UNPKG

@samiyev/guardian

Version:

Research-backed code quality guardian for AI-assisted development. Detects hardcodes, secrets, circular deps, framework leaks, entity exposure, and 9 architecture violations. Enforces Clean Architecture/DDD principles. Works with GitHub Copilot, Cursor, W

github.com/samiyev/puaros

samiyev/puaros

82 lines 5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.VIOLATION_EXAMPLE_VALUES = exports.ANEMIC_MODEL_MESSAGES = exports.SECRET_VIOLATION_MESSAGES = exports.AGGREGATE_VIOLATION_MESSAGES = exports.REPOSITORY_FALLBACK_SUGGESTIONS = exports.REPOSITORY_PATTERN_MESSAGES = exports.FRAMEWORK_LEAK_MESSAGES = exports.ENTITY_EXPOSURE_MESSAGES = exports.DEPENDENCY_VIOLATION_MESSAGES = void 0; exports.DEPENDENCY_VIOLATION_MESSAGES = { DOMAIN_INDEPENDENCE: "Domain layer should be independent and not depend on other layers", DOMAIN_MOVE_TO_DOMAIN: "Move the imported code to the domain layer if it contains business logic", DOMAIN_USE_DI: "Use dependency inversion: define an interface in domain and implement it in infrastructure", APPLICATION_NO_INFRA: "Application layer should not depend on infrastructure", APPLICATION_DEFINE_PORT: "Define an interface (Port) in application layer", APPLICATION_IMPLEMENT_ADAPTER: "Implement the interface (Adapter) in infrastructure layer", APPLICATION_USE_DI: "Use dependency injection to provide the implementation", }; exports.ENTITY_EXPOSURE_MESSAGES = { METHOD_DEFAULT: "Method", METHOD_DEFAULT_NAME: "getEntity", }; exports.FRAMEWORK_LEAK_MESSAGES = { DEFAULT_MESSAGE: "Domain layer should not depend on external frameworks", }; exports.REPOSITORY_PATTERN_MESSAGES = { UNKNOWN_TYPE: "Unknown", CONSTRUCTOR: "constructor", DEFAULT_SUGGESTION: "Follow Repository Pattern best practices", NO_EXAMPLE: "// No example available", STEP_REMOVE_ORM_TYPES: "1. Remove ORM-specific types from repository interface", STEP_USE_DOMAIN_TYPES: "2. Use domain types (entities, value objects) instead", STEP_KEEP_CLEAN: "3. Keep repository interface clean and persistence-agnostic", STEP_DEPEND_ON_INTERFACE: "1. Depend on repository interface (IUserRepository) in constructor", STEP_MOVE_TO_INFRASTRUCTURE: "2. Move concrete implementation to infrastructure layer", STEP_USE_DI: "3. Use dependency injection to provide implementation", STEP_REMOVE_NEW: "1. Remove 'new Repository()' from use case", STEP_INJECT_CONSTRUCTOR: "2. Inject repository through constructor", STEP_CONFIGURE_DI: "3. Configure dependency injection container", STEP_RENAME_METHOD: "1. Rename method to use domain language", STEP_REFLECT_BUSINESS: "2. Method names should reflect business operations", STEP_AVOID_TECHNICAL: "3. Avoid technical database terms (query, insert, select)", EXAMPLE_PREFIX: "Example:", BAD_ORM_EXAMPLE: "❌ Bad: findOne(query: Prisma.UserWhereInput)", GOOD_DOMAIN_EXAMPLE: "✅ Good: findById(id: UserId): Promise<User | null>", BAD_NEW_REPO: "❌ Bad: const repo = new UserRepository()", GOOD_INJECT_REPO: "✅ Good: constructor(private readonly userRepo: IUserRepository) {}", SUGGESTION_FINDONE: "findById", SUGGESTION_FINDMANY: "findAll or findByFilter", SUGGESTION_INSERT: "save or create", SUGGESTION_UPDATE: "save", SUGGESTION_DELETE: "remove or delete", SUGGESTION_QUERY: "find or search", }; exports.REPOSITORY_FALLBACK_SUGGESTIONS = { DEFAULT: "findById() or findByEmail()", }; exports.AGGREGATE_VIOLATION_MESSAGES = { USE_ID_REFERENCE: "1. Reference other aggregates by ID (UserId, OrderId) instead of entity", USE_VALUE_OBJECT: "2. Use Value Objects to store needed data from other aggregates (CustomerInfo, ProductSummary)", AVOID_DIRECT_REFERENCE: "3. Avoid direct entity references to maintain aggregate independence", MAINTAIN_INDEPENDENCE: "4. Each aggregate should be independently modifiable and deployable", }; exports.SECRET_VIOLATION_MESSAGES = { USE_ENV_VARIABLES: "1. Use environment variables for sensitive data (process.env.API_KEY)", USE_SECRET_MANAGER: "2. Use secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)", NEVER_COMMIT_SECRETS: "3. Never commit secrets to version control", ROTATE_IF_EXPOSED: "4. If secret was committed, rotate it immediately", USE_GITIGNORE: "5. Add secret files to .gitignore (.env, credentials.json, etc.)", }; exports.ANEMIC_MODEL_MESSAGES = { REMOVE_PUBLIC_SETTERS: "1. Remove public setters - they allow uncontrolled state changes", USE_METHODS_FOR_CHANGES: "2. Use business methods instead (approve(), cancel(), addItem())", ENCAPSULATE_INVARIANTS: "3. Encapsulate business rules and invariants in methods", ADD_BUSINESS_METHODS: "1. Add business logic methods to the entity", MOVE_LOGIC_FROM_SERVICES: "2. Move business logic from services to domain entities where it belongs", ENCAPSULATE_BUSINESS_RULES: "3. Encapsulate business rules inside entity methods", USE_DOMAIN_EVENTS: "4. Use domain events to communicate state changes", }; /** * Example values used in violation messages */ exports.VIOLATION_EXAMPLE_VALUES = { UNKNOWN: "unknown", USER_REPOSITORY: "UserRepository", FIND_ONE: "findOne", }; //# sourceMappingURL=Messages.js.map