ailabs/puaros
1
0
Fork 0
mirror of https://github.com/samiyev/puaros.git synced 2025-12-27 23:06:54 +05:00
Code Issues Packages Projects Releases Wiki Activity
Files
e79874e4206cd19b6686ec1599bdc588253e428d
puaros/packages/guardian/COMPARISON.md

20 KiB
Raw Blame History

Guardian vs Competitors: Comprehensive Comparison 🔍

Last Updated: 2025-01-24

This document provides an in-depth comparison of Guardian against major competitors in the static analysis and architecture enforcement space.

🎯 TL;DR - When to Use Each Tool

Your Need Recommended Tool Why
TypeScript + AI coding + DDD Guardian Only tool built for AI-assisted DDD development
Multi-language + Security SonarQube 35+ languages, deep security scanning
Dependency visualization dependency-cruiser + Guardian Best visualization + architecture rules
Java architecture ArchUnit Java-specific with unit test integration
TypeScript complexity metrics FTA + Guardian Fast metrics + architecture enforcement
Python architecture import-linter + Guardian (future) Python layer enforcement

📊 Feature Comparison Matrix

Core Capabilities

Feature Guardian SonarQube dependency-cruiser ArchUnit FTA ESLint
Languages JS/TS 35+ JS/TS/Vue Java TS/JS JS/TS
Setup Complexity Simple 🐌 Complex Simple ⚙️ Medium Simple Simple
Price 🆓 Free 💰 Freemium 🆓 Free 🆓 Free 🆓 Free 🆓 Free
GitHub Stars - - 6.2k 3.1k - 24k+

Detection Capabilities

Feature Guardian SonarQube dependency-cruiser ArchUnit FTA ESLint
Hardcode Detection (with AI tips) ⚠️ (secrets only)
Circular Dependencies (visual)
Architecture Layers (DDD/Clean) ⚠️ (generic) (via rules) ⚠️
Framework Leak UNIQUE ⚠️ (via rules) ⚠️
Entity Exposure UNIQUE
Naming Conventions (DDD-specific) (generic)
Repository Pattern UNIQUE ⚠️
Dependency Direction (via rules)
Security (SAST) ⚠️
Dependency Risks (SCA)
Complexity Metrics ⚠️
Code Duplication

Developer Experience

Feature Guardian SonarQube dependency-cruiser ArchUnit FTA ESLint
CLI (lib)
Configuration (v0.6+) ⚠️
Visualization (v0.7+) (dashboard) (graphs) ⚠️
Auto-Fix (v0.9+) UNIQUE
AI Workflow UNIQUE
CI/CD Integration (v0.8+) ⚠️
IDE Extensions 🔜 (v1.0+) ⚠️
Metrics Dashboard (v0.10+) ⚠️

Legend:

  • = Excellent support
  • = Good support
  • ⚠️ = Limited/partial support
  • = Not available
  • 🔜 = Planned/Coming soon

🔥 Guardian's Unique Advantages

Guardian has 7 unique features that no competitor offers:

1. Hardcode Detection with AI Suggestions

Guardian:

// Detected:
app.listen(3000)

// Suggestion:
💡 Extract to: DEFAULT_PORT
📁 Location: infrastructure/config/constants.ts
🤖 AI Prompt: "Extract port 3000 to DEFAULT_PORT constant in config"

Competitors:

  • SonarQube: Only detects hardcoded secrets (API keys), not magic numbers
  • Others: No hardcode detection at all

2. 🔌 Framework Leak Detection

Guardian:

// domain/entities/User.ts
import { Request } from 'express'  // ❌ VIOLATION!

// Detected: Framework leak in domain layer
// Suggestion: Use dependency injection via interfaces

Competitors:

  • ArchUnit: Can check via custom rules (not built-in)
  • Others: Not available

3. 🎭 Entity Exposure Detection

Guardian:

// ❌ Bad: Domain entity exposed
async getUser(): Promise<User> { }

// ✅ Good: Use DTOs
async getUser(): Promise<UserDto> { }

// Guardian detects this automatically!

Competitors:

  • None have this built-in

4. 📚 Repository Pattern Validation

Guardian:

// Detects ORM types in domain interfaces:
interface IUserRepository {
    findOne(query: { where: ... })  // ❌ Prisma-specific!
}

// Detects concrete repos in use cases:
constructor(private prisma: PrismaClient) {}  // ❌ VIOLATION!

Competitors:

  • None validate repository pattern

5. 🤖 AI-First Workflow

Guardian:

# Generate AI-friendly fix prompt
guardian check ./src --format ai-prompt > fix.txt

# Feed to Claude/GPT:
"Fix these Guardian violations: $(cat fix.txt)"

# AI fixes → Run Guardian again → Ship it!

Competitors:

  • Generic output, not optimized for AI assistants

6. 🛠️ Auto-Fix for Architecture (v0.9+)

Guardian:

# Automatically extract hardcodes to constants
guardian fix ./src --auto

# Rename files to match conventions
guardian fix naming ./src --auto

# Interactive mode
guardian fix ./src --interactive

Competitors:

  • ESLint has --fix but only for syntax
  • None fix architecture violations

7. 🎯 DDD Pattern Detection (30+)

Guardian Roadmap:

  • Aggregate boundaries
  • Anemic domain model
  • Domain events
  • Value Object immutability
  • CQRS violations
  • Saga pattern
  • Ubiquitous language
  • And 23+ more DDD patterns!

Competitors:

  • Generic architecture checks only
  • No DDD-specific patterns

📈 Detailed Tool Comparisons

vs SonarQube

When SonarQube Wins

Multi-language projects

Java + Python + TypeScript → Use SonarQube
TypeScript only → Consider Guardian

Security-critical applications

SonarQube: SAST, SCA, OWASP Top 10, CVE detection
Guardian: Architecture only (security coming later)

Large enterprise with compliance

SonarQube: Compliance reports, audit trails, enterprise support
Guardian: Lightweight, developer-focused

Existing SonarQube investment

Already using SonarQube? Add Guardian for DDD-specific checks

When Guardian Wins

TypeScript + AI coding workflow

// AI generates code → Guardian checks → AI fixes → Ship
// 10x faster than manual review

Clean Architecture / DDD enforcement

// Guardian understands DDD out-of-the-box
// SonarQube requires custom rules

Fast setup (< 5 minutes)

npm install -g @samiyev/guardian
guardian check ./src
# Done! (vs hours of SonarQube setup)

Hardcode detection with context

// Guardian knows the difference between:
const port = 3000        // ❌ Should be constant
const increment = 1      // ✅ Allowed (semantic)

Side-by-Side Example

Scenario: Detect hardcoded port in Express app

// src/server.ts
app.listen(3000)

SonarQube:

❌ No violation (not a secret)

Guardian:

✅ Hardcode detected:
   Type: magic-number
   Value: 3000
   💡 Suggested: DEFAULT_PORT
   📁 Location: infrastructure/config/constants.ts
   🤖 AI Fix: "Extract 3000 to DEFAULT_PORT constant"

vs dependency-cruiser

When dependency-cruiser Wins

Visualization priority

# Best-in-class dependency graphs
depcruise src --output-type dot | dot -T svg > graph.svg

Custom dependency rules

// Highly flexible rule system
forbidden: [
  {
    from: { path: '^src/domain' },
    to: { path: '^src/infrastructure' }
  }
]

Multi-framework support

JS, TS, Vue, Svelte, JSX, CoffeeScript

When Guardian Wins

DDD/Clean Architecture out-of-the-box

// Guardian knows these patterns:
// - Domain/Application/Infrastructure layers
// - Entity exposure
// - Repository pattern
// - Framework leaks

// dependency-cruiser: Write custom rules for each

Hardcode detection

// Guardian finds:
setTimeout(() => {}, 5000)  // Magic number
const url = "http://..."    // Magic string

// dependency-cruiser: Doesn't check this

AI workflow integration

guardian check ./src --format ai-prompt
# Optimized for Claude/GPT

depcruise src
# Generic output

Complementary Usage

Best approach: Use both!

# Guardian for architecture + hardcode
guardian check ./src

# dependency-cruiser for visualization
depcruise src --output-type svg > architecture.svg

Coming in Guardian v0.7.0:

# Guardian will have built-in visualization!
guardian visualize ./src --output architecture.svg

vs ArchUnit (Java)

When ArchUnit Wins

Java projects

// ArchUnit is built for Java
@ArchTest
void domainShouldNotDependOnInfrastructure(JavaClasses classes) {
    noClasses().that().resideInPackage("..domain..")
        .should().dependOnClassesThat().resideInPackage("..infrastructure..")
        .check(classes);
}

Test-based architecture validation

// Architecture rules = unit tests
// Runs in your CI with other tests

Mature Java ecosystem

Spring Boot, Hibernate, JPA patterns
Built-in rules for layered/onion architecture

When Guardian Wins

TypeScript/JavaScript projects

// Guardian is built for TypeScript
// ArchUnit doesn't support TS

AI coding workflow

# Guardian → AI → Fix → Ship
# ArchUnit is test-based (slower feedback)

Zero-config DDD

guardian check ./src
# Works immediately with DDD structure

# ArchUnit requires writing tests for each rule

Philosophical Difference

ArchUnit:

// Architecture = Tests
// You write explicit tests for each rule

Guardian:

# Architecture = Linter
# Pre-configured DDD rules out-of-the-box

vs FTA (Fast TypeScript Analyzer)

When FTA Wins

Complexity metrics focus

# FTA provides:
# - Cyclomatic complexity
# - Halstead metrics
# - Line counts
# - Technical debt estimation

Performance (Rust-based)

FTA: 1600 files/second
Guardian: ~500 files/second (Node.js)

Simplicity

# FTA does one thing well: metrics
fta src/

When Guardian Wins

Architecture enforcement

// Guardian checks:
// - Layer violations
// - Framework leaks
// - Circular dependencies
// - Repository pattern

// FTA: Only measures complexity, no architecture checks

Hardcode detection

// Guardian finds magic numbers/strings
// FTA doesn't check this

AI workflow

# Guardian provides actionable suggestions
# FTA provides metrics only

Complementary Usage

Best approach: Use both!

# Guardian for architecture
guardian check ./src

# FTA for complexity metrics
fta src/ --threshold complexity:15

Coming in Guardian v0.10.0:

# Guardian will include complexity metrics!
guardian metrics ./src --include-complexity

vs ESLint + Plugins

When ESLint Wins

General code quality

// Best for:
// - Code style
// - Common bugs
// - TypeScript errors
// - React/Vue specific rules

Huge ecosystem

# 10,000+ plugins
eslint-plugin-react
eslint-plugin-vue
eslint-plugin-security
# ...and many more

Auto-fix for syntax

eslint --fix
# Fixes semicolons, quotes, formatting, etc.

When Guardian Wins

Architecture enforcement

// ESLint doesn't understand:
// - Clean Architecture layers
// - DDD patterns
// - Framework leaks
// - Entity exposure

// Guardian does!

Hardcode detection with context

// ESLint plugins check patterns
// Guardian understands semantic context

AI workflow integration

# Guardian optimized for AI assistants
# ESLint generic output

Complementary Usage

Best approach: Use both!

# ESLint for code quality
eslint src/

# Guardian for architecture
guardian check ./src

Many teams run both in CI:

# .github/workflows/quality.yml
- name: ESLint
  run: npm run lint

- name: Guardian
  run: guardian check ./src --fail-on error

vs import-linter (Python)

When import-linter Wins

Python projects

# .importlinter
[importlinter]
root_package = myproject

[importlinter:contract:1]
name = Layers contract
type = layers
layers =
    myproject.domain
    myproject.application
    myproject.infrastructure

Mature Python ecosystem

# Django, Flask, FastAPI integration

When Guardian Wins

TypeScript/JavaScript

// Guardian is for TS/JS
// import-linter is Python-only

More than import checking

// Guardian checks:
// - Hardcode
// - Entity exposure
// - Repository pattern
// - Framework leaks

// import-linter: Only imports

Future Integration

Guardian v2.0+ (Planned):

# Multi-language support coming
guardian check ./python-src --language python
guardian check ./ts-src --language typescript

💰 Cost Comparison

Tool Free Tier Paid Plans Enterprise
Guardian MIT License (100% free) - -
SonarQube Community Edition Developer: $150/yr Custom pricing
dependency-cruiser MIT License - -
ArchUnit Apache 2.0 - -
FTA Open Source - -
ESLint MIT License - -

Guardian will always be free and open-source (MIT License)

🚀 Setup Time Comparison

Tool Setup Time Configuration Required
Guardian 2 minutes Zero-config (DDD)
SonarQube 🐌 2-4 hours Extensive setup
dependency-cruiser 5 minutes ⚠️ Rules configuration
ArchUnit ⚙️ 30 minutes Write test rules
FTA 1 minute Zero-config
ESLint 10 minutes ⚠️ Plugin configuration

Guardian Setup:

# 1. Install (30 seconds)
npm install -g @samiyev/guardian

# 2. Run (90 seconds)
cd your-project
guardian check ./src

# Done! 🎉

📊 Real-World Performance

Analysis Speed (1000 TypeScript files)

Tool Time Notes
FTA ~0.6s Fastest (Rust)
Guardian ~2s Fast (Node.js, tree-sitter)
dependency-cruiser ~3s Fast
ESLint ~5s Depends on rules
SonarQube ~15s Slower (comprehensive)

Memory Usage

Tool RAM Notes
Guardian ~150MB Efficient
FTA ~50MB Minimal (Rust)
dependency-cruiser ~200MB Moderate
ESLint ~300MB Varies by plugins
SonarQube ~2GB Heavy (server)

🎯 Use Case Recommendations

Scenario 1: TypeScript Startup Using AI Coding

Best Stack:

✅ Guardian (architecture + hardcode)
✅ ESLint (code quality)
✅ Prettier (formatting)

Why:

  • Fast setup
  • AI workflow integration
  • Zero-config DDD
  • Catches AI mistakes (hardcode)

Scenario 2: Enterprise Multi-Language

Best Stack:

✅ SonarQube (security + multi-language)
✅ Guardian (TypeScript DDD specialization)
✅ ArchUnit (Java architecture)

Why:

  • Comprehensive coverage
  • Security scanning
  • Language-specific depth

Scenario 3: Clean Architecture Refactoring

Best Stack:

✅ Guardian (architecture enforcement)
✅ dependency-cruiser (visualization)
✅ Guardian v0.9+ (auto-fix)

Why:

  • Visualize current state
  • Detect violations
  • Auto-fix issues

Scenario 4: Python + TypeScript Monorepo

Best Stack:

✅ Guardian (TypeScript)
✅ import-linter (Python)
✅ SonarQube (security, both languages)

Why:

  • Language-specific depth
  • Unified security scanning

🏆 Winner by Category

Category Winner Runner-up
TypeScript Architecture 🥇 Guardian dependency-cruiser
Multi-Language 🥇 SonarQube -
Visualization 🥇 dependency-cruiser SonarQube
AI Workflow 🥇 Guardian - (no competitor)
Security 🥇 SonarQube -
Hardcode Detection 🥇 Guardian - (no competitor)
DDD Patterns 🥇 Guardian ArchUnit (Java)
Auto-Fix 🥇 ESLint (syntax) Guardian v0.9+ (architecture)
Complexity Metrics 🥇 FTA SonarQube
Setup Speed 🥇 FTA Guardian

🔮 Future Roadmap Comparison

Guardian v1.0.0 (Q4 2026)

  • Configuration & presets (v0.6)
  • Visualization (v0.7)
  • CI/CD kit (v0.8)
  • Auto-fix (v0.9) UNIQUE!
  • Metrics dashboard (v0.10)
  • 30+ DDD patterns (v0.11-v0.32)
  • VS Code extension
  • JetBrains plugin

Competitors

  • SonarQube: Incremental improvements, AI-powered fixes (experimental)
  • dependency-cruiser: Stable, no major changes planned
  • ArchUnit: Java focus, incremental improvements
  • FTA: Adding more metrics
  • ESLint: Flat config, performance improvements

Guardian's Advantage: Only tool actively expanding DDD/architecture detection

💡 Migration Guides

From SonarQube to Guardian

When to migrate:

  • TypeScript-only project
  • Want faster iteration
  • Need DDD-specific checks
  • Don't need multi-language/security

How to migrate:

# Keep SonarQube for security
# Add Guardian for architecture
npm install -g @samiyev/guardian
guardian check ./src

# CI/CD: Run both
# SonarQube (security) → Guardian (architecture)

From ESLint-only to ESLint + Guardian

Why add Guardian:

// ESLint checks syntax
// Guardian checks architecture

How to add:

# Keep ESLint
npm run lint

# Add Guardian
guardian check ./src

# Both in CI:
npm run lint && guardian check ./src

From dependency-cruiser to Guardian

Why migrate:

  • Need more than circular deps
  • Want hardcode detection
  • Need DDD patterns
  • Want auto-fix (v0.9+)

How to migrate:

# Replace:
depcruise src --config .dependency-cruiser.js

# With:
guardian check ./src

# Or keep both:
# dependency-cruiser → visualization
# Guardian → architecture + hardcode

📚 Additional Resources

Guardian

Competitors

🤝 Community & Support

Tool Community Support
Guardian GitHub Issues Community (planned: Discord)
SonarQube Community Forum Commercial support available
dependency-cruiser GitHub Issues Community
ArchUnit GitHub Issues Community
ESLint Discord, Twitter Community

Guardian's Position in the Market:

"The AI-First Architecture Guardian for TypeScript teams practicing DDD/Clean Architecture"

Guardian is NOT:

  • A replacement for SonarQube's security scanning
  • A replacement for ESLint's code quality checks
  • A multi-language tool (yet)

Guardian IS:

  • The best tool for TypeScript DDD/Clean Architecture
  • The only tool optimized for AI-assisted coding
  • The only tool with intelligent hardcode detection
  • The only tool with auto-fix for architecture (v0.9+)

Questions? Feedback?

Reference in New Issue View Git Blame Copy Permalink