@appland/scanner 1.80.2 → 1.81.1

package/CHANGELOG.md

@@ -1,3 +1,18 @@
+# [@appland/scanner-v1.81.1](https://github.com/getappmap/appmap-js/compare/@appland/scanner-v1.81.0...@appland/scanner-v1.81.1) (2023-08-11)
+
+
+### Bug Fixes
+
+* Specify node version requirements for user-facing packages ([ca55a25](https://github.com/getappmap/appmap-js/commit/ca55a256e5fb79b990eff87a753980de549a4b88))
+
+# [@appland/scanner-v1.81.0](https://github.com/getappmap/appmap-js/compare/@appland/scanner-v1.80.2...@appland/scanner-v1.81.0) (2023-08-09)
+
+
+### Features
+
+* Move scanner logging behind verbose() flag ([2df8863](https://github.com/getappmap/appmap-js/commit/2df88632d4a97d4b65cadf83b9c11ec701d7e6fb))
+* Refactor types into index.ts ([322596b](https://github.com/getappmap/appmap-js/commit/322596bbc8492dd032a4c47e62c5d730f4596e56))
+
 # [@appland/scanner-v1.80.2](https://github.com/getappmap/appmap-js/compare/@appland/scanner-v1.80.1...@appland/scanner-v1.80.2) (2023-07-20)
 
 

package/built/index.js

@@ -0,0 +1,8 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scan = void 0;
+var scan_1 = require("./scan");
+Object.defineProperty(exports, "scan", { enumerable: true, get: function () { return __importDefault(scan_1).default; } });

package/built/ruleInstance.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/built/rules/authzBeforeAuthn.js

@@ -42,7 +42,7 @@ function build() {
 }
 const SecurityAuthentication = 'security.authentication';
 const SecurityAuthorization = 'security.authorization';
-exports.default = {
+const RULE = {
     id: 'authz-before-authn',
     title: 'Authorization performed before authentication',
     labels: [SecurityAuthorization, SecurityAuthentication],
@@ -56,3 +56,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#authz-before-authn',
     build,
 };
+exports.default = RULE;

package/built/rules/circularDependency.js

@@ -188,7 +188,7 @@ function build(options) {
         matcher,
     };
 }
-exports.default = {
+const RULE = {
     id: 'circular-dependency',
     title: 'Circular package dependency',
     Options,
@@ -201,3 +201,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#circular-dependency',
     build,
 };
+exports.default = RULE;

package/built/rules/deserializationOfUntrustedData.js

@@ -63,7 +63,7 @@ function matcher(startEvent) {
 const DeserializeUnsafe = 'deserialize.unsafe';
 const DeserializeSafe = 'deserialize.safe';
 const DeserializeSanitize = 'deserialize.sanitize';
-exports.default = {
+const RULE = {
     id: 'deserialization-of-untrusted-data',
     title: 'Deserialization of untrusted data',
     labels: [DeserializeUnsafe, DeserializeSafe, DeserializeSanitize],
@@ -78,3 +78,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#deserialization-of-untrusted-data',
     build: () => ({ matcher }),
 };
+exports.default = RULE;

package/built/rules/execOfUntrustedCommand.js

@@ -46,7 +46,7 @@ function build() {
 const Exec = 'system.exec';
 const ExecSafe = 'system.exec.safe';
 const ExecSanitize = 'system.exec.sanitize';
-exports.default = {
+const RULE = {
     id: 'exec-of-untrusted-command',
     title: 'Execution of untrusted system command',
     labels: [Exec, ExecSafe, ExecSanitize],
@@ -59,3 +59,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#exec-of-untrusted-command',
     build,
 };
+exports.default = RULE;

package/built/rules/illegalPackageDependency.js

@@ -40,7 +40,7 @@ function build(options) {
     }
     return { where, matcher };
 }
-exports.default = {
+const RULE = {
     id: 'illegal-package-dependency',
     title: 'Illegal use of code by a non-whitelisted package',
     // scope: //*[@command]
@@ -56,3 +56,4 @@ exports.default = {
     Options,
     build,
 };
+exports.default = RULE;

package/built/rules/incompatibleHttpClientRequest.js

@@ -57,7 +57,7 @@ function build(options) {
         where: (e) => !!e.httpClientRequest && !!e.httpClientRequest.url,
     };
 }
-exports.default = {
+const RULE = {
     id: 'incompatible-http-client-request',
     title: 'Incompatible HTTP client request',
     // scope: //http_client_request
@@ -69,3 +69,4 @@ exports.default = {
     Options,
     build,
 };
+exports.default = RULE;

package/built/rules/insecureCompare.js

@@ -48,7 +48,7 @@ function build() {
 }
 const Secret = 'secret';
 const StringEquals = 'string.equals';
-exports.default = {
+const RULE = {
     id: 'insecure-compare',
     title: 'Insecure comparison of secrets',
     labels: [Secret, StringEquals],
@@ -61,3 +61,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#insecure-compare',
     build,
 };
+exports.default = RULE;

package/built/rules/jobNotCancelled.js

@@ -31,7 +31,7 @@ function build() {
         matcher,
     };
 }
-exports.default = {
+const RULE = {
     id: 'job-not-cancelled',
     title: 'Job created in a rolled back transaction and not cancelled',
     scope: 'transaction',
@@ -45,3 +45,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#job-not-cancelled',
     build,
 };
+exports.default = RULE;

package/built/rules/logoutWithoutSessionReset.js

@@ -41,7 +41,7 @@ function build() {
 }
 const SecurityLogout = 'security.logout';
 const HTTPSessionClear = 'http.session.clear';
-exports.default = {
+const RULE = {
     id: 'logout-without-session-reset',
     title: 'Logout without session reset',
     scope: 'http_server_request',
@@ -57,3 +57,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#logout-without-session-reset',
     build,
 };
+exports.default = RULE;

package/built/rules/missingAuthentication.js

@@ -66,7 +66,7 @@ function build(options = new Options()) {
 }
 const AccessPublic = 'access.public';
 const SecurityAuthentication = 'security.authentication';
-exports.default = {
+const RULE = {
     id: 'missing-authentication',
     title: 'Unauthenticated HTTP server request',
     scope: 'http_server_request',
@@ -81,3 +81,4 @@ exports.default = {
     Options,
     build,
 };
+exports.default = RULE;

package/built/rules/missingContentType.js

@@ -23,7 +23,7 @@ function build() {
         where,
     };
 }
-exports.default = {
+const RULE = {
     id: 'missing-content-type',
     title: 'HTTP server request without a Content-Type header',
     scope: 'http_server_request',
@@ -33,3 +33,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#missing-content-type',
     build,
 };
+exports.default = RULE;

package/built/rules/nPlusOneQuery.js

@@ -75,7 +75,7 @@ function build(options) {
         matcher,
     };
 }
-exports.default = {
+const RULE = {
     id: 'n-plus-one-query',
     title: 'N plus 1 SQL query',
     scope: 'command',
@@ -89,3 +89,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#n-plus-one-query',
     build,
 };
+exports.default = RULE;

package/built/rules/queryFromInvalidPackage.js

@@ -39,7 +39,7 @@ function build(options) {
         where,
     };
 }
-exports.default = {
+const RULE = {
     id: 'query-from-invalid-package',
     title: 'Queries from invalid packages',
     Options,
@@ -52,3 +52,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#query-from-invalid-package',
     build,
 };
+exports.default = RULE;

package/built/rules/queryFromView.js

@@ -33,7 +33,7 @@ function build(options = new Options()) {
         where,
     };
 }
-exports.default = {
+const RULE = {
     id: 'query-from-view',
     title: 'Queries from view',
     Options,
@@ -46,3 +46,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#query-from-view',
     build,
 };
+exports.default = RULE;

package/built/rules/rpcWithoutCircuitBreaker.js

@@ -21,7 +21,7 @@ function build(options = new Options()) {
     return (0, rpcWithoutProtection_1.rpcWithoutProtection)(descendants, options);
 }
 const RPCCircuitBreaker = 'rpc.circuit_breaker';
-exports.default = {
+const RULE = {
     id: 'rpc-without-circuit-breaker',
     title: 'RPC without circuit breaker',
     Options,
@@ -32,3 +32,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#rpc-without-circuit-breaker',
     build,
 };
+exports.default = RULE;

package/built/rules/saveWithoutValidation.js

@@ -24,7 +24,7 @@ function build() {
         where: (e) => e.isFunction && ['save', 'save!'].includes(e.methodId),
     };
 }
-exports.default = {
+const RULE = {
     id: 'save-without-validation',
     title: 'Save without validation',
     enumerateScope: true,
@@ -36,3 +36,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#save-without-validation',
     build,
 };
+exports.default = RULE;

package/built/rules/secretInLog.js

@@ -97,7 +97,7 @@ function build() {
 }
 const Secret = 'secret';
 const Log = 'log';
-exports.default = {
+const RULE = {
     id: 'secret-in-log',
     title: 'Secret in log',
     labels: [Secret, Log],
@@ -111,3 +111,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#secret-in-log',
     build,
 };
+exports.default = RULE;

package/built/rules/slowFunctionCall.js

@@ -27,7 +27,7 @@ function build(options) {
                 functionPatterns.some((pattern) => pattern(e.codeObject.id))),
     };
 }
-exports.default = {
+const RULE = {
     id: 'slow-function-call',
     title: 'Slow function call',
     impactDomain: 'Performance',
@@ -37,3 +37,4 @@ exports.default = {
     Options,
     build,
 };
+exports.default = RULE;

package/built/rules/slowHttpServerRequest.js

@@ -16,7 +16,7 @@ function build(options) {
         where: (e) => !!e.httpServerRequest && e.elapsedTime !== undefined,
     };
 }
-exports.default = {
+const RULE = {
     id: 'slow-http-server-request',
     title: 'Slow HTTP server request',
     scope: 'http_server_request',
@@ -27,3 +27,4 @@ exports.default = {
     Options,
     build,
 };
+exports.default = RULE;

package/built/rules/slowQuery.js

@@ -15,7 +15,7 @@ function build(options = new Options()) {
         where: (e) => !!e.sqlQuery && !!e.elapsedTime,
     };
 }
-exports.default = {
+const RULE = {
     id: 'slow-query',
     title: 'Slow SQL query',
     Options,
@@ -25,3 +25,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#slow-query',
     build,
 };
+exports.default = RULE;

package/built/rules/tooManyUpdates.js

@@ -57,7 +57,7 @@ function build(options) {
         matcher,
     };
 }
-exports.default = {
+const RULE = {
     id: 'too-many-updates',
     title: 'Too many SQL and RPC updates performed in one command',
     scope: 'command',
@@ -71,3 +71,4 @@ exports.default = {
     Options,
     build,
 };
+exports.default = RULE;

package/built/rules/unbatchedMaterializedQuery.js

@@ -65,7 +65,7 @@ function build() {
 }
 // Example: ActiveRecord::Relation#records
 const DAOMaterialize = 'dao.materialize';
-exports.default = {
+const RULE = {
     id: 'unbatched-materialized-query',
     title: 'Unbatched materialized SQL query',
     labels: [DAOMaterialize],
@@ -78,3 +78,4 @@ exports.default = {
     url: 'https://appland.com/docs/analysis/rules-reference.html#unbatched-materialized-query',
     build,
 };
+exports.default = RULE;

package/built/rules/updateInGetRequest.js

@@ -53,7 +53,7 @@ function build(options = new Options()) {
     };
 }
 const Audit = 'audit';
-exports.default = {
+const RULE = {
     id: 'update-in-get-request',
     title: 'Data update performed in GET or HEAD request',
     scope: 'http_server_request',
@@ -65,3 +65,4 @@ exports.default = {
     Options,
     build,
 };
+exports.default = RULE;

package/built/scan.js

@@ -0,0 +1,155 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/* eslint-disable @typescript-eslint/no-empty-function */
+/* eslint-disable @typescript-eslint/naming-convention */
+/* eslint-disable @typescript-eslint/no-unused-vars */
+const lru_cache_1 = __importDefault(require("lru-cache"));
+const assert_1 = __importDefault(require("assert"));
+const promises_1 = require("fs/promises");
+const console_1 = require("console");
+const models_1 = require("@appland/models");
+const configurationProvider_1 = require("./configuration/configurationProvider");
+const util_1 = require("./rules/lib/util");
+const ruleChecker_1 = __importDefault(require("./ruleChecker"));
+const appMapIndex_1 = __importDefault(require("./appMapIndex"));
+const ConfigurationByFileName = new lru_cache_1.default({ max: 10 });
+const ChecksByFileName = new lru_cache_1.default({ max: 10 });
+class StatsProgressReporter {
+    constructor() {
+        this.parseTime = new Array();
+        this.elapsedByRuleId = new Map();
+    }
+    printSummary() {
+        if (!(0, util_1.verbose)())
+            return;
+        if (this.parseTime.length === 0)
+            return;
+        const keys = Array.from(this.elapsedByRuleId.keys()).sort();
+        console.warn(`Average parse time: ${this.parseTime.reduce((memo, val) => memo + val, 0) / this.parseTime.length}ms`);
+        for (const key of keys) {
+            const elapsed = this.elapsedByRuleId.get(key);
+            const average = elapsed.reduce((memo, val) => memo + val, 0) / elapsed.length;
+            console.warn(`Average check time for ${key}: ${average}ms`);
+        }
+    }
+    addParseTime(elapsed) {
+        this.parseTime.push(elapsed);
+    }
+    beginAppMap(appMapFileName, appMap) {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+    beginCheck(check) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.ruleId = check.rule.id;
+            this.checkStartTime = new Date();
+        });
+    }
+    filterScope(scopeName, scope) {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+    enterScope(scope) {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+    filterEvent(event) {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+    matchResult(event, matchResult) {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+    matchEvent(event, appMapIndex) {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+    leaveScope() {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+    endCheck() {
+        return __awaiter(this, void 0, void 0, function* () {
+            (0, assert_1.default)(this.ruleId);
+            (0, assert_1.default)(this.checkStartTime);
+            const checkEndTime = new Date();
+            const elapsed = checkEndTime.getTime() - this.checkStartTime.getTime();
+            if (!this.elapsedByRuleId.has(this.ruleId))
+                this.elapsedByRuleId.set(this.ruleId, []);
+            this.elapsedByRuleId.get(this.ruleId).push(elapsed);
+        });
+    }
+    endAppMap() {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+}
+const STATS_REPORTER = new StatsProgressReporter();
+setInterval(() => STATS_REPORTER.printSummary(), 3000);
+/**
+ * Perform all configured checks on a single AppMap file.
+ */
+function scan(appmapFile, configurationFile) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let configuration = ConfigurationByFileName.get(configurationFile);
+        if (!configuration) {
+            if ((0, util_1.verbose)())
+                (0, console_1.warn)(`Loading configuration from ${configurationFile}`);
+            configuration = yield (0, configurationProvider_1.parseConfigFile)(configurationFile);
+            ConfigurationByFileName.set(configurationFile, configuration);
+        }
+        let checkImpls = ChecksByFileName.get(configurationFile);
+        if (!checkImpls) {
+            if ((0, util_1.verbose)())
+                (0, console_1.warn)(`[scan] Loading checks from ${configurationFile}`);
+            checkImpls = yield (0, configurationProvider_1.loadConfig)(configuration);
+            ChecksByFileName.set(configurationFile, checkImpls);
+        }
+        const checker = new ruleChecker_1.default(STATS_REPORTER);
+        const findings = [];
+        const startTime = new Date();
+        const appMapData = yield (0, promises_1.readFile)(appmapFile, 'utf8');
+        const appMap = (0, models_1.buildAppMap)(appMapData).normalize().build();
+        const parseTime = new Date();
+        STATS_REPORTER.addParseTime(parseTime.getTime() - startTime.getTime());
+        if ((0, util_1.verbose)())
+            console.warn(`[scan] Event count: ${appMap.events.length}`);
+        if ((0, util_1.verbose)())
+            console.warn(`[scan] Parse time: ${parseTime.getTime() - startTime.getTime()}ms`);
+        const appMapIndex = new appMapIndex_1.default(appMap);
+        for (const check of checkImpls) {
+            yield STATS_REPORTER.beginCheck(check);
+            yield checker.check(appmapFile, appMapIndex, check, findings);
+            yield STATS_REPORTER.endCheck();
+        }
+        const scanTime = new Date();
+        if ((0, util_1.verbose)())
+            console.warn(`[scan] Scan time: ${scanTime.getTime() - parseTime.getTime()}ms`);
+        const checks = checkImpls.map((check) => ({
+            id: check.id,
+            scope: check.rule.scope || 'command',
+            impactDomain: check.rule.impactDomain || 'Stability',
+            rule: {
+                id: check.rule.id,
+                title: check.rule.title,
+                description: check.rule.description,
+                url: check.rule.url,
+                labels: check.rule.labels || [],
+                enumerateScope: check.rule.enumerateScope,
+                references: check.rule.references || {},
+            },
+        }));
+        return {
+            configuration,
+            appMapMetadata: { appmapFile: appMap.metadata },
+            findings,
+            checks,
+        };
+    });
+}
+exports.default = scan;

package/built/sqlWarning.js

@@ -1,30 +1,31 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-const fs_1 = require("fs");
-let SqlWarningFileName = 'sql_warning.txt';
-let messages = [];
-let writeMessage = (msg) => (messages ? messages.push(msg) : null);
-process.on('exit', () => {
-    if (!messages)
-        return;
-    [...new Set(messages)].forEach((msg) => console.warn(msg));
-});
-function sqlWarning(error) {
-    if (SqlWarningFileName) {
-        (0, fs_1.open)(SqlWarningFileName, 'w', (err, fd) => {
-            if (err || !fd)
-                return;
-            writeMessage = (msg) => {
-                // eslint-disable-next-line @typescript-eslint/no-empty-function
-                (0, fs_1.write)(fd, [msg, '\n'].join(''), () => { });
-            };
-            if (messages)
-                messages.forEach(writeMessage);
-            messages = null;
+const promises_1 = require("fs/promises");
+const SqlErrors = new Set();
+const SqlParseErrorFileName = 'sql_warning.txt';
+let SqlParseErrorFileOpened = false;
+function writeErrorToFile(error) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const flags = SqlParseErrorFileOpened ? 'a' : 'w';
+        SqlParseErrorFileOpened = true;
+        (0, promises_1.open)(SqlParseErrorFileName, flags).then((handle) => {
+            handle.write([error.toString(), ''].join('\n')).finally(handle.close.bind(handle));
         });
-        // Try only once
-        SqlWarningFileName = null;
+    });
+}
+function sqlWarning(parseError) {
+    if (!SqlErrors.has(parseError.sql)) {
+        writeErrorToFile(parseError);
+        SqlErrors.add(parseError.sql);
     }
-    writeMessage(error.toString());
 }
 exports.default = sqlWarning;

package/package.json

@@ -1,14 +1,15 @@
 {
   "name": "@appland/scanner",
-  "version": "1.80.2",
+  "version": "1.81.1",
   "description": "Analyze AppMaps for code flaws",
   "bin": "built/cli.js",
+  "main": "built/index.js",
   "files": [
     "built",
     "doc",
     "src/types.d.ts"
   ],
-  "types": "src/types.d.ts",
+  "types": "src/index.ts",
   "scripts": {
     "build": "node bin/preBuild.js && tsc -p tsconfig.build.json && yarn schema && yarn doc",
     "build-native": "yarn build && ./bin/build-native",
@@ -90,6 +91,9 @@
     "tar-stream": "^2.2.0",
     "yargs": "^17.1.1"
   },
+  "engines": {
+    "node": ">15"
+  },
   "publishConfig": {
     "access": "public"
   },

package/src/types.d.ts

@@ -1,37 +1,5 @@
 import { AppMap, Event } from '@appland/models';
 import { SqliteParser } from '@appland/models/types/sqlite-parser';
-import { URL } from 'url';
-
-/**
- * Each Rule in the scanner library wants to consider some set of events as it decides whether the code should be flagged or not.
- * A Scope is a way of declaring how these "sets" are defined. A common scope is `http_server_request`. The rule will look at each HTTP
- * server request separately; what happens in one request is irrelevant to the next. For example, when looking for authz_before_authn, each HTTP
- * server request is considered separately.
- *
- * `http_server_request` is one example of a "command". Other types of commands are: CLI commands and background jobs. Each of these has a
- * defined beginning and end, and is logically completely separate from any other command.
- *
- * Some rules are relevant only to HTTP server requests - such as `http500`. Others are applicable to any kind of command - such as `nPlusOneQuery`.
- *
- * Finally, other rules simply want to look for a certain condition regardless of where it occurs. For example, Too many SQL joins will flag any
- * query anywhere in the AppMap, even if it's not part of a command. This rule uses the root scope, which yields a new scope for every root-level Event
- * (root-level = "has no parent").
- *
- * Ideally, AppMaps would not contain any events that are not part of a command - because without knowing the command, we don't really have any context
- * of what the code is trying to do. But, anticipating that this may sometimes happen, "root" scope is a good choice for a rule that may flag code
- * anywhere in the AppMap.
- */
-export type ScopeName =
-  | 'root'
-  | 'command'
-  | 'http_client_request'
-  | 'http_server_request'
-  | 'transaction';
-
-/**
- * Indicates the aspect of software quality that is most relevant to a rule.
- */
-export type ImpactDomain = 'Security' | 'Performance' | 'Maintainability' | 'Stability';
 
 /**
  * Scope provides an Event at the root of the scope, and a Generator to iterate over its descendants.
@@ -93,34 +61,7 @@ interface AppMapIndex {
  */
 type Matcher = (e: Event, appMapIndex: AppMapIndex, eventFilter: EventFilter) => MatcherResult;
 
-/**
- * Finding is the full data structure that is created when a Rule matches an Event.
- *
- * The Rule only needs to return a boolean, string, or MatchResult. The scanner framework
- * adds the rest of the information to build the complete finding.
- */
-interface Finding {
-  appMapFile: string;
-  checkId: string;
-  ruleId: string;
-  ruleTitle: string;
-  event: Event;
-  hash: string; // Deprecated for local use. Still used to integrate local results with the server.
-  hash_v2: string;
-  scope: Event;
-  message: string;
-  stack: string[];
-  groupMessage?: string;
-  occurranceCount?: number;
-  relatedEvents?: Event[];
-  impactDomain?: ImpactDomain;
-  // Map of events by functional role name; for example, logEvent, secret, scope, etc.
-  participatingEvents?: Record<string, Event>;
-  scopeModifiedDate?: Date;
-  eventsModifiedDate?: Date;
-}
-
-interface RuleLogic {
+export interface RuleLogic {
   // Tests an event in the scope see if it matches the rule conditions.
   matcher: Matcher;
   // When specified by the rule, only events which pass the where filter
@@ -129,35 +70,3 @@ interface RuleLogic {
   // When specified by the rule, provides a detailed message for a finding on a specific event.
   message?: (scope: Event, event: Event) => string;
 }
-
-interface Rule {
-  // Unique id of the rule.
-  id: string;
-  // Simple text description of the rule.
-  title: string;
-  // Longer text description of the rule.
-  description: string;
-  // URL to the documentation.
-  url?: string;
-  // labels which the rule depends on.
-  labels?: string[];
-  // Specifies which sub-tree events will be identified as "root events of concern".
-  // Events which are outside of any scope will not be processed by the rule.
-  scope?: ScopeName;
-  // Whether to pass all the events in the scope to the matcher. If false, only the scope event
-  // is passed to the matcher, and the rule should traverse the scope as needed.
-  enumerateScope: boolean;
-  impactDomain?: ImpactDomain;
-  references?: Record<string, URL>;
-  // User-defined options for the rule.
-  Options?: any; // FIXME
-  // Function to instantiate the rule logic from configured options.
-  build: (options: this['Options']) => RuleLogic;
-}
-
-export type Check = {
-  id: string;
-  scope: ScopeName;
-  impactDomain: ImpactDomain;
-  rule: Rule;
-};