package_protections 0.67.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0457664569f574f7252c13cd8236b6e267a114bd900a24da1aa4a89c4b5d13da'
-  data.tar.gz: 8495e9bc7343afa5c793ef7027c2e453dbe13424de49514e235dcd3f64327031
+  metadata.gz: 27281e8109b1edc0fff691f606a70260be38e130810e088d48e2d73d31424fbb
+  data.tar.gz: cd99fe90189671daa334be828aaad40b0928742098cfb1430164f5080d3060ca
 SHA512:
-  metadata.gz: 04cfbf3ce493c4dbb3a9ddfbeb89d725a1fbcc7d5d209e1a51e45ecee6fb56320dacb9fb271d3ca58d1b5d176b209a6410630de041d7e4f749368f7820443ed4
-  data.tar.gz: 67412edbc0ac4a0c64460419c482a141963120c89bb46c297bb84575c83b9f38920bfa7cee9549a7f8c135275eca0927127fa89c5f1879480d283201e757b60f
+  metadata.gz: b1d22a6dee650ffbe8dd4027d5815b6c104f0825d9d257a40aee08dd44ad4c458f72b502e3ed28caa848f0aa6c468502edb4e4f6c5acd7943b808a8ca43096a3
+  data.tar.gz: 91ac08c0a0697dad9fbacd7e7d62ab2a22ef058ad074b2d0371b4faf67f9b264aa4b7ed9a597fb09280b44fead58b641aeda165001568ccb7db015dff03d0bc4

data/README.md

@@ -8,7 +8,7 @@ The intent of this gem is two fold:
 This gem ships with the following checks
 1) Your package is not introducing dependencies that are not intended (via `packwerk` `enforce_dependencies`)
 2) Other packages are not using the private API of your package (via `packwerk` `enforce_privacy`)
-3) Your package has a typed public API (via the `rubocop` `Sorbet/StrictSigil` cop)
+3) Your package has a typed public API (via the `rubocop` `PackageProtections/TypedPublicApi` cop)
 4) Your package only creates a single namespace (via the `rubocop` `PackageProtections/NamespacedUnderPackageName` cop)
 4) Your package is only visible to a select number of packages (via the `packwerk` `enforce_privacy` cop)
 
@@ -141,21 +141,21 @@ end
 In this example, `MyCustomProtection` needs to implement the `PackageProtections::ProtectionInterface` (for protections powered by `packwerk` that look at new and existing violations) OR `PackageProtections::RubocopProtectionInterface` (for protections powered by `rubocop` that look at the AST). It's recommended to take a look at the existing protections as examples. If you're having any trouble with this, please file an issue and we'll be glad to help.
 
 ## Incorporating into your CI Pipeline
-Your CI pipeline can execute the public API ta and fail if there are any offenses.
+Your CI pipeline can execute the public API and fail if there are any offenses.
 
 ## Discussions, Issues, Questions, and More
 To keep things organized, here are some recommended homes:
 ### Issues:
-https://github.com/bigrails/package_protections/issues
+https://github.com/rubyatscale/package_protections/issues
 
 ### Questions:
-https://github.com/bigrails/package_protections/discussions/categories/q-a
+https://github.com/rubyatscale/package_protections/discussions/categories/q-a
 
 ### General discussions:
-https://github.com/bigrails/package_protections/discussions/categories/general
+https://github.com/rubyatscale/package_protections/discussions/categories/general
 
 ### Ideas, new features, requests for change:
-https://github.com/bigrails/package_protections/discussions/categories/ideas
+https://github.com/rubyatscale/package_protections/discussions/categories/ideas
 
 ### Showcasing your work:
-https://github.com/bigrails/package_protections/discussions/categories/show-and-tell
+https://github.com/rubyatscale/package_protections/discussions/categories/show-and-tell

data/lib/package_protections/private/configuration.rb

@@ -28,8 +28,8 @@ module PackageProtections
         [
           Private::OutgoingDependencyProtection.new,
           Private::IncomingPrivacyProtection.new,
-          Private::TypedApiProtection.new,
-          Private::MultipleNamespacesProtection.new,
+          RuboCop::Cop::PackageProtections::TypedPublicApi.new,
+          RuboCop::Cop::PackageProtections::NamespacedUnderPackageName.new,
           Private::VisibilityProtection.new
         ]
       end

data/lib/package_protections/private.rb

@@ -3,11 +3,9 @@
 
 require 'package_protections/private/colorized_string'
 require 'package_protections/private/output'
-require 'package_protections/private/typed_api_protection'
 require 'package_protections/private/incoming_privacy_protection'
 require 'package_protections/private/outgoing_dependency_protection'
 require 'package_protections/private/metadata_modifiers'
-require 'package_protections/private/multiple_namespaces_protection'
 require 'package_protections/private/visibility_protection'
 require 'package_protections/private/configuration'
 

data/lib/package_protections/protected_package.rb

@@ -17,14 +17,14 @@ module PackageProtections
       invalid_identifiers = metadata.keys - valid_identifiers
 
       if invalid_identifiers.any?
-        raise IncorrectPublicApiUsageError.new("Invalid configuration for package `#{original_package.name}`. The metadata keys #{invalid_identifiers.inspect} are not valid behaviors under the `protection` metadata namespace. Valid keys are #{valid_identifiers.inspect}. See https://github.com/bigrails/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
+        raise IncorrectPublicApiUsageError.new("Invalid configuration for package `#{original_package.name}`. The metadata keys #{invalid_identifiers.inspect} are not valid behaviors under the `protection` metadata namespace. Valid keys are #{valid_identifiers.inspect}. See https://github.com/rubyatscale/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
       end
 
       protections = {}
       metadata.each_key do |protection_key|
         protection = PackageProtections.with_identifier(protection_key)
         if !protection
-          raise IncorrectPublicApiUsageError.new("Invalid configuration for package `#{original_package.name}`. The metadata key #{protection_key} is not a valid behaviors under the `protection` metadata namespace. Valid keys are #{valid_identifiers.inspect}. See https://github.com/bigrails/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
+          raise IncorrectPublicApiUsageError.new("Invalid configuration for package `#{original_package.name}`. The metadata key #{protection_key} is not a valid behaviors under the `protection` metadata namespace. Valid keys are #{valid_identifiers.inspect}. See https://github.com/rubyatscale/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
         end
 
         protections[protection.identifier] = get_violation_behavior(protection, metadata, original_package)
@@ -57,7 +57,7 @@ module PackageProtections
       behavior = ViolationBehavior.from_raw_value(metadata[protection.identifier])
       unmet_preconditions = protection.unmet_preconditions_for_behavior(behavior, package)
       if !unmet_preconditions.nil?
-        raise IncorrectPublicApiUsageError.new("#{protection.identifier} protection does not have the valid preconditions. #{unmet_preconditions}. See https://github.com/bigrails/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
+        raise IncorrectPublicApiUsageError.new("#{protection.identifier} protection does not have the valid preconditions. #{unmet_preconditions}. See https://github.com/rubyatscale/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
       end
 
       behavior

data/lib/package_protections/rubocop_protection_interface.rb

@@ -3,26 +3,6 @@
 # typed: strict
 module PackageProtections
   module RubocopProtectionInterface
-    include ProtectionInterface
-    extend T::Sig
-    extend T::Helpers
-
-    abstract!
-
-    sig do
-      abstract
-        .params(packages: T::Array[ProtectedPackage])
-        .returns(T::Array[CopConfig])
-    end
-    def cop_configs(packages); end
-
-    sig do
-      params(package: ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
-    end
-    def custom_cop_config(package)
-      {}
-    end
-
     class CopConfig < T::Struct
       extend T::Sig
       const :name, String
@@ -46,6 +26,40 @@ module PackageProtections
       end
     end
 
+    include ProtectionInterface
+    extend T::Sig
+    extend T::Helpers
+
+    abstract!
+
+    ###########################################################################
+    # Abstract Methods: These are methods that the client needs to implement
+    ############################################################################
+    sig { abstract.returns(String) }
+    def cop_name; end
+
+    sig do
+      abstract.params(file: String).returns(String)
+    end
+    def message_for_fail_on_any(file); end
+
+    sig { abstract.returns(T::Array[String]) }
+    def included_globs_for_pack; end
+
+    ###########################################################################
+    # Overriddable Methods: These are methods that the client can override,
+    # but a default is provided.
+    ############################################################################
+    sig do
+      params(package: ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
+    end
+    def custom_cop_config(package)
+      {}
+    end
+
+    sig { override.params(behavior: ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
+    def unmet_preconditions_for_behavior(behavior, package); end
+
     sig do
       override.params(
         new_violations: T::Array[PerFileViolation]
@@ -73,6 +87,66 @@ module PackageProtections
       end
     end
 
+    sig do
+      override.params(
+        protected_packages: T::Array[ProtectedPackage]
+      ).returns(T::Array[Offense])
+    end
+    def get_offenses_for_existing_violations(protected_packages)
+      exclude_list = exclude_for_rule(cop_name)
+      offenses = []
+
+      protected_packages.each do |package|
+        violation_behavior = package.violation_behavior_for(identifier)
+
+        case violation_behavior
+        when ViolationBehavior::FailNever, ViolationBehavior::FailOnNew
+          next
+        when ViolationBehavior::FailOnAny
+          # Continue
+        else
+          T.absurd(violation_behavior)
+        end
+
+        package.original_package.directory.glob(included_globs_for_pack).each do |relative_path_to_file|
+          next unless exclude_list.include?(relative_path_to_file.to_s)
+
+          file = relative_path_to_file.to_s
+          offenses << Offense.new(
+            file: file,
+            message: message_for_fail_on_any(file),
+            violation_type: identifier,
+            package: package.original_package
+          )
+        end
+      end
+
+      offenses
+    end
+
+    sig do
+      params(packages: T::Array[ProtectedPackage])
+      .returns(T::Array[CopConfig])
+    end
+    def cop_configs(packages)
+      include_paths = T.let([], T::Array[String])
+      packages.each do |p|
+        next unless p.violation_behavior_for(identifier).enabled?
+
+        included_globs_for_pack.each do |glob|
+          include_paths << p.original_package.directory.join(glob).to_s
+        end
+      end
+
+      [
+        CopConfig.new(
+          name: cop_name,
+          enabled: include_paths.any?,
+          include_paths: include_paths
+        )
+      ]
+    end
+
     private
 
     sig { params(rule: String).returns(T::Set[String]) }

data/lib/package_protections/violation_behavior.rb

@@ -19,7 +19,7 @@ module PackageProtections
     rescue KeyError
       # Let's not encourage "unknown." That's mostly considered an internal value if nothing is specified.
       acceptable_values = ViolationBehavior.values.map(&:serialize) - ['unknown']
-      raise IncorrectPublicApiUsageError.new("The metadata value #{value} is not a valid behavior. Double check your spelling! Acceptable values are #{acceptable_values}. See https://github.com/bigrails/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
+      raise IncorrectPublicApiUsageError.new("The metadata value #{value} is not a valid behavior. Double check your spelling! Acceptable values are #{acceptable_values}. See https://github.com/rubyatscale/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
     end
 
     sig { returns(T::Boolean) }

data/lib/package_protections.rb

@@ -10,7 +10,7 @@ require 'rubocop-sorbet'
 
 #
 # Welcome to PackageProtections!
-# See https://github.com/bigrails/package_protections#readme for more info
+# See https://github.com/rubyatscale/package_protections#readme for more info
 #
 # This file is a reference for the available API to `package_protections`, but all implementation details are private
 # (which is why we delegate to `Private` for the actual implementation).
@@ -37,6 +37,7 @@ module PackageProtections
 
   # Implementation of rubocop-based protections
   require 'rubocop/cop/package_protections/namespaced_under_package_name'
+  require 'rubocop/cop/package_protections/typed_public_api'
 
   class << self
     extend T::Sig

data/lib/rubocop/cop/package_protections/namespaced_under_package_name.rb

@@ -1,4 +1,4 @@
-# typed: ignore
+# typed: true
 
 # For String#camelize
 require 'active_support/core_ext/string/inflections'
@@ -7,7 +7,10 @@ module RuboCop
   module Cop
     module PackageProtections
       class NamespacedUnderPackageName < Base
+        extend T::Sig
+
         include RangeHelp
+        include ::PackageProtections::RubocopProtectionInterface
 
         def on_new_investigation
           absolute_filepath = Pathname.new(processed_source.file_path)
@@ -39,7 +42,7 @@ module RuboCop
           #
           # Therefore, for our implementation, we substitute out the non-namespace producing portions of the filename to count the number of namespaces.
           # Note this will *not work* properly in applications that have different assumptions about autoloading.
-          package_last_name = package_name.split('/').last
+          package_last_name = T.must(package_name.split('/').last)
           path_without_package_base = relative_filename.gsub(%r{#{package_name}/app/}, '')
           if path_without_package_base.include?('concerns')
             autoload_folder_name = path_without_package_base.split('/').first(2).join('/')
@@ -85,6 +88,77 @@ module RuboCop
           end
         end
 
+        IDENTIFIER = 'prevent_this_package_from_creating_other_namespaces'.freeze
+
+        sig { override.returns(String) }
+        def identifier
+          IDENTIFIER
+        end
+
+        sig { override.params(behavior: ::PackageProtections::ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
+        def unmet_preconditions_for_behavior(behavior, package)
+          if !behavior.enabled? && !package.metadata['global_namespaces'].nil?
+            "Invalid configuration for package `#{package.name}`. `#{identifier}` must be turned on to use `global_namespaces` configuration."
+          else
+            # We don't need to validate if the behavior is currentely fail_never
+            return if behavior.fail_never?
+
+            # The reason for this is precondition is the `MultipleNamespacesProtection` assumes this to work properly.
+            # To remove this precondition, we need to modify `MultipleNamespacesProtection` to be more generalized!
+            if ::PackageProtections::EXPECTED_PACK_DIRECTORIES.include?(Pathname.new(package.name).dirname.to_s) || package.name == ParsePackwerk::ROOT_PACKAGE_NAME
+              nil
+            else
+              "Package #{package.name} must be located in one of #{::PackageProtections::EXPECTED_PACK_DIRECTORIES.join(', ')} (or be the root) to use this protection"
+            end
+          end
+        end
+
+        sig { override.returns(T::Array[String]) }
+        def included_globs_for_pack
+          [
+            'app/**/*',
+            'lib/**/*'
+          ]
+        end
+
+        sig do
+          params(package: ::PackageProtections::ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
+        end
+        def custom_cop_config(package)
+          {
+            'GlobalNamespaces' => package.metadata['global_namespaces']
+          }
+        end
+
+        sig do
+          override.params(file: String).returns(String)
+        end
+        def message_for_fail_on_any(file)
+          "`#{file}` should be namespaced under the package namespace"
+        end
+
+        sig { override.returns(String) }
+        def cop_name
+          'PackageProtections/NamespacedUnderPackageName'
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_name
+          'Multiple Namespaces Violations'
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_description
+          <<~MESSAGE
+            These files cannot have ANY modules/classes that are not submodules of the package's allowed namespaces.
+            This is failing because these files are in `.rubocop_todo.yml` under `#{cop_name}`.
+            If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
+            change `#{IDENTIFIER}` to `#{::PackageProtections::ViolationBehavior::FailOnNew.serialize}`
+
+            See https://go/packwerk_cheatsheet_namespaces for more info.
+          MESSAGE
+        end
+
         private
 
         def get_allowed_namespaces(package_name)

data/lib/rubocop/cop/package_protections/typed_public_api.rb

@@ -0,0 +1,77 @@
+# typed: strict
+
+module RuboCop
+  module Cop
+    module PackageProtections
+      #
+      # This inherits from `Sorbet::StrictSigil` and doesn't change any behavior of it.
+      # The only reason we do this is so that configuration for this cop can live under a different cop namespace.
+      # This prevents this cop's configuration from clashing with other configurations for the same cop.
+      # A concrete example of this would be if a user is using this package protection to make sure public APIs are typed,
+      # and separately the application as a whole requiring strict typing in certain parts of the application.
+      #
+      # To prevent problems associated with needing to manage identical configurations for the same cop, we simply call it
+      # something else in the context of this protection.
+      #
+      # We can apply this same pattern if we want to use other cops in the context of package protections and prevent clashing.
+      #
+      class TypedPublicApi < Sorbet::StrictSigil
+        extend T::Sig
+
+        include ::PackageProtections::ProtectionInterface
+        include ::PackageProtections::RubocopProtectionInterface
+
+        IDENTIFIER = T.let('prevent_this_package_from_exposing_an_untyped_api'.freeze, String)
+
+        sig { override.returns(String) }
+        def identifier
+          IDENTIFIER
+        end
+
+        sig { override.params(behavior: ::PackageProtections::ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
+        def unmet_preconditions_for_behavior(behavior, package)
+          # We might decide that we should check that `package.enforces_privacy?` is true here too, since that signifies the app has decided they want
+          # a public api in `app/public`. For now, we say there are no preconditions, because the user can still make `app/public` even if they are not yet
+          # ready to enforce privacy, and they might want to enforce a typed API.
+          nil
+        end
+
+        sig { override.returns(String) }
+        def cop_name
+          'PackageProtections/TypedPublicApi'
+        end
+
+        sig { override.returns(T::Array[String]) }
+        def included_globs_for_pack
+          [
+            'app/public/**/*'
+          ]
+        end
+
+        sig do
+          override.params(file: String).returns(String)
+        end
+        def message_for_fail_on_any(file)
+          "#{file} should be `typed: strict`"
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_name
+          'Typed API Violations'
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_description
+          <<~MESSAGE
+            These files cannot have ANY Ruby files in the public API that are not typed strict or higher.
+            This is failing because these files are in `.rubocop_todo.yml` under `#{cop_name}`.
+            If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
+            change `#{IDENTIFIER}` to `#{::PackageProtections::ViolationBehavior::FailOnNew.serialize}`
+
+            See https://go/packwerk_cheatsheet_typed_api for more info.
+          MESSAGE
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: package_protections
 version: !ruby/object:Gem::Version
-  version: 0.67.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Gusto Engineers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-06-10 00:00:00.000000000 Z
+date: 2022-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -181,23 +181,22 @@ files:
 - lib/package_protections/private/configuration.rb
 - lib/package_protections/private/incoming_privacy_protection.rb
 - lib/package_protections/private/metadata_modifiers.rb
-- lib/package_protections/private/multiple_namespaces_protection.rb
 - lib/package_protections/private/outgoing_dependency_protection.rb
 - lib/package_protections/private/output.rb
-- lib/package_protections/private/typed_api_protection.rb
 - lib/package_protections/private/visibility_protection.rb
 - lib/package_protections/protected_package.rb
 - lib/package_protections/protection_interface.rb
 - lib/package_protections/rubocop_protection_interface.rb
 - lib/package_protections/violation_behavior.rb
 - lib/rubocop/cop/package_protections/namespaced_under_package_name.rb
-homepage: https://github.com/bigrails/package_protections
+- lib/rubocop/cop/package_protections/typed_public_api.rb
+homepage: https://github.com/rubyatscale/package_protections
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/bigrails/package_protections
-  source_code_uri: https://github.com/bigrails/parse_packwerk
-  changelog_uri: https://github.com/bigrails/parse_packwerk/releases
+  homepage_uri: https://github.com/rubyatscale/package_protections
+  source_code_uri: https://github.com/rubyatscale/parse_packwerk
+  changelog_uri: https://github.com/rubyatscale/parse_packwerk/releases
   allowed_push_host: https://rubygems.org
 post_install_message: 
 rdoc_options: []

data/lib/package_protections/private/multiple_namespaces_protection.rb

@@ -1,128 +0,0 @@
-# frozen_string_literal: true
-
-# typed: strict
-
-module PackageProtections
-  module Private
-    class MultipleNamespacesProtection
-      extend T::Sig
-
-      include ProtectionInterface
-      include RubocopProtectionInterface
-
-      IDENTIFIER = 'prevent_this_package_from_creating_other_namespaces'
-      COP_NAME = 'PackageProtections/NamespacedUnderPackageName'
-
-      sig { override.returns(String) }
-      def identifier
-        IDENTIFIER
-      end
-
-      sig { override.params(behavior: ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
-      def unmet_preconditions_for_behavior(behavior, package)
-        if !behavior.enabled? && !package.metadata['global_namespaces'].nil?
-          "Invalid configuration for package `#{package.name}`. `#{identifier}` must be turned on to use `global_namespaces` configuration."
-        else
-          # We don't need to validate if the behavior is currentely fail_never
-          return if behavior.fail_never?
-
-          # The reason for this is precondition is the `MultipleNamespacesProtection` assumes this to work properly.
-          # To remove this precondition, we need to modify `MultipleNamespacesProtection` to be more generalized!
-          if EXPECTED_PACK_DIRECTORIES.include?(Pathname.new(package.name).dirname.to_s) || package.name == ParsePackwerk::ROOT_PACKAGE_NAME
-            nil
-          else
-            "Package #{package.name} must be located in one of #{EXPECTED_PACK_DIRECTORIES.join(', ')} (or be the root) to use this protection"
-          end
-        end
-      end
-
-      sig do
-        override
-          .params(packages: T::Array[ProtectedPackage])
-          .returns(T::Array[CopConfig])
-      end
-      def cop_configs(packages)
-        include_paths = T.let([], T::Array[String])
-        packages.each do |p|
-          next if p.name == ParsePackwerk::ROOT_PACKAGE_NAME
-
-          if p.violation_behavior_for(identifier).enabled?
-            include_paths << p.original_package.directory.join('app', '**', '*').to_s
-            include_paths << p.original_package.directory.join('lib', '**', '*').to_s
-          end
-        end
-
-        [
-          CopConfig.new(
-            name: COP_NAME,
-            enabled: include_paths.any?,
-            include_paths: include_paths
-          )
-        ]
-      end
-
-      sig do
-        params(package: ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
-      end
-      def custom_cop_config(package)
-        {
-          'GlobalNamespaces' => package.metadata['global_namespaces']
-        }
-      end
-
-      sig do
-        override.params(
-          protected_packages: T::Array[ProtectedPackage]
-        ).returns(T::Array[Offense])
-      end
-      def get_offenses_for_existing_violations(protected_packages)
-        exclude_list = exclude_for_rule(COP_NAME)
-        offenses = []
-
-        protected_packages.each do |package|
-          violation_behavior = package.violation_behavior_for(identifier)
-
-          case violation_behavior
-          when ViolationBehavior::FailNever, ViolationBehavior::FailOnNew
-            next
-          when ViolationBehavior::FailOnAny
-            # Continue
-          else
-            T.absurd(violation_behavior)
-          end
-
-          package.original_package.directory.glob('**/**/*.*').each do |relative_path_to_file|
-            next unless exclude_list.include?(relative_path_to_file.to_s)
-
-            file = relative_path_to_file.to_s
-            offenses << Offense.new(
-              file: file,
-              message: "`#{file}` should be namespaced under the package namespace",
-              violation_type: identifier,
-              package: package.original_package
-            )
-          end
-        end
-
-        offenses
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_name
-        'Multiple Namespaces Violations'
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_description
-        <<~MESSAGE
-          These files cannot have ANY modules/classes that are not submodules of the package's allowed namespaces.
-          This is failing because these files are in `.rubocop_todo.yml` under `#{COP_NAME}`.
-          If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
-          change `#{IDENTIFIER}` to `#{ViolationBehavior::FailOnNew.serialize}`
-
-          See https://go/packwerk_cheatsheet_namespaces for more info.
-        MESSAGE
-      end
-    end
-  end
-end

data/lib/package_protections/private/typed_api_protection.rb

@@ -1,106 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-module PackageProtections
-  module Private
-    class TypedApiProtection
-      extend T::Sig
-
-      include ProtectionInterface
-      include RubocopProtectionInterface
-
-      IDENTIFIER = 'prevent_this_package_from_exposing_an_untyped_api'
-      COP_NAME = 'Sorbet/StrictSigil'
-
-      sig { override.returns(String) }
-      def identifier
-        IDENTIFIER
-      end
-
-      sig { override.params(behavior: ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
-      def unmet_preconditions_for_behavior(behavior, package)
-        # We might decide that we should check that `package.enforces_privacy?` is true here too, since that signifies the app has decided they want
-        # a public api in `app/public`. For now, we say there are no preconditions, because the user can still make `app/public` even if they are not yet
-        # ready to enforce privacy, and they might want to enforce a typed API.
-        nil
-      end
-
-      sig do
-        override
-          .params(packages: T::Array[ProtectedPackage])
-          .returns(T::Array[CopConfig])
-      end
-      def cop_configs(packages)
-        include_paths = T.let([], T::Array[String])
-        packages.each do |p|
-          if p.violation_behavior_for(identifier).enabled?
-            directory = p.original_package.directory
-            include_paths << directory.join('app', 'public', '**', '*').to_s
-          end
-        end
-
-        [
-          CopConfig.new(
-            name: COP_NAME,
-            enabled: include_paths.any?,
-            include_paths: include_paths
-          )
-        ]
-      end
-
-      sig do
-        override.params(
-          protected_packages: T::Array[ProtectedPackage]
-        ).returns(T::Array[Offense])
-      end
-      def get_offenses_for_existing_violations(protected_packages)
-        exclude_list = exclude_for_rule(COP_NAME)
-
-        offenses = T.let([], T::Array[Offense])
-        protected_packages.flat_map do |protected_package|
-          violation_behavior = protected_package.violation_behavior_for(identifier)
-
-          case violation_behavior
-          when ViolationBehavior::FailNever, ViolationBehavior::FailOnNew
-            next
-          when ViolationBehavior::FailOnAny
-            # Continue
-          else
-            T.absurd(violation_behavior)
-          end
-
-          protected_package.original_package.directory.glob('app/public/**/**/*.*').each do |relative_path_to_file|
-            next unless exclude_list.include?(relative_path_to_file.to_s)
-
-            file = relative_path_to_file.to_s
-            offenses << Offense.new(
-              file: file,
-              message: "#{file} should be `typed: strict`",
-              violation_type: identifier,
-              package: protected_package.original_package
-            )
-          end
-        end
-
-        offenses
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_name
-        'Typed API Violations'
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_description
-        <<~MESSAGE
-          These files cannot have ANY Ruby files in the public API that are not typed strict or higher.
-          This is failing because these files are in `.rubocop_todo.yml` under `#{COP_NAME}`.
-          If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
-          change `#{IDENTIFIER}` to `#{ViolationBehavior::FailOnNew.serialize}`
-
-          See https://go/packwerk_cheatsheet_typed_api for more info.
-        MESSAGE
-      end
-    end
-  end
-end