ailabs/puaros
1
0
Fork 0
mirror of https://github.com/samiyev/puaros.git synced 2025-12-28 07:16:53 +05:00
Code Issues Packages Projects Releases Wiki Activity
Files
af9c2377a0d3fa90f74d69ab36b25a74cab58882
puaros/packages/guardian/src/domain/services/IEntityExposureDetector.ts
imfozilbek f46048172f feat: add entity exposure detection (v0.3.0) 
Implement entity exposure detection to prevent domain entities
from leaking to API responses. Detects when controllers/routes
return domain entities instead of DTOs.

Features:
- EntityExposure value object with detailed suggestions
- IEntityExposureDetector interface in domain layer
- EntityExposureDetector implementation in infrastructure
- Integration into AnalyzeProject use case
- CLI display with helpful suggestions
- 24 comprehensive unit tests (98% coverage)
- Examples for bad and good patterns

Detection scope:
- Infrastructure layer only (controllers, routes, handlers, resolvers, gateways)
- Identifies PascalCase entities without Dto/Request/Response suffixes
- Parses async methods with Promise<T> return types
- Provides step-by-step remediation suggestions

Test coverage:
- EntityExposureDetector: 98.07%
- Overall project: 90.6% statements, 83.97% branches
- 218 tests passing

BREAKING CHANGE: Version bump to 0.3.0
2025-11-24 13:51:12 +05:00

35 lines
1.4 KiB
TypeScript
Raw Blame History

import { EntityExposure } from "../value-objects/EntityExposure"
/**
* Interface for detecting entity exposure violations in the codebase
*
* Entity exposure occurs when domain entities are directly returned from
* controllers/routes instead of using DTOs (Data Transfer Objects).
* This violates separation of concerns and can expose internal domain logic.
*/
export interface IEntityExposureDetector {
/**
* Detects entity exposure violations in the given code
*
* Analyzes method return types in controllers/routes to identify
* domain entities being directly exposed to external clients.
*
* @param code - Source code to analyze
* @param filePath - Path to the file being analyzed
* @param layer - The architectural layer of the file (domain, application, infrastructure, shared)
* @returns Array of detected entity exposure violations
*/
detectExposures(code: string, filePath: string, layer: string | undefined): EntityExposure[]
/**
* Checks if a return type is a domain entity
*
* Domain entities are typically PascalCase nouns without Dto/Request/Response suffixes
* and are defined in the domain layer.
*
* @param returnType - The return type to check
* @returns True if the return type appears to be a domain entity
*/
isDomainEntity(returnType: string): boolean
}
Reference in New Issue View Git Blame Copy Permalink