@fulmenhq/tsfulmen 0.1.13 → 0.2.0

package/schemas/crucible-ts/config/goneat/v1.0.0/security-policy.yaml

@@ -1,178 +0,0 @@
-$schema: https://json-schema.org/draft/2020-12/schema
-$id: https://schemas.goneat.dev/security-policy/v1.0.0
-$version: 1.0.0
-title: Goneat Security Policy Schema
-description: Schema for security policy configuration including suppression rules and enforcement
-type: object
-properties:
-  $schema:
-    type: string
-    description: JSON Schema reference for this policy file
-    format: uri
-    examples:
-      - https://schemas.goneat.dev/security-policy/v1.0.0
-  security:
-    type: object
-    description: Security policy configuration
-    properties:
-      suppressions:
-        type: object
-        description: Configuration for security suppression handling
-        properties:
-          track:
-            type: boolean
-            description: Whether to track suppressions in output
-            default: true
-          report_metrics:
-            type: boolean
-            description: Include suppression metrics in reports
-            default: true
-          require_reason:
-            type: array
-            description: Rules for when suppression reasons are required
-            items:
-              type: object
-              properties:
-                severity:
-                  type: array
-                  description: Severity levels that require reasons
-                  items:
-                    $ref: ../../assessment/v1.0.0/severity-definitions.schema.json#/$defs/severityName
-                tools:
-                  type: array
-                  description: Specific tools that require reasons
-                  items:
-                    type: string
-                    examples: [gosec, bandit, semgrep]
-              additionalProperties: false
-          max_age_days:
-            type: integer
-            description: Maximum days before suppression review required
-            minimum: 1
-            maximum: 365
-            default: 90
-          require_approval:
-            type: array
-            description: Rules for when suppressions need approval
-            items:
-              type: object
-              properties:
-                severity:
-                  type: array
-                  description: Severity levels requiring approval
-                  items:
-                    $ref: ../../assessment/v1.0.0/severity-definitions.schema.json#/$defs/severityName
-                rules:
-                  type: array
-                  description: Specific rule IDs requiring approval
-                  items:
-                    type: string
-                    examples: [G304, G204, B104]
-                approvers:
-                  type: array
-                  description: GitHub handles of required approvers
-                  items:
-                    type: string
-                    pattern: "^@[a-zA-Z0-9-]+$"
-                    examples: ["@security-team", "@arch-eagle"]
-              required: [approvers]
-              additionalProperties: false
-          allowed_reasons:
-            type: array
-            description: Predefined allowed suppression reasons
-            items:
-              type: string
-            examples:
-              - "Input validated in middleware"
-              - "Test fixture only"
-              - "False positive - static string"
-              - "Legacy code - tracked in JIRA"
-              - "Performance critical path"
-        additionalProperties: false
-      enforcement:
-        type: object
-        description: Security enforcement rules
-        properties:
-          fail_on:
-            $ref: ../../assessment/v1.0.0/severity-definitions.schema.json#/$defs/severityName
-            description: Default failure threshold
-            default: high
-          by_environment:
-            type: object
-            description: Environment-specific enforcement
-            additionalProperties:
-              type: object
-              properties:
-                fail_on:
-                  $ref: ../../assessment/v1.0.0/severity-definitions.schema.json#/$defs/severityName
-                max_suppressions:
-                  type: integer
-                  minimum: 0
-                block_new_suppressions:
-                  type: boolean
-                  default: false
-              additionalProperties: false
-            examples:
-              - production:
-                  fail_on: high
-                  max_suppressions: 10
-                  block_new_suppressions: true
-              - development:
-                  fail_on: medium
-                  max_suppressions: 100
-          max_total_suppressions:
-            type: integer
-            description: Maximum total suppressions allowed
-            minimum: 0
-          block_patterns:
-            type: array
-            description: Patterns that should never be suppressed
-            items:
-              type: object
-              properties:
-                rule:
-                  type: string
-                  description: Rule ID pattern
-                  examples: ["G401", "B301"]
-                file_pattern:
-                  type: string
-                  description: File glob pattern
-                  examples: ["**/auth/**", "**/crypto/**"]
-                message:
-                  type: string
-                  description: Error message when blocked
-              required: [rule, message]
-              additionalProperties: false
-        additionalProperties: false
-    required: [suppressions]
-    additionalProperties: false
-additionalProperties: false
-required: [security]
-examples:
-  - security:
-      suppressions:
-        track: true
-        report_metrics: true
-        require_reason:
-          - severity: [critical, high]
-        max_age_days: 90
-        require_approval:
-          - severity: [critical]
-            approvers: ["@security-team", "@arch-eagle"]
-        allowed_reasons:
-          - "Input validated in middleware"
-          - "Test fixture only"
-          - "False positive"
-      enforcement:
-        fail_on: high
-        by_environment:
-          production:
-            fail_on: high
-            max_suppressions: 10
-            block_new_suppressions: true
-          development:
-            fail_on: medium
-        block_patterns:
-          - rule: "G401"
-            file_pattern: "**/crypto/**"
-            message: "MD5/SHA1 cannot be suppressed in crypto packages"

package/schemas/crucible-ts/config/goneat/v1.0.0/version-policy.schema.yaml

@@ -1,205 +0,0 @@
-$schema: https://json-schema.org/draft/2020-12/schema
-$id: https://schemas.fulmenhq.dev/config/goneat/version-policy-v1.0.0.schema.json
-$version: 1.0.0
-title: Goneat Version Policy Schema
-description: |
-  Defines the configuration surface for goneat's version single-source-of-truth (SSOT)
-  propagation feature. The policy controls how VERSION propagates to downstream package
-  manager manifests, optional validation/guard rails, and workspace specific overrides.
-type: object
-$defs:
-  targetKey:
-    type: string
-    pattern: "^[A-Za-z0-9._/\\-]+$"
-    description: >
-      Handler identifiers or explicit manifest paths. Current handlers use the manifest filename (`package.json`, `pyproject.toml`, `go.mod`). Nested paths (e.g., `apps/foo/package.json`) are permitted for fine-grained overrides.
-
-  globList:
-    type: array
-    description: List of file or directory globs evaluated relative to the repository root.
-    items:
-      type: string
-      minLength: 1
-  booleanDefaultTrue:
-    type: boolean
-    default: true
-  booleanDefaultFalse:
-    type: boolean
-    default: false
-properties:
-  version:
-    type: object
-    description: Version scheme configuration.
-    properties:
-      scheme:
-        type: string
-        description: Versioning scheme used by the repository.
-        enum: [semver, calver]
-        default: semver
-      allow_extended:
-        type: boolean
-        description: >
-          Allow prerelease identifiers and build metadata. For calver, this typically controls suffix usage (e.g., ".beta.1").
-
-        default: true
-      channel:
-        type: string
-        description: Optional release channel name used when computing prerelease identifiers.
-        pattern: "^[a-z0-9.-]+$"
-    required: [scheme]
-    additionalProperties: false
-  propagation:
-    type: object
-    description: Primary propagation rules that determine which manifests goneat mutates.
-    properties:
-      defaults:
-        type: object
-        description: Default include/exclude rules applied to all handlers unless overridden.
-        properties:
-          include:
-            $ref: "#/$defs/globList"
-            description: >
-              Globs or handler identifiers (manifest filenames) to include when propagating. Known handler identifiers: `package.json`, `pyproject.toml`, `go.mod`. Globs are resolved relative to the repository root.
-
-            default: ["package.json", "pyproject.toml"]
-          exclude:
-            $ref: "#/$defs/globList"
-            description: >
-              Globs to exclude from propagation (applied after include resolution).
-
-            default: ["**/node_modules/**", "docs/**"]
-          backup:
-            type: object
-            description: >
-              Backup/rollback behaviour applied globally (per-target overrides may be introduced in future schema revisions).
-
-            properties:
-              enabled:
-                $ref: "#/$defs/booleanDefaultTrue"
-                description: Create `.bak` files before mutating manifests.
-              retention:
-                type: integer
-                minimum: 0
-                description: >
-                  Number of previous backups to keep per manifest (0 disables retention pruning).
-
-            additionalProperties: false
-        additionalProperties: false
-      targets:
-        type: object
-        description: Overrides for specific package manager handlers.
-        propertyNames:
-          $ref: "#/$defs/targetKey"
-        additionalProperties:
-          type: object
-          properties:
-            include:
-              $ref: "#/$defs/globList"
-              description: Handler specific include overrides.
-            exclude:
-              $ref: "#/$defs/globList"
-              description: Handler specific exclusion overrides.
-            mode:
-              type: string
-              description: Optional handler mode (e.g., poetry flavour for pyproject.toml).
-              enum: [project, poetry, workspace]
-            validate_only:
-              $ref: "#/$defs/booleanDefaultFalse"
-              description: >
-                When true, goneat validates the manifest version but does not rewrite the file.
-
-          additionalProperties: false
-      workspace:
-        type: object
-        description: Controls behaviour in monorepo/workspace layouts.
-        properties:
-          strategy:
-            type: string
-            description: |
-              Strategy for handling nested packages.
-              - `single-version`: All manifests inherit the root VERSION (default behaviour).
-              - `opt-in`: Only paths listed in `allowlist` may maintain independent versions.
-              - `opt-out`: All detected manifests propagate unless explicitly listed in `blocklist`.
-            enum: [single-version, opt-in, opt-out]
-            default: single-version
-          allowlist:
-            $ref: "#/$defs/globList"
-            description: Globs that may maintain independent VERSION files when using opt-in strategy.
-          blocklist:
-            $ref: "#/$defs/globList"
-            description: Globs excluded from propagation when using opt-out strategy.
-        additionalProperties: false
-    required: [defaults]
-    additionalProperties: false
-  rules:
-    type: object
-    description: >
-      Additional content validation guard rails. All fields are optional and may be adopted incrementally as the CLI gains support (targeted for Phase 3a in the goneat roadmap).
-
-    properties:
-      require_release_tag:
-        $ref: "#/$defs/booleanDefaultFalse"
-        description: Require the VERSION to correspond to an annotated git tag before propagation.
-      allowed_channels:
-        type: array
-        description: >
-          Restrict prerelease channel names to an allow list. Empty list or omission means all channels allowed.
-
-        items:
-          type: string
-          pattern: "^[a-z0-9.-]+$"
-      forbid_prerelease_on_default_branch:
-        $ref: "#/$defs/booleanDefaultFalse"
-        description: Prevent prerelease propagation when on the configured default branch.
-      max_prerelease_length:
-        type: integer
-        minimum: 0
-        description: Maximum character length allowed for prerelease identifiers.
-    additionalProperties: false
-  guards:
-    type: object
-    description: >
-      Execution preconditions that must pass before propagation runs (as distinct from content-focused `rules`).
-
-    properties:
-      required_branches:
-        type: array
-        description: Branch names or globs that are permitted to run propagation.
-        items:
-          type: string
-          minLength: 1
-      disallow_dirty_worktree:
-        $ref: "#/$defs/booleanDefaultTrue"
-        description: Fail propagation if the git worktree has uncommitted changes.
-    additionalProperties: false
-  metadata:
-    type: object
-    description: Arbitrary metadata for organisational tracking (ignored by goneat).
-    additionalProperties: true
-required: [version, propagation]
-additionalProperties: false
-examples:
-  - |
-    version:
-      scheme: semver
-      allow_extended: true
-    propagation:
-      defaults:
-        include: ["package.json", "pyproject.toml"]
-        exclude: ["docs/**"]
-        backup:
-          enabled: true
-          retention: 5
-      targets:
-        package.json:
-          include: ["package.json", "apps/*/package.json"]
-        pyproject.toml:
-          mode: poetry
-        go.mod:
-          validate_only: true
-    rules:
-      allowed_channels: ["stable", "beta"]
-      forbid_prerelease_on_default_branch: true
-    guards:
-      required_branches: ["main", "release/*"]
-      disallow_dirty_worktree: true

package/schemas/crucible-ts/tooling/goneat-tools/v1.0.0/README.md

@@ -1,177 +0,0 @@
----
-title: "Goneat Tools Config Schema v1.0.0"
-description: "Schema for goneat doctor command tool catalog and configuration"
-author: "Pipeline Architect"
-date: "2025-10-02"
-last_updated: "2025-10-02"
-status: "draft"
-tags: ["tooling", "goneat", "doctor", "schema"]
----
-
-# Goneat Tools Config Schema
-
-**Schema**: `goneat-tools-config.schema.yaml`  
-**Purpose**: Define tool catalogs for the `goneat doctor` command  
-**Owner**: Goneat team  
-**Implementation**: `goneat/pkg/tools`
-
-## Overview
-
-This schema describes the structure of tool catalogs used by goneat's `doctor` command. It supports:
-
-- **Scopes**: Logical grouping of tools (e.g., `security`, `formatting`, `build`)
-- **Tool Definitions**: Rich metadata including detection, installation, and versioning
-- **Platform Support**: Per-platform installation commands and installer priorities
-- **Version Management**: Minimum/recommended/disallowed version constraints
-
-## Usage
-
-### Goneat Internal Catalog
-
-Goneat ships with a built-in tool catalog at `goneat/internal/catalog/tools-config.yaml` that defines ecosystem tools.
-
-### Custom Catalogs
-
-Projects can provide custom tool definitions that extend or replace goneat's built-in catalog:
-
-```yaml
-# .goneat/tools-config.yaml
-scopes:
-  custom:
-    description: "Project-specific tooling"
-    tools:
-      - my-formatter
-      - my-linter
-
-tools:
-  my-formatter:
-    name: my-formatter
-    description: "Custom code formatter for our DSL"
-    kind: go
-    detect_command: my-formatter
-    install_package: github.com/example/my-formatter@latest
-    version_scheme: semver
-    minimum_version: "1.2.0"
-```
-
-### CLI Integration
-
-```bash
-# Check all tools in security scope
-goneat doctor --check security
-
-# Install missing tools
-goneat doctor --install security
-
-# Validate custom catalog
-goneat doctor --validate .goneat/tools-config.yaml
-```
-
-## Schema Features
-
-### Scopes
-
-Group related tools for bulk operations:
-
-```yaml
-scopes:
-  security:
-    description: "Security scanning and vulnerability detection"
-    tools:
-      - gosec
-      - trivy
-      - semgrep
-```
-
-### Tool Kinds
-
-- **`go`**: Go installable tools (`go install package@version`)
-- **`bundled-go`**: Tools bundled with goneat
-- **`system`**: System-level tools requiring package managers
-
-### Installation Methods
-
-Tools can define multiple installation methods per platform:
-
-```yaml
-tools:
-  ripgrep:
-    kind: system
-    platforms: [darwin, linux, windows]
-    install_commands:
-      darwin: brew install ripgrep
-      linux: apt-get install ripgrep
-      windows: scoop install ripgrep
-    installer_priority:
-      darwin: [brew, mise, go-install]
-      linux: [apt-get, pacman, dnf]
-```
-
-### Version Constraints
-
-```yaml
-tools:
-  golangci-lint:
-    version_scheme: semver
-    minimum_version: "1.54.0"
-    recommended_version: "1.55.0"
-    disallowed_versions:
-      - "1.53.0" # Known bug
-      - "1.52.0" # Performance regression
-```
-
-## Relationship to Bootstrap Manifests
-
-**Different Use Cases**:
-
-| Feature        | Goneat Tools Config                         | Crucible Bootstrap Manifest           |
-| -------------- | ------------------------------------------- | ------------------------------------- |
-| **Purpose**    | Ecosystem-wide tool catalog                 | Repo-specific dependencies            |
-| **Schema**     | `goneat-tools-config.schema.yaml`           | `external-tools-manifest.schema.yaml` |
-| **Scope**      | Cross-project doctor command                | Single repo bootstrap                 |
-| **Complexity** | Full-featured (scopes, versions, platforms) | Minimal (install/verify)              |
-| **Location**   | Goneat internal + optional project catalogs | `.goneat/tools.yaml`                  |
-
-Goneat's `doctor --bootstrap` command can read `.goneat/tools.yaml` manifests to install repo-specific tools.
-
-## Library Usage
-
-Projects importing goneat as a library (e.g., Sumpter) can use `pkg/tools`:
-
-```go
-import "github.com/fulmenhq/goneat/pkg/tools"
-
-// Parse catalog
-data, _ := os.ReadFile("tools-config.yaml")
-cfg, _ := tools.ParseConfig(data)
-
-// Validate against schema
-err := tools.ValidateBytes(data)
-
-// Access tool definitions
-for name, tool := range cfg.Tools {
-    fmt.Printf("Tool: %s - %s\n", name, tool.Description)
-}
-```
-
-## Migration Notes
-
-**Post-refactor** (after goneat adopts crucible):
-
-Goneat will reference this schema from crucible:
-
-```go
-import crucible "github.com/fulmenhq/crucible"
-
-schema, _ := crucible.GetSchema("tooling/goneat-tools/v1.0.0/goneat-tools-config.schema.yaml")
-// Use schema for validation
-```
-
-See `.plans/memos/goneat/goneat-fulmen-refactor.md` for migration plan.
-
-## References
-
-- [Goneat Repository](https://github.com/fulmenhq/goneat)
-- [External Tools Manifest Schema](../../external-tools/v1.0.0/) (Crucible bootstrap)
-- [Fulmen Config Path Standard](../../../docs/standards/config/fulmen-config-paths.md)
-- [Library Ecosystem Architecture](../../../docs/architecture/library-ecosystem.md)

package/schemas/crucible-ts/tooling/goneat-tools/v1.0.0/goneat-tools-config.schema.yaml

@@ -1,146 +0,0 @@
-$schema: https://json-schema.org/draft/2020-12/schema
-type: object
-description: "Configuration for goneat doctor tools command - defines scopes and tool definitions"
-properties:
-  scopes:
-    type: object
-    description: "Tool scopes that group related tools together"
-    patternProperties:
-      "^[a-z][a-z0-9-]*$":
-        type: object
-        description: "A tool scope definition"
-        properties:
-          description:
-            type: string
-            description: "Human-readable description of what this scope covers"
-            minLength: 1
-            maxLength: 200
-          tools:
-            type: array
-            description: "List of tool names that belong to this scope"
-            items:
-              type: string
-              pattern: "^[a-z][a-z0-9-]*$"
-              description: "Tool name (must match a key in the tools section)"
-            minItems: 1
-            uniqueItems: true
-          replace:
-            type: boolean
-            description: "When true, replace built-in scope definition instead of extending"
-        required: ["description", "tools"]
-        additionalProperties: false
-    minProperties: 1
-    additionalProperties: false
-  tools:
-    type: object
-    description: "Tool definitions with detection and installation methods"
-    patternProperties:
-      "^[a-z][a-z0-9-]*$":
-        $ref: "#/$defs/tool"
-    minProperties: 1
-    additionalProperties: false
-$defs:
-  tool:
-    type: object
-    description: "Definition of a single tool with platform-specific installation methods"
-    properties:
-      name:
-        type: string
-        description: "Canonical name of the tool (should match the key)"
-        pattern: "^[a-z][a-z0-9-]*$"
-        minLength: 1
-        maxLength: 50
-      description:
-        type: string
-        description: "Human-readable description of the tool's purpose"
-        minLength: 1
-        maxLength: 200
-      kind:
-        type: string
-        description: "Type of tool installation method"
-        enum: ["go", "bundled-go", "system"]
-      detect_command:
-        type: string
-        description: "Command to detect if tool is installed (e.g., 'rg --version')"
-        minLength: 1
-        maxLength: 100
-      install_package:
-        type: string
-        description: "Go package path for 'go' kind tools (e.g., 'github.com/securego/gosec/v2/cmd/gosec@latest')"
-        pattern: "^[a-zA-Z0-9._/-]+@[a-zA-Z0-9._/-]+$"
-        minLength: 1
-        maxLength: 200
-      version_args:
-        type: array
-        description: "Arguments to get version information"
-        items:
-          type: string
-          minLength: 1
-          maxLength: 50
-        maxItems: 10
-      check_args:
-        type: array
-        description: "Arguments to check if tool works (usually help/usage)"
-        items:
-          type: string
-          minLength: 1
-          maxLength: 50
-        maxItems: 10
-      platforms:
-        type: array
-        description: "Supported platforms for system tools"
-        items:
-          type: string
-          enum: ["darwin", "linux", "windows", "*"]
-        minItems: 1
-        uniqueItems: true
-      install_commands:
-        type: object
-        description: "Installation commands keyed by platform or installer keyword (e.g., darwin, linux, mise, scoop)"
-        propertyNames:
-          pattern: "^[a-z][a-z0-9_-]*$"
-        additionalProperties:
-          type: string
-          minLength: 1
-          maxLength: 200
-        minProperties: 1
-      version_scheme:
-        type: string
-        description: "Version comparison scheme (semver-full, semver-compact, calver, lexical)"
-        enum: ["semver", "semver-full", "semver-compact", "calver", "lexical"]
-      minimum_version:
-        type: string
-        description: "Minimum supported version that must be present"
-        minLength: 1
-        maxLength: 50
-      recommended_version:
-        type: string
-        description: "Recommended version to target during upgrades"
-        minLength: 1
-        maxLength: 50
-      disallowed_versions:
-        type: array
-        description: "Explicit versions that should never be used"
-        items:
-          type: string
-          minLength: 1
-          maxLength: 50
-        uniqueItems: true
-        maxItems: 20
-      installer_priority:
-        type: object
-        description: "Preferred installer order per platform (keywords drawn from curated list: mise, brew, scoop, winget, pacman, apt-get, dnf, yum, go-install, manual)"
-        propertyNames:
-          pattern: "^(all|darwin|linux|windows)$"
-        additionalProperties:
-          type: array
-          items:
-            type: string
-            pattern: "^[a-z][a-z0-9_-]*$"
-          minItems: 1
-          maxItems: 10
-    required: ["name", "description", "kind", "detect_command"]
-    additionalProperties: false
-# Validation rules
-required: ["scopes", "tools"]
-additionalProperties: false