props.methodCount / Math.max(this.props.propertyCount, 1)
return `Class '${this.props.className}' appears anemic: low method-to-property ratio (${ratio.toFixed(1)}:1)`
}
public getSuggestion(): string {
const suggestions: string[] = []
if (this.props.hasPublicSetters) {
suggestions.push(ANEMIC_MODEL_MESSAGES.REMOVE_PUBLIC_SETTERS)
suggestions.push(ANEMIC_MODEL_MESSAGES.USE_METHODS_FOR_CHANGES)
suggestions.push(ANEMIC_MODEL_MESSAGES.ENCAPSULATE_INVARIANTS)
}
if (this.props.hasOnlyGettersSetters || this.props.methodCount < 2) {
suggestions.push(ANEMIC_MODEL_MESSAGES.ADD_BUSINESS_METHODS)
suggestions.push(ANEMIC_MODEL_MESSAGES.MOVE_LOGIC_FROM_SERVICES)
suggestions.push(ANEMIC_MODEL_MESSAGES.ENCAPSULATE_BUSINESS_RULES)
suggestions.push(ANEMIC_MODEL_MESSAGES.USE_DOMAIN_EVENTS)
}
return suggestions.join("\n")
}
public getExampleFix(): string {
if (this.props.hasPublicSetters) {
return `
// ❌ Bad: Public setters allow uncontrolled state changes
class ${this.props.className} {
private status: string
public setStatus(status: string): void {
this.status = status // No validation!
}
public getStatus(): string {
return this.status
}
}
// ✅ Good: Business methods with validation
class ${this.props.className} {
private status: OrderStatus
public approve(): void {
if (!this.canBeApproved()) {
throw new CannotApproveOrderError()
}
this.status = OrderStatus.APPROVED
this.events.push(new OrderApprovedEvent(this.id))
}
public reject(reason: string): void {
if (!this.canBeRejected()) {
throw new CannotRejectOrderError()
}
this.status = OrderStatus.REJECTED
this.rejectionReason = reason
this.events.push(new OrderRejectedEvent(this.id, reason))
}
public getStatus(): OrderStatus {
return this.status
}
private canBeApproved(): boolean {
return this.status === OrderStatus.PENDING && this.hasItems()
}
}`
}
return `
// ❌ Bad: Anemic model (only getters/setters)
class ${this.props.className} {
getStatus() { return this.status }
setStatus(status: string) { this.status = status }
getTotal() { return this.total }
setTotal(total: number) { this.total = total }
}
class OrderService {
approve(order: ${this.props.className}): void {
if (order.getStatus() !== '${EXAMPLE_CODE_CONSTANTS.ORDER_STATUS_PENDING}') {
throw new Error('${EXAMPLE_CODE_CONSTANTS.CANNOT_APPROVE_ERROR}')
}
order.setStatus('${EXAMPLE_CODE_CONSTANTS.ORDER_STATUS_APPROVED}')
}
}
// ✅ Good: Rich domain model with business logic
class ${this.props.className} {
private readonly id: OrderId
private status: OrderStatus
private items: OrderItem[]
private events: DomainEvent[] = []
public approve(): void {
if (!this.isPending()) {
throw new CannotApproveOrderError()
}
this.status = OrderStatus.APPROVED
this.events.push(new OrderApprovedEvent(this.id))
}
public calculateTotal(): Money {
return this.items.reduce(
(sum, item) => sum.add(item.getPrice()),
Money.zero()
)
}
public addItem(item: OrderItem): void {
if (this.isApproved()) {
throw new CannotModifyApprovedOrderError()
}
this.items.push(item)
}
public getStatus(): OrderStatus {
return this.status
}
private isPending(): boolean {
return this.status === OrderStatus.PENDING
}
private isApproved(): boolean {
return this.status === OrderStatus.APPROVED
}
}`
}
}

344
packages/guardian/src/domain/value-objects/HardcodedValue.ts
View File

@@ -1,15 +1,40 @@
import { ValueObject } from "./ValueObject"
import { HARDCODE_TYPES } from "../../shared/constants/rules"
import { DETECTION_PATTERNS, HARDCODE_TYPES } from "../../shared/constants/rules"
import { CONSTANT_NAMES, LOCATIONS, SUGGESTION_KEYWORDS } from "../constants/Suggestions"
export type HardcodeType = (typeof HARDCODE_TYPES)[keyof typeof HARDCODE_TYPES]
export type ValueType =
| "email"
| "url"
| "ip_address"
| "file_path"
| "date"
| "api_key"
| "uuid"
| "version"
| "color"
| "mac_address"
| "base64"
| "config"
| "generic"
export type ValueImportance = "critical" | "high" | "medium" | "low"
export interface DuplicateLocation {
file: string
line: number
}
interface HardcodedValueProps {
readonly value: string | number
readonly value: string | number | boolean
readonly type: HardcodeType
readonly valueType?: ValueType
readonly line: number
readonly column: number
readonly context: string
readonly duplicateLocations?: DuplicateLocation[]
readonly withinFileUsageCount?: number
}
/**
@@ -21,22 +46,28 @@ export class HardcodedValue extends ValueObject<HardcodedValueProps> {
}
public static create(
value: string | number,
value: string | number | boolean,
type: HardcodeType,
line: number,
column: number,
context: string,
valueType?: ValueType,
duplicateLocations?: DuplicateLocation[],
withinFileUsageCount?: number,
): HardcodedValue {
return new HardcodedValue({
value,
type,
valueType,
line,
column,
context,
duplicateLocations,
withinFileUsageCount,
})
}
public get value(): string | number {
public get value(): string | number | boolean {
return this.props.value
}
@@ -56,6 +87,28 @@ export class HardcodedValue extends ValueObject<HardcodedValueProps> {
return this.props.context
}
public get valueType(): ValueType | undefined {
return this.props.valueType
}
public get duplicateLocations(): DuplicateLocation[] | undefined {
return this.props.duplicateLocations
}
public get withinFileUsageCount(): number | undefined {
return this.props.withinFileUsageCount
}
public hasDuplicates(): boolean {
return (
this.props.duplicateLocations !== undefined && this.props.duplicateLocations.length > 0
)
}
public isAlmostConstant(): boolean {
return this.props.withinFileUsageCount !== undefined && this.props.withinFileUsageCount >= 2
}
public isMagicNumber(): boolean {
return this.props.type === HARDCODE_TYPES.MAGIC_NUMBER
}
@@ -106,6 +159,154 @@ export class HardcodedValue extends ValueObject<HardcodedValueProps> {
private suggestStringConstantName(): string {
const value = String(this.props.value)
const context = this.props.context.toLowerCase()
const valueType = this.props.valueType
if (valueType === "email") {
if (context.includes("admin")) {
return "ADMIN_EMAIL"
}
if (context.includes("support")) {
return "SUPPORT_EMAIL"
}
if (context.includes("noreply") || context.includes("no-reply")) {
return "NOREPLY_EMAIL"
}
return "DEFAULT_EMAIL"
}
if (valueType === "api_key") {
if (context.includes("secret")) {
return "API_SECRET_KEY"
}
if (context.includes("public")) {
return "API_PUBLIC_KEY"
}
return "API_KEY"
}
if (valueType === "url") {
if (context.includes("api")) {
return "API_BASE_URL"
}
if (context.includes("database") || context.includes("db")) {
return "DATABASE_URL"
}
if (context.includes("mongo")) {
return "MONGODB_CONNECTION_STRING"
}
if (context.includes("postgres") || context.includes("pg")) {
return "POSTGRES_URL"
}
return "BASE_URL"
}
if (valueType === "ip_address") {
if (context.includes("server")) {
return "SERVER_IP"
}
if (context.includes("database") || context.includes("db")) {
return "DATABASE_HOST"
}
if (context.includes("redis")) {
return "REDIS_HOST"
}
return "HOST_IP"
}
if (valueType === "file_path") {
if (context.includes("log")) {
return "LOG_FILE_PATH"
}
if (context.includes("config")) {
return "CONFIG_FILE_PATH"
}
if (context.includes("data")) {
return "DATA_DIR_PATH"
}
if (context.includes("temp")) {
return "TEMP_DIR_PATH"
}
return "FILE_PATH"
}
if (valueType === "date") {
if (context.includes("deadline")) {
return "DEADLINE"
}
if (context.includes("start")) {
return "START_DATE"
}
if (context.includes("end")) {
return "END_DATE"
}
if (context.includes("expir")) {
return "EXPIRATION_DATE"
}
return "DEFAULT_DATE"
}
if (valueType === "uuid") {
if (context.includes("id") || context.includes("identifier")) {
return "DEFAULT_ID"
}
if (context.includes("request")) {
return "REQUEST_ID"
}
if (context.includes("session")) {
return "SESSION_ID"
}
return "UUID_CONSTANT"
}
if (valueType === "version") {
if (context.includes("api")) {
return "API_VERSION"
}
if (context.includes("app")) {
return "APP_VERSION"
}
return "VERSION"
}
if (valueType === "color") {
if (context.includes("primary")) {
return "PRIMARY_COLOR"
}
if (context.includes("secondary")) {
return "SECONDARY_COLOR"
}
if (context.includes("background")) {
return "BACKGROUND_COLOR"
}
return "COLOR_CONSTANT"
}
if (valueType === "mac_address") {
return "MAC_ADDRESS"
}
if (valueType === "base64") {
if (context.includes("token")) {
return "ENCODED_TOKEN"
}
if (context.includes("key")) {
return "ENCODED_KEY"
}
return "BASE64_VALUE"
}
if (valueType === "config") {
if (context.includes("endpoint")) {
return "API_ENDPOINT"
}
if (context.includes("route")) {
return "ROUTE_PATH"
}
if (context.includes("connection")) {
return "CONNECTION_STRING"
}
return "CONFIG_VALUE"
}
if (value.includes(SUGGESTION_KEYWORDS.HTTP)) {
return CONSTANT_NAMES.API_BASE_URL
@@ -135,6 +336,23 @@ export class HardcodedValue extends ValueObject<HardcodedValueProps> {
}
const context = this.props.context.toLowerCase()
const valueType = this.props.valueType
if (valueType === "api_key" || valueType === "url" || valueType === "ip_address") {
return "src/config/environment.ts"
}
if (valueType === "email") {
return "src/config/contacts.ts"
}
if (valueType === "file_path") {
return "src/config/paths.ts"
}
if (valueType === "date") {
return "src/config/dates.ts"
}
if (
context.includes(SUGGESTION_KEYWORDS.ENTITY) ||
@@ -153,4 +371,122 @@ export class HardcodedValue extends ValueObject<HardcodedValueProps> {
return LOCATIONS.SHARED_CONSTANTS
}
public getDetailedSuggestion(currentLayer?: string): string {
const constantName = this.suggestConstantName()
const location = this.suggestLocation(currentLayer)
const valueTypeLabel = this.valueType ? ` (${this.valueType})` : ""
let suggestion = `Extract${valueTypeLabel} to constant ${constantName} in ${location}`
if (this.isAlmostConstant() && this.withinFileUsageCount) {
suggestion += `. This value appears ${String(this.withinFileUsageCount)} times in this file`
}
if (this.hasDuplicates() && this.duplicateLocations) {
const count = this.duplicateLocations.length
const fileList = this.duplicateLocations
.slice(0, 3)
.map((loc) => `${loc.file}:${String(loc.line)}`)
.join(", ")
const more = count > 3 ? ` and ${String(count - 3)} more` : ""
suggestion += `. Also duplicated in ${String(count)} other file(s): ${fileList}${more}`
}
return suggestion
}
/**
* Analyzes variable name and context to determine importance
*/
public getImportance(): ValueImportance {
const context = this.props.context.toLowerCase()
const valueType = this.props.valueType
if (valueType === "api_key") {
return "critical"
}
const criticalKeywords = [
...DETECTION_PATTERNS.SENSITIVE_KEYWORDS,
...DETECTION_PATTERNS.BUSINESS_KEYWORDS,
"key",
"age",
]
if (criticalKeywords.some((keyword) => context.includes(keyword))) {
return "critical"
}
const highKeywords = [...DETECTION_PATTERNS.TECHNICAL_KEYWORDS, "db", "api"]
if (highKeywords.some((keyword) => context.includes(keyword))) {
return "high"
}
if (valueType === "url" || valueType === "ip_address" || valueType === "email") {
return "high"
}
const mediumKeywords = DETECTION_PATTERNS.MEDIUM_KEYWORDS
if (mediumKeywords.some((keyword) => context.includes(keyword))) {
return "medium"
}
const lowKeywords = DETECTION_PATTERNS.UI_KEYWORDS
if (lowKeywords.some((keyword) => context.includes(keyword))) {
return "low"
}
return "medium"
}
/**
* Checks if this violation should be skipped based on layer strictness
*
* Different layers have different tolerance levels:
* - domain: strictest (no hardcoded values allowed)
* - application: strict (only low importance allowed)
* - infrastructure: moderate (low and some medium allowed)
* - cli: lenient (UI constants allowed)
*/
public shouldSkip(layer?: string): boolean {
if (!layer) {
return false
}
const importance = this.getImportance()
if (layer === "domain") {
return false
}
if (layer === "application") {
return false
}
if (layer === "infrastructure") {
return importance === "low" && this.isUIConstant()
}
if (layer === "cli") {
return importance === "low" && this.isUIConstant()
}
return false
}
/**
* Checks if this value is a UI-related constant
*/
private isUIConstant(): boolean {
const context = this.props.context.toLowerCase()
const uiKeywords = DETECTION_PATTERNS.UI_KEYWORDS
return uiKeywords.some((keyword) => context.includes(keyword))
}
}

204
packages/guardian/src/domain/value-objects/SecretViolation.ts Normal file
View File

@@ -0,0 +1,204 @@
import { ValueObject } from "./ValueObject"
import { SECRET_VIOLATION_MESSAGES } from "../constants/Messages"
import { SEVERITY_LEVELS } from "../../shared/constants"
import { FILE_ENCODING, SECRET_EXAMPLE_VALUES, SECRET_KEYWORDS } from "../constants/SecretExamples"
interface SecretViolationProps {
readonly file: string
readonly line: number
readonly column: number
readonly secretType: string
readonly matchedPattern: string
}
/**
* Represents a secret exposure violation in the codebase
*
* Secret violations occur when sensitive data like API keys, tokens, passwords,
* or credentials are hardcoded in the source code instead of being stored
* in secure environment variables or secret management systems.
*
* All secret violations are marked as CRITICAL severity because they represent
* serious security risks that could lead to unauthorized access, data breaches,
* or service compromise.
*
* @example
* ```typescript
* const violation = SecretViolation.create(
* 'src/config/aws.ts',
* 10,
* 15,
* 'AWS Access Key',
* 'AKIA1234567890ABCDEF'
* )
*
* console.log(violation.getMessage())
* // "Hardcoded AWS Access Key detected"
*
* console.log(violation.getSeverity())
* // "critical"
* ```
*/
export class SecretViolation extends ValueObject<SecretViolationProps> {
private constructor(props: SecretViolationProps) {
super(props)
}
public static create(
file: string,
line: number,
column: number,
secretType: string,
matchedPattern: string,
): SecretViolation {
return new SecretViolation({
file,
line,
column,
secretType,
matchedPattern,
})
}
public get file(): string {
return this.props.file
}
public get line(): number {
return this.props.line
}
public get column(): number {
return this.props.column
}
public get secretType(): string {
return this.props.secretType
}
public get matchedPattern(): string {
return this.props.matchedPattern
}
public getMessage(): string {
return `Hardcoded ${this.props.secretType} detected`
}
public getSuggestion(): string {
const suggestions: string[] = [
SECRET_VIOLATION_MESSAGES.USE_ENV_VARIABLES,
SECRET_VIOLATION_MESSAGES.USE_SECRET_MANAGER,
SECRET_VIOLATION_MESSAGES.NEVER_COMMIT_SECRETS,
SECRET_VIOLATION_MESSAGES.ROTATE_IF_EXPOSED,
SECRET_VIOLATION_MESSAGES.USE_GITIGNORE,
]
return suggestions.join("\n")
}
public getExampleFix(): string {
return this.getExampleFixForSecretType(this.props.secretType)
}
public getSeverity(): typeof SEVERITY_LEVELS.CRITICAL {
return SEVERITY_LEVELS.CRITICAL
}
private getExampleFixForSecretType(secretType: string): string {
const lowerType = secretType.toLowerCase()
if (lowerType.includes(SECRET_KEYWORDS.AWS)) {
return `
// ❌ Bad: Hardcoded AWS credentials
const AWS_ACCESS_KEY_ID = "${SECRET_EXAMPLE_VALUES.AWS_ACCESS_KEY_ID}"
const AWS_SECRET_ACCESS_KEY = "${SECRET_EXAMPLE_VALUES.AWS_SECRET_ACCESS_KEY}"
// ✅ Good: Use environment variables
const AWS_ACCESS_KEY_ID = process.env.AWS_ACCESS_KEY_ID
const AWS_SECRET_ACCESS_KEY = process.env.AWS_SECRET_ACCESS_KEY
// ✅ Good: Use credentials provider (in infrastructure layer)
// Load credentials from environment or credentials file`
}
if (lowerType.includes(SECRET_KEYWORDS.GITHUB)) {
return `
// ❌ Bad: Hardcoded GitHub token
const GITHUB_TOKEN = "${SECRET_EXAMPLE_VALUES.GITHUB_TOKEN}"
// ✅ Good: Use environment variables
const GITHUB_TOKEN = process.env.GITHUB_TOKEN
// ✅ Good: GitHub Apps with temporary tokens
// Use GitHub Apps for automated workflows instead of personal access tokens`
}
if (lowerType.includes(SECRET_KEYWORDS.NPM)) {
return `
// ❌ Bad: Hardcoded NPM token in code
const NPM_TOKEN = "${SECRET_EXAMPLE_VALUES.NPM_TOKEN}"
// ✅ Good: Use .npmrc file (add to .gitignore)
// .npmrc
//registry.npmjs.org/:_authToken=\${NPM_TOKEN}
// ✅ Good: Use environment variable
const NPM_TOKEN = process.env.NPM_TOKEN`
}
if (
lowerType.includes(SECRET_KEYWORDS.SSH) ||
lowerType.includes(SECRET_KEYWORDS.PRIVATE_KEY)
) {
return `
// ❌ Bad: Hardcoded SSH private key
const privateKey = \`-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...\`
// ✅ Good: Load from secure file (not in repository)
import fs from "fs"
const privateKey = fs.readFileSync(process.env.SSH_KEY_PATH, "${FILE_ENCODING.UTF8}")
// ✅ Good: Use SSH agent
// Configure SSH agent to handle keys securely`
}
if (lowerType.includes(SECRET_KEYWORDS.SLACK)) {
return `
// ❌ Bad: Hardcoded Slack token
const SLACK_TOKEN = "${SECRET_EXAMPLE_VALUES.SLACK_TOKEN}"
// ✅ Good: Use environment variables
const SLACK_TOKEN = process.env.SLACK_BOT_TOKEN
// ✅ Good: Use OAuth flow for user tokens
// Implement OAuth 2.0 flow instead of hardcoding tokens`
}
if (
lowerType.includes(SECRET_KEYWORDS.API_KEY) ||
lowerType.includes(SECRET_KEYWORDS.APIKEY)
) {
return `
// ❌ Bad: Hardcoded API key
const API_KEY = "${SECRET_EXAMPLE_VALUES.API_KEY}"
// ✅ Good: Use environment variables
const API_KEY = process.env.API_KEY
// ✅ Good: Use secret management service (in infrastructure layer)
// AWS Secrets Manager, HashiCorp Vault, Azure Key Vault
// Implement secret retrieval in infrastructure and inject via DI`
}
return `
// ❌ Bad: Hardcoded secret
const SECRET = "${SECRET_EXAMPLE_VALUES.HARDCODED_SECRET}"
// ✅ Good: Use environment variables
const SECRET = process.env.SECRET_KEY
// ✅ Good: Use secret management
// AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, etc.`
}
}

330
packages/guardian/src/infrastructure/analyzers/AggregateBoundaryDetector.ts
View File

@@ -1,8 +1,9 @@
import { IAggregateBoundaryDetector } from "../../domain/services/IAggregateBoundaryDetector"
import { AggregateBoundaryViolation } from "../../domain/value-objects/AggregateBoundaryViolation"
import { LAYERS } from "../../shared/constants/rules"
import { IMPORT_PATTERNS } from "../constants/paths"
import { DDD_FOLDER_NAMES } from "../constants/detectorPatterns"
import { AggregatePathAnalyzer } from "../strategies/AggregatePathAnalyzer"
import { FolderRegistry } from "../strategies/FolderRegistry"
import { ImportValidator } from "../strategies/ImportValidator"
/**
* Detects aggregate boundary violations in Domain-Driven Design
@@ -38,42 +39,15 @@ import { DDD_FOLDER_NAMES } from "../constants/detectorPatterns"
* ```
*/
export class AggregateBoundaryDetector implements IAggregateBoundaryDetector {
private readonly entityFolderNames = new Set<string>([
DDD_FOLDER_NAMES.ENTITIES,
DDD_FOLDER_NAMES.AGGREGATES,
])
private readonly valueObjectFolderNames = new Set<string>([
DDD_FOLDER_NAMES.VALUE_OBJECTS,
DDD_FOLDER_NAMES.VO,
])
private readonly allowedFolderNames = new Set<string>([
DDD_FOLDER_NAMES.VALUE_OBJECTS,
DDD_FOLDER_NAMES.VO,
DDD_FOLDER_NAMES.EVENTS,
DDD_FOLDER_NAMES.DOMAIN_EVENTS,
DDD_FOLDER_NAMES.REPOSITORIES,
DDD_FOLDER_NAMES.SERVICES,
DDD_FOLDER_NAMES.SPECIFICATIONS,
DDD_FOLDER_NAMES.ERRORS,
DDD_FOLDER_NAMES.EXCEPTIONS,
])
private readonly nonAggregateFolderNames = new Set<string>([
DDD_FOLDER_NAMES.VALUE_OBJECTS,
DDD_FOLDER_NAMES.VO,
DDD_FOLDER_NAMES.EVENTS,
DDD_FOLDER_NAMES.DOMAIN_EVENTS,
DDD_FOLDER_NAMES.REPOSITORIES,
DDD_FOLDER_NAMES.SERVICES,
DDD_FOLDER_NAMES.SPECIFICATIONS,
DDD_FOLDER_NAMES.ENTITIES,
DDD_FOLDER_NAMES.CONSTANTS,
DDD_FOLDER_NAMES.SHARED,
DDD_FOLDER_NAMES.FACTORIES,
DDD_FOLDER_NAMES.PORTS,
DDD_FOLDER_NAMES.INTERFACES,
DDD_FOLDER_NAMES.ERRORS,
DDD_FOLDER_NAMES.EXCEPTIONS,
])
private readonly folderRegistry: FolderRegistry
private readonly pathAnalyzer: AggregatePathAnalyzer
private readonly importValidator: ImportValidator
constructor() {
this.folderRegistry = new FolderRegistry()
this.pathAnalyzer = new AggregatePathAnalyzer(this.folderRegistry)
this.importValidator = new ImportValidator(this.folderRegistry, this.pathAnalyzer)
}
/**
* Detects aggregate boundary violations in the given code
@@ -95,41 +69,12 @@ export class AggregateBoundaryDetector implements IAggregateBoundaryDetector {
return []
}
const currentAggregate = this.extractAggregateFromPath(filePath)
const currentAggregate = this.pathAnalyzer.extractAggregateFromPath(filePath)
if (!currentAggregate) {
return []
}
const violations: AggregateBoundaryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const imports = this.extractImports(line)
for (const importPath of imports) {
if (this.isAggregateBoundaryViolation(importPath, currentAggregate)) {
const targetAggregate = this.extractAggregateFromImport(importPath)
const entityName = this.extractEntityName(importPath)
if (targetAggregate && entityName) {
violations.push(
AggregateBoundaryViolation.create(
currentAggregate,
targetAggregate,
entityName,
importPath,
filePath,
lineNumber,
),
)
}
}
}
}
return violations
return this.analyzeImports(code, filePath, currentAggregate)
}
/**
@@ -144,37 +89,7 @@ export class AggregateBoundaryDetector implements IAggregateBoundaryDetector {
* @returns The aggregate name if found, undefined otherwise
*/
public extractAggregateFromPath(filePath: string): string | undefined {
const normalizedPath = filePath.toLowerCase().replace(/\\/g, "/")
const domainMatch = /(?:^|\/)(domain)\//.exec(normalizedPath)
if (!domainMatch) {
return undefined
}
const domainEndIndex = domainMatch.index + domainMatch[0].length
const pathAfterDomain = normalizedPath.substring(domainEndIndex)
const segments = pathAfterDomain.split("/").filter(Boolean)
if (segments.length < 2) {
return undefined
}
if (this.entityFolderNames.has(segments[0])) {
if (segments.length < 3) {
return undefined
}
const aggregate = segments[1]
if (this.nonAggregateFolderNames.has(aggregate)) {
return undefined
}
return aggregate
}
const aggregate = segments[0]
if (this.nonAggregateFolderNames.has(aggregate)) {
return undefined
}
return aggregate
return this.pathAnalyzer.extractAggregateFromPath(filePath)
}
/**
@@ -185,197 +100,68 @@ export class AggregateBoundaryDetector implements IAggregateBoundaryDetector {
* @returns True if the import crosses aggregate boundaries inappropriately
*/
public isAggregateBoundaryViolation(importPath: string, currentAggregate: string): boolean {
const normalizedPath = importPath.replace(IMPORT_PATTERNS.QUOTE, "").toLowerCase()
if (!normalizedPath.includes("/")) {
return false
}
if (!normalizedPath.startsWith(".") && !normalizedPath.startsWith("/")) {
return false
}
// Check if import stays within the same bounded context
if (this.isInternalBoundedContextImport(normalizedPath)) {
return false
}
const targetAggregate = this.extractAggregateFromImport(normalizedPath)
if (!targetAggregate || targetAggregate === currentAggregate) {
return false
}
if (this.isAllowedImport(normalizedPath)) {
return false
}
return this.seemsLikeEntityImport(normalizedPath)
return this.importValidator.isViolation(importPath, currentAggregate)
}
/**
* Checks if the import is internal to the same bounded context
*
* An import like "../aggregates/Entity" from "repositories/Repo" stays within
* the same bounded context (one level up goes to the bounded context root).
*
* An import like "../../other-context/Entity" crosses bounded context boundaries.
* Analyzes all imports in code and detects violations
*/
private isInternalBoundedContextImport(normalizedPath: string): boolean {
const parts = normalizedPath.split("/")
const dotDotCount = parts.filter((p) => p === "..").length
private analyzeImports(
code: string,
filePath: string,
currentAggregate: string,
): AggregateBoundaryViolation[] {
const violations: AggregateBoundaryViolation[] = []
const lines = code.split("\n")
/*
* If only one ".." and path goes into aggregates/entities folder,
* it's likely an internal import within the same bounded context
*/
if (dotDotCount === 1) {
const nonDotParts = parts.filter((p) => p !== ".." && p !== ".")
if (nonDotParts.length >= 1) {
const firstFolder = nonDotParts[0]
// Importing from aggregates/entities within same bounded context is allowed
if (this.entityFolderNames.has(firstFolder)) {
return true
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const imports = this.importValidator.extractImports(line)
for (const importPath of imports) {
const violation = this.checkImport(
importPath,
currentAggregate,
filePath,
lineNumber,
)
if (violation) {
violations.push(violation)
}
}
}
return false
return violations
}
/**
* Checks if the import path is from an allowed folder (value-objects, events, etc.)
* Checks a single import for boundary violations
*/
private isAllowedImport(normalizedPath: string): boolean {
for (const folderName of this.allowedFolderNames) {
if (normalizedPath.includes(`/${folderName}/`)) {
return true
}
}
return false
}
/**
* Checks if the import seems to be an entity (not a value object, event, etc.)
*
* Note: normalizedPath is already lowercased, so we check if the first character
* is a letter (indicating it was likely PascalCase originally)
*/
private seemsLikeEntityImport(normalizedPath: string): boolean {
const pathParts = normalizedPath.split("/")
const lastPart = pathParts[pathParts.length - 1]
if (!lastPart) {
return false
}
const filename = lastPart.replace(/\.(ts|js)$/, "")
if (filename.length > 0 && /^[a-z][a-z]/.exec(filename)) {
return true
}
return false
}
/**
* Extracts the aggregate name from an import path
*
* Handles both absolute and relative paths:
* - ../user/User → user
* - ../../domain/user/User → user
* - ../user/value-objects/UserId → user (but filtered as value object)
*/
private extractAggregateFromImport(importPath: string): string | undefined {
const normalizedPath = importPath.replace(IMPORT_PATTERNS.QUOTE, "").toLowerCase()
const segments = normalizedPath.split("/").filter((seg) => seg !== ".." && seg !== ".")
if (segments.length === 0) {
private checkImport(
importPath: string,
currentAggregate: string,
filePath: string,
lineNumber: number,
): AggregateBoundaryViolation | undefined {
if (!this.importValidator.isViolation(importPath, currentAggregate)) {
return undefined
}
for (let i = 0; i < segments.length; i++) {
if (
segments[i] === DDD_FOLDER_NAMES.DOMAIN ||
segments[i] === DDD_FOLDER_NAMES.AGGREGATES
) {
if (i + 1 < segments.length) {
if (
this.entityFolderNames.has(segments[i + 1]) ||
segments[i + 1] === DDD_FOLDER_NAMES.AGGREGATES
) {
if (i + 2 < segments.length) {
return segments[i + 2]
}
} else {
return segments[i + 1]
}
}
}
}
const targetAggregate = this.pathAnalyzer.extractAggregateFromImport(importPath)
const entityName = this.pathAnalyzer.extractEntityName(importPath)
if (segments.length >= 2) {
const secondLastSegment = segments[segments.length - 2]
if (
!this.entityFolderNames.has(secondLastSegment) &&
!this.valueObjectFolderNames.has(secondLastSegment) &&
!this.allowedFolderNames.has(secondLastSegment) &&
secondLastSegment !== DDD_FOLDER_NAMES.DOMAIN
) {
return secondLastSegment
}
}
if (segments.length === 1) {
return undefined
if (targetAggregate && entityName) {
return AggregateBoundaryViolation.create(
currentAggregate,
targetAggregate,
entityName,
importPath,
filePath,
lineNumber,
)
}
return undefined
}
/**
* Extracts the entity name from an import path
*/
private extractEntityName(importPath: string): string | undefined {
const normalizedPath = importPath.replace(IMPORT_PATTERNS.QUOTE, "")
const segments = normalizedPath.split("/")
const lastSegment = segments[segments.length - 1]
if (lastSegment) {
return lastSegment.replace(/\.(ts|js)$/, "")
}
return undefined
}
/**
* Extracts import paths from a line of code
*
* Handles various import statement formats:
* - import { X } from 'path'
* - import X from 'path'
* - import * as X from 'path'
* - const X = require('path')
*
* @param line - A line of code to analyze
* @returns Array of import paths found in the line
*/
private extractImports(line: string): string[] {
const imports: string[] = []
let match = IMPORT_PATTERNS.ES_IMPORT.exec(line)
while (match) {
imports.push(match[1])
match = IMPORT_PATTERNS.ES_IMPORT.exec(line)
}
match = IMPORT_PATTERNS.REQUIRE.exec(line)
while (match) {
imports.push(match[1])
match = IMPORT_PATTERNS.REQUIRE.exec(line)
}
return imports
}
}

318
packages/guardian/src/infrastructure/analyzers/AnemicModelDetector.ts Normal file
View File

@@ -0,0 +1,318 @@
import { IAnemicModelDetector } from "../../domain/services/IAnemicModelDetector"
import { AnemicModelViolation } from "../../domain/value-objects/AnemicModelViolation"
import { CLASS_KEYWORDS } from "../../shared/constants"
import { ANALYZER_DEFAULTS, ANEMIC_MODEL_FLAGS, LAYERS } from "../../shared/constants/rules"
/**
* Detects anemic domain model violations
*
* This detector identifies entities that lack business logic and contain
* only getters/setters. Anemic models violate Domain-Driven Design principles.
*
* @example
* ```typescript
* const detector = new AnemicModelDetector()
*
* // Detect anemic models in entity file
* const code = `
* class Order {
* getStatus() { return this.status }
* setStatus(status: string) { this.status = status }
* getTotal() { return this.total }
* setTotal(total: number) { this.total = total }
* }
* `
* const violations = detector.detectAnemicModels(
* code,
* 'src/domain/entities/Order.ts',
* 'domain'
* )
*
* // violations will contain anemic model violation
* console.log(violations.length) // 1
* console.log(violations[0].className) // 'Order'
* ```
*/
export class AnemicModelDetector implements IAnemicModelDetector {
private readonly entityPatterns = [/\/entities\//, /\/aggregates\//]
private readonly excludePatterns = [
/\.test\.ts$/,
/\.spec\.ts$/,
/Dto\.ts$/,
/Request\.ts$/,
/Response\.ts$/,
/Mapper\.ts$/,
]
/**
* Detects anemic model violations in the given code
*/
public detectAnemicModels(
code: string,
filePath: string,
layer: string | undefined,
): AnemicModelViolation[] {
if (!this.shouldAnalyze(filePath, layer)) {
return []
}
const violations: AnemicModelViolation[] = []
const classes = this.extractClasses(code)
for (const classInfo of classes) {
const violation = this.analyzeClass(classInfo, filePath, layer || LAYERS.DOMAIN)
if (violation) {
violations.push(violation)
}
}
return violations
}
/**
* Checks if file should be analyzed
*/
private shouldAnalyze(filePath: string, layer: string | undefined): boolean {
if (layer !== LAYERS.DOMAIN) {
return false
}
if (this.excludePatterns.some((pattern) => pattern.test(filePath))) {
return false
}
return this.entityPatterns.some((pattern) => pattern.test(filePath))
}
/**
* Extracts class information from code
*/
private extractClasses(code: string): ClassInfo[] {
const classes: ClassInfo[] = []
const lines = code.split("\n")
let currentClass: { name: string; startLine: number; startIndex: number } | null = null
let braceCount = 0
let classBody = ""
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
if (!currentClass) {
const classRegex = /^\s*(?:export\s+)?(?:abstract\s+)?class\s+(\w+)/
const classMatch = classRegex.exec(line)
if (classMatch) {
currentClass = {
name: classMatch[1],
startLine: i + 1,
startIndex: lines.slice(0, i).join("\n").length,
}
braceCount = 0
classBody = ""
}
}
if (currentClass) {
for (const char of line) {
if (char === "{") {
braceCount++
} else if (char === "}") {
braceCount--
}
}
if (braceCount > 0) {
classBody = `${classBody}${line}\n`
} else if (braceCount === 0 && classBody.length > 0) {
const properties = this.extractProperties(classBody)
const methods = this.extractMethods(classBody)
classes.push({
className: currentClass.name,
lineNumber: currentClass.startLine,
properties,
methods,
})
currentClass = null
classBody = ""
}
}
}
return classes
}
/**
* Extracts properties from class body
*/
private extractProperties(classBody: string): PropertyInfo[] {
const properties: PropertyInfo[] = []
const propertyRegex = /(?:private|protected|public|readonly)*\s*(\w+)(?:\?)?:\s*\w+/g
let match
while ((match = propertyRegex.exec(classBody)) !== null) {
const propertyName = match[1]
if (!this.isMethodSignature(match[0])) {
properties.push({ name: propertyName })
}
}
return properties
}
/**
* Extracts methods from class body
*/
private extractMethods(classBody: string): MethodInfo[] {
const methods: MethodInfo[] = []
const methodRegex =
/(public|private|protected)?\s*(get|set)?\s+(\w+)\s*\([^)]*\)(?:\s*:\s*\w+)?/g
let match
while ((match = methodRegex.exec(classBody)) !== null) {
const visibility = match[1] || CLASS_KEYWORDS.PUBLIC
const accessor = match[2]
const methodName = match[3]
if (methodName === CLASS_KEYWORDS.CONSTRUCTOR) {
continue
}
const isGetter = accessor === "get" || this.isGetterMethod(methodName)
const isSetter = accessor === "set" || this.isSetterMethod(methodName, classBody)
const isPublic = visibility === CLASS_KEYWORDS.PUBLIC || !visibility
methods.push({
name: methodName,
isGetter,
isSetter,
isPublic,
isBusinessLogic: !isGetter && !isSetter,
})
}
return methods
}
/**
* Analyzes class for anemic model violations
*/
private analyzeClass(
classInfo: ClassInfo,
filePath: string,
layer: string,
): AnemicModelViolation | null {
const { className, lineNumber, properties, methods } = classInfo
if (properties.length === 0 && methods.length === 0) {
return null
}
const businessMethods = methods.filter((m) => m.isBusinessLogic)
const hasOnlyGettersSetters = businessMethods.length === 0 && methods.length > 0
const hasPublicSetters = methods.some((m) => m.isSetter && m.isPublic)
const methodCount = methods.length
const propertyCount = properties.length
if (hasPublicSetters) {
return AnemicModelViolation.create(
className,
filePath,
layer,
lineNumber,
methodCount,
propertyCount,
ANEMIC_MODEL_FLAGS.HAS_ONLY_GETTERS_SETTERS_FALSE,
ANEMIC_MODEL_FLAGS.HAS_PUBLIC_SETTERS_TRUE,
)
}
if (hasOnlyGettersSetters && methodCount >= 2 && propertyCount > 0) {
return AnemicModelViolation.create(
className,
filePath,
layer,
lineNumber,
methodCount,
propertyCount,
ANEMIC_MODEL_FLAGS.HAS_ONLY_GETTERS_SETTERS_TRUE,
ANEMIC_MODEL_FLAGS.HAS_PUBLIC_SETTERS_FALSE,
)
}
const methodToPropertyRatio = methodCount / Math.max(propertyCount, 1)
if (
propertyCount > 0 &&
businessMethods.length < 2 &&
methodToPropertyRatio < 1.0 &&
methodCount > 0
) {
return AnemicModelViolation.create(
className,
filePath,
layer,
lineNumber,
methodCount,
propertyCount,
ANALYZER_DEFAULTS.HAS_ONLY_GETTERS_SETTERS,
ANALYZER_DEFAULTS.HAS_PUBLIC_SETTERS,
)
}
return null
}
/**
* Checks if method name is a getter pattern
*/
private isGetterMethod(methodName: string): boolean {
return (
methodName.startsWith("get") ||
methodName.startsWith("is") ||
methodName.startsWith("has")
)
}
/**
* Checks if method is a setter pattern
*/
private isSetterMethod(methodName: string, _classBody: string): boolean {
return methodName.startsWith("set")
}
/**
* Checks if property declaration is actually a method signature
*/
private isMethodSignature(propertyDeclaration: string): boolean {
return propertyDeclaration.includes("(") && propertyDeclaration.includes(")")
}
/**
* Gets line number for a position in code
*/
private getLineNumber(code: string, position: number): number {
const lines = code.substring(0, position).split("\n")
return lines.length
}
}
interface ClassInfo {
className: string
lineNumber: number
properties: PropertyInfo[]
methods: MethodInfo[]
}
interface PropertyInfo {
name: string
}
interface MethodInfo {
name: string
isGetter: boolean
isSetter: boolean
isPublic: boolean
isBusinessLogic: boolean
}

104
packages/guardian/src/infrastructure/analyzers/AstTreeTraverser.ts Normal file
View File

@@ -0,0 +1,104 @@
import Parser from "tree-sitter"
import { HardcodedValue } from "../../domain/value-objects/HardcodedValue"
import { AstBooleanAnalyzer } from "../strategies/AstBooleanAnalyzer"
import { AstConfigObjectAnalyzer } from "../strategies/AstConfigObjectAnalyzer"
import { AstNumberAnalyzer } from "../strategies/AstNumberAnalyzer"
import { AstStringAnalyzer } from "../strategies/AstStringAnalyzer"
/**
* AST tree traverser for detecting hardcoded values
*
* Walks through the Abstract Syntax Tree and uses analyzers
* to detect hardcoded numbers, strings, booleans, and configuration objects.
* Also tracks value usage to identify "almost constants" - values used 2+ times.
*/
export class AstTreeTraverser {
constructor(
private readonly numberAnalyzer: AstNumberAnalyzer,
private readonly stringAnalyzer: AstStringAnalyzer,
private readonly booleanAnalyzer: AstBooleanAnalyzer,
private readonly configObjectAnalyzer: AstConfigObjectAnalyzer,
) {}
/**
* Traverses the AST tree and collects hardcoded values
*/
public traverse(tree: Parser.Tree, sourceCode: string): HardcodedValue[] {
const results: HardcodedValue[] = []
const lines = sourceCode.split("\n")
const cursor = tree.walk()
this.visit(cursor, lines, results)
this.markAlmostConstants(results)
return results
}
/**
* Marks values that appear multiple times in the same file
*/
private markAlmostConstants(results: HardcodedValue[]): void {
const valueUsage = new Map<string, number>()
for (const result of results) {
const key = `${result.type}:${String(result.value)}`
valueUsage.set(key, (valueUsage.get(key) || 0) + 1)
}
for (let i = 0; i < results.length; i++) {
const result = results[i]
const key = `${result.type}:${String(result.value)}`
const count = valueUsage.get(key) || 0
if (count >= 2 && !result.withinFileUsageCount) {
results[i] = HardcodedValue.create(
result.value,
result.type,
result.line,
result.column,
result.context,
result.valueType,
result.duplicateLocations,
count,
)
}
}
}
/**
* Recursively visits AST nodes
*/
private visit(cursor: Parser.TreeCursor, lines: string[], results: HardcodedValue[]): void {
const node = cursor.currentNode
if (node.type === "object") {
const violation = this.configObjectAnalyzer.analyze(node, lines)
if (violation) {
results.push(violation)
}
} else if (node.type === "number") {
const violation = this.numberAnalyzer.analyze(node, lines)
if (violation) {
results.push(violation)
}
} else if (node.type === "string") {
const violation = this.stringAnalyzer.analyze(node, lines)
if (violation) {
results.push(violation)
}
} else if (node.type === "true" || node.type === "false") {
const violation = this.booleanAnalyzer.analyze(node, lines)
if (violation) {
results.push(violation)
}
}
if (cursor.gotoFirstChild()) {
do {
this.visit(cursor, lines, results)
} while (cursor.gotoNextSibling())
cursor.gotoParent()
}
}
}

122
packages/guardian/src/infrastructure/analyzers/DuplicateValueTracker.ts Normal file
View File

@@ -0,0 +1,122 @@
import { HardcodedValue } from "../../domain/value-objects/HardcodedValue"
import type {
DuplicateInfo,
IDuplicateValueTracker,
ValueLocation,
} from "../../domain/services/IDuplicateValueTracker"
/**
* Tracks duplicate hardcoded values across files
*
* Helps identify values that are used in multiple places
* and should be extracted to a shared constant.
*/
export class DuplicateValueTracker implements IDuplicateValueTracker {
private readonly valueMap = new Map<string, ValueLocation[]>()
/**
* Adds a hardcoded value to tracking
*/
public track(violation: HardcodedValue, filePath: string): void {
const key = this.createKey(violation.value, violation.type)
const location: ValueLocation = {
file: filePath,
line: violation.line,
context: violation.context,
}
const locations = this.valueMap.get(key)
if (!locations) {
this.valueMap.set(key, [location])
} else {
locations.push(location)
}
}
/**
* Gets all duplicate values (values used in 2+ places)
*/
public getDuplicates(): DuplicateInfo[] {
const duplicates: DuplicateInfo[] = []
for (const [key, locations] of this.valueMap.entries()) {
if (locations.length >= 2) {
const { value } = this.parseKey(key)
duplicates.push({
value,
locations,
count: locations.length,
})
}
}
return duplicates.sort((a, b) => b.count - a.count)
}
/**
* Gets duplicate locations for a specific value
*/
public getDuplicateLocations(
value: string | number | boolean,
type: string,
): ValueLocation[] | null {
const key = this.createKey(value, type)
const locations = this.valueMap.get(key)
if (!locations || locations.length < 2) {
return null
}
return locations
}
/**
* Checks if a value is duplicated
*/
public isDuplicate(value: string | number | boolean, type: string): boolean {
const key = this.createKey(value, type)
const locations = this.valueMap.get(key)
return locations ? locations.length >= 2 : false
}
/**
* Creates a unique key for a value
*/
private createKey(value: string | number | boolean, type: string): string {
return `${type}:${String(value)}`
}
/**
* Parses a key back to value and type
*/
private parseKey(key: string): { value: string; type: string } {
const [type, ...valueParts] = key.split(":")
return { value: valueParts.join(":"), type }
}
/**
* Gets statistics about duplicates
*/
public getStats(): {
totalValues: number
duplicateValues: number
duplicatePercentage: number
} {
const totalValues = this.valueMap.size
const duplicateValues = this.getDuplicates().length
const duplicatePercentage = totalValues > 0 ? (duplicateValues / totalValues) * 100 : 0
return {
totalValues,
duplicateValues,
duplicatePercentage,
}
}
/**
* Clears all tracked values
*/
public clear(): void {
this.valueMap.clear()
}
}

469
packages/guardian/src/infrastructure/analyzers/HardcodeDetector.ts
View File

@@ -1,14 +1,28 @@
import Parser from "tree-sitter"
import { IHardcodeDetector } from "../../domain/services/IHardcodeDetector"
import { HardcodedValue } from "../../domain/value-objects/HardcodedValue"
import { ALLOWED_NUMBERS, CODE_PATTERNS, DETECTION_KEYWORDS } from "../constants/defaults"
import { HARDCODE_TYPES } from "../../shared/constants"
import { CodeParser } from "../parsers/CodeParser"
import { AstBooleanAnalyzer } from "../strategies/AstBooleanAnalyzer"
import { AstConfigObjectAnalyzer } from "../strategies/AstConfigObjectAnalyzer"
import { AstContextChecker } from "../strategies/AstContextChecker"
import { AstNumberAnalyzer } from "../strategies/AstNumberAnalyzer"
import { AstStringAnalyzer } from "../strategies/AstStringAnalyzer"
import { ConstantsFileChecker } from "../strategies/ConstantsFileChecker"
import { AstTreeTraverser } from "./AstTreeTraverser"
/**
* Detects hardcoded values (magic numbers and strings) in TypeScript/JavaScript code
*
* This detector identifies configuration values, URLs, timeouts, ports, and other
* constants that should be extracted to configuration files. It uses pattern matching
* and context analysis to reduce false positives.
* This detector uses Abstract Syntax Tree (AST) analysis via tree-sitter to identify
* configuration values, URLs, timeouts, ports, and other constants that should be
* extracted to configuration files. AST-based detection provides more accurate context
* understanding and reduces false positives compared to regex-based approaches.
*
* The detector uses a modular architecture with specialized components:
* - AstContextChecker: Checks if nodes are in specific contexts (exports, types, etc.)
* - AstNumberAnalyzer: Analyzes number literals to detect magic numbers
* - AstStringAnalyzer: Analyzes string literals to detect magic strings
* - AstTreeTraverser: Traverses the AST and coordinates analyzers
*
* @example
* ```typescript
@@ -22,22 +36,27 @@ import { HARDCODE_TYPES } from "../../shared/constants"
* ```
*/
export class HardcodeDetector implements IHardcodeDetector {
private readonly ALLOWED_NUMBERS = ALLOWED_NUMBERS
private readonly constantsChecker: ConstantsFileChecker
private readonly parser: CodeParser
private readonly traverser: AstTreeTraverser
private readonly ALLOWED_STRING_PATTERNS = [/^[a-z]$/i, /^\/$/, /^\\$/, /^\s+$/, /^,$/, /^\.$/]
constructor() {
this.constantsChecker = new ConstantsFileChecker()
this.parser = new CodeParser()
/**
* Patterns to detect TypeScript type contexts where strings should be ignored
*/
private readonly TYPE_CONTEXT_PATTERNS = [
/^\s*type\s+\w+\s*=/i, // type Foo = ...
/^\s*interface\s+\w+/i, // interface Foo { ... }
/^\s*\w+\s*:\s*['"`]/, // property: 'value' (in type or interface)
/\s+as\s+['"`]/, // ... as 'type'
/Record<.*,\s*import\(/, // Record with import type
/typeof\s+\w+\s*===\s*['"`]/, // typeof x === 'string'
/['"`]\s*===\s*typeof\s+\w+/, // 'string' === typeof x
]
const contextChecker = new AstContextChecker()
const numberAnalyzer = new AstNumberAnalyzer(contextChecker)
const stringAnalyzer = new AstStringAnalyzer(contextChecker)
const booleanAnalyzer = new AstBooleanAnalyzer(contextChecker)
const configObjectAnalyzer = new AstConfigObjectAnalyzer(contextChecker)
this.traverser = new AstTreeTraverser(
numberAnalyzer,
stringAnalyzer,
booleanAnalyzer,
configObjectAnalyzer,
)
}
/**
* Detects all hardcoded values (both numbers and strings) in the given code
@@ -47,413 +66,57 @@ export class HardcodeDetector implements IHardcodeDetector {
* @returns Array of detected hardcoded values with suggestions
*/
public detectAll(code: string, filePath: string): HardcodedValue[] {
if (this.isConstantsFile(filePath)) {
if (this.constantsChecker.isConstantsFile(filePath)) {
return []
}
const magicNumbers = this.detectMagicNumbers(code, filePath)
const magicStrings = this.detectMagicStrings(code, filePath)
return [...magicNumbers, ...magicStrings]
const tree = this.parseCode(code, filePath)
return this.traverser.traverse(tree, code)
}
/**
* Check if a file is a constants definition file or DI tokens file
*/
private isConstantsFile(filePath: string): boolean {
const _fileName = filePath.split("/").pop() ?? ""
const constantsPatterns = [
/^constants?\.(ts|js)$/i,
/constants?\/.*\.(ts|js)$/i,
/\/(constants|config|settings|defaults|tokens)\.ts$/i,
/\/di\/tokens\.(ts|js)$/i,
]
return constantsPatterns.some((pattern) => pattern.test(filePath))
}
/**
* Check if a line is inside an exported constant definition
*/
private isInExportedConstant(lines: string[], lineIndex: number): boolean {
const currentLineTrimmed = lines[lineIndex].trim()
if (this.isSingleLineExportConst(currentLineTrimmed)) {
return true
}
const exportConstStart = this.findExportConstStart(lines, lineIndex)
if (exportConstStart === -1) {
return false
}
const { braces, brackets } = this.countUnclosedBraces(lines, exportConstStart, lineIndex)
return braces > 0 || brackets > 0
}
/**
* Check if a line is a single-line export const declaration
*/
private isSingleLineExportConst(line: string): boolean {
if (!line.startsWith(CODE_PATTERNS.EXPORT_CONST)) {
return false
}
const hasObjectOrArray =
line.includes(CODE_PATTERNS.OBJECT_START) || line.includes(CODE_PATTERNS.ARRAY_START)
if (hasObjectOrArray) {
const hasAsConstEnding =
line.includes(CODE_PATTERNS.AS_CONST_OBJECT) ||
line.includes(CODE_PATTERNS.AS_CONST_ARRAY) ||
line.includes(CODE_PATTERNS.AS_CONST_END_SEMICOLON_OBJECT) ||
line.includes(CODE_PATTERNS.AS_CONST_END_SEMICOLON_ARRAY)
return hasAsConstEnding
}
return line.includes(CODE_PATTERNS.AS_CONST)
}
/**
* Find the starting line of an export const declaration
*/
private findExportConstStart(lines: string[], lineIndex: number): number {
for (let currentLine = lineIndex; currentLine >= 0; currentLine--) {
const trimmed = lines[currentLine].trim()
const isExportConst =
trimmed.startsWith(CODE_PATTERNS.EXPORT_CONST) &&
(trimmed.includes(CODE_PATTERNS.OBJECT_START) ||
trimmed.includes(CODE_PATTERNS.ARRAY_START))
if (isExportConst) {
return currentLine
}
const isTopLevelStatement =
currentLine < lineIndex &&
(trimmed.startsWith(CODE_PATTERNS.EXPORT) ||
trimmed.startsWith(CODE_PATTERNS.IMPORT))
if (isTopLevelStatement) {
break
}
}
return -1
}
/**
* Count unclosed braces and brackets between two line indices
*/
private countUnclosedBraces(
lines: string[],
startLine: number,
endLine: number,
): { braces: number; brackets: number } {
let braces = 0
let brackets = 0
for (let i = startLine; i <= endLine; i++) {
const line = lines[i]
let inString = false
let stringChar = ""
for (let j = 0; j < line.length; j++) {
const char = line[j]
const prevChar = j > 0 ? line[j - 1] : ""
if ((char === "'" || char === '"' || char === "`") && prevChar !== "\\") {
if (!inString) {
inString = true
stringChar = char
} else if (char === stringChar) {
inString = false
stringChar = ""
}
}
if (!inString) {
if (char === "{") {
braces++
} else if (char === "}") {
braces--
} else if (char === "[") {
brackets++
} else if (char === "]") {
brackets--
}
}
}
}
return { braces, brackets }
}
/**
* Detects magic numbers in code (timeouts, ports, limits, retries, etc.)
*
* Skips allowed numbers (-1, 0, 1, 2, 10, 100, 1000) and values in exported constants
* Detects magic numbers in code
*
* @param code - Source code to analyze
* @param _filePath - File path (currently unused, reserved for future use)
* @param filePath - File path (used for constants file check)
* @returns Array of detected magic numbers
*/
public detectMagicNumbers(code: string, _filePath: string): HardcodedValue[] {
const results: HardcodedValue[] = []
const lines = code.split("\n")
public detectMagicNumbers(code: string, filePath: string): HardcodedValue[] {
if (this.constantsChecker.isConstantsFile(filePath)) {
return []
}
const numberPatterns = [
/(?:setTimeout|setInterval)\s*\(\s*[^,]+,\s*(\d+)/g,
/(?:maxRetries|retries|attempts)\s*[=:]\s*(\d+)/gi,
/(?:limit|max|min)\s*[=:]\s*(\d+)/gi,
/(?:port|PORT)\s*[=:]\s*(\d+)/g,
/(?:delay|timeout|TIMEOUT)\s*[=:]\s*(\d+)/gi,
]
lines.forEach((line, lineIndex) => {
if (line.trim().startsWith("//") || line.trim().startsWith("*")) {
return
}
// Skip lines inside exported constants
if (this.isInExportedConstant(lines, lineIndex)) {
return
}
numberPatterns.forEach((pattern) => {
let match
const regex = new RegExp(pattern)
while ((match = regex.exec(line)) !== null) {
const value = parseInt(match[1], 10)
if (!this.ALLOWED_NUMBERS.has(value)) {
results.push(
HardcodedValue.create(
value,
HARDCODE_TYPES.MAGIC_NUMBER,
lineIndex + 1,
match.index,
line.trim(),
),
)
}
}
})
const genericNumberRegex = /\b(\d{3,})\b/g
let match
while ((match = genericNumberRegex.exec(line)) !== null) {
const value = parseInt(match[1], 10)
if (
!this.ALLOWED_NUMBERS.has(value) &&
!this.isInComment(line, match.index) &&
!this.isInString(line, match.index)
) {
const context = this.extractContext(line, match.index)
if (this.looksLikeMagicNumber(context)) {
results.push(
HardcodedValue.create(
value,
HARDCODE_TYPES.MAGIC_NUMBER,
lineIndex + 1,
match.index,
line.trim(),
),
)
}
}
}
})
return results
const tree = this.parseCode(code, filePath)
const allViolations = this.traverser.traverse(tree, code)
return allViolations.filter((v) => v.isMagicNumber())
}
/**
* Detects magic strings in code (URLs, connection strings, error messages, etc.)
*
* Skips short strings (≤3 chars), console logs, test descriptions, imports,
* and values in exported constants
* Detects magic strings in code
*
* @param code - Source code to analyze
* @param _filePath - File path (currently unused, reserved for future use)
* @param filePath - File path (used for constants file check)
* @returns Array of detected magic strings
*/
public detectMagicStrings(code: string, _filePath: string): HardcodedValue[] {
const results: HardcodedValue[] = []
const lines = code.split("\n")
const stringRegex = /(['"`])(?:(?!\1).)+\1/g
lines.forEach((line, lineIndex) => {
if (
line.trim().startsWith("//") ||
line.trim().startsWith("*") ||
line.includes("import ") ||
line.includes("from ")
) {
return
}
// Skip lines inside exported constants
if (this.isInExportedConstant(lines, lineIndex)) {
return
}
let match
const regex = new RegExp(stringRegex)
while ((match = regex.exec(line)) !== null) {
const fullMatch = match[0]
const value = fullMatch.slice(1, -1)
// Skip template literals (backtick strings with ${} interpolation)
if (fullMatch.startsWith("`") || value.includes("${")) {
continue
}
if (!this.isAllowedString(value) && this.looksLikeMagicString(line, value)) {
results.push(
HardcodedValue.create(
value,
HARDCODE_TYPES.MAGIC_STRING,
lineIndex + 1,
match.index,
line.trim(),
),
)
}
}
})
return results
}
private isAllowedString(str: string): boolean {
if (str.length <= 1) {
return true
public detectMagicStrings(code: string, filePath: string): HardcodedValue[] {
if (this.constantsChecker.isConstantsFile(filePath)) {
return []
}
return this.ALLOWED_STRING_PATTERNS.some((pattern) => pattern.test(str))
}
private looksLikeMagicString(line: string, value: string): boolean {
const lowerLine = line.toLowerCase()
if (
lowerLine.includes(DETECTION_KEYWORDS.TEST) ||
lowerLine.includes(DETECTION_KEYWORDS.DESCRIBE)
) {
return false
}
if (
lowerLine.includes(DETECTION_KEYWORDS.CONSOLE_LOG) ||
lowerLine.includes(DETECTION_KEYWORDS.CONSOLE_ERROR)
) {
return false
}
if (this.isInTypeContext(line)) {
return false
}
if (this.isInSymbolCall(line, value)) {
return false
}
if (this.isInImportCall(line, value)) {
return false
}
if (value.includes(DETECTION_KEYWORDS.HTTP) || value.includes(DETECTION_KEYWORDS.API)) {
return true
}
if (/^\d{2,}$/.test(value)) {
return false
}
return value.length > 3
}
private looksLikeMagicNumber(context: string): boolean {
const lowerContext = context.toLowerCase()
const configKeywords = [
DETECTION_KEYWORDS.TIMEOUT,
DETECTION_KEYWORDS.DELAY,
DETECTION_KEYWORDS.RETRY,
DETECTION_KEYWORDS.LIMIT,
DETECTION_KEYWORDS.MAX,
DETECTION_KEYWORDS.MIN,
DETECTION_KEYWORDS.PORT,
DETECTION_KEYWORDS.INTERVAL,
]
return configKeywords.some((keyword) => lowerContext.includes(keyword))
}
private isInComment(line: string, index: number): boolean {
const beforeIndex = line.substring(0, index)
return beforeIndex.includes("//") || beforeIndex.includes("/*")
}
private isInString(line: string, index: number): boolean {
const beforeIndex = line.substring(0, index)
const singleQuotes = (beforeIndex.match(/'/g) ?? []).length
const doubleQuotes = (beforeIndex.match(/"/g) ?? []).length
const backticks = (beforeIndex.match(/`/g) ?? []).length
return singleQuotes % 2 !== 0 || doubleQuotes % 2 !== 0 || backticks % 2 !== 0
}
private extractContext(line: string, index: number): string {
const start = Math.max(0, index - 30)
const end = Math.min(line.length, index + 30)
return line.substring(start, end)
const tree = this.parseCode(code, filePath)
const allViolations = this.traverser.traverse(tree, code)
return allViolations.filter((v) => v.isMagicString())
}
/**
* Check if a line is in a TypeScript type definition context
* Examples:
* - type Foo = 'a' | 'b'
* - interface Bar { prop: 'value' }
* - Record<X, import('path')>
* - ... as 'type'
* Parses code based on file extension
*/
private isInTypeContext(line: string): boolean {
const trimmedLine = line.trim()
if (this.TYPE_CONTEXT_PATTERNS.some((pattern) => pattern.test(trimmedLine))) {
return true
private parseCode(code: string, filePath: string): Parser.Tree {
if (filePath.endsWith(".tsx")) {
return this.parser.parseTsx(code)
} else if (filePath.endsWith(".ts")) {
return this.parser.parseTypeScript(code)
}
if (trimmedLine.includes("|") && /['"`][^'"`]+['"`]\s*\|/.test(trimmedLine)) {
return true
}
return false
}
/**
* Check if a string is inside a Symbol() call
* Example: Symbol('TOKEN_NAME')
*/
private isInSymbolCall(line: string, stringValue: string): boolean {
const symbolPattern = new RegExp(
`Symbol\\s*\\(\\s*['"\`]${stringValue.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}['"\`]\\s*\\)`,
)
return symbolPattern.test(line)
}
/**
* Check if a string is inside an import() call
* Example: import('../../path/to/module.js')
*/
private isInImportCall(line: string, stringValue: string): boolean {
const importPattern = /import\s*\(\s*['"`][^'"`]+['"`]\s*\)/
return importPattern.test(line) && line.includes(stringValue)
return this.parser.parseJavaScript(code)
}
}

431
packages/guardian/src/infrastructure/analyzers/RepositoryPatternDetector.ts
View File

@@ -1,9 +1,9 @@
import { IRepositoryPatternDetector } from "../../domain/services/RepositoryPatternDetectorService"
import { RepositoryViolation } from "../../domain/value-objects/RepositoryViolation"
import { LAYERS, REPOSITORY_VIOLATION_TYPES } from "../../shared/constants/rules"
import { ORM_QUERY_METHODS } from "../constants/orm-methods"
import { REPOSITORY_PATTERN_MESSAGES } from "../../domain/constants/Messages"
import { REPOSITORY_METHOD_SUGGESTIONS } from "../constants/detectorPatterns"
import { OrmTypeMatcher } from "../strategies/OrmTypeMatcher"
import { MethodNameValidator } from "../strategies/MethodNameValidator"
import { RepositoryFileAnalyzer } from "../strategies/RepositoryFileAnalyzer"
import { RepositoryViolationDetector } from "../strategies/RepositoryViolationDetector"
/**
* Detects Repository Pattern violations in the codebase
@@ -36,84 +36,20 @@ import { REPOSITORY_METHOD_SUGGESTIONS } from "../constants/detectorPatterns"
* ```
*/
export class RepositoryPatternDetector implements IRepositoryPatternDetector {
private readonly ormTypePatterns = [
/Prisma\./,
/PrismaClient/,
/TypeORM/,
/@Entity/,
/@Column/,
/@PrimaryColumn/,
/@PrimaryGeneratedColumn/,
/@ManyToOne/,
/@OneToMany/,
/@ManyToMany/,
/@JoinColumn/,
/@JoinTable/,
/Mongoose\./,
/Schema/,
/Model</,
/Document/,
/Sequelize\./,
/DataTypes\./,
/FindOptions/,
/WhereOptions/,
/IncludeOptions/,
/QueryInterface/,
/MikroORM/,
/EntityManager/,
/EntityRepository/,
/Collection</,
]
private readonly ormMatcher: OrmTypeMatcher
private readonly methodValidator: MethodNameValidator
private readonly fileAnalyzer: RepositoryFileAnalyzer
private readonly violationDetector: RepositoryViolationDetector
private readonly technicalMethodNames = ORM_QUERY_METHODS
private readonly domainMethodPatterns = [
/^findBy[A-Z]/,
/^findAll$/,
/^find[A-Z]/,
/^save$/,
/^saveAll$/,
/^create$/,
/^update$/,
/^delete$/,
/^deleteBy[A-Z]/,
/^deleteAll$/,
/^remove$/,
/^removeBy[A-Z]/,
/^removeAll$/,
/^add$/,
/^add[A-Z]/,
/^get[A-Z]/,
/^getAll$/,
/^search/,
/^list/,
/^has[A-Z]/,
/^is[A-Z]/,
/^exists$/,
/^exists[A-Z]/,
/^existsBy[A-Z]/,
/^clear[A-Z]/,
/^clearAll$/,
/^store[A-Z]/,
/^initialize$/,
/^initializeCollection$/,
/^close$/,
/^connect$/,
/^disconnect$/,
/^count$/,
/^countBy[A-Z]/,
]
private readonly concreteRepositoryPatterns = [
/PrismaUserRepository/,
/MongoUserRepository/,
/TypeOrmUserRepository/,
/SequelizeUserRepository/,
/InMemoryUserRepository/,
/PostgresUserRepository/,
/MySqlUserRepository/,
/Repository(?!Interface)/,
]
constructor() {
this.ormMatcher = new OrmTypeMatcher()
this.methodValidator = new MethodNameValidator(this.ormMatcher)
this.fileAnalyzer = new RepositoryFileAnalyzer()
this.violationDetector = new RepositoryViolationDetector(
this.ormMatcher,
this.methodValidator,
)
}
/**
* Detects all Repository Pattern violations in the given code
@@ -125,14 +61,16 @@ export class RepositoryPatternDetector implements IRepositoryPatternDetector {
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
if (this.isRepositoryInterface(filePath, layer)) {
violations.push(...this.detectOrmTypesInInterface(code, filePath, layer))
violations.push(...this.detectNonDomainMethodNames(code, filePath, layer))
if (this.fileAnalyzer.isRepositoryInterface(filePath, layer)) {
violations.push(...this.violationDetector.detectOrmTypes(code, filePath, layer))
violations.push(...this.violationDetector.detectNonDomainMethods(code, filePath, layer))
}
if (this.isUseCase(filePath, layer)) {
violations.push(...this.detectConcreteRepositoryUsage(code, filePath, layer))
violations.push(...this.detectNewRepositoryInstantiation(code, filePath, layer))
if (this.fileAnalyzer.isUseCase(filePath, layer)) {
violations.push(
...this.violationDetector.detectConcreteRepositoryUsage(code, filePath, layer),
)
violations.push(...this.violationDetector.detectNewInstantiation(code, filePath, layer))
}
return violations
@@ -142,338 +80,27 @@ export class RepositoryPatternDetector implements IRepositoryPatternDetector {
* Checks if a type is an ORM-specific type
*/
public isOrmType(typeName: string): boolean {
return this.ormTypePatterns.some((pattern) => pattern.test(typeName))
return this.ormMatcher.isOrmType(typeName)
}
/**
* Checks if a method name follows domain language conventions
*/
public isDomainMethodName(methodName: string): boolean {
if ((this.technicalMethodNames as readonly string[]).includes(methodName)) {
return false
}
return this.domainMethodPatterns.some((pattern) => pattern.test(methodName))
return this.methodValidator.isDomainMethodName(methodName)
}
/**
* Checks if a file is a repository interface
*/
public isRepositoryInterface(filePath: string, layer: string | undefined): boolean {
if (layer !== LAYERS.DOMAIN) {
return false
}
return /I[A-Z]\w*Repository\.ts$/.test(filePath) && /repositories?\//.test(filePath)
return this.fileAnalyzer.isRepositoryInterface(filePath, layer)
}
/**
* Checks if a file is a use case
*/
public isUseCase(filePath: string, layer: string | undefined): boolean {
if (layer !== LAYERS.APPLICATION) {
return false
}
return /use-cases?\//.test(filePath) && /[A-Z][a-z]+[A-Z]\w*\.ts$/.test(filePath)
}
/**
* Detects ORM-specific types in repository interfaces
*/
private detectOrmTypesInInterface(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const methodMatch =
/(\w+)\s*\([^)]*:\s*([^)]+)\)\s*:\s*.*?(?:Promise<([^>]+)>|([A-Z]\w+))/.exec(line)
if (methodMatch) {
const params = methodMatch[2]
const returnType = methodMatch[3] || methodMatch[4]
if (this.isOrmType(params)) {
const ormType = this.extractOrmType(params)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Method parameter uses ORM type: ${ormType}`,
ormType,
),
)
}
if (returnType && this.isOrmType(returnType)) {
const ormType = this.extractOrmType(returnType)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Method return type uses ORM type: ${ormType}`,
ormType,
),
)
}
}
for (const pattern of this.ormTypePatterns) {
if (pattern.test(line) && !line.trim().startsWith("//")) {
const ormType = this.extractOrmType(line)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Repository interface contains ORM-specific type: ${ormType}`,
ormType,
),
)
break
}
}
}
return violations
}
/**
* Suggests better domain method names based on the original method name
*/
private suggestDomainMethodName(methodName: string): string {
const lowerName = methodName.toLowerCase()
const suggestions: string[] = []
const suggestionMap: Record<string, string[]> = {
query: [
REPOSITORY_METHOD_SUGGESTIONS.SEARCH,
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
],
select: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
insert: [
REPOSITORY_METHOD_SUGGESTIONS.CREATE,
REPOSITORY_METHOD_SUGGESTIONS.ADD_ENTITY,
REPOSITORY_METHOD_SUGGESTIONS.STORE_ENTITY,
],
update: [
REPOSITORY_METHOD_SUGGESTIONS.UPDATE,
REPOSITORY_METHOD_SUGGESTIONS.MODIFY_ENTITY,
],
upsert: [
REPOSITORY_METHOD_SUGGESTIONS.SAVE,
REPOSITORY_METHOD_SUGGESTIONS.STORE_ENTITY,
],
remove: [
REPOSITORY_METHOD_SUGGESTIONS.DELETE,
REPOSITORY_METHOD_SUGGESTIONS.REMOVE_BY_PROPERTY,
],
fetch: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
retrieve: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
load: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
}
for (const [keyword, keywords] of Object.entries(suggestionMap)) {
if (lowerName.includes(keyword)) {
suggestions.push(...keywords)
}
}
if (lowerName.includes("get") && lowerName.includes("all")) {
suggestions.push(
REPOSITORY_METHOD_SUGGESTIONS.FIND_ALL,
REPOSITORY_METHOD_SUGGESTIONS.LIST_ALL,
)
}
if (suggestions.length === 0) {
return REPOSITORY_METHOD_SUGGESTIONS.DEFAULT_SUGGESTION
}
return `Consider: ${suggestions.slice(0, 3).join(", ")}`
}
/**
* Detects non-domain method names in repository interfaces
*/
private detectNonDomainMethodNames(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const methodMatch = /^\s*(\w+)\s*\(/.exec(line)
if (methodMatch) {
const methodName = methodMatch[1]
if (!this.isDomainMethodName(methodName) && !line.trim().startsWith("//")) {
const suggestion = this.suggestDomainMethodName(methodName)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Method '${methodName}' uses technical name instead of domain language. ${suggestion}`,
undefined,
undefined,
methodName,
),
)
}
}
}
return violations
}
/**
* Detects concrete repository usage in use cases
*/
private detectConcreteRepositoryUsage(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const constructorParamMatch =
/constructor\s*\([^)]*(?:private|public|protected)\s+(?:readonly\s+)?(\w+)\s*:\s*([A-Z]\w*Repository)/.exec(
line,
)
if (constructorParamMatch) {
const repositoryType = constructorParamMatch[2]
if (!repositoryType.startsWith("I")) {
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
filePath,
layer || LAYERS.APPLICATION,
lineNumber,
`Use case depends on concrete repository '${repositoryType}'`,
undefined,
repositoryType,
),
)
}
}
const fieldMatch =
/(?:private|public|protected)\s+(?:readonly\s+)?(\w+)\s*:\s*([A-Z]\w*Repository)/.exec(
line,
)
if (fieldMatch) {
const repositoryType = fieldMatch[2]
if (
!repositoryType.startsWith("I") &&
!line.includes(REPOSITORY_PATTERN_MESSAGES.CONSTRUCTOR)
) {
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
filePath,
layer || LAYERS.APPLICATION,
lineNumber,
`Use case field uses concrete repository '${repositoryType}'`,
undefined,
repositoryType,
),
)
}
}
}
return violations
}
/**
* Detects 'new Repository()' instantiation in use cases
*/
private detectNewRepositoryInstantiation(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const newRepositoryMatch = /new\s+([A-Z]\w*Repository)\s*\(/.exec(line)
if (newRepositoryMatch && !line.trim().startsWith("//")) {
const repositoryName = newRepositoryMatch[1]
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NEW_REPOSITORY_IN_USE_CASE,
filePath,
layer || LAYERS.APPLICATION,
lineNumber,
`Use case creates repository with 'new ${repositoryName}()'`,
undefined,
repositoryName,
),
)
}
}
return violations
}
/**
* Extracts ORM type name from a code line
*/
private extractOrmType(line: string): string {
for (const pattern of this.ormTypePatterns) {
const match = line.match(pattern)
if (match) {
const startIdx = match.index || 0
const typeMatch = /[\w.]+/.exec(line.slice(startIdx))
return typeMatch ? typeMatch[0] : REPOSITORY_PATTERN_MESSAGES.UNKNOWN_TYPE
}
}
return REPOSITORY_PATTERN_MESSAGES.UNKNOWN_TYPE
return this.fileAnalyzer.isUseCase(filePath, layer)
}
}

169
packages/guardian/src/infrastructure/analyzers/SecretDetector.ts Normal file
View File

@@ -0,0 +1,169 @@
import { createEngine } from "@secretlint/node"
import type { SecretLintConfigDescriptor } from "@secretlint/types"
import { ISecretDetector } from "../../domain/services/ISecretDetector"
import { SecretViolation } from "../../domain/value-objects/SecretViolation"
import { SECRET_KEYWORDS, SECRET_TYPE_NAMES } from "../../domain/constants/SecretExamples"
import { EXTERNAL_PACKAGES } from "../../shared/constants/rules"
/**
* Detects hardcoded secrets in TypeScript/JavaScript code
*
* Uses industry-standard Secretlint library to detect 350+ types of secrets
* including AWS keys, GitHub tokens, NPM tokens, SSH keys, API keys, and more.
*
* All detected secrets are marked as CRITICAL severity because they represent
* serious security risks that could lead to unauthorized access or data breaches.
*
* @example
* ```typescript
* const detector = new SecretDetector()
* const code = `const AWS_KEY = "AKIA1234567890ABCDEF"`
* const violations = await detector.detectAll(code, 'config.ts')
* // Returns array of SecretViolation objects with CRITICAL severity
* ```
*/
export class SecretDetector implements ISecretDetector {
private readonly secretlintConfig: SecretLintConfigDescriptor = {
rules: [
{
id: EXTERNAL_PACKAGES.SECRETLINT_PRESET,
},
],
}
/**
* Detects all types of hardcoded secrets in the provided code
*
* @param code - Source code to analyze
* @param filePath - Path to the file being analyzed
* @returns Promise resolving to array of secret violations
*/
public async detectAll(code: string, filePath: string): Promise<SecretViolation[]> {
try {
const engine = await createEngine({
cwd: process.cwd(),
configFileJSON: this.secretlintConfig,
formatter: "stylish",
color: false,
})
const result = await engine.executeOnContent({
content: code,
filePath,
})
return this.parseOutputToViolations(result.output, filePath)
} catch (_error) {
return []
}
}
private parseOutputToViolations(output: string, filePath: string): SecretViolation[] {
const violations: SecretViolation[] = []
if (!output || output.trim() === "") {
return violations
}
const lines = output.split("\n")
for (const line of lines) {
const match = /^\s*(\d+):(\d+)\s+(error|warning)\s+(.+?)\s+(.+)$/.exec(line)
if (match) {
const [, lineNum, column, , message, ruleId] = match
const secretType = this.extractSecretType(message, ruleId)
const violation = SecretViolation.create(
filePath,
parseInt(lineNum, 10),
parseInt(column, 10),
secretType,
message,
)
violations.push(violation)
}
}
return violations
}
private extractSecretType(message: string, ruleId: string): string {
if (ruleId.includes(SECRET_KEYWORDS.AWS)) {
if (message.toLowerCase().includes(SECRET_KEYWORDS.ACCESS_KEY)) {
return SECRET_TYPE_NAMES.AWS_ACCESS_KEY
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.SECRET)) {
return SECRET_TYPE_NAMES.AWS_SECRET_KEY
}
return SECRET_TYPE_NAMES.AWS_CREDENTIAL
}
if (ruleId.includes(SECRET_KEYWORDS.GITHUB)) {
if (message.toLowerCase().includes(SECRET_KEYWORDS.PERSONAL_ACCESS_TOKEN)) {
return SECRET_TYPE_NAMES.GITHUB_PERSONAL_ACCESS_TOKEN
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.OAUTH)) {
return SECRET_TYPE_NAMES.GITHUB_OAUTH_TOKEN
}
return SECRET_TYPE_NAMES.GITHUB_TOKEN
}
if (ruleId.includes(SECRET_KEYWORDS.NPM)) {
return SECRET_TYPE_NAMES.NPM_TOKEN
}
if (ruleId.includes(SECRET_KEYWORDS.GCP) || ruleId.includes(SECRET_KEYWORDS.GOOGLE)) {
return SECRET_TYPE_NAMES.GCP_SERVICE_ACCOUNT_KEY
}
if (ruleId.includes(SECRET_KEYWORDS.PRIVATEKEY) || ruleId.includes(SECRET_KEYWORDS.SSH)) {
if (message.toLowerCase().includes(SECRET_KEYWORDS.RSA)) {
return SECRET_TYPE_NAMES.SSH_RSA_PRIVATE_KEY
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.DSA)) {
return SECRET_TYPE_NAMES.SSH_DSA_PRIVATE_KEY
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.ECDSA)) {
return SECRET_TYPE_NAMES.SSH_ECDSA_PRIVATE_KEY
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.ED25519)) {
return SECRET_TYPE_NAMES.SSH_ED25519_PRIVATE_KEY
}
return SECRET_TYPE_NAMES.SSH_PRIVATE_KEY
}
if (ruleId.includes(SECRET_KEYWORDS.SLACK)) {
if (message.toLowerCase().includes(SECRET_KEYWORDS.BOT)) {
return SECRET_TYPE_NAMES.SLACK_BOT_TOKEN
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.USER)) {
return SECRET_TYPE_NAMES.SLACK_USER_TOKEN
}
return SECRET_TYPE_NAMES.SLACK_TOKEN
}
if (ruleId.includes(SECRET_KEYWORDS.BASICAUTH)) {
return SECRET_TYPE_NAMES.BASIC_AUTH_CREDENTIALS
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.API_KEY)) {
return SECRET_TYPE_NAMES.API_KEY
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.TOKEN)) {
return SECRET_TYPE_NAMES.AUTHENTICATION_TOKEN
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.PASSWORD)) {
return SECRET_TYPE_NAMES.PASSWORD
}
if (message.toLowerCase().includes(SECRET_KEYWORDS.SECRET)) {
return SECRET_TYPE_NAMES.SECRET
}
return SECRET_TYPE_NAMES.SENSITIVE_DATA
}
}

177
packages/guardian/src/infrastructure/strategies/AggregatePathAnalyzer.ts Normal file
View File

@@ -0,0 +1,177 @@
import { DDD_FOLDER_NAMES } from "../constants/detectorPatterns"
import { IMPORT_PATTERNS } from "../constants/paths"
import { FolderRegistry } from "./FolderRegistry"
/**
* Analyzes file paths and imports to extract aggregate information
*
* Handles path normalization, aggregate extraction, and entity name detection
* for aggregate boundary validation.
*/
export class AggregatePathAnalyzer {
constructor(private readonly folderRegistry: FolderRegistry) {}
/**
* Extracts the aggregate name from a file path
*
* Handles patterns like:
* - domain/aggregates/order/Order.ts → 'order'
* - domain/order/Order.ts → 'order'
* - domain/entities/order/Order.ts → 'order'
*/
public extractAggregateFromPath(filePath: string): string | undefined {
const normalizedPath = this.normalizePath(filePath)
const segments = this.getPathSegmentsAfterDomain(normalizedPath)
if (!segments || segments.length < 2) {
return undefined
}
return this.findAggregateInSegments(segments)
}
/**
* Extracts the aggregate name from an import path
*/
public extractAggregateFromImport(importPath: string): string | undefined {
const normalizedPath = importPath.replace(IMPORT_PATTERNS.QUOTE, "").toLowerCase()
const segments = normalizedPath.split("/").filter((seg) => seg !== ".." && seg !== ".")
if (segments.length === 0) {
return undefined
}
return this.findAggregateInImportSegments(segments)
}
/**
* Extracts the entity name from an import path
*/
public extractEntityName(importPath: string): string | undefined {
const normalizedPath = importPath.replace(IMPORT_PATTERNS.QUOTE, "")
const segments = normalizedPath.split("/")
const lastSegment = segments[segments.length - 1]
if (lastSegment) {
return lastSegment.replace(/\.(ts|js)$/, "")
}
return undefined
}
/**
* Normalizes a file path for consistent processing
*/
private normalizePath(filePath: string): string {
return filePath.toLowerCase().replace(/\\/g, "/")
}
/**
* Gets path segments after the 'domain' folder
*/
private getPathSegmentsAfterDomain(normalizedPath: string): string[] | undefined {
const domainMatch = /(?:^|\/)(domain)\//.exec(normalizedPath)
if (!domainMatch) {
return undefined
}
const domainEndIndex = domainMatch.index + domainMatch[0].length
const pathAfterDomain = normalizedPath.substring(domainEndIndex)
return pathAfterDomain.split("/").filter(Boolean)
}
/**
* Finds aggregate name in path segments after domain folder
*/
private findAggregateInSegments(segments: string[]): string | undefined {
if (this.folderRegistry.isEntityFolder(segments[0])) {
return this.extractFromEntityFolder(segments)
}
const aggregate = segments[0]
if (this.folderRegistry.isNonAggregateFolder(aggregate)) {
return undefined
}
return aggregate
}
/**
* Extracts aggregate from entity folder structure
*/
private extractFromEntityFolder(segments: string[]): string | undefined {
if (segments.length < 3) {
return undefined
}
const aggregate = segments[1]
if (this.folderRegistry.isNonAggregateFolder(aggregate)) {
return undefined
}
return aggregate
}
/**
* Finds aggregate in import path segments
*/
private findAggregateInImportSegments(segments: string[]): string | undefined {
const aggregateFromDomainFolder = this.findAggregateAfterDomainFolder(segments)
if (aggregateFromDomainFolder) {
return aggregateFromDomainFolder
}
return this.findAggregateFromSecondLastSegment(segments)
}
/**
* Finds aggregate after 'domain' or 'aggregates' folder in import
*/
private findAggregateAfterDomainFolder(segments: string[]): string | undefined {
for (let i = 0; i < segments.length; i++) {
const isDomainOrAggregatesFolder =
segments[i] === DDD_FOLDER_NAMES.DOMAIN ||
segments[i] === DDD_FOLDER_NAMES.AGGREGATES
if (!isDomainOrAggregatesFolder) {
continue
}
if (i + 1 >= segments.length) {
continue
}
const nextSegment = segments[i + 1]
const isEntityOrAggregateFolder =
this.folderRegistry.isEntityFolder(nextSegment) ||
nextSegment === DDD_FOLDER_NAMES.AGGREGATES
if (isEntityOrAggregateFolder) {
return i + 2 < segments.length ? segments[i + 2] : undefined
}
return nextSegment
}
return undefined
}
/**
* Extracts aggregate from second-to-last segment if applicable
*/
private findAggregateFromSecondLastSegment(segments: string[]): string | undefined {
if (segments.length >= 2) {
const secondLastSegment = segments[segments.length - 2]
if (
!this.folderRegistry.isEntityFolder(secondLastSegment) &&
!this.folderRegistry.isValueObjectFolder(secondLastSegment) &&
!this.folderRegistry.isAllowedFolder(secondLastSegment) &&
secondLastSegment !== DDD_FOLDER_NAMES.DOMAIN
) {
return secondLastSegment
}
}
return undefined
}
}

92
packages/guardian/src/infrastructure/strategies/AstBooleanAnalyzer.ts Normal file
View File

@@ -0,0 +1,92 @@
import Parser from "tree-sitter"
import { HardcodedValue, HardcodeType } from "../../domain/value-objects/HardcodedValue"
import { DETECTION_VALUES } from "../../shared/constants/rules"
import { AstContextChecker } from "./AstContextChecker"
/**
* AST-based analyzer for detecting magic booleans
*
* Detects boolean literals used as arguments without clear meaning.
* Example: doSomething(true, false, true) - hard to understand
* Better: doSomething({ sync: true, validate: false, cache: true })
*/
export class AstBooleanAnalyzer {
constructor(private readonly contextChecker: AstContextChecker) {}
/**
* Analyzes a boolean node and returns a violation if it's a magic boolean
*/
public analyze(node: Parser.SyntaxNode, lines: string[]): HardcodedValue | null {
if (!this.shouldDetect(node)) {
return null
}
const value = node.text === DETECTION_VALUES.BOOLEAN_TRUE
return this.createViolation(node, value, lines)
}
/**
* Checks if boolean should be detected
*/
private shouldDetect(node: Parser.SyntaxNode): boolean {
if (this.contextChecker.isInExportedConstant(node)) {
return false
}
if (this.contextChecker.isInTypeContext(node)) {
return false
}
if (this.contextChecker.isInTestDescription(node)) {
return false
}
const parent = node.parent
if (!parent) {
return false
}
if (parent.type === "arguments") {
return this.isInFunctionCallWithMultipleBooleans(parent)
}
return false
}
/**
* Checks if function call has multiple boolean arguments
*/
private isInFunctionCallWithMultipleBooleans(argsNode: Parser.SyntaxNode): boolean {
let booleanCount = 0
for (const child of argsNode.children) {
if (child.type === "true" || child.type === "false") {
booleanCount++
}
}
return booleanCount >= 2
}
/**
* Creates a HardcodedValue violation from a boolean node
*/
private createViolation(
node: Parser.SyntaxNode,
value: boolean,
lines: string[],
): HardcodedValue {
const lineNumber = node.startPosition.row + 1
const column = node.startPosition.column
const context = lines[node.startPosition.row]?.trim() ?? ""
return HardcodedValue.create(
value,
"MAGIC_BOOLEAN" as HardcodeType,
lineNumber,
column,
context,
)
}
}

114
packages/guardian/src/infrastructure/strategies/AstConfigObjectAnalyzer.ts Normal file
View File

@@ -0,0 +1,114 @@
import Parser from "tree-sitter"
import { HardcodedValue, HardcodeType } from "../../domain/value-objects/HardcodedValue"
import { HARDCODE_TYPES } from "../../shared/constants/rules"
import { ALLOWED_NUMBERS } from "../constants/defaults"
import { AstContextChecker } from "./AstContextChecker"
/**
* AST-based analyzer for detecting configuration objects with hardcoded values
*
* Detects objects that contain multiple hardcoded values that should be
* extracted to a configuration file.
*
* Example:
* const config = { timeout: 5000, retries: 3, url: "http://..." }
*/
export class AstConfigObjectAnalyzer {
private readonly MIN_HARDCODED_VALUES = 2
constructor(private readonly contextChecker: AstContextChecker) {}
/**
* Analyzes an object expression and returns a violation if it contains many hardcoded values
*/
public analyze(node: Parser.SyntaxNode, lines: string[]): HardcodedValue | null {
if (node.type !== "object") {
return null
}
if (this.contextChecker.isInExportedConstant(node)) {
return null
}
if (this.contextChecker.isInTypeContext(node)) {
return null
}
const hardcodedCount = this.countHardcodedValues(node)
if (hardcodedCount < this.MIN_HARDCODED_VALUES) {
return null
}
return this.createViolation(node, hardcodedCount, lines)
}
/**
* Counts hardcoded values in an object
*/
private countHardcodedValues(objectNode: Parser.SyntaxNode): number {
let count = 0
for (const child of objectNode.children) {
if (child.type === "pair") {
const value = child.childForFieldName("value")
if (value && this.isHardcodedValue(value)) {
count++
}
}
}
return count
}
/**
* Checks if a node is a hardcoded value
*/
private isHardcodedValue(node: Parser.SyntaxNode): boolean {
if (node.type === "number") {
const value = parseInt(node.text, 10)
return !ALLOWED_NUMBERS.has(value) && value >= 100
}
if (node.type === "string") {
const stringFragment = node.children.find((c) => c.type === "string_fragment")
return stringFragment !== undefined && stringFragment.text.length > 3
}
return false
}
/**
* Creates a HardcodedValue violation for a config object
*/
private createViolation(
node: Parser.SyntaxNode,
hardcodedCount: number,
lines: string[],
): HardcodedValue {
const lineNumber = node.startPosition.row + 1
const column = node.startPosition.column
const context = lines[node.startPosition.row]?.trim() ?? ""
const objectPreview = this.getObjectPreview(node)
return HardcodedValue.create(
`Configuration object with ${String(hardcodedCount)} hardcoded values: ${objectPreview}`,
HARDCODE_TYPES.MAGIC_CONFIG as HardcodeType,
lineNumber,
column,
context,
)
}
/**
* Gets a preview of the object for the violation message
*/
private getObjectPreview(node: Parser.SyntaxNode): string {
const text = node.text
if (text.length <= 50) {
return text
}
return `${text.substring(0, 47)}...`
}
}

256
packages/guardian/src/infrastructure/strategies/AstContextChecker.ts Normal file
View File

@@ -0,0 +1,256 @@
import Parser from "tree-sitter"
/**
* AST context checker for analyzing node contexts
*
* Provides reusable methods to check if a node is in specific contexts
* like exports, type declarations, function calls, etc.
*/
export class AstContextChecker {
/**
* Checks if node is in an exported constant with "as const"
*/
public isInExportedConstant(node: Parser.SyntaxNode): boolean {
let current = node.parent
while (current) {
if (current.type === "export_statement") {
if (this.checkExportedConstant(current)) {
return true
}
}
current = current.parent
}
return false
}
/**
* Helper to check if export statement contains "as const"
*/
private checkExportedConstant(exportNode: Parser.SyntaxNode): boolean {
const declaration = exportNode.childForFieldName("declaration")
if (!declaration) {
return false
}
const declarator = this.findDescendant(declaration, "variable_declarator")
if (!declarator) {
return false
}
const value = declarator.childForFieldName("value")
if (value?.type !== "as_expression") {
return false
}
const asType = value.children.find((c) => c.type === "const")
return asType !== undefined
}
/**
* Checks if node is in a type context (union type, type alias, interface)
*/
public isInTypeContext(node: Parser.SyntaxNode): boolean {
let current = node.parent
while (current) {
if (
current.type === "type_alias_declaration" ||
current.type === "union_type" ||
current.type === "literal_type" ||
current.type === "interface_declaration" ||
current.type === "type_annotation"
) {
return true
}
current = current.parent
}
return false
}
/**
* Checks if node is in an import statement or import() call
*/
public isInImportStatement(node: Parser.SyntaxNode): boolean {
let current = node.parent
while (current) {
if (current.type === "import_statement") {
return true
}
if (current.type === "call_expression") {
const functionNode =
current.childForFieldName("function") ||
current.children.find((c) => c.type === "identifier" || c.type === "import")
if (
functionNode &&
(functionNode.text === "import" || functionNode.type === "import")
) {
return true
}
}
current = current.parent
}
return false
}
/**
* Checks if node is in a test description (test(), describe(), it())
*/
public isInTestDescription(node: Parser.SyntaxNode): boolean {
let current = node.parent
while (current) {
if (current.type === "call_expression") {
const callee = current.childForFieldName("function")
if (callee?.type === "identifier") {
const funcName = callee.text
if (
funcName === "test" ||
funcName === "describe" ||
funcName === "it" ||
funcName === "expect"
) {
return true
}
}
}
current = current.parent
}
return false
}
/**
* Checks if node is in a console.log or console.error call
*/
public isInConsoleCall(node: Parser.SyntaxNode): boolean {
let current = node.parent
while (current) {
if (current.type === "call_expression") {
const callee = current.childForFieldName("function")
if (callee?.type === "member_expression") {
const object = callee.childForFieldName("object")
const property = callee.childForFieldName("property")
if (
object?.text === "console" &&
property &&
(property.text === "log" ||
property.text === "error" ||
property.text === "warn")
) {
return true
}
}
}
current = current.parent
}
return false
}
/**
* Checks if node is in a Symbol() call
*/
public isInSymbolCall(node: Parser.SyntaxNode): boolean {
let current = node.parent
while (current) {
if (current.type === "call_expression") {
const callee = current.childForFieldName("function")
if (callee?.type === "identifier" && callee.text === "Symbol") {
return true
}
}
current = current.parent
}
return false
}
/**
* Checks if node is in a typeof check
*/
public isInTypeofCheck(node: Parser.SyntaxNode): boolean {
let current = node.parent
while (current) {
if (current.type === "binary_expression") {
const left = current.childForFieldName("left")
const right = current.childForFieldName("right")
if (left?.type === "unary_expression") {
const operator = left.childForFieldName("operator")
if (operator?.text === "typeof") {
return true
}
}
if (right?.type === "unary_expression") {
const operator = right.childForFieldName("operator")
if (operator?.text === "typeof") {
return true
}
}
}
current = current.parent
}
return false
}
/**
* Checks if parent is a call expression with specific function names
*/
public isInCallExpression(parent: Parser.SyntaxNode, functionNames: string[]): boolean {
if (parent.type === "arguments") {
const callExpr = parent.parent
if (callExpr?.type === "call_expression") {
const callee = callExpr.childForFieldName("function")
if (callee?.type === "identifier") {
return functionNames.includes(callee.text)
}
}
}
return false
}
/**
* Gets context text around a node
*/
public getNodeContext(node: Parser.SyntaxNode): string {
let current: Parser.SyntaxNode | null = node
while (current && current.type !== "lexical_declaration" && current.type !== "pair") {
current = current.parent
}
return current ? current.text.toLowerCase() : ""
}
/**
* Finds a descendant node by type
*/
private findDescendant(node: Parser.SyntaxNode, type: string): Parser.SyntaxNode | null {
if (node.type === type) {
return node
}
for (const child of node.children) {
const result = this.findDescendant(child, type)
if (result) {
return result
}
}
return null
}
}

132
packages/guardian/src/infrastructure/strategies/AstNumberAnalyzer.ts Normal file
View File

@@ -0,0 +1,132 @@
import Parser from "tree-sitter"
import { HardcodedValue, HardcodeType } from "../../domain/value-objects/HardcodedValue"
import { HARDCODE_TYPES } from "../../shared/constants/rules"
import { ALLOWED_NUMBERS, DETECTION_KEYWORDS } from "../constants/defaults"
import { AstContextChecker } from "./AstContextChecker"
/**
* AST-based analyzer for detecting magic numbers
*
* Analyzes number literal nodes in the AST to determine if they are
* hardcoded values that should be extracted to constants.
*/
export class AstNumberAnalyzer {
constructor(private readonly contextChecker: AstContextChecker) {}
/**
* Analyzes a number node and returns a violation if it's a magic number
*/
public analyze(node: Parser.SyntaxNode, lines: string[]): HardcodedValue | null {
const value = parseInt(node.text, 10)
if (ALLOWED_NUMBERS.has(value)) {
return null
}
if (this.contextChecker.isInExportedConstant(node)) {
return null
}
if (!this.shouldDetect(node, value)) {
return null
}
return this.createViolation(node, value, lines)
}
/**
* Checks if number should be detected based on context
*/
private shouldDetect(node: Parser.SyntaxNode, value: number): boolean {
const parent = node.parent
if (!parent) {
return false
}
if (this.contextChecker.isInCallExpression(parent, ["setTimeout", "setInterval"])) {
return true
}
if (parent.type === "variable_declarator") {
const identifier = parent.childForFieldName("name")
if (identifier && this.hasConfigKeyword(identifier.text.toLowerCase())) {
return true
}
}
if (parent.type === "pair") {
const key = parent.childForFieldName("key")
if (key && this.hasConfigKeyword(key.text.toLowerCase())) {
return true
}
}
if (value >= 100) {
const context = this.contextChecker.getNodeContext(node)
return this.looksLikeMagicNumber(context)
}
return false
}
/**
* Checks if name contains configuration keywords
*/
private hasConfigKeyword(name: string): boolean {
const keywords = [
DETECTION_KEYWORDS.TIMEOUT,
DETECTION_KEYWORDS.DELAY,
DETECTION_KEYWORDS.RETRY,
DETECTION_KEYWORDS.LIMIT,
DETECTION_KEYWORDS.MAX,
DETECTION_KEYWORDS.MIN,
DETECTION_KEYWORDS.PORT,
DETECTION_KEYWORDS.INTERVAL,
]
return (
keywords.some((keyword) => name.includes(keyword)) ||
name.includes("retries") ||
name.includes("attempts")
)
}
/**
* Checks if context suggests a magic number
*/
private looksLikeMagicNumber(context: string): boolean {
const configKeywords = [
DETECTION_KEYWORDS.TIMEOUT,
DETECTION_KEYWORDS.DELAY,
DETECTION_KEYWORDS.RETRY,
DETECTION_KEYWORDS.LIMIT,
DETECTION_KEYWORDS.MAX,
DETECTION_KEYWORDS.MIN,
DETECTION_KEYWORDS.PORT,
DETECTION_KEYWORDS.INTERVAL,
]
return configKeywords.some((keyword) => context.includes(keyword))
}
/**
* Creates a HardcodedValue violation from a number node
*/
private createViolation(
node: Parser.SyntaxNode,
value: number,
lines: string[],
): HardcodedValue {
const lineNumber = node.startPosition.row + 1
const column = node.startPosition.column
const context = lines[node.startPosition.row]?.trim() ?? ""
return HardcodedValue.create(
value,
HARDCODE_TYPES.MAGIC_NUMBER as HardcodeType,
lineNumber,
column,
context,
)
}
}

144
packages/guardian/src/infrastructure/strategies/AstStringAnalyzer.ts Normal file
View File

@@ -0,0 +1,144 @@
import Parser from "tree-sitter"
import { HardcodedValue, HardcodeType } from "../../domain/value-objects/HardcodedValue"
import { CONFIG_KEYWORDS, DETECTION_VALUES, HARDCODE_TYPES } from "../../shared/constants/rules"
import { AstContextChecker } from "./AstContextChecker"
import { ValuePatternMatcher } from "./ValuePatternMatcher"
/**
* AST-based analyzer for detecting magic strings
*
* Analyzes string literal nodes in the AST to determine if they are
* hardcoded values that should be extracted to constants.
*
* Detects various types of hardcoded strings:
* - URLs and connection strings
* - Email addresses
* - IP addresses
* - File paths
* - Dates
* - API keys
*/
export class AstStringAnalyzer {
private readonly patternMatcher: ValuePatternMatcher
constructor(private readonly contextChecker: AstContextChecker) {
this.patternMatcher = new ValuePatternMatcher()
}
/**
* Analyzes a string node and returns a violation if it's a magic string
*/
public analyze(node: Parser.SyntaxNode, lines: string[]): HardcodedValue | null {
const stringFragment = node.children.find((child) => child.type === "string_fragment")
if (!stringFragment) {
return null
}
const value = stringFragment.text
if (value.length <= 3) {
return null
}
if (this.contextChecker.isInExportedConstant(node)) {
return null
}
if (this.contextChecker.isInTypeContext(node)) {
return null
}
if (this.contextChecker.isInImportStatement(node)) {
return null
}
if (this.contextChecker.isInTestDescription(node)) {
return null
}
if (this.contextChecker.isInConsoleCall(node)) {
return null
}
if (this.contextChecker.isInSymbolCall(node)) {
return null
}
if (this.contextChecker.isInTypeofCheck(node)) {
return null
}
if (this.shouldDetect(node, value)) {
return this.createViolation(node, value, lines)
}
return null
}
/**
* Checks if string value should be detected
*/
private shouldDetect(node: Parser.SyntaxNode, value: string): boolean {
if (this.patternMatcher.shouldDetect(value)) {
return true
}
if (this.hasConfigurationContext(node)) {
return true
}
return false
}
/**
* Checks if string is in a configuration-related context
*/
private hasConfigurationContext(node: Parser.SyntaxNode): boolean {
const context = this.contextChecker.getNodeContext(node).toLowerCase()
const configKeywords = [
"url",
"uri",
...CONFIG_KEYWORDS.NETWORK,
"api",
...CONFIG_KEYWORDS.DATABASE,
"db",
"env",
...CONFIG_KEYWORDS.SECURITY,
"key",
...CONFIG_KEYWORDS.MESSAGES,
"label",
]
return configKeywords.some((keyword) => context.includes(keyword))
}
/**
* Creates a HardcodedValue violation from a string node
*/
private createViolation(
node: Parser.SyntaxNode,
value: string,
lines: string[],
): HardcodedValue {
const lineNumber = node.startPosition.row + 1
const column = node.startPosition.column
const context = lines[node.startPosition.row]?.trim() ?? ""
const detectedType = this.patternMatcher.detectType(value)
const valueType =
detectedType ||
(this.hasConfigurationContext(node)
? DETECTION_VALUES.TYPE_CONFIG
: DETECTION_VALUES.TYPE_GENERIC)
return HardcodedValue.create(
value,
HARDCODE_TYPES.MAGIC_STRING as HardcodeType,
lineNumber,
column,
context,
valueType,
)
}
}

21
packages/guardian/src/infrastructure/strategies/ConstantsFileChecker.ts Normal file
View File

@@ -0,0 +1,21 @@
/**
* Checks if a file is a constants definition file
*
* Identifies files that should be skipped for hardcode detection
* since they are meant to contain constant definitions.
*/
export class ConstantsFileChecker {
private readonly constantsPatterns = [
/^constants?\.(ts|js)$/i,
/constants?\/.*\.(ts|js)$/i,
/\/(constants|config|settings|defaults|tokens)\.ts$/i,
/\/di\/tokens\.(ts|js)$/i,
]
/**
* Checks if a file path represents a constants file
*/
public isConstantsFile(filePath: string): boolean {
return this.constantsPatterns.some((pattern) => pattern.test(filePath))
}
}

72
packages/guardian/src/infrastructure/strategies/FolderRegistry.ts Normal file
View File

@@ -0,0 +1,72 @@
import { DDD_FOLDER_NAMES } from "../constants/detectorPatterns"
/**
* Registry for DDD folder names used in aggregate boundary detection
*
* Centralizes folder name management for cleaner code organization
* and easier maintenance of folder name rules.
*/
export class FolderRegistry {
public readonly entityFolders: Set<string>
public readonly valueObjectFolders: Set<string>
public readonly allowedFolders: Set<string>
public readonly nonAggregateFolders: Set<string>
constructor() {
this.entityFolders = new Set<string>([
DDD_FOLDER_NAMES.ENTITIES,
DDD_FOLDER_NAMES.AGGREGATES,
])
this.valueObjectFolders = new Set<string>([
DDD_FOLDER_NAMES.VALUE_OBJECTS,
DDD_FOLDER_NAMES.VO,
])
this.allowedFolders = new Set<string>([
DDD_FOLDER_NAMES.VALUE_OBJECTS,
DDD_FOLDER_NAMES.VO,
DDD_FOLDER_NAMES.EVENTS,
DDD_FOLDER_NAMES.DOMAIN_EVENTS,
DDD_FOLDER_NAMES.REPOSITORIES,
DDD_FOLDER_NAMES.SERVICES,
DDD_FOLDER_NAMES.SPECIFICATIONS,
DDD_FOLDER_NAMES.ERRORS,
DDD_FOLDER_NAMES.EXCEPTIONS,
])
this.nonAggregateFolders = new Set<string>([
DDD_FOLDER_NAMES.VALUE_OBJECTS,
DDD_FOLDER_NAMES.VO,
DDD_FOLDER_NAMES.EVENTS,
DDD_FOLDER_NAMES.DOMAIN_EVENTS,
DDD_FOLDER_NAMES.REPOSITORIES,
DDD_FOLDER_NAMES.SERVICES,
DDD_FOLDER_NAMES.SPECIFICATIONS,
DDD_FOLDER_NAMES.ENTITIES,
DDD_FOLDER_NAMES.CONSTANTS,
DDD_FOLDER_NAMES.SHARED,
DDD_FOLDER_NAMES.FACTORIES,
DDD_FOLDER_NAMES.PORTS,
DDD_FOLDER_NAMES.INTERFACES,
DDD_FOLDER_NAMES.ERRORS,
DDD_FOLDER_NAMES.EXCEPTIONS,
])
}
public isEntityFolder(folderName: string): boolean {
return this.entityFolders.has(folderName)
}
public isValueObjectFolder(folderName: string): boolean {
return this.valueObjectFolders.has(folderName)
}
public isAllowedFolder(folderName: string): boolean {
return this.allowedFolders.has(folderName)
}
public isNonAggregateFolder(folderName: string): boolean {
return this.nonAggregateFolders.has(folderName)
}
}

150
packages/guardian/src/infrastructure/strategies/ImportValidator.ts Normal file
View File

@@ -0,0 +1,150 @@
import { IMPORT_PATTERNS } from "../constants/paths"
import { AggregatePathAnalyzer } from "./AggregatePathAnalyzer"
import { FolderRegistry } from "./FolderRegistry"
/**
* Validates imports for aggregate boundary violations
*
* Checks if imports cross aggregate boundaries inappropriately
* and ensures proper encapsulation in DDD architecture.
*/
export class ImportValidator {
constructor(
private readonly folderRegistry: FolderRegistry,
private readonly pathAnalyzer: AggregatePathAnalyzer,
) {}
/**
* Checks if an import violates aggregate boundaries
*/
public isViolation(importPath: string, currentAggregate: string): boolean {
const normalizedPath = this.normalizeImportPath(importPath)
if (!this.isValidImportPath(normalizedPath)) {
return false
}
if (this.isInternalBoundedContextImport(normalizedPath)) {
return false
}
const targetAggregate = this.pathAnalyzer.extractAggregateFromImport(normalizedPath)
if (!targetAggregate || targetAggregate === currentAggregate) {
return false
}
if (this.isAllowedImport(normalizedPath)) {
return false
}
return this.seemsLikeEntityImport(normalizedPath)
}
/**
* Extracts all import paths from a line of code
*/
public extractImports(line: string): string[] {
const imports: string[] = []
this.extractEsImports(line, imports)
this.extractRequireImports(line, imports)
return imports
}
/**
* Normalizes an import path for consistent processing
*/
private normalizeImportPath(importPath: string): string {
return importPath.replace(IMPORT_PATTERNS.QUOTE, "").toLowerCase()
}
/**
* Checks if import path is valid for analysis
*/
private isValidImportPath(normalizedPath: string): boolean {
if (!normalizedPath.includes("/")) {
return false
}
if (!normalizedPath.startsWith(".") && !normalizedPath.startsWith("/")) {
return false
}
return true
}
/**
* Checks if import is internal to the same bounded context
*/
private isInternalBoundedContextImport(normalizedPath: string): boolean {
const parts = normalizedPath.split("/")
const dotDotCount = parts.filter((p) => p === "..").length
if (dotDotCount === 1) {
const nonDotParts = parts.filter((p) => p !== ".." && p !== ".")
if (nonDotParts.length >= 1) {
const firstFolder = nonDotParts[0]
if (this.folderRegistry.isEntityFolder(firstFolder)) {
return true
}
}
}
return false
}
/**
* Checks if import is from an allowed folder
*/
private isAllowedImport(normalizedPath: string): boolean {
for (const folderName of this.folderRegistry.allowedFolders) {
if (normalizedPath.includes(`/${folderName}/`)) {
return true
}
}
return false
}
/**
* Checks if import seems to be an entity
*/
private seemsLikeEntityImport(normalizedPath: string): boolean {
const pathParts = normalizedPath.split("/")
const lastPart = pathParts[pathParts.length - 1]
if (!lastPart) {
return false
}
const filename = lastPart.replace(/\.(ts|js)$/, "")
if (filename.length > 0 && /^[a-z][a-z]/.exec(filename)) {
return true
}
return false
}
/**
* Extracts ES6 imports from a line
*/
private extractEsImports(line: string, imports: string[]): void {
let match = IMPORT_PATTERNS.ES_IMPORT.exec(line)
while (match) {
imports.push(match[1])
match = IMPORT_PATTERNS.ES_IMPORT.exec(line)
}
}
/**
* Extracts CommonJS requires from a line
*/
private extractRequireImports(line: string, imports: string[]): void {
let match = IMPORT_PATTERNS.REQUIRE.exec(line)
while (match) {
imports.push(match[1])
match = IMPORT_PATTERNS.REQUIRE.exec(line)
}
}
}

134
packages/guardian/src/infrastructure/strategies/MethodNameValidator.ts Normal file
View File

@@ -0,0 +1,134 @@
import { REPOSITORY_METHOD_SUGGESTIONS } from "../constants/detectorPatterns"
import { OrmTypeMatcher } from "./OrmTypeMatcher"
/**
* Validates repository method names for domain language compliance
*
* Ensures repository methods use domain language instead of
* technical database terminology.
*/
export class MethodNameValidator {
private readonly domainMethodPatterns = [
/^findBy[A-Z]/,
/^findAll$/,
/^find[A-Z]/,
/^save$/,
/^saveAll$/,
/^create$/,
/^update$/,
/^delete$/,
/^deleteBy[A-Z]/,
/^deleteAll$/,
/^remove$/,
/^removeBy[A-Z]/,
/^removeAll$/,
/^add$/,
/^add[A-Z]/,
/^get[A-Z]/,
/^getAll$/,
/^search/,
/^list/,
/^has[A-Z]/,
/^is[A-Z]/,
/^exists$/,
/^exists[A-Z]/,
/^existsBy[A-Z]/,
/^clear[A-Z]/,
/^clearAll$/,
/^store[A-Z]/,
/^initialize$/,
/^initializeCollection$/,
/^close$/,
/^connect$/,
/^disconnect$/,
/^count$/,
/^countBy[A-Z]/,
]
constructor(private readonly ormMatcher: OrmTypeMatcher) {}
/**
* Checks if a method name follows domain language conventions
*/
public isDomainMethodName(methodName: string): boolean {
if (this.ormMatcher.isTechnicalMethod(methodName)) {
return false
}
return this.domainMethodPatterns.some((pattern) => pattern.test(methodName))
}
/**
* Suggests better domain method names
*/
public suggestDomainMethodName(methodName: string): string {
const lowerName = methodName.toLowerCase()
const suggestions: string[] = []
this.collectSuggestions(lowerName, suggestions)
if (lowerName.includes("get") && lowerName.includes("all")) {
suggestions.push(
REPOSITORY_METHOD_SUGGESTIONS.FIND_ALL,
REPOSITORY_METHOD_SUGGESTIONS.LIST_ALL,
)
}
if (suggestions.length === 0) {
return REPOSITORY_METHOD_SUGGESTIONS.DEFAULT_SUGGESTION
}
return `Consider: ${suggestions.slice(0, 3).join(", ")}`
}
/**
* Collects method name suggestions based on keywords
*/
private collectSuggestions(lowerName: string, suggestions: string[]): void {
const suggestionMap: Record<string, string[]> = {
query: [
REPOSITORY_METHOD_SUGGESTIONS.SEARCH,
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
],
select: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
insert: [
REPOSITORY_METHOD_SUGGESTIONS.CREATE,
REPOSITORY_METHOD_SUGGESTIONS.ADD_ENTITY,
REPOSITORY_METHOD_SUGGESTIONS.STORE_ENTITY,
],
update: [
REPOSITORY_METHOD_SUGGESTIONS.UPDATE,
REPOSITORY_METHOD_SUGGESTIONS.MODIFY_ENTITY,
],
upsert: [
REPOSITORY_METHOD_SUGGESTIONS.SAVE,
REPOSITORY_METHOD_SUGGESTIONS.STORE_ENTITY,
],
remove: [
REPOSITORY_METHOD_SUGGESTIONS.DELETE,
REPOSITORY_METHOD_SUGGESTIONS.REMOVE_BY_PROPERTY,
],
fetch: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
retrieve: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
load: [
REPOSITORY_METHOD_SUGGESTIONS.FIND_BY_PROPERTY,
REPOSITORY_METHOD_SUGGESTIONS.GET_ENTITY,
],
}
for (const [keyword, keywords] of Object.entries(suggestionMap)) {
if (lowerName.includes(keyword)) {
suggestions.push(...keywords)
}
}
}
}

68
packages/guardian/src/infrastructure/strategies/OrmTypeMatcher.ts Normal file
View File

@@ -0,0 +1,68 @@
import { ORM_QUERY_METHODS } from "../constants/orm-methods"
import { REPOSITORY_PATTERN_MESSAGES } from "../../domain/constants/Messages"
/**
* Matches and validates ORM-specific types and patterns
*
* Identifies ORM-specific types (Prisma, TypeORM, Mongoose, etc.)
* that should not appear in domain layer repository interfaces.
*/
export class OrmTypeMatcher {
private readonly ormTypePatterns = [
/Prisma\./,
/PrismaClient/,
/TypeORM/,
/@Entity/,
/@Column/,
/@PrimaryColumn/,
/@PrimaryGeneratedColumn/,
/@ManyToOne/,
/@OneToMany/,
/@ManyToMany/,
/@JoinColumn/,
/@JoinTable/,
/Mongoose\./,
/Schema/,
/Model</,
/Document/,
/Sequelize\./,
/DataTypes\./,
/FindOptions/,
/WhereOptions/,
/IncludeOptions/,
/QueryInterface/,
/MikroORM/,
/EntityManager/,
/EntityRepository/,
/Collection</,
]
/**
* Checks if a type name is an ORM-specific type
*/
public isOrmType(typeName: string): boolean {
return this.ormTypePatterns.some((pattern) => pattern.test(typeName))
}
/**
* Extracts ORM type name from a code line
*/
public extractOrmType(line: string): string {
for (const pattern of this.ormTypePatterns) {
const match = line.match(pattern)
if (match) {
const startIdx = match.index || 0
const typeMatch = /[\w.]+/.exec(line.slice(startIdx))
return typeMatch ? typeMatch[0] : REPOSITORY_PATTERN_MESSAGES.UNKNOWN_TYPE
}
}
return REPOSITORY_PATTERN_MESSAGES.UNKNOWN_TYPE
}
/**
* Checks if a method name is a technical ORM method
*/
public isTechnicalMethod(methodName: string): boolean {
return (ORM_QUERY_METHODS as readonly string[]).includes(methodName)
}
}

31
packages/guardian/src/infrastructure/strategies/RepositoryFileAnalyzer.ts Normal file
View File

@@ -0,0 +1,31 @@
import { LAYERS } from "../../shared/constants/rules"
/**
* Analyzes files to determine their role in the repository pattern
*
* Identifies repository interfaces and use cases based on file paths
* and architectural layer conventions.
*/
export class RepositoryFileAnalyzer {
/**
* Checks if a file is a repository interface
*/
public isRepositoryInterface(filePath: string, layer: string | undefined): boolean {
if (layer !== LAYERS.DOMAIN) {
return false
}
return /I[A-Z]\w*Repository\.ts$/.test(filePath) && /repositories?\//.test(filePath)
}
/**
* Checks if a file is a use case
*/
public isUseCase(filePath: string, layer: string | undefined): boolean {
if (layer !== LAYERS.APPLICATION) {
return false
}
return /use-cases?\//.test(filePath) && /[A-Z][a-z]+[A-Z]\w*\.ts$/.test(filePath)
}
}

285
packages/guardian/src/infrastructure/strategies/RepositoryViolationDetector.ts Normal file
View File

@@ -0,0 +1,285 @@
import { RepositoryViolation } from "../../domain/value-objects/RepositoryViolation"
import { LAYERS, REPOSITORY_VIOLATION_TYPES } from "../../shared/constants/rules"
import { REPOSITORY_PATTERN_MESSAGES } from "../../domain/constants/Messages"
import { OrmTypeMatcher } from "./OrmTypeMatcher"
import { MethodNameValidator } from "./MethodNameValidator"
/**
* Detects specific repository pattern violations
*
* Handles detection of ORM types, non-domain methods, concrete repositories,
* and repository instantiation violations.
*/
export class RepositoryViolationDetector {
constructor(
private readonly ormMatcher: OrmTypeMatcher,
private readonly methodValidator: MethodNameValidator,
) {}
/**
* Detects ORM types in repository interface
*/
public detectOrmTypes(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
this.detectOrmInMethod(line, lineNumber, filePath, layer, violations)
this.detectOrmInLine(line, lineNumber, filePath, layer, violations)
}
return violations
}
/**
* Detects non-domain method names
*/
public detectNonDomainMethods(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const methodMatch = /^\s*(\w+)\s*\(/.exec(line)
if (methodMatch) {
const methodName = methodMatch[1]
if (
!this.methodValidator.isDomainMethodName(methodName) &&
!line.trim().startsWith("//")
) {
const suggestion = this.methodValidator.suggestDomainMethodName(methodName)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Method '${methodName}' uses technical name instead of domain language. ${suggestion}`,
undefined,
undefined,
methodName,
),
)
}
}
}
return violations
}
/**
* Detects concrete repository usage
*/
public detectConcreteRepositoryUsage(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
this.detectConcreteInConstructor(line, lineNumber, filePath, layer, violations)
this.detectConcreteInField(line, lineNumber, filePath, layer, violations)
}
return violations
}
/**
* Detects new Repository() instantiation
*/
public detectNewInstantiation(
code: string,
filePath: string,
layer: string | undefined,
): RepositoryViolation[] {
const violations: RepositoryViolation[] = []
const lines = code.split("\n")
for (let i = 0; i < lines.length; i++) {
const line = lines[i]
const lineNumber = i + 1
const newRepositoryMatch = /new\s+([A-Z]\w*Repository)\s*\(/.exec(line)
if (newRepositoryMatch && !line.trim().startsWith("//")) {
const repositoryName = newRepositoryMatch[1]
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NEW_REPOSITORY_IN_USE_CASE,
filePath,
layer || LAYERS.APPLICATION,
lineNumber,
`Use case creates repository with 'new ${repositoryName}()'`,
undefined,
repositoryName,
),
)
}
}
return violations
}
/**
* Detects ORM types in method signatures
*/
private detectOrmInMethod(
line: string,
lineNumber: number,
filePath: string,
layer: string | undefined,
violations: RepositoryViolation[],
): void {
const methodMatch =
/(\w+)\s*\([^)]*:\s*([^)]+)\)\s*:\s*.*?(?:Promise<([^>]+)>|([A-Z]\w+))/.exec(line)
if (methodMatch) {
const params = methodMatch[2]
const returnType = methodMatch[3] || methodMatch[4]
if (this.ormMatcher.isOrmType(params)) {
const ormType = this.ormMatcher.extractOrmType(params)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Method parameter uses ORM type: ${ormType}`,
ormType,
),
)
}
if (returnType && this.ormMatcher.isOrmType(returnType)) {
const ormType = this.ormMatcher.extractOrmType(returnType)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Method return type uses ORM type: ${ormType}`,
ormType,
),
)
}
}
}
/**
* Detects ORM types in general code line
*/
private detectOrmInLine(
line: string,
lineNumber: number,
filePath: string,
layer: string | undefined,
violations: RepositoryViolation[],
): void {
if (this.ormMatcher.isOrmType(line) && !line.trim().startsWith("//")) {
const ormType = this.ormMatcher.extractOrmType(line)
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
filePath,
layer || LAYERS.DOMAIN,
lineNumber,
`Repository interface contains ORM-specific type: ${ormType}`,
ormType,
),
)
}
}
/**
* Detects concrete repository in constructor
*/
private detectConcreteInConstructor(
line: string,
lineNumber: number,
filePath: string,
layer: string | undefined,
violations: RepositoryViolation[],
): void {
const constructorParamMatch =
/constructor\s*\([^)]*(?:private|public|protected)\s+(?:readonly\s+)?(\w+)\s*:\s*([A-Z]\w*Repository)/.exec(
line,
)
if (constructorParamMatch) {
const repositoryType = constructorParamMatch[2]
if (!repositoryType.startsWith("I")) {
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
filePath,
layer || LAYERS.APPLICATION,
lineNumber,
`Use case depends on concrete repository '${repositoryType}'`,
undefined,
repositoryType,
),
)
}
}
}
/**
* Detects concrete repository in field
*/
private detectConcreteInField(
line: string,
lineNumber: number,
filePath: string,
layer: string | undefined,
violations: RepositoryViolation[],
): void {
const fieldMatch =
/(?:private|public|protected)\s+(?:readonly\s+)?(\w+)\s*:\s*([A-Z]\w*Repository)/.exec(
line,
)
if (fieldMatch) {
const repositoryType = fieldMatch[2]
if (
!repositoryType.startsWith("I") &&
!line.includes(REPOSITORY_PATTERN_MESSAGES.CONSTRUCTOR)
) {
violations.push(
RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
filePath,
layer || LAYERS.APPLICATION,
lineNumber,
`Use case field uses concrete repository '${repositoryType}'`,
undefined,
repositoryType,
),
)
}
}
}
}

191
packages/guardian/src/infrastructure/strategies/ValuePatternMatcher.ts Normal file
View File

@@ -0,0 +1,191 @@
/**
* Pattern matcher for detecting specific value types
*
* Provides pattern matching for emails, IPs, paths, dates, UUIDs, versions, and other common hardcoded values
*/
export class ValuePatternMatcher {
private static readonly EMAIL_PATTERN = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/
private static readonly IP_V4_PATTERN = /^(\d{1,3}\.){3}\d{1,3}$/
private static readonly IP_V6_PATTERN =
/^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^::([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}$/
private static readonly DATE_ISO_PATTERN = /^\d{4}-\d{2}-\d{2}$/
private static readonly URL_PATTERN = /^https?:\/\/|^mongodb:\/\/|^postgresql:\/\//
private static readonly UNIX_PATH_PATTERN = /^\/[a-zA-Z0-9/_-]+/
private static readonly WINDOWS_PATH_PATTERN = /^[a-zA-Z]:\\[a-zA-Z0-9\\/_-]+/
private static readonly API_KEY_PATTERN = /^(sk_|pk_|api_|key_)[a-zA-Z0-9_-]{20,}$/
private static readonly UUID_PATTERN =
/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
private static readonly SEMVER_PATTERN = /^\d+\.\d+\.\d+(-[\w.-]+)?(\+[\w.-]+)?$/
private static readonly HEX_COLOR_PATTERN = /^#([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/
private static readonly MAC_ADDRESS_PATTERN = /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/
private static readonly BASE64_PATTERN =
/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/
private static readonly JWT_PATTERN = /^eyJ[A-Za-z0-9-_]+\.eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/
/**
* Checks if value is an email address
*/
public isEmail(value: string): boolean {
return ValuePatternMatcher.EMAIL_PATTERN.test(value)
}
/**
* Checks if value is an IP address (v4 or v6)
*/
public isIpAddress(value: string): boolean {
return (
ValuePatternMatcher.IP_V4_PATTERN.test(value) ||
ValuePatternMatcher.IP_V6_PATTERN.test(value)
)
}
/**
* Checks if value is a date in ISO format
*/
public isDate(value: string): boolean {
return ValuePatternMatcher.DATE_ISO_PATTERN.test(value)
}
/**
* Checks if value is a URL
*/
public isUrl(value: string): boolean {
return ValuePatternMatcher.URL_PATTERN.test(value)
}
/**
* Checks if value is a file path (Unix or Windows)
*/
public isFilePath(value: string): boolean {
return (
ValuePatternMatcher.UNIX_PATH_PATTERN.test(value) ||
ValuePatternMatcher.WINDOWS_PATH_PATTERN.test(value)
)
}
/**
* Checks if value looks like an API key
*/
public isApiKey(value: string): boolean {
return ValuePatternMatcher.API_KEY_PATTERN.test(value)
}
/**
* Checks if value is a UUID
*/
public isUuid(value: string): boolean {
return ValuePatternMatcher.UUID_PATTERN.test(value)
}
/**
* Checks if value is a semantic version
*/
public isSemver(value: string): boolean {
return ValuePatternMatcher.SEMVER_PATTERN.test(value)
}
/**
* Checks if value is a hex color
*/
public isHexColor(value: string): boolean {
return ValuePatternMatcher.HEX_COLOR_PATTERN.test(value)
}
/**
* Checks if value is a MAC address
*/
public isMacAddress(value: string): boolean {
return ValuePatternMatcher.MAC_ADDRESS_PATTERN.test(value)
}
/**
* Checks if value is Base64 encoded (min length 20 to avoid false positives)
*/
public isBase64(value: string): boolean {
return value.length >= 20 && ValuePatternMatcher.BASE64_PATTERN.test(value)
}
/**
* Checks if value is a JWT token
*/
public isJwt(value: string): boolean {
return ValuePatternMatcher.JWT_PATTERN.test(value)
}
/**
* Detects the type of value
*/
public detectType(
value: string,
):
| "email"
| "url"
| "ip_address"
| "file_path"
| "date"
| "api_key"
| "uuid"
| "version"
| "color"
| "mac_address"
| "base64"
| null {
if (this.isEmail(value)) {
return "email"
}
if (this.isJwt(value)) {
return "api_key"
}
if (this.isApiKey(value)) {
return "api_key"
}
if (this.isUrl(value)) {
return "url"
}
if (this.isIpAddress(value)) {
return "ip_address"
}
if (this.isFilePath(value)) {
return "file_path"
}
if (this.isDate(value)) {
return "date"
}
if (this.isUuid(value)) {
return "uuid"
}
if (this.isSemver(value)) {
return "version"
}
if (this.isHexColor(value)) {
return "color"
}
if (this.isMacAddress(value)) {
return "mac_address"
}
if (this.isBase64(value)) {
return "base64"
}
return null
}
/**
* Checks if value should be detected as hardcoded
*/
public shouldDetect(value: string): boolean {
return (
this.isEmail(value) ||
this.isUrl(value) ||
this.isIpAddress(value) ||
this.isFilePath(value) ||
this.isDate(value) ||
this.isApiKey(value) ||
this.isUuid(value) ||
this.isSemver(value) ||
this.isHexColor(value) ||
this.isMacAddress(value) ||
this.isBase64(value) ||
this.isJwt(value)
)
}
}

21
packages/guardian/src/shared/constants/index.ts
View File

@@ -45,6 +45,25 @@ export const TYPE_NAMES = {
OBJECT: "object",
} as const
/**
* TypeScript class and method keywords
*/
export const CLASS_KEYWORDS = {
CONSTRUCTOR: "constructor",
PUBLIC: "public",
PRIVATE: "private",
PROTECTED: "protected",
} as const
/**
* Example code constants for documentation
*/
export const EXAMPLE_CODE_CONSTANTS = {
ORDER_STATUS_PENDING: "pending",
ORDER_STATUS_APPROVED: "approved",
CANNOT_APPROVE_ERROR: "Cannot approve",
} as const
/**
* Common regex patterns
*/
@@ -86,12 +105,14 @@ export const SEVERITY_ORDER: Record<SeverityLevel, number> = {
* Violation type to severity mapping
*/
export const VIOLATION_SEVERITY_MAP = {
SECRET_EXPOSURE: SEVERITY_LEVELS.CRITICAL,
CIRCULAR_DEPENDENCY: SEVERITY_LEVELS.CRITICAL,
REPOSITORY_PATTERN: SEVERITY_LEVELS.CRITICAL,
AGGREGATE_BOUNDARY: SEVERITY_LEVELS.CRITICAL,
DEPENDENCY_DIRECTION: SEVERITY_LEVELS.HIGH,
FRAMEWORK_LEAK: SEVERITY_LEVELS.HIGH,
ENTITY_EXPOSURE: SEVERITY_LEVELS.HIGH,
ANEMIC_MODEL: SEVERITY_LEVELS.MEDIUM,
NAMING_CONVENTION: SEVERITY_LEVELS.MEDIUM,
ARCHITECTURE: SEVERITY_LEVELS.MEDIUM,
HARDCODE: SEVERITY_LEVELS.LOW,

128
packages/guardian/src/shared/constants/rules.ts
View File

@@ -11,6 +11,8 @@ export const RULES = {
DEPENDENCY_DIRECTION: "dependency-direction",
REPOSITORY_PATTERN: "repository-pattern",
AGGREGATE_BOUNDARY: "aggregate-boundary",
SECRET_EXPOSURE: "secret-exposure",
ANEMIC_MODEL: "anemic-model",
} as const
/**
@@ -19,6 +21,7 @@ export const RULES = {
export const HARDCODE_TYPES = {
MAGIC_NUMBER: "magic-number",
MAGIC_STRING: "magic-string",
MAGIC_BOOLEAN: "magic-boolean",
MAGIC_CONFIG: "magic-config",
} as const
@@ -102,32 +105,35 @@ export const NAMING_PATTERNS = {
* Common verbs for use cases
*/
export const USE_CASE_VERBS = [
"Aggregate",
"Analyze",
"Create",
"Update",
"Delete",
"Get",
"Find",
"List",
"Search",
"Validate",
"Calculate",
"Generate",
"Send",
"Fetch",
"Process",
"Execute",
"Handle",
"Register",
"Approve",
"Authenticate",
"Authorize",
"Import",
"Export",
"Place",
"Calculate",
"Cancel",
"Approve",
"Reject",
"Collect",
"Confirm",
"Create",
"Delete",
"Execute",
"Export",
"Fetch",
"Find",
"Generate",
"Get",
"Handle",
"Import",
"List",
"Parse",
"Place",
"Process",
"Register",
"Reject",
"Search",
"Send",
"Update",
"Validate",
] as const
/**
@@ -411,3 +417,83 @@ export const REPOSITORY_VIOLATION_TYPES = {
NEW_REPOSITORY_IN_USE_CASE: "new-repository-in-use-case",
NON_DOMAIN_METHOD_NAME: "non-domain-method-name",
} as const
/**
* Detection patterns for sensitive keywords
*/
export const DETECTION_PATTERNS = {
SENSITIVE_KEYWORDS: ["password", "secret", "token", "auth", "credential"],
BUSINESS_KEYWORDS: ["price", "salary", "balance", "amount", "limit", "threshold", "quota"],
TECHNICAL_KEYWORDS: [
"timeout",
"retry",
"attempt",
"maxretries",
"database",
"connection",
"host",
"port",
"endpoint",
],
MEDIUM_KEYWORDS: ["delay", "interval", "duration", "size", "count", "max", "min"],
UI_KEYWORDS: [
"padding",
"margin",
"width",
"height",
"color",
"style",
"label",
"title",
"placeholder",
"icon",
"text",
"display",
],
} as const
/**
* Configuration detection keywords
*/
export const CONFIG_KEYWORDS = {
NETWORK: ["endpoint", "host", "domain", "path", "route"],
DATABASE: ["connection", "database"],
SECURITY: ["config", "secret", "token", "password", "credential"],
MESSAGES: ["message", "error", "warning", "text"],
} as const
/**
* Detection comparison values
*/
export const DETECTION_VALUES = {
BOOLEAN_TRUE: "true",
BOOLEAN_FALSE: "false",
TYPE_CONFIG: "config",
TYPE_GENERIC: "generic",
} as const
/**
* Boolean constants for analyzers
*/
export const ANALYZER_DEFAULTS = {
HAS_ONLY_GETTERS_SETTERS: false,
HAS_PUBLIC_SETTERS: false,
HAS_BUSINESS_LOGIC: false,
} as const
/**
* Anemic model detection flags
*/
export const ANEMIC_MODEL_FLAGS = {
HAS_ONLY_GETTERS_SETTERS_TRUE: true,
HAS_ONLY_GETTERS_SETTERS_FALSE: false,
HAS_PUBLIC_SETTERS_TRUE: true,
HAS_PUBLIC_SETTERS_FALSE: false,
} as const
/**
* External package constants
*/
export const EXTERNAL_PACKAGES = {
SECRETLINT_PRESET: "@secretlint/secretlint-rule-preset-recommend",
} as const

372
packages/guardian/tests/AnemicModelDetector.test.ts Normal file
View File

@@ -0,0 +1,372 @@
import { describe, it, expect, beforeEach } from "vitest"
import { AnemicModelDetector } from "../src/infrastructure/analyzers/AnemicModelDetector"
describe("AnemicModelDetector", () => {
let detector: AnemicModelDetector
beforeEach(() => {
detector = new AnemicModelDetector()
})
describe("detectAnemicModels", () => {
it("should detect class with only getters and setters", () => {
const code = `
class Order {
private status: string
private total: number
getStatus(): string {
return this.status
}
setStatus(status: string): void {
this.status = status
}
getTotal(): number {
return this.total
}
setTotal(total: number): void {
this.total = total
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/Order.ts",
"domain",
)
expect(violations).toHaveLength(1)
expect(violations[0].className).toBe("Order")
expect(violations[0].methodCount).toBeGreaterThan(0)
expect(violations[0].propertyCount).toBeGreaterThan(0)
expect(violations[0].getMessage()).toContain("Order")
})
it("should detect class with public setters", () => {
const code = `
class User {
private email: string
private password: string
public setEmail(email: string): void {
this.email = email
}
public getEmail(): string {
return this.email
}
public setPassword(password: string): void {
this.password = password
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/User.ts",
"domain",
)
expect(violations).toHaveLength(1)
expect(violations[0].className).toBe("User")
expect(violations[0].hasPublicSetters).toBe(true)
})
it("should not detect rich domain model with business logic", () => {
const code = `
class Order {
private readonly id: string
private status: OrderStatus
private items: OrderItem[]
public approve(): void {
if (!this.canBeApproved()) {
throw new Error("Cannot approve")
}
this.status = OrderStatus.APPROVED
}
public reject(reason: string): void {
if (!this.canBeRejected()) {
throw new Error("Cannot reject")
}
this.status = OrderStatus.REJECTED
}
public addItem(item: OrderItem): void {
if (this.isApproved()) {
throw new Error("Cannot modify approved order")
}
this.items.push(item)
}
public calculateTotal(): Money {
return this.items.reduce((sum, item) => sum.add(item.getPrice()), Money.zero())
}
public getStatus(): OrderStatus {
return this.status
}
private canBeApproved(): boolean {
return this.status === OrderStatus.PENDING
}
private canBeRejected(): boolean {
return this.status === OrderStatus.PENDING
}
private isApproved(): boolean {
return this.status === OrderStatus.APPROVED
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/Order.ts",
"domain",
)
expect(violations).toHaveLength(0)
})
it("should not analyze files outside domain layer", () => {
const code = `
class OrderDto {
getStatus(): string {
return this.status
}
setStatus(status: string): void {
this.status = status
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/application/dtos/OrderDto.ts",
"application",
)
expect(violations).toHaveLength(0)
})
it("should not analyze DTO files", () => {
const code = `
class UserDto {
private email: string
getEmail(): string {
return this.email
}
setEmail(email: string): void {
this.email = email
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/dtos/UserDto.ts",
"domain",
)
expect(violations).toHaveLength(0)
})
it("should not analyze test files", () => {
const code = `
class Order {
getStatus(): string {
return this.status
}
setStatus(status: string): void {
this.status = status
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/Order.test.ts",
"domain",
)
expect(violations).toHaveLength(0)
})
it("should detect anemic model in entities folder", () => {
const code = `
class Product {
private name: string
private price: number
getName(): string {
return this.name
}
setName(name: string): void {
this.name = name
}
getPrice(): number {
return this.price
}
setPrice(price: number): void {
this.price = price
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/Product.ts",
"domain",
)
expect(violations).toHaveLength(1)
expect(violations[0].className).toBe("Product")
})
it("should detect anemic model in aggregates folder", () => {
const code = `
class Customer {
private email: string
getEmail(): string {
return this.email
}
setEmail(email: string): void {
this.email = email
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/aggregates/customer/Customer.ts",
"domain",
)
expect(violations).toHaveLength(1)
expect(violations[0].className).toBe("Customer")
})
it("should not detect class with good method-to-property ratio", () => {
const code = `
class Account {
private balance: number
private isActive: boolean
public deposit(amount: number): void {
if (amount <= 0) throw new Error("Invalid amount")
this.balance += amount
}
public withdraw(amount: number): void {
if (amount > this.balance) throw new Error("Insufficient funds")
this.balance -= amount
}
public activate(): void {
this.isActive = true
}
public deactivate(): void {
this.isActive = false
}
public getBalance(): number {
return this.balance
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/Account.ts",
"domain",
)
expect(violations).toHaveLength(0)
})
it("should handle class with no properties or methods", () => {
const code = `
class EmptyEntity {
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/EmptyEntity.ts",
"domain",
)
expect(violations).toHaveLength(0)
})
it("should detect multiple anemic classes in one file", () => {
const code = `
class Order {
getStatus() { return this.status }
setStatus(status: string) { this.status = status }
}
class Item {
getPrice() { return this.price }
setPrice(price: number) { this.price = price }
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/Models.ts",
"domain",
)
expect(violations).toHaveLength(2)
expect(violations[0].className).toBe("Order")
expect(violations[1].className).toBe("Item")
})
it("should provide correct violation details", () => {
const code = `
class Payment {
private amount: number
private currency: string
getAmount(): number {
return this.amount
}
setAmount(amount: number): void {
this.amount = amount
}
getCurrency(): string {
return this.currency
}
setCurrency(currency: string): void {
this.currency = currency
}
}
`
const violations = detector.detectAnemicModels(
code,
"src/domain/entities/Payment.ts",
"domain",
)
expect(violations).toHaveLength(1)
const violation = violations[0]
expect(violation.className).toBe("Payment")
expect(violation.filePath).toBe("src/domain/entities/Payment.ts")
expect(violation.layer).toBe("domain")
expect(violation.line).toBeGreaterThan(0)
expect(violation.getMessage()).toContain("Payment")
expect(violation.getSuggestion()).toContain("business")
})
})
})

285
packages/guardian/tests/e2e/AnalyzeProject.e2e.test.ts Normal file
View File

@@ -0,0 +1,285 @@
import { describe, it, expect } from "vitest"
import { analyzeProject } from "../../src/api"
import path from "path"
describe("AnalyzeProject E2E", () => {
const EXAMPLES_DIR = path.join(__dirname, "../../examples")
describe("Full Pipeline", () => {
it("should analyze project and return complete results", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
expect(result).toBeDefined()
expect(result.metrics).toBeDefined()
expect(result.metrics.totalFiles).toBeGreaterThan(0)
expect(result.metrics.totalFunctions).toBeGreaterThanOrEqual(0)
expect(result.metrics.totalImports).toBeGreaterThanOrEqual(0)
expect(result.dependencyGraph).toBeDefined()
expect(Array.isArray(result.hardcodeViolations)).toBe(true)
expect(Array.isArray(result.violations)).toBe(true)
expect(Array.isArray(result.circularDependencyViolations)).toBe(true)
expect(Array.isArray(result.namingViolations)).toBe(true)
expect(Array.isArray(result.frameworkLeakViolations)).toBe(true)
expect(Array.isArray(result.entityExposureViolations)).toBe(true)
expect(Array.isArray(result.dependencyDirectionViolations)).toBe(true)
expect(Array.isArray(result.repositoryPatternViolations)).toBe(true)
expect(Array.isArray(result.aggregateBoundaryViolations)).toBe(true)
expect(Array.isArray(result.anemicModelViolations)).toBe(true)
})
it("should respect exclude patterns", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({
rootDir,
exclude: ["**/dtos/**", "**/mappers/**"],
})
expect(result.metrics.totalFiles).toBeGreaterThan(0)
const allFiles = [
...result.hardcodeViolations.map((v) => v.file),
...result.violations.map((v) => v.file),
...result.namingViolations.map((v) => v.file),
]
allFiles.forEach((file) => {
expect(file).not.toContain("/dtos/")
expect(file).not.toContain("/mappers/")
})
})
it("should detect violations across all detectors", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture")
const result = await analyzeProject({ rootDir })
const totalViolations =
result.hardcodeViolations.length +
result.violations.length +
result.circularDependencyViolations.length +
result.namingViolations.length +
result.frameworkLeakViolations.length +
result.entityExposureViolations.length +
result.dependencyDirectionViolations.length +
result.repositoryPatternViolations.length +
result.aggregateBoundaryViolations.length +
result.anemicModelViolations.length
expect(totalViolations).toBeGreaterThan(0)
})
})
describe("Good Architecture Examples", () => {
it("should find zero violations in good-architecture/", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
expect(result.violations.length).toBe(0)
expect(result.frameworkLeakViolations.length).toBe(0)
expect(result.entityExposureViolations.length).toBe(0)
expect(result.dependencyDirectionViolations.length).toBe(0)
expect(result.circularDependencyViolations.length).toBe(0)
expect(result.anemicModelViolations.length).toBe(0)
})
it("should have no dependency direction violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture/dependency-direction")
const result = await analyzeProject({ rootDir })
const goodFiles = result.dependencyDirectionViolations.filter((v) =>
v.file.includes("Good"),
)
expect(goodFiles.length).toBe(0)
})
it("should have no entity exposure in good controller", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture/entity-exposure")
const result = await analyzeProject({ rootDir })
expect(result.entityExposureViolations.length).toBe(0)
})
})
describe("Bad Architecture Examples", () => {
it("should detect hardcoded values in bad examples", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/hardcoded")
const result = await analyzeProject({ rootDir })
expect(result.hardcodeViolations.length).toBeGreaterThan(0)
const magicNumbers = result.hardcodeViolations.filter((v) => v.type === "magic-number")
expect(magicNumbers.length).toBeGreaterThan(0)
})
it("should detect circular dependencies", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/circular")
const result = await analyzeProject({ rootDir })
if (result.circularDependencyViolations.length > 0) {
const violation = result.circularDependencyViolations[0]
expect(violation.cycle).toBeDefined()
expect(violation.cycle.length).toBeGreaterThanOrEqual(2)
expect(violation.severity).toBe("critical")
}
})
it("should detect framework leaks in domain", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/framework-leaks")
const result = await analyzeProject({ rootDir })
if (result.frameworkLeakViolations.length > 0) {
const violation = result.frameworkLeakViolations[0]
expect(violation.packageName).toBeDefined()
expect(violation.severity).toBe("high")
}
})
it("should detect naming convention violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/naming")
const result = await analyzeProject({ rootDir })
if (result.namingViolations.length > 0) {
const violation = result.namingViolations[0]
expect(violation.expected).toBeDefined()
expect(violation.severity).toBe("medium")
}
})
it("should detect entity exposure violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/entity-exposure")
const result = await analyzeProject({ rootDir })
if (result.entityExposureViolations.length > 0) {
const violation = result.entityExposureViolations[0]
expect(violation.entityName).toBeDefined()
expect(violation.severity).toBe("high")
}
})
it("should detect dependency direction violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/dependency-direction")
const result = await analyzeProject({ rootDir })
if (result.dependencyDirectionViolations.length > 0) {
const violation = result.dependencyDirectionViolations[0]
expect(violation.fromLayer).toBeDefined()
expect(violation.toLayer).toBeDefined()
expect(violation.severity).toBe("high")
}
})
it("should detect repository pattern violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "repository-pattern")
const result = await analyzeProject({ rootDir })
const badViolations = result.repositoryPatternViolations.filter((v) =>
v.file.includes("bad"),
)
if (badViolations.length > 0) {
const violation = badViolations[0]
expect(violation.violationType).toBeDefined()
expect(violation.severity).toBe("critical")
}
})
it("should detect aggregate boundary violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "aggregate-boundary/bad")
const result = await analyzeProject({ rootDir })
if (result.aggregateBoundaryViolations.length > 0) {
const violation = result.aggregateBoundaryViolations[0]
expect(violation.fromAggregate).toBeDefined()
expect(violation.toAggregate).toBeDefined()
expect(violation.severity).toBe("critical")
}
})
})
describe("Metrics", () => {
it("should provide accurate file counts", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
expect(result.metrics.totalFiles).toBeGreaterThan(0)
expect(result.metrics.totalFunctions).toBeGreaterThanOrEqual(0)
expect(result.metrics.totalImports).toBeGreaterThanOrEqual(0)
})
it("should track layer distribution", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
expect(result.metrics.layerDistribution).toBeDefined()
expect(typeof result.metrics.layerDistribution).toBe("object")
})
it("should calculate correct metrics for bad architecture", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture")
const result = await analyzeProject({ rootDir })
expect(result.metrics.totalFiles).toBeGreaterThan(0)
expect(result.metrics.totalFunctions).toBeGreaterThanOrEqual(0)
expect(result.metrics.totalImports).toBeGreaterThanOrEqual(0)
})
})
describe("Dependency Graph", () => {
it("should build dependency graph for analyzed files", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
expect(result.dependencyGraph).toBeDefined()
expect(result.files).toBeDefined()
expect(Array.isArray(result.files)).toBe(true)
})
it("should track file metadata", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
if (result.files.length > 0) {
const file = result.files[0]
expect(file).toHaveProperty("path")
}
})
})
describe("Error Handling", () => {
it("should handle non-existent directory", async () => {
const rootDir = path.join(EXAMPLES_DIR, "non-existent-directory")
await expect(analyzeProject({ rootDir })).rejects.toThrow()
})
it("should handle empty directory gracefully", async () => {
const rootDir = path.join(__dirname, "../../dist")
const result = await analyzeProject({ rootDir })
expect(result).toBeDefined()
expect(result.metrics.totalFiles).toBeGreaterThanOrEqual(0)
})
})
})

278
packages/guardian/tests/e2e/CLI.e2e.test.ts Normal file
View File

@@ -0,0 +1,278 @@
import { describe, it, expect, beforeAll } from "vitest"
import { spawn } from "child_process"
import path from "path"
import { promisify } from "util"
import { exec } from "child_process"
const execAsync = promisify(exec)
describe("CLI E2E", () => {
const CLI_PATH = path.join(__dirname, "../../bin/guardian.js")
const EXAMPLES_DIR = path.join(__dirname, "../../examples")
beforeAll(async () => {
await execAsync("pnpm build", {
cwd: path.join(__dirname, "../../"),
})
})
const runCLI = async (
args: string,
): Promise<{ stdout: string; stderr: string; exitCode: number }> => {
try {
const { stdout, stderr } = await execAsync(`node ${CLI_PATH} ${args}`)
return { stdout, stderr, exitCode: 0 }
} catch (error: unknown) {
const err = error as { stdout?: string; stderr?: string; code?: number }
return {
stdout: err.stdout || "",
stderr: err.stderr || "",
exitCode: err.code || 1,
}
}
}
describe("Smoke Tests", () => {
it("should display version", async () => {
const { stdout } = await execAsync(`node ${CLI_PATH} --version`)
expect(stdout).toMatch(/\d+\.\d+\.\d+/)
})
it("should display help", async () => {
const { stdout } = await execAsync(`node ${CLI_PATH} --help`)
expect(stdout).toContain("Usage:")
expect(stdout).toContain("check")
expect(stdout).toContain("Options:")
})
it("should run check command successfully", async () => {
const goodArchDir = path.join(EXAMPLES_DIR, "good-architecture")
const { stdout } = await runCLI(`check ${goodArchDir}`)
expect(stdout).toContain("Analyzing")
}, 30000)
})
describe("Output Format", () => {
it("should display violation counts", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout } = await runCLI(`check ${badArchDir}`)
expect(stdout).toContain("Analyzing")
const hasViolationCount = stdout.includes("Found") || stdout.includes("issue")
expect(hasViolationCount).toBe(true)
}, 30000)
it("should display file paths with violations", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture/hardcoded")
const { stdout } = await runCLI(`check ${badArchDir}`)
expect(stdout).toMatch(/\.ts/)
}, 30000)
it("should display severity levels", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout } = await runCLI(`check ${badArchDir}`)
const hasSeverity =
stdout.includes("🔴") ||
stdout.includes("🟠") ||
stdout.includes("🟡") ||
stdout.includes("🟢") ||
stdout.includes("CRITICAL") ||
stdout.includes("HIGH") ||
stdout.includes("MEDIUM") ||
stdout.includes("LOW")
expect(hasSeverity).toBe(true)
}, 30000)
})
describe("CLI Options", () => {
it("should respect --limit option", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout } = await runCLI(`check ${badArchDir} --limit 5`)
expect(stdout).toContain("Analyzing")
}, 30000)
it("should respect --only-critical option", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout } = await runCLI(`check ${badArchDir} --only-critical`)
expect(stdout).toContain("Analyzing")
if (stdout.includes("🔴") || stdout.includes("CRITICAL")) {
const hasNonCritical =
stdout.includes("🟠") ||
stdout.includes("🟡") ||
stdout.includes("🟢") ||
(stdout.includes("HIGH") && !stdout.includes("CRITICAL")) ||
stdout.includes("MEDIUM") ||
stdout.includes("LOW")
expect(hasNonCritical).toBe(false)
}
}, 30000)
it("should respect --min-severity option", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout } = await runCLI(`check ${badArchDir} --min-severity high`)
expect(stdout).toContain("Analyzing")
}, 30000)
it("should respect --exclude option", async () => {
const goodArchDir = path.join(EXAMPLES_DIR, "good-architecture")
const { stdout } = await runCLI(`check ${goodArchDir} --exclude "**/dtos/**"`)
expect(stdout).not.toContain("/dtos/")
}, 30000)
it("should respect --no-hardcode option", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout } = await runCLI(`check ${badArchDir} --no-hardcode`)
expect(stdout).not.toContain("Magic Number")
expect(stdout).not.toContain("Magic String")
}, 30000)
it("should respect --no-architecture option", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout } = await runCLI(`check ${badArchDir} --no-architecture`)
expect(stdout).not.toContain("Architecture Violation")
}, 30000)
})
describe("Good Architecture Examples", () => {
it("should show success message for clean code", async () => {
const goodArchDir = path.join(EXAMPLES_DIR, "good-architecture")
const { stdout } = await runCLI(`check ${goodArchDir}`)
expect(stdout).toContain("Analyzing")
}, 30000)
})
describe("Bad Architecture Examples", () => {
it("should detect and report hardcoded values", async () => {
const hardcodedDir = path.join(EXAMPLES_DIR, "bad-architecture/hardcoded")
const { stdout } = await runCLI(`check ${hardcodedDir}`)
expect(stdout).toContain("ServerWithMagicNumbers.ts")
}, 30000)
it("should detect and report circular dependencies", async () => {
const circularDir = path.join(EXAMPLES_DIR, "bad-architecture/circular")
const { stdout } = await runCLI(`check ${circularDir}`)
expect(stdout).toContain("Analyzing")
}, 30000)
it("should detect and report framework leaks", async () => {
const frameworkDir = path.join(EXAMPLES_DIR, "bad-architecture/framework-leaks")
const { stdout } = await runCLI(`check ${frameworkDir}`)
expect(stdout).toContain("Analyzing")
}, 30000)
it("should detect and report naming violations", async () => {
const namingDir = path.join(EXAMPLES_DIR, "bad-architecture/naming")
const { stdout } = await runCLI(`check ${namingDir}`)
expect(stdout).toContain("Analyzing")
}, 30000)
})
describe("Error Handling", () => {
it("should show error for non-existent path", async () => {
const nonExistentPath = path.join(EXAMPLES_DIR, "non-existent-directory")
try {
await execAsync(`node ${CLI_PATH} check ${nonExistentPath}`)
expect.fail("Should have thrown an error")
} catch (error: unknown) {
const err = error as { stderr: string }
expect(err.stderr).toBeTruthy()
}
}, 30000)
})
describe("Exit Codes", () => {
it("should run for clean code", async () => {
const goodArchDir = path.join(EXAMPLES_DIR, "good-architecture")
const { stdout, exitCode } = await runCLI(`check ${goodArchDir}`)
expect(stdout).toContain("Analyzing")
expect(exitCode).toBeGreaterThanOrEqual(0)
}, 30000)
it("should handle violations gracefully", async () => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const { stdout, exitCode } = await runCLI(`check ${badArchDir}`)
expect(stdout).toContain("Analyzing")
expect(exitCode).toBeGreaterThanOrEqual(0)
}, 30000)
})
describe("Spawn Process Tests", () => {
it("should spawn CLI process and capture output", (done) => {
const goodArchDir = path.join(EXAMPLES_DIR, "good-architecture")
const child = spawn("node", [CLI_PATH, "check", goodArchDir])
let stdout = ""
let stderr = ""
child.stdout.on("data", (data) => {
stdout += data.toString()
})
child.stderr.on("data", (data) => {
stderr += data.toString()
})
child.on("close", (code) => {
expect(code).toBe(0)
expect(stdout).toContain("Analyzing")
done()
})
}, 30000)
it("should handle large output without buffering issues", (done) => {
const badArchDir = path.join(EXAMPLES_DIR, "bad-architecture")
const child = spawn("node", [CLI_PATH, "check", badArchDir])
let stdout = ""
child.stdout.on("data", (data) => {
stdout += data.toString()
})
child.on("close", (code) => {
expect(code).toBe(0)
expect(stdout.length).toBeGreaterThan(0)
done()
})
}, 30000)
})
})

412
packages/guardian/tests/e2e/JSONOutput.e2e.test.ts Normal file
View File

@@ -0,0 +1,412 @@
import { describe, it, expect } from "vitest"
import { analyzeProject } from "../../src/api"
import path from "path"
import type {
AnalyzeProjectResponse,
HardcodeViolation,
CircularDependencyViolation,
NamingConventionViolation,
FrameworkLeakViolation,
EntityExposureViolation,
DependencyDirectionViolation,
RepositoryPatternViolation,
AggregateBoundaryViolation,
} from "../../src/api"
describe("JSON Output Format E2E", () => {
const EXAMPLES_DIR = path.join(__dirname, "../../examples")
describe("Response Structure", () => {
it("should return valid JSON structure", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
expect(result).toBeDefined()
expect(typeof result).toBe("object")
const json = JSON.stringify(result)
expect(() => JSON.parse(json)).not.toThrow()
})
it("should include all required top-level fields", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result: AnalyzeProjectResponse = await analyzeProject({ rootDir })
expect(result).toHaveProperty("hardcodeViolations")
expect(result).toHaveProperty("violations")
expect(result).toHaveProperty("circularDependencyViolations")
expect(result).toHaveProperty("namingViolations")
expect(result).toHaveProperty("frameworkLeakViolations")
expect(result).toHaveProperty("entityExposureViolations")
expect(result).toHaveProperty("dependencyDirectionViolations")
expect(result).toHaveProperty("repositoryPatternViolations")
expect(result).toHaveProperty("aggregateBoundaryViolations")
expect(result).toHaveProperty("metrics")
expect(result).toHaveProperty("dependencyGraph")
})
it("should have correct types for all fields", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
expect(Array.isArray(result.hardcodeViolations)).toBe(true)
expect(Array.isArray(result.violations)).toBe(true)
expect(Array.isArray(result.circularDependencyViolations)).toBe(true)
expect(Array.isArray(result.namingViolations)).toBe(true)
expect(Array.isArray(result.frameworkLeakViolations)).toBe(true)
expect(Array.isArray(result.entityExposureViolations)).toBe(true)
expect(Array.isArray(result.dependencyDirectionViolations)).toBe(true)
expect(Array.isArray(result.repositoryPatternViolations)).toBe(true)
expect(Array.isArray(result.aggregateBoundaryViolations)).toBe(true)
expect(typeof result.metrics).toBe("object")
expect(typeof result.dependencyGraph).toBe("object")
})
})
describe("Metrics Structure", () => {
it("should include all metric fields", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
const { metrics } = result
expect(metrics).toHaveProperty("totalFiles")
expect(metrics).toHaveProperty("totalFunctions")
expect(metrics).toHaveProperty("totalImports")
expect(metrics).toHaveProperty("layerDistribution")
expect(typeof metrics.totalFiles).toBe("number")
expect(typeof metrics.totalFunctions).toBe("number")
expect(typeof metrics.totalImports).toBe("number")
expect(typeof metrics.layerDistribution).toBe("object")
})
it("should have non-negative metric values", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
const { metrics } = result
expect(metrics.totalFiles).toBeGreaterThanOrEqual(0)
expect(metrics.totalFunctions).toBeGreaterThanOrEqual(0)
expect(metrics.totalImports).toBeGreaterThanOrEqual(0)
})
})
describe("Hardcode Violation Structure", () => {
it("should have correct structure for hardcode violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/hardcoded")
const result = await analyzeProject({ rootDir })
if (result.hardcodeViolations.length > 0) {
const violation: HardcodeViolation = result.hardcodeViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("line")
expect(violation).toHaveProperty("column")
expect(violation).toHaveProperty("type")
expect(violation).toHaveProperty("value")
expect(violation).toHaveProperty("context")
expect(violation).toHaveProperty("suggestion")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(typeof violation.line).toBe("number")
expect(typeof violation.column).toBe("number")
expect(typeof violation.type).toBe("string")
expect(typeof violation.context).toBe("string")
expect(typeof violation.severity).toBe("string")
}
})
})
describe("Circular Dependency Violation Structure", () => {
it("should have correct structure for circular dependency violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/circular")
const result = await analyzeProject({ rootDir })
if (result.circularDependencyViolations.length > 0) {
const violation: CircularDependencyViolation =
result.circularDependencyViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("cycle")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(Array.isArray(violation.cycle)).toBe(true)
expect(violation.cycle.length).toBeGreaterThanOrEqual(2)
expect(typeof violation.severity).toBe("string")
expect(violation.severity).toBe("critical")
}
})
})
describe("Naming Convention Violation Structure", () => {
it("should have correct structure for naming violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/naming")
const result = await analyzeProject({ rootDir })
if (result.namingViolations.length > 0) {
const violation: NamingConventionViolation = result.namingViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("fileName")
expect(violation).toHaveProperty("expected")
expect(violation).toHaveProperty("actual")
expect(violation).toHaveProperty("layer")
expect(violation).toHaveProperty("message")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(typeof violation.fileName).toBe("string")
expect(typeof violation.expected).toBe("string")
expect(typeof violation.actual).toBe("string")
expect(typeof violation.layer).toBe("string")
expect(typeof violation.message).toBe("string")
expect(typeof violation.severity).toBe("string")
}
})
})
describe("Framework Leak Violation Structure", () => {
it("should have correct structure for framework leak violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/framework-leaks")
const result = await analyzeProject({ rootDir })
if (result.frameworkLeakViolations.length > 0) {
const violation: FrameworkLeakViolation = result.frameworkLeakViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("packageName")
expect(violation).toHaveProperty("category")
expect(violation).toHaveProperty("categoryDescription")
expect(violation).toHaveProperty("layer")
expect(violation).toHaveProperty("message")
expect(violation).toHaveProperty("suggestion")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(typeof violation.packageName).toBe("string")
expect(typeof violation.category).toBe("string")
expect(typeof violation.categoryDescription).toBe("string")
expect(typeof violation.layer).toBe("string")
expect(typeof violation.message).toBe("string")
expect(typeof violation.suggestion).toBe("string")
expect(typeof violation.severity).toBe("string")
}
})
})
describe("Entity Exposure Violation Structure", () => {
it("should have correct structure for entity exposure violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/entity-exposure")
const result = await analyzeProject({ rootDir })
if (result.entityExposureViolations.length > 0) {
const violation: EntityExposureViolation = result.entityExposureViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("entityName")
expect(violation).toHaveProperty("returnType")
expect(violation).toHaveProperty("suggestion")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(typeof violation.entityName).toBe("string")
expect(typeof violation.returnType).toBe("string")
expect(typeof violation.suggestion).toBe("string")
expect(typeof violation.severity).toBe("string")
}
})
})
describe("Dependency Direction Violation Structure", () => {
it("should have correct structure for dependency direction violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture/dependency-direction")
const result = await analyzeProject({ rootDir })
if (result.dependencyDirectionViolations.length > 0) {
const violation: DependencyDirectionViolation =
result.dependencyDirectionViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("fromLayer")
expect(violation).toHaveProperty("toLayer")
expect(violation).toHaveProperty("importPath")
expect(violation).toHaveProperty("suggestion")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(typeof violation.fromLayer).toBe("string")
expect(typeof violation.toLayer).toBe("string")
expect(typeof violation.importPath).toBe("string")
expect(typeof violation.suggestion).toBe("string")
expect(typeof violation.severity).toBe("string")
}
})
})
describe("Repository Pattern Violation Structure", () => {
it("should have correct structure for repository pattern violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "repository-pattern")
const result = await analyzeProject({ rootDir })
const badViolations = result.repositoryPatternViolations.filter((v) =>
v.file.includes("bad"),
)
if (badViolations.length > 0) {
const violation: RepositoryPatternViolation = badViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("line")
expect(violation).toHaveProperty("violationType")
expect(violation).toHaveProperty("details")
expect(violation).toHaveProperty("suggestion")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(typeof violation.line).toBe("number")
expect(typeof violation.violationType).toBe("string")
expect(typeof violation.details).toBe("string")
expect(typeof violation.suggestion).toBe("string")
expect(typeof violation.severity).toBe("string")
}
})
})
describe("Aggregate Boundary Violation Structure", () => {
it("should have correct structure for aggregate boundary violations", async () => {
const rootDir = path.join(EXAMPLES_DIR, "aggregate-boundary/bad")
const result = await analyzeProject({ rootDir })
if (result.aggregateBoundaryViolations.length > 0) {
const violation: AggregateBoundaryViolation = result.aggregateBoundaryViolations[0]
expect(violation).toHaveProperty("file")
expect(violation).toHaveProperty("fromAggregate")
expect(violation).toHaveProperty("toAggregate")
expect(violation).toHaveProperty("entityName")
expect(violation).toHaveProperty("importPath")
expect(violation).toHaveProperty("suggestion")
expect(violation).toHaveProperty("severity")
expect(typeof violation.file).toBe("string")
expect(typeof violation.fromAggregate).toBe("string")
expect(typeof violation.toAggregate).toBe("string")
expect(typeof violation.entityName).toBe("string")
expect(typeof violation.importPath).toBe("string")
expect(typeof violation.suggestion).toBe("string")
expect(typeof violation.severity).toBe("string")
}
})
})
describe("Dependency Graph Structure", () => {
it("should have dependency graph object", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
const { dependencyGraph } = result
expect(dependencyGraph).toBeDefined()
expect(typeof dependencyGraph).toBe("object")
})
it("should have getAllNodes method on dependency graph", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
const { dependencyGraph } = result
expect(typeof dependencyGraph.getAllNodes).toBe("function")
const nodes = dependencyGraph.getAllNodes()
expect(Array.isArray(nodes)).toBe(true)
})
})
describe("JSON Serialization", () => {
it("should serialize metrics without data loss", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
const json = JSON.stringify(result.metrics)
const parsed = JSON.parse(json)
expect(parsed.totalFiles).toBe(result.metrics.totalFiles)
expect(parsed.totalFunctions).toBe(result.metrics.totalFunctions)
expect(parsed.totalImports).toBe(result.metrics.totalImports)
})
it("should serialize violations without data loss", async () => {
const rootDir = path.join(EXAMPLES_DIR, "good-architecture")
const result = await analyzeProject({ rootDir })
const json = JSON.stringify({
hardcodeViolations: result.hardcodeViolations,
violations: result.violations,
})
const parsed = JSON.parse(json)
expect(Array.isArray(parsed.violations)).toBe(true)
expect(Array.isArray(parsed.hardcodeViolations)).toBe(true)
})
it("should serialize violation arrays for large results", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture")
const result = await analyzeProject({ rootDir })
const json = JSON.stringify({
hardcodeViolations: result.hardcodeViolations,
violations: result.violations,
namingViolations: result.namingViolations,
})
expect(json.length).toBeGreaterThan(0)
expect(() => JSON.parse(json)).not.toThrow()
})
})
describe("Severity Levels", () => {
it("should only contain valid severity levels", async () => {
const rootDir = path.join(EXAMPLES_DIR, "bad-architecture")
const result = await analyzeProject({ rootDir })
const validSeverities = ["critical", "high", "medium", "low"]
const allViolations = [
...result.hardcodeViolations,
...result.violations,
...result.circularDependencyViolations,
...result.namingViolations,
...result.frameworkLeakViolations,
...result.entityExposureViolations,
...result.dependencyDirectionViolations,
...result.repositoryPatternViolations,
...result.aggregateBoundaryViolations,
]
allViolations.forEach((violation) => {
if ("severity" in violation) {
expect(validSeverities).toContain(violation.severity)
}
})
})
})
})

358
packages/guardian/tests/unit/domain/EntityExposure.test.ts Normal file
View File

@@ -0,0 +1,358 @@
import { describe, it, expect } from "vitest"
import { EntityExposure } from "../../../src/domain/value-objects/EntityExposure"
describe("EntityExposure", () => {
describe("create", () => {
it("should create entity exposure with all properties", () => {
const exposure = EntityExposure.create(
"User",
"User",
"src/controllers/UserController.ts",
"infrastructure",
25,
"getUser",
)
expect(exposure.entityName).toBe("User")
expect(exposure.returnType).toBe("User")
expect(exposure.filePath).toBe("src/controllers/UserController.ts")
expect(exposure.layer).toBe("infrastructure")
expect(exposure.line).toBe(25)
expect(exposure.methodName).toBe("getUser")
})
it("should create entity exposure without optional properties", () => {
const exposure = EntityExposure.create(
"Order",
"Order",
"src/controllers/OrderController.ts",
"infrastructure",
)
expect(exposure.entityName).toBe("Order")
expect(exposure.line).toBeUndefined()
expect(exposure.methodName).toBeUndefined()
})
it("should create entity exposure with line but without method name", () => {
const exposure = EntityExposure.create(
"Product",
"Product",
"src/api/ProductApi.ts",
"infrastructure",
15,
)
expect(exposure.line).toBe(15)
expect(exposure.methodName).toBeUndefined()
})
})
describe("getMessage", () => {
it("should return message with method name", () => {
const exposure = EntityExposure.create(
"User",
"User",
"src/controllers/UserController.ts",
"infrastructure",
25,
"getUser",
)
const message = exposure.getMessage()
expect(message).toContain("Method 'getUser'")
expect(message).toContain("returns domain entity 'User'")
expect(message).toContain("instead of DTO")
})
it("should return message without method name", () => {
const exposure = EntityExposure.create(
"Order",
"Order",
"src/controllers/OrderController.ts",
"infrastructure",
30,
)
const message = exposure.getMessage()
expect(message).toContain("returns domain entity 'Order'")
expect(message).toContain("instead of DTO")
expect(message).not.toContain("undefined")
})
it("should handle different entity names", () => {
const exposures = [
EntityExposure.create(
"Customer",
"Customer",
"file.ts",
"infrastructure",
1,
"getCustomer",
),
EntityExposure.create(
"Invoice",
"Invoice",
"file.ts",
"infrastructure",
2,
"findInvoice",
),
EntityExposure.create(
"Payment",
"Payment",
"file.ts",
"infrastructure",
3,
"processPayment",
),
]
exposures.forEach((exposure) => {
const message = exposure.getMessage()
expect(message).toContain(exposure.entityName)
expect(message).toContain("instead of DTO")
})
})
})
describe("getSuggestion", () => {
it("should return multi-line suggestion", () => {
const exposure = EntityExposure.create(
"User",
"User",
"src/controllers/UserController.ts",
"infrastructure",
25,
"getUser",
)
const suggestion = exposure.getSuggestion()
expect(suggestion).toContain("Create a DTO class")
expect(suggestion).toContain("UserResponseDto")
expect(suggestion).toContain("Create a mapper")
expect(suggestion).toContain("Update the method")
})
it("should suggest appropriate DTO name based on entity", () => {
const exposure = EntityExposure.create(
"Order",
"Order",
"src/controllers/OrderController.ts",
"infrastructure",
)
const suggestion = exposure.getSuggestion()
expect(suggestion).toContain("OrderResponseDto")
expect(suggestion).toContain("convert Order to OrderResponseDto")
})
it("should provide step-by-step suggestions", () => {
const exposure = EntityExposure.create(
"Product",
"Product",
"src/api/ProductApi.ts",
"infrastructure",
10,
)
const suggestion = exposure.getSuggestion()
const lines = suggestion.split("\n")
expect(lines.length).toBeGreaterThan(1)
expect(lines.some((line) => line.includes("Create a DTO"))).toBe(true)
expect(lines.some((line) => line.includes("mapper"))).toBe(true)
expect(lines.some((line) => line.includes("Update the method"))).toBe(true)
})
})
describe("getExampleFix", () => {
it("should return example with method name", () => {
const exposure = EntityExposure.create(
"User",
"User",
"src/controllers/UserController.ts",
"infrastructure",
25,
"getUser",
)
const example = exposure.getExampleFix()
expect(example).toContain("Bad: Exposing domain entity")
expect(example).toContain("Good: Using DTO")
expect(example).toContain("getUser()")
expect(example).toContain("Promise<User>")
expect(example).toContain("Promise<UserResponseDto>")
expect(example).toContain("UserMapper.toDto")
})
it("should return example without method name", () => {
const exposure = EntityExposure.create(
"Order",
"Order",
"src/controllers/OrderController.ts",
"infrastructure",
30,
)
const example = exposure.getExampleFix()
expect(example).toContain("Promise<Order>")
expect(example).toContain("Promise<OrderResponseDto>")
expect(example).toContain("OrderMapper.toDto")
expect(example).not.toContain("undefined")
})
it("should show both bad and good examples", () => {
const exposure = EntityExposure.create(
"Product",
"Product",
"src/api/ProductApi.ts",
"infrastructure",
15,
"findProduct",
)
const example = exposure.getExampleFix()
expect(example).toContain("❌ Bad")
expect(example).toContain("✅ Good")
})
it("should include async/await pattern", () => {
const exposure = EntityExposure.create(
"Customer",
"Customer",
"src/api/CustomerApi.ts",
"infrastructure",
20,
"getCustomer",
)
const example = exposure.getExampleFix()
expect(example).toContain("async")
expect(example).toContain("await")
})
})
describe("value object behavior", () => {
it("should be equal to another instance with same values", () => {
const exposure1 = EntityExposure.create(
"User",
"User",
"file.ts",
"infrastructure",
10,
"getUser",
)
const exposure2 = EntityExposure.create(
"User",
"User",
"file.ts",
"infrastructure",
10,
"getUser",
)
expect(exposure1.equals(exposure2)).toBe(true)
})
it("should not be equal to instance with different values", () => {
const exposure1 = EntityExposure.create(
"User",
"User",
"file.ts",
"infrastructure",
10,
"getUser",
)
const exposure2 = EntityExposure.create(
"Order",
"Order",
"file.ts",
"infrastructure",
10,
"getUser",
)
expect(exposure1.equals(exposure2)).toBe(false)
})
it("should not be equal to instance with different method name", () => {
const exposure1 = EntityExposure.create(
"User",
"User",
"file.ts",
"infrastructure",
10,
"getUser",
)
const exposure2 = EntityExposure.create(
"User",
"User",
"file.ts",
"infrastructure",
10,
"findUser",
)
expect(exposure1.equals(exposure2)).toBe(false)
})
})
describe("edge cases", () => {
it("should handle empty entity name", () => {
const exposure = EntityExposure.create("", "", "file.ts", "infrastructure")
expect(exposure.entityName).toBe("")
expect(exposure.getMessage()).toBeTruthy()
})
it("should handle very long entity names", () => {
const longName = "VeryLongEntityNameThatIsUnusuallyLong"
const exposure = EntityExposure.create(longName, longName, "file.ts", "infrastructure")
expect(exposure.entityName).toBe(longName)
const suggestion = exposure.getSuggestion()
expect(suggestion).toContain(`${longName}ResponseDto`)
})
it("should handle special characters in method name", () => {
const exposure = EntityExposure.create(
"User",
"User",
"file.ts",
"infrastructure",
10,
"get$User",
)
const message = exposure.getMessage()
expect(message).toContain("get$User")
})
it("should handle line number 0", () => {
const exposure = EntityExposure.create("User", "User", "file.ts", "infrastructure", 0)
expect(exposure.line).toBe(0)
})
it("should handle very large line numbers", () => {
const exposure = EntityExposure.create(
"User",
"User",
"file.ts",
"infrastructure",
999999,
)
expect(exposure.line).toBe(999999)
})
})
})

308
packages/guardian/tests/unit/domain/ProjectPath.test.ts Normal file
View File

@@ -0,0 +1,308 @@
import { describe, it, expect } from "vitest"
import { ProjectPath } from "../../../src/domain/value-objects/ProjectPath"
describe("ProjectPath", () => {
describe("create", () => {
it("should create a ProjectPath with absolute and relative paths", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.absolute).toBe(absolutePath)
expect(projectPath.relative).toBe("src/domain/User.ts")
})
it("should handle paths with same directory", () => {
const absolutePath = "/Users/dev/project/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.absolute).toBe(absolutePath)
expect(projectPath.relative).toBe("User.ts")
})
it("should handle nested directory structures", () => {
const absolutePath = "/Users/dev/project/src/domain/entities/user/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.absolute).toBe(absolutePath)
expect(projectPath.relative).toBe("src/domain/entities/user/User.ts")
})
it("should handle Windows-style paths", () => {
const absolutePath = "C:\\Users\\dev\\project\\src\\domain\\User.ts"
const projectRoot = "C:\\Users\\dev\\project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.absolute).toBe(absolutePath)
})
})
describe("absolute getter", () => {
it("should return the absolute path", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.absolute).toBe(absolutePath)
})
})
describe("relative getter", () => {
it("should return the relative path", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.relative).toBe("src/domain/User.ts")
})
})
describe("extension getter", () => {
it("should return .ts for TypeScript files", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.extension).toBe(".ts")
})
it("should return .tsx for TypeScript JSX files", () => {
const absolutePath = "/Users/dev/project/src/components/Button.tsx"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.extension).toBe(".tsx")
})
it("should return .js for JavaScript files", () => {
const absolutePath = "/Users/dev/project/src/utils/helper.js"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.extension).toBe(".js")
})
it("should return .jsx for JavaScript JSX files", () => {
const absolutePath = "/Users/dev/project/src/components/Button.jsx"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.extension).toBe(".jsx")
})
it("should return empty string for files without extension", () => {
const absolutePath = "/Users/dev/project/README"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.extension).toBe("")
})
})
describe("filename getter", () => {
it("should return the filename with extension", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.filename).toBe("User.ts")
})
it("should handle filenames with multiple dots", () => {
const absolutePath = "/Users/dev/project/src/domain/User.test.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.filename).toBe("User.test.ts")
})
it("should handle filenames without extension", () => {
const absolutePath = "/Users/dev/project/README"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.filename).toBe("README")
})
})
describe("directory getter", () => {
it("should return the directory path relative to project root", () => {
const absolutePath = "/Users/dev/project/src/domain/entities/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.directory).toBe("src/domain/entities")
})
it("should return dot for files in project root", () => {
const absolutePath = "/Users/dev/project/README.md"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.directory).toBe(".")
})
it("should handle single-level directories", () => {
const absolutePath = "/Users/dev/project/src/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.directory).toBe("src")
})
})
describe("isTypeScript", () => {
it("should return true for .ts files", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isTypeScript()).toBe(true)
})
it("should return true for .tsx files", () => {
const absolutePath = "/Users/dev/project/src/components/Button.tsx"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isTypeScript()).toBe(true)
})
it("should return false for .js files", () => {
const absolutePath = "/Users/dev/project/src/utils/helper.js"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isTypeScript()).toBe(false)
})
it("should return false for .jsx files", () => {
const absolutePath = "/Users/dev/project/src/components/Button.jsx"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isTypeScript()).toBe(false)
})
it("should return false for other file types", () => {
const absolutePath = "/Users/dev/project/README.md"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isTypeScript()).toBe(false)
})
})
describe("isJavaScript", () => {
it("should return true for .js files", () => {
const absolutePath = "/Users/dev/project/src/utils/helper.js"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isJavaScript()).toBe(true)
})
it("should return true for .jsx files", () => {
const absolutePath = "/Users/dev/project/src/components/Button.jsx"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isJavaScript()).toBe(true)
})
it("should return false for .ts files", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isJavaScript()).toBe(false)
})
it("should return false for .tsx files", () => {
const absolutePath = "/Users/dev/project/src/components/Button.tsx"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isJavaScript()).toBe(false)
})
it("should return false for other file types", () => {
const absolutePath = "/Users/dev/project/README.md"
const projectRoot = "/Users/dev/project"
const projectPath = ProjectPath.create(absolutePath, projectRoot)
expect(projectPath.isJavaScript()).toBe(false)
})
})
describe("equals", () => {
it("should return true for identical paths", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const path1 = ProjectPath.create(absolutePath, projectRoot)
const path2 = ProjectPath.create(absolutePath, projectRoot)
expect(path1.equals(path2)).toBe(true)
})
it("should return false for different absolute paths", () => {
const projectRoot = "/Users/dev/project"
const path1 = ProjectPath.create("/Users/dev/project/src/domain/User.ts", projectRoot)
const path2 = ProjectPath.create("/Users/dev/project/src/domain/Order.ts", projectRoot)
expect(path1.equals(path2)).toBe(false)
})
it("should return false for different relative paths", () => {
const path1 = ProjectPath.create(
"/Users/dev/project1/src/User.ts",
"/Users/dev/project1",
)
const path2 = ProjectPath.create(
"/Users/dev/project2/src/User.ts",
"/Users/dev/project2",
)
expect(path1.equals(path2)).toBe(false)
})
it("should return false when comparing with undefined", () => {
const absolutePath = "/Users/dev/project/src/domain/User.ts"
const projectRoot = "/Users/dev/project"
const path1 = ProjectPath.create(absolutePath, projectRoot)
expect(path1.equals(undefined)).toBe(false)
})
})
})

521
packages/guardian/tests/unit/domain/RepositoryViolation.test.ts Normal file
View File

@@ -0,0 +1,521 @@
import { describe, it, expect } from "vitest"
import { RepositoryViolation } from "../../../src/domain/value-objects/RepositoryViolation"
import { REPOSITORY_VIOLATION_TYPES } from "../../../src/shared/constants/rules"
describe("RepositoryViolation", () => {
describe("create", () => {
it("should create a repository violation for ORM type in interface", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Repository uses Prisma type",
"Prisma.UserWhereInput",
)
expect(violation.violationType).toBe(REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE)
expect(violation.filePath).toBe("src/domain/repositories/IUserRepository.ts")
expect(violation.layer).toBe("domain")
expect(violation.line).toBe(15)
expect(violation.details).toBe("Repository uses Prisma type")
expect(violation.ormType).toBe("Prisma.UserWhereInput")
})
it("should create a repository violation for concrete repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
10,
"Use case depends on concrete repository",
undefined,
"UserRepository",
)
expect(violation.violationType).toBe(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
)
expect(violation.repositoryName).toBe("UserRepository")
})
it("should create a repository violation for new repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NEW_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
12,
"Use case creates repository with new",
undefined,
"UserRepository",
)
expect(violation.violationType).toBe(
REPOSITORY_VIOLATION_TYPES.NEW_REPOSITORY_IN_USE_CASE,
)
expect(violation.repositoryName).toBe("UserRepository")
})
it("should create a repository violation for non-domain method name", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
"src/domain/repositories/IUserRepository.ts",
"domain",
8,
"Method uses technical name. Consider: findById()",
undefined,
undefined,
"findOne",
)
expect(violation.violationType).toBe(REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME)
expect(violation.methodName).toBe("findOne")
})
it("should handle optional line parameter", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
undefined,
"Repository uses Prisma type",
)
expect(violation.line).toBeUndefined()
})
})
describe("getters", () => {
it("should return violation type", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
expect(violation.violationType).toBe(REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE)
})
it("should return file path", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
expect(violation.filePath).toBe("src/domain/repositories/IUserRepository.ts")
})
it("should return layer", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
expect(violation.layer).toBe("domain")
})
it("should return line number", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
expect(violation.line).toBe(15)
})
it("should return details", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Repository uses Prisma type",
)
expect(violation.details).toBe("Repository uses Prisma type")
})
it("should return ORM type", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
"Prisma.UserWhereInput",
)
expect(violation.ormType).toBe("Prisma.UserWhereInput")
})
it("should return repository name", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
10,
"Test",
undefined,
"UserRepository",
)
expect(violation.repositoryName).toBe("UserRepository")
})
it("should return method name", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
"src/domain/repositories/IUserRepository.ts",
"domain",
8,
"Test",
undefined,
undefined,
"findOne",
)
expect(violation.methodName).toBe("findOne")
})
})
describe("getMessage", () => {
it("should return message for ORM type in interface", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
"Prisma.UserWhereInput",
)
const message = violation.getMessage()
expect(message).toContain("ORM-specific type")
expect(message).toContain("Prisma.UserWhereInput")
})
it("should return message for concrete repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
10,
"Test",
undefined,
"UserRepository",
)
const message = violation.getMessage()
expect(message).toContain("depends on concrete repository")
expect(message).toContain("UserRepository")
})
it("should return message for new repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NEW_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
12,
"Test",
undefined,
"UserRepository",
)
const message = violation.getMessage()
expect(message).toContain("creates repository with 'new")
expect(message).toContain("UserRepository")
})
it("should return message for non-domain method name", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
"src/domain/repositories/IUserRepository.ts",
"domain",
8,
"Test",
undefined,
undefined,
"findOne",
)
const message = violation.getMessage()
expect(message).toContain("uses technical name")
expect(message).toContain("findOne")
})
it("should handle unknown ORM type gracefully", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
const message = violation.getMessage()
expect(message).toContain("unknown")
})
})
describe("getSuggestion", () => {
it("should return suggestion for ORM type in interface", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
"Prisma.UserWhereInput",
)
const suggestion = violation.getSuggestion()
expect(suggestion).toContain("Remove ORM-specific types")
expect(suggestion).toContain("Use domain types")
})
it("should return suggestion for concrete repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
10,
"Test",
undefined,
"UserRepository",
)
const suggestion = violation.getSuggestion()
expect(suggestion).toContain("Depend on repository interface")
expect(suggestion).toContain("IUserRepository")
})
it("should return suggestion for new repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NEW_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
12,
"Test",
undefined,
"UserRepository",
)
const suggestion = violation.getSuggestion()
expect(suggestion).toContain("Remove 'new Repository()'")
expect(suggestion).toContain("dependency injection")
})
it("should return suggestion for non-domain method name with smart suggestion", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
"src/domain/repositories/IUserRepository.ts",
"domain",
8,
"Method uses technical name. Consider: findById()",
undefined,
undefined,
"findOne",
)
const suggestion = violation.getSuggestion()
expect(suggestion).toContain("findById()")
})
it("should return fallback suggestion for known technical method", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
"src/domain/repositories/IUserRepository.ts",
"domain",
8,
"Method uses technical name",
undefined,
undefined,
"insert",
)
const suggestion = violation.getSuggestion()
expect(suggestion).toContain("save or create")
})
it("should return default suggestion for unknown method", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
"src/domain/repositories/IUserRepository.ts",
"domain",
8,
"Method uses technical name",
undefined,
undefined,
"unknownMethod",
)
const suggestion = violation.getSuggestion()
expect(suggestion).toBeDefined()
expect(suggestion.length).toBeGreaterThan(0)
})
})
describe("getExampleFix", () => {
it("should return example fix for ORM type in interface", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
const example = violation.getExampleFix()
expect(example).toContain("BAD")
expect(example).toContain("GOOD")
expect(example).toContain("IUserRepository")
})
it("should return example fix for concrete repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
10,
"Test",
)
const example = violation.getExampleFix()
expect(example).toContain("BAD")
expect(example).toContain("GOOD")
expect(example).toContain("CreateUser")
})
it("should return example fix for new repository in use case", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NEW_REPOSITORY_IN_USE_CASE,
"src/application/use-cases/CreateUser.ts",
"application",
12,
"Test",
)
const example = violation.getExampleFix()
expect(example).toContain("BAD")
expect(example).toContain("GOOD")
expect(example).toContain("new UserRepository")
})
it("should return example fix for non-domain method name", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.NON_DOMAIN_METHOD_NAME,
"src/domain/repositories/IUserRepository.ts",
"domain",
8,
"Test",
)
const example = violation.getExampleFix()
expect(example).toContain("BAD")
expect(example).toContain("GOOD")
expect(example).toContain("findOne")
})
})
describe("equals", () => {
it("should return true for violations with identical properties", () => {
const violation1 = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
"Prisma.UserWhereInput",
)
const violation2 = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
"Prisma.UserWhereInput",
)
expect(violation1.equals(violation2)).toBe(true)
})
it("should return false for violations with different types", () => {
const violation1 = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
const violation2 = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.CONCRETE_REPOSITORY_IN_USE_CASE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
expect(violation1.equals(violation2)).toBe(false)
})
it("should return false for violations with different file paths", () => {
const violation1 = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
const violation2 = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IOrderRepository.ts",
"domain",
15,
"Test",
)
expect(violation1.equals(violation2)).toBe(false)
})
it("should return false when comparing with undefined", () => {
const violation = RepositoryViolation.create(
REPOSITORY_VIOLATION_TYPES.ORM_TYPE_IN_INTERFACE,
"src/domain/repositories/IUserRepository.ts",
"domain",
15,
"Test",
)
expect(violation.equals(undefined)).toBe(false)
})
})
})

320
packages/guardian/tests/unit/domain/SecretViolation.test.ts Normal file
View File

@@ -0,0 +1,320 @@
import { describe, it, expect } from "vitest"
import { SecretViolation } from "../../../src/domain/value-objects/SecretViolation"
describe("SecretViolation", () => {
describe("create", () => {
it("should create a secret violation with all properties", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"AKIA1234567890ABCDEF",
)
expect(violation.file).toBe("src/config/aws.ts")
expect(violation.line).toBe(10)
expect(violation.column).toBe(15)
expect(violation.secretType).toBe("AWS Access Key")
expect(violation.matchedPattern).toBe("AKIA1234567890ABCDEF")
})
it("should create a secret violation with GitHub token", () => {
const violation = SecretViolation.create(
"src/config/github.ts",
5,
20,
"GitHub Personal Access Token",
"ghp_1234567890abcdefghijklmnopqrstuv",
)
expect(violation.secretType).toBe("GitHub Personal Access Token")
expect(violation.file).toBe("src/config/github.ts")
})
it("should create a secret violation with NPM token", () => {
const violation = SecretViolation.create(".npmrc", 1, 1, "NPM Token", "npm_abc123xyz")
expect(violation.secretType).toBe("NPM Token")
})
})
describe("getters", () => {
it("should return file path", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
expect(violation.file).toBe("src/config/aws.ts")
})
it("should return line number", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
expect(violation.line).toBe(10)
})
it("should return column number", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
expect(violation.column).toBe(15)
})
it("should return secret type", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
expect(violation.secretType).toBe("AWS Access Key")
})
it("should return matched pattern", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"AKIA1234567890ABCDEF",
)
expect(violation.matchedPattern).toBe("AKIA1234567890ABCDEF")
})
})
describe("getMessage", () => {
it("should return formatted message for AWS Access Key", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
expect(violation.getMessage()).toBe("Hardcoded AWS Access Key detected")
})
it("should return formatted message for GitHub token", () => {
const violation = SecretViolation.create(
"src/config/github.ts",
5,
20,
"GitHub Token",
"test",
)
expect(violation.getMessage()).toBe("Hardcoded GitHub Token detected")
})
it("should return formatted message for NPM token", () => {
const violation = SecretViolation.create(".npmrc", 1, 1, "NPM Token", "test")
expect(violation.getMessage()).toBe("Hardcoded NPM Token detected")
})
})
describe("getSuggestion", () => {
it("should return multi-line suggestion", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
const suggestion = violation.getSuggestion()
expect(suggestion).toContain("1. Use environment variables")
expect(suggestion).toContain("2. Use secret management services")
expect(suggestion).toContain("3. Never commit secrets")
expect(suggestion).toContain("4. If secret was committed, rotate it immediately")
expect(suggestion).toContain("5. Add secret files to .gitignore")
})
it("should return the same suggestion for all secret types", () => {
const awsViolation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
const githubViolation = SecretViolation.create(
"src/config/github.ts",
5,
20,
"GitHub Token",
"test",
)
expect(awsViolation.getSuggestion()).toBe(githubViolation.getSuggestion())
})
})
describe("getExampleFix", () => {
it("should return AWS-specific example for AWS Access Key", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
const example = violation.getExampleFix()
expect(example).toContain("AWS")
expect(example).toContain("process.env.AWS_ACCESS_KEY_ID")
expect(example).toContain("credentials provider")
})
it("should return GitHub-specific example for GitHub token", () => {
const violation = SecretViolation.create(
"src/config/github.ts",
5,
20,
"GitHub Token",
"test",
)
const example = violation.getExampleFix()
expect(example).toContain("GitHub")
expect(example).toContain("process.env.GITHUB_TOKEN")
expect(example).toContain("GitHub Apps")
})
it("should return NPM-specific example for NPM token", () => {
const violation = SecretViolation.create(".npmrc", 1, 1, "NPM Token", "test")
const example = violation.getExampleFix()
expect(example).toContain("NPM")
expect(example).toContain(".npmrc")
expect(example).toContain("process.env.NPM_TOKEN")
})
it("should return SSH-specific example for SSH Private Key", () => {
const violation = SecretViolation.create(
"src/config/ssh.ts",
1,
1,
"SSH Private Key",
"test",
)
const example = violation.getExampleFix()
expect(example).toContain("SSH")
expect(example).toContain("readFileSync")
expect(example).toContain("SSH_KEY_PATH")
})
it("should return SSH RSA-specific example for SSH RSA Private Key", () => {
const violation = SecretViolation.create(
"src/config/ssh.ts",
1,
1,
"SSH RSA Private Key",
"test",
)
const example = violation.getExampleFix()
expect(example).toContain("SSH")
expect(example).toContain("RSA PRIVATE KEY")
})
it("should return Slack-specific example for Slack token", () => {
const violation = SecretViolation.create(
"src/config/slack.ts",
1,
1,
"Slack Bot Token",
"test",
)
const example = violation.getExampleFix()
expect(example).toContain("Slack")
expect(example).toContain("process.env.SLACK_BOT_TOKEN")
})
it("should return API Key example for generic API key", () => {
const violation = SecretViolation.create("src/config/api.ts", 1, 1, "API Key", "test")
const example = violation.getExampleFix()
expect(example).toContain("API")
expect(example).toContain("process.env.API_KEY")
expect(example).toContain("secret management service")
})
it("should return generic example for unknown secret type", () => {
const violation = SecretViolation.create(
"src/config/unknown.ts",
1,
1,
"Unknown Secret",
"test",
)
const example = violation.getExampleFix()
expect(example).toContain("process.env.SECRET_KEY")
expect(example).toContain("secret management")
})
})
describe("getSeverity", () => {
it("should always return critical severity", () => {
const violation = SecretViolation.create(
"src/config/aws.ts",
10,
15,
"AWS Access Key",
"test",
)
expect(violation.getSeverity()).toBe("critical")
})
it("should return critical severity for all secret types", () => {
const types = [
"AWS Access Key",
"GitHub Token",
"NPM Token",
"SSH Private Key",
"Slack Token",
"API Key",
]
types.forEach((type) => {
const violation = SecretViolation.create("test.ts", 1, 1, type, "test")
expect(violation.getSeverity()).toBe("critical")
})
})
})
})

329
packages/guardian/tests/unit/domain/SourceFile.test.ts Normal file
View File

@@ -0,0 +1,329 @@
import { describe, it, expect } from "vitest"
import { SourceFile } from "../../../src/domain/entities/SourceFile"
import { ProjectPath } from "../../../src/domain/value-objects/ProjectPath"
import { LAYERS } from "../../../src/shared/constants/rules"
describe("SourceFile", () => {
describe("constructor", () => {
it("should create a SourceFile instance with all properties", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const content = "class User {}"
const imports = ["./BaseEntity"]
const exports = ["User"]
const id = "test-id"
const sourceFile = new SourceFile(path, content, imports, exports, id)
expect(sourceFile.path).toBe(path)
expect(sourceFile.content).toBe(content)
expect(sourceFile.imports).toEqual(imports)
expect(sourceFile.exports).toEqual(exports)
expect(sourceFile.id).toBe(id)
})
it("should create a SourceFile with empty imports and exports by default", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const content = "class User {}"
const sourceFile = new SourceFile(path, content)
expect(sourceFile.imports).toEqual([])
expect(sourceFile.exports).toEqual([])
})
it("should generate an id if not provided", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const content = "class User {}"
const sourceFile = new SourceFile(path, content)
expect(sourceFile.id).toBeDefined()
expect(typeof sourceFile.id).toBe("string")
expect(sourceFile.id.length).toBeGreaterThan(0)
})
})
describe("layer detection", () => {
it("should detect domain layer from path", () => {
const path = ProjectPath.create("/project/src/domain/entities/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
expect(sourceFile.layer).toBe(LAYERS.DOMAIN)
})
it("should detect application layer from path", () => {
const path = ProjectPath.create(
"/project/src/application/use-cases/CreateUser.ts",
"/project",
)
const sourceFile = new SourceFile(path, "")
expect(sourceFile.layer).toBe(LAYERS.APPLICATION)
})
it("should detect infrastructure layer from path", () => {
const path = ProjectPath.create(
"/project/src/infrastructure/database/UserRepository.ts",
"/project",
)
const sourceFile = new SourceFile(path, "")
expect(sourceFile.layer).toBe(LAYERS.INFRASTRUCTURE)
})
it("should detect shared layer from path", () => {
const path = ProjectPath.create("/project/src/shared/utils/helpers.ts", "/project")
const sourceFile = new SourceFile(path, "")
expect(sourceFile.layer).toBe(LAYERS.SHARED)
})
it("should return undefined for unknown layer", () => {
const path = ProjectPath.create("/project/src/unknown/Test.ts", "/project")
const sourceFile = new SourceFile(path, "")
expect(sourceFile.layer).toBeUndefined()
})
it("should handle uppercase layer names in path", () => {
const path = ProjectPath.create("/project/src/DOMAIN/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
expect(sourceFile.layer).toBe(LAYERS.DOMAIN)
})
it("should handle mixed case layer names in path", () => {
const path = ProjectPath.create("/project/src/Application/UseCase.ts", "/project")
const sourceFile = new SourceFile(path, "")
expect(sourceFile.layer).toBe(LAYERS.APPLICATION)
})
})
describe("path getter", () => {
it("should return the project path", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
expect(sourceFile.path).toBe(path)
})
})
describe("content getter", () => {
it("should return the file content", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const content = "class User { constructor(public name: string) {} }"
const sourceFile = new SourceFile(path, content)
expect(sourceFile.content).toBe(content)
})
})
describe("imports getter", () => {
it("should return a copy of imports array", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const imports = ["./BaseEntity", "./ValueObject"]
const sourceFile = new SourceFile(path, "", imports)
const returnedImports = sourceFile.imports
expect(returnedImports).toEqual(imports)
expect(returnedImports).not.toBe(imports)
})
it("should not allow mutations of internal imports array", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const imports = ["./BaseEntity"]
const sourceFile = new SourceFile(path, "", imports)
const returnedImports = sourceFile.imports
returnedImports.push("./NewImport")
expect(sourceFile.imports).toEqual(["./BaseEntity"])
})
})
describe("exports getter", () => {
it("should return a copy of exports array", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const exports = ["User", "UserProps"]
const sourceFile = new SourceFile(path, "", [], exports)
const returnedExports = sourceFile.exports
expect(returnedExports).toEqual(exports)
expect(returnedExports).not.toBe(exports)
})
it("should not allow mutations of internal exports array", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const exports = ["User"]
const sourceFile = new SourceFile(path, "", [], exports)
const returnedExports = sourceFile.exports
returnedExports.push("NewExport")
expect(sourceFile.exports).toEqual(["User"])
})
})
describe("addImport", () => {
it("should add a new import to the list", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
sourceFile.addImport("./BaseEntity")
expect(sourceFile.imports).toEqual(["./BaseEntity"])
})
it("should not add duplicate imports", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "", ["./BaseEntity"])
sourceFile.addImport("./BaseEntity")
expect(sourceFile.imports).toEqual(["./BaseEntity"])
})
it("should update updatedAt timestamp when adding new import", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
const originalUpdatedAt = sourceFile.updatedAt
setTimeout(() => {
sourceFile.addImport("./BaseEntity")
expect(sourceFile.updatedAt.getTime()).toBeGreaterThanOrEqual(
originalUpdatedAt.getTime(),
)
}, 10)
})
it("should not update timestamp when adding duplicate import", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "", ["./BaseEntity"])
const originalUpdatedAt = sourceFile.updatedAt
setTimeout(() => {
sourceFile.addImport("./BaseEntity")
expect(sourceFile.updatedAt).toBe(originalUpdatedAt)
}, 10)
})
it("should add multiple different imports", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
sourceFile.addImport("./BaseEntity")
sourceFile.addImport("./ValueObject")
sourceFile.addImport("./DomainEvent")
expect(sourceFile.imports).toEqual(["./BaseEntity", "./ValueObject", "./DomainEvent"])
})
})
describe("addExport", () => {
it("should add a new export to the list", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
sourceFile.addExport("User")
expect(sourceFile.exports).toEqual(["User"])
})
it("should not add duplicate exports", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "", [], ["User"])
sourceFile.addExport("User")
expect(sourceFile.exports).toEqual(["User"])
})
it("should update updatedAt timestamp when adding new export", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
const originalUpdatedAt = sourceFile.updatedAt
setTimeout(() => {
sourceFile.addExport("User")
expect(sourceFile.updatedAt.getTime()).toBeGreaterThanOrEqual(
originalUpdatedAt.getTime(),
)
}, 10)
})
it("should not update timestamp when adding duplicate export", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "", [], ["User"])
const originalUpdatedAt = sourceFile.updatedAt
setTimeout(() => {
sourceFile.addExport("User")
expect(sourceFile.updatedAt).toBe(originalUpdatedAt)
}, 10)
})
it("should add multiple different exports", () => {
const path = ProjectPath.create("/project/src/domain/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
sourceFile.addExport("User")
sourceFile.addExport("UserProps")
sourceFile.addExport("UserFactory")
expect(sourceFile.exports).toEqual(["User", "UserProps", "UserFactory"])
})
})
describe("importsFrom", () => {
it("should return true if imports contain the specified layer", () => {
const path = ProjectPath.create("/project/src/application/User.ts", "/project")
const imports = ["../../domain/entities/User", "../use-cases/CreateUser"]
const sourceFile = new SourceFile(path, "", imports)
expect(sourceFile.importsFrom("domain")).toBe(true)
})
it("should return false if imports do not contain the specified layer", () => {
const path = ProjectPath.create("/project/src/application/User.ts", "/project")
const imports = ["../use-cases/CreateUser", "../dtos/UserDto"]
const sourceFile = new SourceFile(path, "", imports)
expect(sourceFile.importsFrom("domain")).toBe(false)
})
it("should be case-insensitive", () => {
const path = ProjectPath.create("/project/src/application/User.ts", "/project")
const imports = ["../../DOMAIN/entities/User"]
const sourceFile = new SourceFile(path, "", imports)
expect(sourceFile.importsFrom("domain")).toBe(true)
})
it("should return false for empty imports", () => {
const path = ProjectPath.create("/project/src/application/User.ts", "/project")
const sourceFile = new SourceFile(path, "")
expect(sourceFile.importsFrom("domain")).toBe(false)
})
it("should handle partial matches in import paths", () => {
const path = ProjectPath.create("/project/src/application/User.ts", "/project")
const imports = ["../../infrastructure/database/UserRepository"]
const sourceFile = new SourceFile(path, "", imports)
expect(sourceFile.importsFrom("infrastructure")).toBe(true)
expect(sourceFile.importsFrom("domain")).toBe(false)
})
})
})

199
packages/guardian/tests/unit/domain/ValueObject.test.ts Normal file
View File

@@ -0,0 +1,199 @@
import { describe, it, expect } from "vitest"
import { ValueObject } from "../../../src/domain/value-objects/ValueObject"
interface TestProps {
readonly value: string
readonly count: number
}
class TestValueObject extends ValueObject<TestProps> {
constructor(value: string, count: number) {
super({ value, count })
}
public get value(): string {
return this.props.value
}
public get count(): number {
return this.props.count
}
}
interface ComplexProps {
readonly name: string
readonly items: string[]
readonly metadata: { key: string; value: number }
}
class ComplexValueObject extends ValueObject<ComplexProps> {
constructor(name: string, items: string[], metadata: { key: string; value: number }) {
super({ name, items, metadata })
}
public get name(): string {
return this.props.name
}
public get items(): string[] {
return this.props.items
}
public get metadata(): { key: string; value: number } {
return this.props.metadata
}
}
describe("ValueObject", () => {
describe("constructor", () => {
it("should create a value object with provided properties", () => {
const vo = new TestValueObject("test", 42)
expect(vo.value).toBe("test")
expect(vo.count).toBe(42)
})
it("should freeze the properties object", () => {
const vo = new TestValueObject("test", 42)
expect(Object.isFrozen(vo["props"])).toBe(true)
})
it("should prevent modification of properties", () => {
const vo = new TestValueObject("test", 42)
expect(() => {
;(vo["props"] as any).value = "modified"
}).toThrow()
})
it("should handle complex nested properties", () => {
const vo = new ComplexValueObject("test", ["item1", "item2"], {
key: "key1",
value: 100,
})
expect(vo.name).toBe("test")
expect(vo.items).toEqual(["item1", "item2"])
expect(vo.metadata).toEqual({ key: "key1", value: 100 })
})
})
describe("equals", () => {
it("should return true for value objects with identical properties", () => {
const vo1 = new TestValueObject("test", 42)
const vo2 = new TestValueObject("test", 42)
expect(vo1.equals(vo2)).toBe(true)
})
it("should return false for value objects with different values", () => {
const vo1 = new TestValueObject("test1", 42)
const vo2 = new TestValueObject("test2", 42)
expect(vo1.equals(vo2)).toBe(false)
})
it("should return false for value objects with different counts", () => {
const vo1 = new TestValueObject("test", 42)
const vo2 = new TestValueObject("test", 43)
expect(vo1.equals(vo2)).toBe(false)
})
it("should return false when comparing with undefined", () => {
const vo1 = new TestValueObject("test", 42)
expect(vo1.equals(undefined)).toBe(false)
})
it("should return false when comparing with null", () => {
const vo1 = new TestValueObject("test", 42)
expect(vo1.equals(null as any)).toBe(false)
})
it("should handle complex nested property comparisons", () => {
const vo1 = new ComplexValueObject("test", ["item1", "item2"], {
key: "key1",
value: 100,
})
const vo2 = new ComplexValueObject("test", ["item1", "item2"], {
key: "key1",
value: 100,
})
expect(vo1.equals(vo2)).toBe(true)
})
it("should detect differences in nested arrays", () => {
const vo1 = new ComplexValueObject("test", ["item1", "item2"], {
key: "key1",
value: 100,
})
const vo2 = new ComplexValueObject("test", ["item1", "item3"], {
key: "key1",
value: 100,
})
expect(vo1.equals(vo2)).toBe(false)
})
it("should detect differences in nested objects", () => {
const vo1 = new ComplexValueObject("test", ["item1", "item2"], {
key: "key1",
value: 100,
})
const vo2 = new ComplexValueObject("test", ["item1", "item2"], {
key: "key2",
value: 100,
})
expect(vo1.equals(vo2)).toBe(false)
})
it("should return true for same instance", () => {
const vo1 = new TestValueObject("test", 42)
expect(vo1.equals(vo1)).toBe(true)
})
it("should handle empty string values", () => {
const vo1 = new TestValueObject("", 0)
const vo2 = new TestValueObject("", 0)
expect(vo1.equals(vo2)).toBe(true)
})
it("should distinguish between zero and undefined in comparisons", () => {
const vo1 = new TestValueObject("test", 0)
const vo2 = new TestValueObject("test", 0)
expect(vo1.equals(vo2)).toBe(true)
})
})
describe("immutability", () => {
it("should freeze props object after creation", () => {
const vo = new TestValueObject("original", 42)
expect(Object.isFrozen(vo["props"])).toBe(true)
})
it("should not allow adding new properties", () => {
const vo = new TestValueObject("test", 42)
expect(() => {
;(vo["props"] as any).newProp = "new"
}).toThrow()
})
it("should not allow deleting properties", () => {
const vo = new TestValueObject("test", 42)
expect(() => {
delete (vo["props"] as any).value
}).toThrow()
})
})
})

465
packages/guardian/tests/unit/infrastructure/DuplicateValueTracker.test.ts Normal file
View File

@@ -0,0 +1,465 @@
import { describe, it, expect, beforeEach } from "vitest"
import { DuplicateValueTracker } from "../../../src/infrastructure/analyzers/DuplicateValueTracker"
import { HardcodedValue } from "../../../src/domain/value-objects/HardcodedValue"
describe("DuplicateValueTracker", () => {
let tracker: DuplicateValueTracker
beforeEach(() => {
tracker = new DuplicateValueTracker()
})
describe("track", () => {
it("should track a single hardcoded value", () => {
const value = HardcodedValue.create(
"test-value",
"magic-string",
10,
5,
"const x = 'test-value'",
)
tracker.track(value, "file1.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates).toHaveLength(0)
})
it("should track multiple occurrences of the same value", () => {
const value1 = HardcodedValue.create(
"test-value",
"magic-string",
10,
5,
"const x = 'test-value'",
)
const value2 = HardcodedValue.create(
"test-value",
"magic-string",
20,
5,
"const y = 'test-value'",
)
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates).toHaveLength(1)
expect(duplicates[0].value).toBe("test-value")
expect(duplicates[0].count).toBe(2)
})
it("should track values with different types separately", () => {
const stringValue = HardcodedValue.create(
"100",
"magic-string",
10,
5,
"const x = '100'",
)
const numberValue = HardcodedValue.create(100, "magic-number", 20, 5, "const y = 100")
tracker.track(stringValue, "file1.ts")
tracker.track(numberValue, "file2.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates).toHaveLength(0)
})
it("should track boolean values", () => {
const value1 = HardcodedValue.create(true, "MAGIC_BOOLEAN", 10, 5, "const x = true")
const value2 = HardcodedValue.create(true, "MAGIC_BOOLEAN", 20, 5, "const y = true")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates).toHaveLength(1)
expect(duplicates[0].value).toBe("true")
})
})
describe("getDuplicates", () => {
it("should return empty array when no duplicates exist", () => {
const value1 = HardcodedValue.create(
"value1",
"magic-string",
10,
5,
"const x = 'value1'",
)
const value2 = HardcodedValue.create(
"value2",
"magic-string",
20,
5,
"const y = 'value2'",
)
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates).toHaveLength(0)
})
it("should return duplicates sorted by count in descending order", () => {
const value1a = HardcodedValue.create(
"value1",
"magic-string",
10,
5,
"const x = 'value1'",
)
const value1b = HardcodedValue.create(
"value1",
"magic-string",
20,
5,
"const y = 'value1'",
)
const value2a = HardcodedValue.create(
"value2",
"magic-string",
30,
5,
"const z = 'value2'",
)
const value2b = HardcodedValue.create(
"value2",
"magic-string",
40,
5,
"const a = 'value2'",
)
const value2c = HardcodedValue.create(
"value2",
"magic-string",
50,
5,
"const b = 'value2'",
)
tracker.track(value1a, "file1.ts")
tracker.track(value1b, "file2.ts")
tracker.track(value2a, "file3.ts")
tracker.track(value2b, "file4.ts")
tracker.track(value2c, "file5.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates).toHaveLength(2)
expect(duplicates[0].value).toBe("value2")
expect(duplicates[0].count).toBe(3)
expect(duplicates[1].value).toBe("value1")
expect(duplicates[1].count).toBe(2)
})
it("should include location information for duplicates", () => {
const value1 = HardcodedValue.create("test", "magic-string", 10, 5, "const x = 'test'")
const value2 = HardcodedValue.create("test", "magic-string", 20, 10, "const y = 'test'")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates[0].locations).toHaveLength(2)
expect(duplicates[0].locations[0]).toEqual({
file: "file1.ts",
line: 10,
context: "const x = 'test'",
})
expect(duplicates[0].locations[1]).toEqual({
file: "file2.ts",
line: 20,
context: "const y = 'test'",
})
})
})
describe("getDuplicateLocations", () => {
it("should return null when value is not duplicated", () => {
const value = HardcodedValue.create("test", "magic-string", 10, 5, "const x = 'test'")
tracker.track(value, "file1.ts")
const locations = tracker.getDuplicateLocations("test", "magic-string")
expect(locations).toBeNull()
})
it("should return locations when value is duplicated", () => {
const value1 = HardcodedValue.create("test", "magic-string", 10, 5, "const x = 'test'")
const value2 = HardcodedValue.create("test", "magic-string", 20, 10, "const y = 'test'")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const locations = tracker.getDuplicateLocations("test", "magic-string")
expect(locations).toHaveLength(2)
expect(locations).toEqual([
{ file: "file1.ts", line: 10, context: "const x = 'test'" },
{ file: "file2.ts", line: 20, context: "const y = 'test'" },
])
})
it("should return null for non-existent value", () => {
const locations = tracker.getDuplicateLocations("non-existent", "magic-string")
expect(locations).toBeNull()
})
it("should handle numeric values", () => {
const value1 = HardcodedValue.create(100, "magic-number", 10, 5, "const x = 100")
const value2 = HardcodedValue.create(100, "magic-number", 20, 5, "const y = 100")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const locations = tracker.getDuplicateLocations(100, "magic-number")
expect(locations).toHaveLength(2)
})
})
describe("isDuplicate", () => {
it("should return false for non-duplicated value", () => {
const value = HardcodedValue.create("test", "magic-string", 10, 5, "const x = 'test'")
tracker.track(value, "file1.ts")
expect(tracker.isDuplicate("test", "magic-string")).toBe(false)
})
it("should return true for duplicated value", () => {
const value1 = HardcodedValue.create("test", "magic-string", 10, 5, "const x = 'test'")
const value2 = HardcodedValue.create("test", "magic-string", 20, 10, "const y = 'test'")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
expect(tracker.isDuplicate("test", "magic-string")).toBe(true)
})
it("should return false for non-existent value", () => {
expect(tracker.isDuplicate("non-existent", "magic-string")).toBe(false)
})
it("should handle boolean values", () => {
const value1 = HardcodedValue.create(true, "MAGIC_BOOLEAN", 10, 5, "const x = true")
const value2 = HardcodedValue.create(true, "MAGIC_BOOLEAN", 20, 5, "const y = true")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
expect(tracker.isDuplicate(true, "MAGIC_BOOLEAN")).toBe(true)
})
})
describe("getStats", () => {
it("should return zero stats for empty tracker", () => {
const stats = tracker.getStats()
expect(stats.totalValues).toBe(0)
expect(stats.duplicateValues).toBe(0)
expect(stats.duplicatePercentage).toBe(0)
})
it("should calculate stats correctly with no duplicates", () => {
const value1 = HardcodedValue.create(
"value1",
"magic-string",
10,
5,
"const x = 'value1'",
)
const value2 = HardcodedValue.create(
"value2",
"magic-string",
20,
5,
"const y = 'value2'",
)
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const stats = tracker.getStats()
expect(stats.totalValues).toBe(2)
expect(stats.duplicateValues).toBe(0)
expect(stats.duplicatePercentage).toBe(0)
})
it("should calculate stats correctly with duplicates", () => {
const value1a = HardcodedValue.create(
"value1",
"magic-string",
10,
5,
"const x = 'value1'",
)
const value1b = HardcodedValue.create(
"value1",
"magic-string",
20,
5,
"const y = 'value1'",
)
const value2 = HardcodedValue.create(
"value2",
"magic-string",
30,
5,
"const z = 'value2'",
)
tracker.track(value1a, "file1.ts")
tracker.track(value1b, "file2.ts")
tracker.track(value2, "file3.ts")
const stats = tracker.getStats()
expect(stats.totalValues).toBe(2)
expect(stats.duplicateValues).toBe(1)
expect(stats.duplicatePercentage).toBe(50)
})
it("should handle multiple duplicates", () => {
const value1a = HardcodedValue.create(
"value1",
"magic-string",
10,
5,
"const x = 'value1'",
)
const value1b = HardcodedValue.create(
"value1",
"magic-string",
20,
5,
"const y = 'value1'",
)
const value2a = HardcodedValue.create(
"value2",
"magic-string",
30,
5,
"const z = 'value2'",
)
const value2b = HardcodedValue.create(
"value2",
"magic-string",
40,
5,
"const a = 'value2'",
)
tracker.track(value1a, "file1.ts")
tracker.track(value1b, "file2.ts")
tracker.track(value2a, "file3.ts")
tracker.track(value2b, "file4.ts")
const stats = tracker.getStats()
expect(stats.totalValues).toBe(2)
expect(stats.duplicateValues).toBe(2)
expect(stats.duplicatePercentage).toBe(100)
})
})
describe("clear", () => {
it("should clear all tracked values", () => {
const value1 = HardcodedValue.create("test", "magic-string", 10, 5, "const x = 'test'")
const value2 = HardcodedValue.create("test", "magic-string", 20, 10, "const y = 'test'")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
expect(tracker.getDuplicates()).toHaveLength(1)
tracker.clear()
expect(tracker.getDuplicates()).toHaveLength(0)
expect(tracker.getStats().totalValues).toBe(0)
})
it("should allow tracking new values after clear", () => {
const value1 = HardcodedValue.create(
"test1",
"magic-string",
10,
5,
"const x = 'test1'",
)
tracker.track(value1, "file1.ts")
tracker.clear()
const value2 = HardcodedValue.create(
"test2",
"magic-string",
20,
5,
"const y = 'test2'",
)
tracker.track(value2, "file2.ts")
const stats = tracker.getStats()
expect(stats.totalValues).toBe(1)
})
})
describe("edge cases", () => {
it("should handle values with colons in them", () => {
const value1 = HardcodedValue.create(
"url:http://example.com",
"magic-string",
10,
5,
"const x = 'url:http://example.com'",
)
const value2 = HardcodedValue.create(
"url:http://example.com",
"magic-string",
20,
5,
"const y = 'url:http://example.com'",
)
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
const duplicates = tracker.getDuplicates()
expect(duplicates).toHaveLength(1)
expect(duplicates[0].value).toBe("url:http://example.com")
})
it("should handle empty string values", () => {
const value1 = HardcodedValue.create("", "magic-string", 10, 5, "const x = ''")
const value2 = HardcodedValue.create("", "magic-string", 20, 5, "const y = ''")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
expect(tracker.isDuplicate("", "magic-string")).toBe(true)
})
it("should handle zero as a number", () => {
const value1 = HardcodedValue.create(0, "magic-number", 10, 5, "const x = 0")
const value2 = HardcodedValue.create(0, "magic-number", 20, 5, "const y = 0")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file2.ts")
expect(tracker.isDuplicate(0, "magic-number")).toBe(true)
})
it("should track same file multiple times", () => {
const value1 = HardcodedValue.create("test", "magic-string", 10, 5, "const x = 'test'")
const value2 = HardcodedValue.create("test", "magic-string", 20, 5, "const y = 'test'")
tracker.track(value1, "file1.ts")
tracker.track(value2, "file1.ts")
const locations = tracker.getDuplicateLocations("test", "magic-string")
expect(locations).toHaveLength(2)
expect(locations?.[0].file).toBe("file1.ts")
expect(locations?.[1].file).toBe("file1.ts")
})
})
})

341
packages/guardian/tests/unit/infrastructure/SecretDetector.test.ts Normal file
View File

@@ -0,0 +1,341 @@
import { describe, it, expect, beforeEach } from "vitest"
import { SecretDetector } from "../../../src/infrastructure/analyzers/SecretDetector"
describe("SecretDetector", () => {
let detector: SecretDetector
beforeEach(() => {
detector = new SecretDetector()
})
describe("detectAll", () => {
it("should return empty array for code without secrets", async () => {
const code = `
const greeting = "Hello World"
const count = 42
function test() {
return true
}
`
const violations = await detector.detectAll(code, "test.ts")
expect(violations).toHaveLength(0)
})
it("should return empty array for normal environment variable usage", async () => {
const code = `
const apiKey = process.env.API_KEY
const dbUrl = process.env.DATABASE_URL
`
const violations = await detector.detectAll(code, "config.ts")
expect(violations).toHaveLength(0)
})
it("should handle empty code", async () => {
const violations = await detector.detectAll("", "empty.ts")
expect(violations).toHaveLength(0)
})
it("should handle code with only comments", async () => {
const code = `
// This is a comment
/* Multi-line
comment */
`
const violations = await detector.detectAll(code, "comments.ts")
expect(violations).toHaveLength(0)
})
it("should handle multiline strings without secrets", async () => {
const code = `
const template = \`
Hello World
This is a test
No secrets here
\`
`
const violations = await detector.detectAll(code, "template.ts")
expect(violations).toHaveLength(0)
})
it("should handle code with URLs", async () => {
const code = `
const apiUrl = "https://api.example.com/v1"
const websiteUrl = "http://localhost:3000"
`
const violations = await detector.detectAll(code, "urls.ts")
expect(violations).toHaveLength(0)
})
it("should handle imports and requires", async () => {
const code = `
import { something } from "some-package"
const fs = require('fs')
`
const violations = await detector.detectAll(code, "imports.ts")
expect(violations).toHaveLength(0)
})
it("should return violations with correct file path", async () => {
const code = `const secret = "test-secret-value"`
const filePath = "src/config/secrets.ts"
const violations = await detector.detectAll(code, filePath)
violations.forEach((v) => {
expect(v.file).toBe(filePath)
})
})
it("should handle .js files", async () => {
const code = `const test = "value"`
const violations = await detector.detectAll(code, "test.js")
expect(violations).toBeInstanceOf(Array)
})
it("should handle .jsx files", async () => {
const code = `const Component = () => <div>Test</div>`
const violations = await detector.detectAll(code, "Component.jsx")
expect(violations).toBeInstanceOf(Array)
})
it("should handle .tsx files", async () => {
const code = `const Component: React.FC = () => <div>Test</div>`
const violations = await detector.detectAll(code, "Component.tsx")
expect(violations).toBeInstanceOf(Array)
})
it("should handle errors gracefully", async () => {
const code = null as unknown as string
const violations = await detector.detectAll(code, "test.ts")
expect(violations).toHaveLength(0)
})
it("should handle malformed code gracefully", async () => {
const code = "const = = ="
const violations = await detector.detectAll(code, "malformed.ts")
expect(violations).toBeInstanceOf(Array)
})
})
describe("parseOutputToViolations", () => {
it("should parse empty output", async () => {
const code = ""
const violations = await detector.detectAll(code, "test.ts")
expect(violations).toHaveLength(0)
})
it("should handle whitespace-only output", async () => {
const code = " \n \n "
const violations = await detector.detectAll(code, "test.ts")
expect(violations).toHaveLength(0)
})
})
describe("extractSecretType", () => {
it("should handle various secret types correctly", async () => {
const code = `const value = "test"`
const violations = await detector.detectAll(code, "test.ts")
violations.forEach((v) => {
expect(v.secretType).toBeTruthy()
expect(typeof v.secretType).toBe("string")
expect(v.secretType.length).toBeGreaterThan(0)
})
})
})
describe("integration", () => {
it("should work with TypeScript code", async () => {
const code = `
interface Config {
apiKey: string
}
const config: Config = {
apiKey: process.env.API_KEY || "default"
}
`
const violations = await detector.detectAll(code, "config.ts")
expect(violations).toBeInstanceOf(Array)
})
it("should work with ES6+ syntax", async () => {
const code = `
const fetchData = async () => {
const response = await fetch(url)
return response.json()
}
const [data, setData] = useState(null)
`
const violations = await detector.detectAll(code, "hooks.ts")
expect(violations).toBeInstanceOf(Array)
})
it("should work with JSX/TSX", async () => {
const code = `
export const Button = ({ onClick }: Props) => {
return <button onClick={onClick}>Click me</button>
}
`
const violations = await detector.detectAll(code, "Button.tsx")
expect(violations).toBeInstanceOf(Array)
})
it("should handle concurrent detections", async () => {
const code1 = "const test1 = 'value1'"
const code2 = "const test2 = 'value2'"
const code3 = "const test3 = 'value3'"
const [result1, result2, result3] = await Promise.all([
detector.detectAll(code1, "file1.ts"),
detector.detectAll(code2, "file2.ts"),
detector.detectAll(code3, "file3.ts"),
])
expect(result1).toBeInstanceOf(Array)
expect(result2).toBeInstanceOf(Array)
expect(result3).toBeInstanceOf(Array)
})
})
describe("edge cases", () => {
it("should handle very long code", async () => {
const longCode = "const value = 'test'\n".repeat(1000)
const violations = await detector.detectAll(longCode, "long.ts")
expect(violations).toBeInstanceOf(Array)
})
it("should handle special characters in code", async () => {
const code = `
const special = "!@#$%^&*()_+-=[]{}|;:',.<>?"
const unicode = "日本語 🚀"
`
const violations = await detector.detectAll(code, "special.ts")
expect(violations).toBeInstanceOf(Array)
})
it("should handle code with regex patterns", async () => {
const code = `
const pattern = /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,}$/i
const matches = text.match(pattern)
`
const violations = await detector.detectAll(code, "regex.ts")
expect(violations).toBeInstanceOf(Array)
})
it("should handle code with template literals", async () => {
const code = `
const message = \`Hello \${name}, your balance is \${balance}\`
`
const violations = await detector.detectAll(code, "template.ts")
expect(violations).toBeInstanceOf(Array)
})
})
describe("real secret detection", () => {
it("should detect AWS access key pattern", async () => {
const code = `const awsKey = "AKIAIOSFODNN7EXAMPLE"`
const violations = await detector.detectAll(code, "aws.ts")
if (violations.length > 0) {
expect(violations[0].secretType).toContain("AWS")
}
})
it("should detect basic auth credentials", async () => {
const code = `const auth = "https://user:password@example.com"`
const violations = await detector.detectAll(code, "auth.ts")
if (violations.length > 0) {
expect(violations[0].file).toBe("auth.ts")
expect(violations[0].line).toBeGreaterThan(0)
expect(violations[0].column).toBeGreaterThan(0)
}
})
it("should detect private SSH key", async () => {
const code = `
const privateKey = \`-----BEGIN RSA PRIVATE KEY-----
MIIBogIBAAJBALRiMLAA...
-----END RSA PRIVATE KEY-----\`
`
const violations = await detector.detectAll(code, "ssh.ts")
if (violations.length > 0) {
expect(violations[0].secretType).toBeTruthy()
}
})
it("should return violation objects with required properties", async () => {
const code = `const key = "AKIAIOSFODNN7EXAMPLE"`
const violations = await detector.detectAll(code, "test.ts")
violations.forEach((v) => {
expect(v).toHaveProperty("file")
expect(v).toHaveProperty("line")
expect(v).toHaveProperty("column")
expect(v).toHaveProperty("secretType")
expect(v.getMessage).toBeDefined()
expect(v.getSuggestion).toBeDefined()
})
})
it("should handle files with multiple secrets", async () => {
const code = `
const key1 = "AKIAIOSFODNN7EXAMPLE"
const key2 = "AKIAIOSFODNN8EXAMPLE"
`
const violations = await detector.detectAll(code, "multiple.ts")
expect(violations).toBeInstanceOf(Array)
})
})
})

315
pnpm-lock.yaml generated
View File

@@ -80,6 +80,18 @@ importers:
packages/guardian:
dependencies:
'@secretlint/core':
specifier: ^11.2.5
version: 11.2.5
'@secretlint/node':
specifier: ^11.2.5
version: 11.2.5
'@secretlint/secretlint-rule-preset-recommend':
specifier: ^11.2.5
version: 11.2.5
'@secretlint/types':
specifier: ^11.2.5
version: 11.2.5
commander:
specifier: ^12.1.0
version: 12.1.0
@@ -154,6 +166,12 @@ packages:
resolution: {integrity: sha512-J4Jarr0SohdrHcb40gTL4wGPCQ952IMWF1G/MSAQfBAPvA9ZKApYhpxcY7PmehVePve+ujpus1dGsJ7dPxz8Kg==}
engines: {node: ^18.19.1 || ^20.11.1 || >=22.0.0, npm: ^6.11.0 || ^7.5.6 || >=8.0.0, yarn: '>= 1.13.0'}
'@azu/format-text@1.0.2':
resolution: {integrity: sha512-Swi4N7Edy1Eqq82GxgEECXSSLyn6GOb5htRFPzBDdUkECGXtlf12ynO5oJSpWKPwCaUssOu7NfhDcCWpIC6Ywg==}
'@azu/style-format@1.0.1':
resolution: {integrity: sha512-AHcTojlNBdD/3/KxIKlg8sxIWHfOtQszLvOpagLTO+bjC3u7SAszu1lf//u7JJC50aUSH+BVWDD/KvaA6Gfn5g==}
'@babel/code-frame@7.27.1':
resolution: {integrity: sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==}
engines: {node: '>=6.9.0'}
@@ -1040,6 +1058,40 @@ packages:
cpu: [x64]
os: [win32]
'@secretlint/config-loader@11.2.5':
resolution: {integrity: sha512-pUiH5xc3x8RLEDq+0dCz65v4kohtfp68I7qmYPuymTwHodzjyJ089ZbNdN1ZX8SZV4xZLQsFIrRLn1lJ55QyyQ==}
engines: {node: '>=20.0.0'}
'@secretlint/core@11.2.5':
resolution: {integrity: sha512-PZNpBd6+KVya2tA3o1oC2kTWYKju8lZG9phXyQY7geWKf+a+fInN4/HSYfCQS495oyTSjhc9qI0mNQEw83PY2Q==}
engines: {node: '>=20.0.0'}
'@secretlint/formatter@11.2.5':
resolution: {integrity: sha512-9XBMeveo1eKXMC9zLjA6nd2lb5JjUgjj8NUpCo1Il8jO4YJ12k7qXZk3T/QJup+Kh0ThpHO03D9C1xLDIPIEPQ==}
engines: {node: '>=20.0.0'}
'@secretlint/node@11.2.5':
resolution: {integrity: sha512-nPdtUsTzDzBJzFiKh80/H5+2ZRRogtDuHhnNiGtF7LSHp8YsQHU5piAVbESdV0AmUjbWijAjscIsWqvtU+2JUQ==}
engines: {node: '>=20.0.0'}
'@secretlint/profiler@11.2.5':
resolution: {integrity: sha512-evQ2PeO3Ub0apWIPaXJy8lMDO1OFgvgQhZd+MhYLcLHgR559EtJ9V02Sh5c10wTLkLAtJ+czlJg2kmlt0nm8fw==}
'@secretlint/resolver@11.2.5':
resolution: {integrity: sha512-Zn9+Gj7cRNjEDX8d1NYZNjTG9/Wjlc8N+JvARFYYYu6JxfbtkabhFxzwxBLkRZ2ZCkPCCnuXJwepcgfVXSPsng==}
'@secretlint/secretlint-rule-preset-recommend@11.2.5':
resolution: {integrity: sha512-FAnp/dPdbvHEw50aF9JMPF/OwW58ULvVXEsk+mXTtBD09VJZhG0vFum8WzxMbB98Eo4xDddGzYtE3g27pBOaQA==}
engines: {node: '>=20.0.0'}
'@secretlint/source-creator@11.2.5':
resolution: {integrity: sha512-+ApoNDS4uIaLb2PG9PPEP9Zu1HDBWpxSd/+Qlb3MzKTwp2BG9sbUhvpGgxuIHFn7pMWQU60DhzYJJUBpbXZEHQ==}
engines: {node: '>=20.0.0'}
'@secretlint/types@11.2.5':
resolution: {integrity: sha512-iA7E+uXuiEydOwv8glEYM4tCHnl8C7wTgLxg+3upHhH/iSSnefWfoRqrJwVBhwxPg4MDoypVI7Oal7bX7/ne+w==}
engines: {node: '>=20.0.0'}
'@sinclair/typebox@0.34.41':
resolution: {integrity: sha512-6gS8pZzSXdyRHTIqoqSVknxolr1kzfy4/CeDnrzsVz8TTIWUbOBr6gnzOmTYJ3eXQNh4IYHIGi5aIL7sOZ2G/g==}
@@ -1052,6 +1104,21 @@ packages:
'@standard-schema/spec@1.0.0':
resolution: {integrity: sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==}
'@textlint/ast-node-types@15.4.0':
resolution: {integrity: sha512-IqY8i7IOGuvy05wZxISB7Me1ZyrvhaQGgx6DavfQjH3cfwpPFdDbDYmMXMuSv2xLS1kDB1kYKBV7fL2Vi16lRA==}
'@textlint/linter-formatter@15.4.0':
resolution: {integrity: sha512-rfqOZmnI1Wwc/Pa4LK+vagvVPmvxf9oRsBRqIOB04DwhucingZyAIJI/TyG18DIDYbP2aFXBZ3oOvyAxHe/8PQ==}
'@textlint/module-interop@15.4.0':
resolution: {integrity: sha512-uGf+SFIfzOLCbZI0gp+2NLsrkSArsvEWulPP6lJuKp7yRHadmy7Xf/YHORe46qhNyyxc8PiAfiixHJSaHGUrGg==}
'@textlint/resolver@15.4.0':
resolution: {integrity: sha512-Vh/QceKZQHFJFG4GxxIsKM1Xhwv93mbtKHmFE5/ybal1mIKHdqF03Z9Guaqt6Sx/AeNUshq0hkMOEhEyEWnehQ==}
'@textlint/types@15.4.0':
resolution: {integrity: sha512-ZMwJgw/xjxJufOD+IB7I2Enl9Si4Hxo04B76RwUZ5cKBKzOPcmd6WvGe2F7jqdgmTdGnfMU+Bo/joQrjPNIWqg==}
'@tokenizer/inflate@0.3.1':
resolution: {integrity: sha512-4oeoZEBQdLdt5WmP/hx1KZ6D3/Oid/0cUb2nk4F0pTDAWy+KCH3/EnAkZF/bvckWo8I33EqBm01lIPgmgc8rCA==}
engines: {node: '>=18'}
@@ -1488,6 +1555,10 @@ packages:
resolution: {integrity: sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==}
engines: {node: '>=8'}
ansi-escapes@7.2.0:
resolution: {integrity: sha512-g6LhBsl+GBPRWGWsBtutpzBYuIIdBkLEvad5C/va/74Db018+5TZiyA26cZJAr3Rft5lprVqOIPxf5Vid6tqAw==}
engines: {node: '>=18'}
ansi-regex@5.0.1:
resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
engines: {node: '>=8'}
@@ -1538,6 +1609,10 @@ packages:
ast-v8-to-istanbul@0.3.8:
resolution: {integrity: sha512-szgSZqUxI5T8mLKvS7WTjF9is+MVbOeLADU73IseOcrqhxr/VAvy6wfoVE39KnKzA7JRhjF5eUagNlHwvZPlKQ==}
astral-regex@2.0.0:
resolution: {integrity: sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==}
engines: {node: '>=8'}
asynckit@0.4.0:
resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
@@ -1576,9 +1651,16 @@ packages:
resolution: {integrity: sha512-a28v2eWrrRWPpJSzxc+mKwm0ZtVx/G8SepdQZDArnXYU/XS+IF6mp8aB/4E+hH1tyGCoDo3KlUCdlSxGDsRkAw==}
hasBin: true
binaryextensions@6.11.0:
resolution: {integrity: sha512-sXnYK/Ij80TO3lcqZVV2YgfKN5QjUWIRk/XSm2J/4bd/lPko3lvk0O4ZppH6m+6hB2/GTu+ptNwVFe1xh+QLQw==}
engines: {node: '>=4'}
bl@4.1.0:
resolution: {integrity: sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==}
boundary@2.0.0:
resolution: {integrity: sha512-rJKn5ooC9u8q13IMCrW0RSp31pxBCHE3y9V/tp3TdWSLf8Em3p6Di4NBpfzbJge9YjjFEsD0RtFEjtvHL5VyEA==}
brace-expansion@1.1.12:
resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
@@ -1638,6 +1720,10 @@ packages:
resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
engines: {node: '>=10'}
chalk@5.6.2:
resolution: {integrity: sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==}
engines: {node: ^12.17.0 || ^14.13 || >=16.0.0}
char-regex@1.0.2:
resolution: {integrity: sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==}
engines: {node: '>=10'}
@@ -1801,6 +1887,10 @@ packages:
eastasianwidth@0.2.0:
resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==}
editions@6.22.0:
resolution: {integrity: sha512-UgGlf8IW75je7HZjNDpJdCv4cGJWIi6yumFdZ0R7A8/CIhQiWUjyGLCxdHpd8bmyD1gnkfUNK0oeOXqUS2cpfQ==}
engines: {ecmascript: '>= es5', node: '>=4'}
electron-to-chromium@1.5.259:
resolution: {integrity: sha512-I+oLXgpEJzD6Cwuwt1gYjxsDmu/S/Kd41mmLA3O+/uH2pFRO/DvOjUyGozL8j3KeLV6WyZ7ssPwELMsXCcsJAQ==}
@@ -1818,6 +1908,10 @@ packages:
resolution: {integrity: sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww==}
engines: {node: '>=10.13.0'}
environment@1.1.0:
resolution: {integrity: sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==}
engines: {node: '>=18'}
error-ex@1.3.4:
resolution: {integrity: sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==}
@@ -2249,6 +2343,10 @@ packages:
resolution: {integrity: sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==}
engines: {node: '>=8'}
istextorbinary@9.5.0:
resolution: {integrity: sha512-5mbUj3SiZXCuRf9fT3ibzbSSEWiy63gFfksmGfdOzujPjW3k+z8WvIBxcJHBoQNlaZaiyB25deviif2+osLmLw==}
engines: {node: '>=4'}
iterare@1.2.1:
resolution: {integrity: sha512-RKYVTCjAnRthyJes037NX/IiqeidgN1xc3j1RjFfECFp28A1GVwK9nA+i0rJPaHqSZwygLzRnFlzUuHFoWWy+Q==}
engines: {node: '>=6'}
@@ -2473,6 +2571,9 @@ packages:
lodash.merge@4.6.2:
resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
lodash.truncate@4.4.2:
resolution: {integrity: sha512-jttmRe7bRse52OsWIMDLaXxWqRAmtIUccAQ3garviCqJjafXOfNMO0yMfNpdD6zbGaTU0P5Nz7e7gAT6cKmJRw==}
lodash@4.17.21:
resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
@@ -2657,6 +2758,10 @@ packages:
resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==}
engines: {node: '>=10'}
p-map@7.0.4:
resolution: {integrity: sha512-tkAQEw8ysMzmkhgw8k+1U/iPhWNhykKnSk4Rd5zLoPJCuJaGRPo6YposrZgaxHKzDHdDWWZvE/Sk7hsL2X/CpQ==}
engines: {node: '>=18'}
p-try@2.2.0:
resolution: {integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==}
engines: {node: '>=6'}
@@ -2725,6 +2830,9 @@ packages:
resolution: {integrity: sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==}
engines: {node: '>=8'}
pluralize@2.0.0:
resolution: {integrity: sha512-TqNZzQCD4S42De9IfnnBvILN7HAW7riLqsCyp8lgjXeysyPlX5HhqKAcJHHHb9XskE4/a+7VGC9zzx8Ls0jOAw==}
pluralize@8.0.0:
resolution: {integrity: sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA==}
engines: {node: '>=4'}
@@ -2767,6 +2875,9 @@ packages:
randombytes@2.1.0:
resolution: {integrity: sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==}
rc-config-loader@4.1.3:
resolution: {integrity: sha512-kD7FqML7l800i6pS6pvLyIE2ncbk9Du8Q0gp/4hMPhJU6ZxApkoLcGD8ZeqgiAlfwZ6BlETq6qqe+12DUL207w==}
react-is@18.3.1:
resolution: {integrity: sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==}
@@ -2894,6 +3005,10 @@ packages:
resolution: {integrity: sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==}
engines: {node: '>=8'}
slice-ansi@4.0.0:
resolution: {integrity: sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==}
engines: {node: '>=10'}
source-map-js@1.2.1:
resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
engines: {node: '>=0.10.0'}
@@ -2972,6 +3087,9 @@ packages:
resolution: {integrity: sha512-KIy5nylvC5le1OdaaoCJ07L+8iQzJHGH6pWDuzS+d07Cu7n1MZ2x26P8ZKIWfbK02+XIL8Mp4RkWeqdUCrDMfg==}
engines: {node: '>=18'}
structured-source@4.0.0:
resolution: {integrity: sha512-qGzRFNJDjFieQkl/sVOI2dUjHKRyL9dAJi2gCPGJLbJHBIkyOHxjuocpIEfbLioX+qSJpvbYdT49/YCdMznKxA==}
superagent@10.2.3:
resolution: {integrity: sha512-y/hkYGeXAj7wUMjxRbB21g/l6aAEituGXM9Rwl4o20+SX3e8YOSV6BxFXl+dL3Uk0mjSL3kCbNkwURm8/gEDig==}
engines: {node: '>=14.18.0'}
@@ -2988,6 +3106,10 @@ packages:
resolution: {integrity: sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==}
engines: {node: '>=10'}
supports-hyperlinks@3.2.0:
resolution: {integrity: sha512-zFObLMyZeEwzAoKCyu1B91U79K2t7ApXuQfo8OuxwXLDgcKxuwM+YvcbIhm6QWqz7mHUH1TVytR1PwVVjEuMig==}
engines: {node: '>=14.18'}
symbol-observable@4.0.0:
resolution: {integrity: sha512-b19dMThMV4HVFynSAM1++gBHAbk2Tc/osgLIBZMKsyqh34jb2e8Os7T6ZW/Bt3pJFdBTd2JwAnAAEQV7rSNvcQ==}
engines: {node: '>=0.10'}
@@ -2996,10 +3118,18 @@ packages:
resolution: {integrity: sha512-MeQTA1r0litLUf0Rp/iisCaL8761lKAZHaimlbGK4j0HysC4PLfqygQj9srcs0m2RdtDYnF8UuYyKpbjHYp7Jw==}
engines: {node: ^14.18.0 || >=16.0.0}
table@6.9.0:
resolution: {integrity: sha512-9kY+CygyYM6j02t5YFHbNz2FN5QmYGv9zAjVp4lCDjlCw7amdckXlEt/bjMhUIfj4ThGRE4gCUH5+yGnNuPo5A==}
engines: {node: '>=10.0.0'}
tapable@2.3.0:
resolution: {integrity: sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==}
engines: {node: '>=6'}
terminal-link@4.0.0:
resolution: {integrity: sha512-lk+vH+MccxNqgVqSnkMVKx4VLJfnLjDBGzH16JVZjKE2DoxP57s6/vt6JmXV5I3jBcfGrxNrYtC+mPtU7WJztA==}
engines: {node: '>=18'}
terser-webpack-plugin@5.3.14:
resolution: {integrity: sha512-vkZjpUjb6OMS7dhV+tILUW6BhpDR7P2L/aQSAv+Uwk+m8KATX9EccViHTJR2qDtACKPIYndLGCyl3FMo+r2LMw==}
engines: {node: '>= 10.13.0'}
@@ -3025,6 +3155,13 @@ packages:
resolution: {integrity: sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==}
engines: {node: '>=8'}
text-table@0.2.0:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
textextensions@6.11.0:
resolution: {integrity: sha512-tXJwSr9355kFJI3lbCkPpUH5cP8/M0GGy2xLO34aZCjMXBaK3SoPnZwr/oWmo1FdCnELcs4npdCIOFtq9W3ruQ==}
engines: {node: '>=4'}
tinybench@2.9.0:
resolution: {integrity: sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==}
@@ -3217,6 +3354,10 @@ packages:
resolution: {integrity: sha512-kiGUalWN+rgBJ/1OHZsBtU4rXZOfj/7rKQxULKlIzwzQSvMJUUNgPwJEEh7gU6xEVxC0ahoOBvN2YI8GH6FNgA==}
engines: {node: '>=10.12.0'}
version-range@4.15.0:
resolution: {integrity: sha512-Ck0EJbAGxHwprkzFO966t4/5QkRuzh+/I1RxhLgUKKwEn+Cd8NwM60mE3AqBZg5gYODoXW0EFsQvbZjRlvdqbg==}
engines: {node: '>=4'}
vite@7.2.4:
resolution: {integrity: sha512-NL8jTlbo0Tn4dUEXEsUg8KeyG/Lkmc4Fnzb8JXN/Ykm9G4HNImjtABMJgkQoVjOBN/j2WAwDTRytdqJbZsah7w==}
engines: {node: ^20.19.0 || >=22.12.0}
@@ -3441,6 +3582,12 @@ snapshots:
transitivePeerDependencies:
- chokidar
'@azu/format-text@1.0.2': {}
'@azu/style-format@1.0.1':
dependencies:
'@azu/format-text': 1.0.2
'@babel/code-frame@7.27.1':
dependencies:
'@babel/helper-validator-identifier': 7.28.5
@@ -4344,6 +4491,68 @@ snapshots:
'@rollup/rollup-win32-x64-msvc@4.53.3':
optional: true
'@secretlint/config-loader@11.2.5':
dependencies:
'@secretlint/profiler': 11.2.5
'@secretlint/resolver': 11.2.5
'@secretlint/types': 11.2.5
ajv: 8.17.1
debug: 4.4.3
rc-config-loader: 4.1.3
transitivePeerDependencies:
- supports-color
'@secretlint/core@11.2.5':
dependencies:
'@secretlint/profiler': 11.2.5
'@secretlint/types': 11.2.5
debug: 4.4.3
structured-source: 4.0.0
transitivePeerDependencies:
- supports-color
'@secretlint/formatter@11.2.5':
dependencies:
'@secretlint/resolver': 11.2.5
'@secretlint/types': 11.2.5
'@textlint/linter-formatter': 15.4.0
'@textlint/module-interop': 15.4.0
'@textlint/types': 15.4.0
chalk: 5.6.2
debug: 4.4.3
pluralize: 8.0.0
strip-ansi: 7.1.2
table: 6.9.0
terminal-link: 4.0.0
transitivePeerDependencies:
- supports-color
'@secretlint/node@11.2.5':
dependencies:
'@secretlint/config-loader': 11.2.5
'@secretlint/core': 11.2.5
'@secretlint/formatter': 11.2.5
'@secretlint/profiler': 11.2.5
'@secretlint/source-creator': 11.2.5
'@secretlint/types': 11.2.5
debug: 4.4.3
p-map: 7.0.4
transitivePeerDependencies:
- supports-color
'@secretlint/profiler@11.2.5': {}
'@secretlint/resolver@11.2.5': {}
'@secretlint/secretlint-rule-preset-recommend@11.2.5': {}
'@secretlint/source-creator@11.2.5':
dependencies:
'@secretlint/types': 11.2.5
istextorbinary: 9.5.0
'@secretlint/types@11.2.5': {}
'@sinclair/typebox@0.34.41': {}
'@sinonjs/commons@3.0.1':
@@ -4356,6 +4565,35 @@ snapshots:
'@standard-schema/spec@1.0.0': {}
'@textlint/ast-node-types@15.4.0': {}
'@textlint/linter-formatter@15.4.0':
dependencies:
'@azu/format-text': 1.0.2
'@azu/style-format': 1.0.1
'@textlint/module-interop': 15.4.0
'@textlint/resolver': 15.4.0
'@textlint/types': 15.4.0
chalk: 4.1.2
debug: 4.4.3
js-yaml: 3.14.2
lodash: 4.17.21
pluralize: 2.0.0
string-width: 4.2.3
strip-ansi: 6.0.1
table: 6.9.0
text-table: 0.2.0
transitivePeerDependencies:
- supports-color
'@textlint/module-interop@15.4.0': {}
'@textlint/resolver@15.4.0': {}
'@textlint/types@15.4.0':
dependencies:
'@textlint/ast-node-types': 15.4.0
'@tokenizer/inflate@0.3.1':
dependencies:
debug: 4.4.3
@@ -4865,6 +5103,10 @@ snapshots:
dependencies:
type-fest: 0.21.3
ansi-escapes@7.2.0:
dependencies:
environment: 1.1.0
ansi-regex@5.0.1: {}
ansi-regex@6.2.2: {}
@@ -4904,6 +5146,8 @@ snapshots:
estree-walker: 3.0.3
js-tokens: 9.0.1
astral-regex@2.0.0: {}
asynckit@0.4.0: {}
babel-jest@30.2.0(@babel/core@7.28.5):
@@ -4964,12 +5208,18 @@ snapshots:
baseline-browser-mapping@2.8.31: {}
binaryextensions@6.11.0:
dependencies:
editions: 6.22.0
bl@4.1.0:
dependencies:
buffer: 5.7.1
inherits: 2.0.4
readable-stream: 3.6.2
boundary@2.0.0: {}
brace-expansion@1.1.12:
dependencies:
balanced-match: 1.0.2
@@ -5031,6 +5281,8 @@ snapshots:
ansi-styles: 4.3.0
supports-color: 7.2.0
chalk@5.6.2: {}
char-regex@1.0.2: {}
chardet@2.1.1: {}
@@ -5155,6 +5407,10 @@ snapshots:
eastasianwidth@0.2.0: {}
editions@6.22.0:
dependencies:
version-range: 4.15.0
electron-to-chromium@1.5.259: {}
emittery@0.13.1: {}
@@ -5168,6 +5424,8 @@ snapshots:
graceful-fs: 4.2.11
tapable: 2.3.0
environment@1.1.0: {}
error-ex@1.3.4:
dependencies:
is-arrayish: 0.2.1
@@ -5647,6 +5905,12 @@ snapshots:
html-escaper: 2.0.2
istanbul-lib-report: 3.0.1
istextorbinary@9.5.0:
dependencies:
binaryextensions: 6.11.0
editions: 6.22.0
textextensions: 6.11.0
iterare@1.2.1: {}
jackspeak@3.4.3:
@@ -6041,6 +6305,8 @@ snapshots:
lodash.merge@4.6.2: {}
lodash.truncate@4.4.2: {}
lodash@4.17.21: {}
log-symbols@4.1.0:
@@ -6204,6 +6470,8 @@ snapshots:
dependencies:
p-limit: 3.1.0
p-map@7.0.4: {}
p-try@2.2.0: {}
package-json-from-dist@1.0.1: {}
@@ -6255,6 +6523,8 @@ snapshots:
dependencies:
find-up: 4.1.0
pluralize@2.0.0: {}
pluralize@8.0.0: {}
postcss@8.5.6:
@@ -6291,6 +6561,15 @@ snapshots:
dependencies:
safe-buffer: 5.2.1
rc-config-loader@4.1.3:
dependencies:
debug: 4.4.3
js-yaml: 4.1.1
json5: 2.2.3
require-from-string: 2.0.2
transitivePeerDependencies:
- supports-color
react-is@18.3.1: {}
readable-stream@3.6.2:
@@ -6441,6 +6720,12 @@ snapshots:
slash@3.0.0: {}
slice-ansi@4.0.0:
dependencies:
ansi-styles: 4.3.0
astral-regex: 2.0.0
is-fullwidth-code-point: 3.0.0
source-map-js@1.2.1: {}
source-map-support@0.5.13:
@@ -6510,6 +6795,10 @@ snapshots:
dependencies:
'@tokenizer/token': 0.3.0
structured-source@4.0.0:
dependencies:
boundary: 2.0.0
superagent@10.2.3:
dependencies:
component-emitter: 1.3.1
@@ -6539,14 +6828,32 @@ snapshots:
dependencies:
has-flag: 4.0.0
supports-hyperlinks@3.2.0:
dependencies:
has-flag: 4.0.0
supports-color: 7.2.0
symbol-observable@4.0.0: {}
synckit@0.11.11:
dependencies:
'@pkgr/core': 0.2.9
table@6.9.0:
dependencies:
ajv: 8.17.1
lodash.truncate: 4.4.2
slice-ansi: 4.0.0
string-width: 4.2.3
strip-ansi: 6.0.1
tapable@2.3.0: {}
terminal-link@4.0.0:
dependencies:
ansi-escapes: 7.2.0
supports-hyperlinks: 3.2.0
terser-webpack-plugin@5.3.14(webpack@5.100.2):
dependencies:
'@jridgewell/trace-mapping': 0.3.31
@@ -6569,6 +6876,12 @@ snapshots:
glob: 7.2.3
minimatch: 3.1.2
text-table@0.2.0: {}
textextensions@6.11.0:
dependencies:
editions: 6.22.0
tinybench@2.9.0: {}
tinyexec@0.3.2: {}
@@ -6770,6 +7083,8 @@ snapshots:
'@types/istanbul-lib-coverage': 2.0.6
convert-source-map: 2.0.0
version-range@4.15.0: {}
vite@7.2.4(@types/node@22.19.1)(terser@5.44.1)(tsx@4.20.6):
dependencies:
esbuild: 0.25.12