@gobing-ai/ts-rule-engine 0.2.5 → 0.2.7

package/dist/evaluators/exit-code-evaluator.js

@@ -6,28 +6,41 @@ export class ExitCodeEvaluator {
     constructor(executor = new NodeProcessExecutor()) {
         this.executor = executor;
     }
-    /** Run configured command and emit a finding on non-zero exit. */
+    /** Run configured command and emit a finding unless the exit code matches `successCode`. */
     async evaluate(rule, context) {
         const config = rule.evaluator.config ?? {};
         const command = stringConfig(config, 'command');
         const args = arrayConfig(config, 'args', []);
-        const result = await this.executor.run({ command, args, cwd: context.workdir, rejectOnError: false });
-        if (result.exitCode === 0)
+        const successCode = numberConfig(config, 'successCode', 0);
+        const timeout = numberConfig(config, 'timeout', 60_000);
+        const result = await this.executor.run({
+            command,
+            args,
+            cwd: context.workdir,
+            timeout,
+            rejectOnError: false,
+            label: 'exit-code',
+        });
+        if (result.exitCode === successCode)
             return { findings: [], fixes: [] };
+        const template = stringConfig(config, 'message', `Command failed (exit {code}): ${command} ${args.join(' ')}`.trim());
+        const message = template.replaceAll('{code}', String(result.exitCode));
         return {
-            findings: [
-                createFinding(rule, `Command failed: ${command} ${args.join(' ')}`.trim(), null, {
-                    code: 'exit-code:failed',
-                }),
-            ],
+            findings: [createFinding(rule, message, null, { code: 'exit-code:failed' })],
             fixes: [],
         };
     }
 }
-function stringConfig(config, key) {
+function numberConfig(config, key, fallback) {
+    const value = config[key];
+    return typeof value === 'number' && Number.isFinite(value) ? value : fallback;
+}
+function stringConfig(config, key, fallback) {
     const value = config[key];
     if (typeof value === 'string')
         return value;
+    if (fallback !== undefined)
+        return fallback;
     throw new Error(`exit-code evaluator requires string config "${key}"`);
 }
 function arrayConfig(config, key, fallback) {

package/dist/evaluators/file-utils.d.ts

@@ -20,4 +20,12 @@ export declare function relativeToWorkdir(workdir: string, path: string): string
 export declare function relativeParent(path: string): string;
 /** Return true when a path matches any supplied fragment or suffix. */
 export declare function matchesAny(path: string, patterns: string[] | undefined): boolean;
+/**
+ * Segment-aware glob matching with `**` (any depth) and `*` (single segment).
+ *
+ * Stricter than {@link matchesAny}: it anchors the whole path, so `apps/**` does
+ * not match `vendor/apps/x`. Used by evaluators that enforce path policies
+ * (coverage scoping, test-file location) where a loose match would change findings.
+ */
+export declare function matchesGlob(path: string, pattern: string): boolean;
 //# sourceMappingURL=file-utils.d.ts.map

package/dist/evaluators/file-utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"file-utils.d.ts","sourceRoot":"","sources":["../../src/evaluators/file-utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,UAAU,EAAE,cAAc,EAAW,MAAM,uBAAuB,CAAC;AAEjF,yCAAyC;AACzC,MAAM,WAAW,sBAAsB;IACnC,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,0BAA0B;IAC1B,EAAE,CAAC,EAAE,UAAU,CAAC;CACnB;AAID,qFAAqF;AACrF,wBAAsB,aAAa,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAWtF;AAED,gDAAgD;AAChD,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,iBAAuB,GAAG,OAAO,CAAC,MAAM,CAAC,CAEnH;AAED,sDAAsD;AACtD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEvE;AAED,2DAA2D;AAC3D,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGnD;AAED,uEAAuE;AACvE,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS,GAAG,OAAO,CAMhF"}
+{"version":3,"file":"file-utils.d.ts","sourceRoot":"","sources":["../../src/evaluators/file-utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,UAAU,EAAE,cAAc,EAAW,MAAM,uBAAuB,CAAC;AAEjF,yCAAyC;AACzC,MAAM,WAAW,sBAAsB;IACnC,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,0BAA0B;IAC1B,EAAE,CAAC,EAAE,UAAU,CAAC;CACnB;AAID,qFAAqF;AACrF,wBAAsB,aAAa,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAWtF;AAED,gDAAgD;AAChD,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,iBAAuB,GAAG,OAAO,CAAC,MAAM,CAAC,CAEnH;AAED,sDAAsD;AACtD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEvE;AAED,2DAA2D;AAC3D,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGnD;AAED,uEAAuE;AACvE,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS,GAAG,OAAO,CAMhF;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAUlE"}

package/dist/evaluators/file-utils.js

@@ -33,3 +33,43 @@ export function matchesAny(path, patterns) {
         return clean.length === 0 || path.includes(clean) || path.endsWith(clean);
     });
 }
+/**
+ * Segment-aware glob matching with `**` (any depth) and `*` (single segment).
+ *
+ * Stricter than {@link matchesAny}: it anchors the whole path, so `apps/**` does
+ * not match `vendor/apps/x`. Used by evaluators that enforce path policies
+ * (coverage scoping, test-file location) where a loose match would change findings.
+ */
+export function matchesGlob(path, pattern) {
+    const normalized = path.replaceAll('\\', '/');
+    if (pattern.startsWith('**/')) {
+        const suffix = pattern.slice(3);
+        if (suffix.indexOf('*') === -1) {
+            return normalized.endsWith(suffix) || normalized.endsWith(`/${suffix}`);
+        }
+    }
+    if (pattern === normalized)
+        return true;
+    return matchSegments(normalized.split('/'), pattern.split('/'), 0, 0);
+}
+/** Recursive segment-level glob matcher backing {@link matchesGlob}. */
+function matchSegments(file, pattern, fi, pi) {
+    if (pi >= pattern.length)
+        return fi >= file.length;
+    if (fi >= file.length)
+        return pattern.slice(pi).every((segment) => segment === '**');
+    const pat = pattern[pi] ?? '';
+    if (pat === '**') {
+        return matchSegments(file, pattern, fi, pi + 1) || matchSegments(file, pattern, fi + 1, pi);
+    }
+    if (!matchSegment(file[fi] ?? '', pat))
+        return false;
+    return matchSegments(file, pattern, fi + 1, pi + 1);
+}
+/** Match one path segment against a pattern segment where `*` matches any run of non-`/` chars. */
+function matchSegment(segment, pattern) {
+    if (pattern.indexOf('*') === -1)
+        return segment === pattern;
+    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replaceAll('*', '[^/]*');
+    return new RegExp(`^${escaped}$`).test(segment);
+}

package/dist/evaluators/forbidden-import-evaluator.d.ts

@@ -1,8 +1,21 @@
 import { type ConstraintRule, type RuleContext, type RuleEvaluationResult, type RuleEvaluator } from '../types';
-/** Detects imports matching forbidden package or path prefixes. */
+/**
+ * Detects forbidden imports / API usage.
+ *
+ * Two config shapes are supported:
+ * - Simple: `{ patterns: string[] }` — substring match against any import specifier,
+ *   scoped by the rule's own `include` / `exclude`.
+ * - Structured: `{ forbidden: [...], scope: { include, exclude } }` — each forbidden
+ *   entry is an exact `specifier` (also matching require/dynamic forms unless
+ *   `includeRequire:false`) or a raw `pattern`, scoped by `scope.include` /
+ *   `scope.exclude` globs.
+ */
 export declare class ForbiddenImportEvaluator implements RuleEvaluator {
-    constructor();
-    /** Evaluate import declarations against configured forbidden prefixes. */
+    /** Evaluate import/usage against the configured forbidden set. */
     evaluate(rule: ConstraintRule, context: RuleContext): Promise<RuleEvaluationResult>;
+    /** Legacy path: `{ patterns: string[] }`, substring-matched against import specifiers. */
+    private evaluateSimple;
+    /** Structured path: `{ forbidden: [...], scope: { include, exclude } }`. */
+    private evaluateStructured;
 }
 //# sourceMappingURL=forbidden-import-evaluator.d.ts.map

package/dist/evaluators/forbidden-import-evaluator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forbidden-import-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/forbidden-import-evaluator.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AAGlB,mEAAmE;AACnE,qBAAa,wBAAyB,YAAW,aAAa;;IAG1D,0EAA0E;IACpE,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;CA4B5F"}
+{"version":3,"file":"forbidden-import-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/forbidden-import-evaluator.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AAclB;;;;;;;;;;GAUG;AACH,qBAAa,wBAAyB,YAAW,aAAa;IAC1D,kEAAkE;IAC5D,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAOzF,0FAA0F;YAC5E,cAAc;IA+B5B,4EAA4E;YAC9D,kBAAkB;CAoCnC"}

package/dist/evaluators/forbidden-import-evaluator.js

@@ -1,11 +1,26 @@
 import { createFinding, } from '../types.js';
-import { discoverFiles, readWorkdirFile } from './file-utils.js';
-/** Detects imports matching forbidden package or path prefixes. */
+import { discoverFiles, matchesGlob, readWorkdirFile } from './file-utils.js';
+/**
+ * Detects forbidden imports / API usage.
+ *
+ * Two config shapes are supported:
+ * - Simple: `{ patterns: string[] }` — substring match against any import specifier,
+ *   scoped by the rule's own `include` / `exclude`.
+ * - Structured: `{ forbidden: [...], scope: { include, exclude } }` — each forbidden
+ *   entry is an exact `specifier` (also matching require/dynamic forms unless
+ *   `includeRequire:false`) or a raw `pattern`, scoped by `scope.include` /
+ *   `scope.exclude` globs.
+ */
 export class ForbiddenImportEvaluator {
-    constructor() { }
-    /** Evaluate import declarations against configured forbidden prefixes. */
+    /** Evaluate import/usage against the configured forbidden set. */
     async evaluate(rule, context) {
         const config = rule.evaluator.config ?? {};
+        return Array.isArray(config.forbidden)
+            ? this.evaluateStructured(rule, context, config)
+            : this.evaluateSimple(rule, context, config);
+    }
+    /** Legacy path: `{ patterns: string[] }`, substring-matched against import specifiers. */
+    async evaluateSimple(rule, context, config) {
         const forbidden = arrayConfig(config, 'patterns');
         const files = await discoverFiles({
             workdir: context.workdir,
@@ -16,8 +31,7 @@ export class ForbiddenImportEvaluator {
         for (const file of files) {
             const lines = (await readWorkdirFile(context.workdir, file)).split('\n');
             for (const [index, line] of lines.entries()) {
-                const imported = /(?:from\s+|import\s*\(|^\s*import\s*)['"](?<specifier>[^'"]+)['"]/.exec(line)?.groups
-                    ?.specifier;
+                const imported = importSpecifier(line);
                 if (imported === undefined)
                     continue;
                 const matched = forbidden.find((pattern) => imported.includes(pattern));
@@ -31,6 +45,54 @@ export class ForbiddenImportEvaluator {
         }
         return { findings, fixes: [] };
     }
+    /** Structured path: `{ forbidden: [...], scope: { include, exclude } }`. */
+    async evaluateStructured(rule, context, config) {
+        const scope = config.scope;
+        const include = stringArray(scope?.include);
+        if (include === undefined) {
+            throw new Error('forbidden-import evaluator requires string[] config "scope.include"');
+        }
+        const exclude = stringArray(scope?.exclude) ?? [];
+        const entries = config.forbidden.map(compileEntry);
+        // Discover all source files, then apply scope globs precisely (discoverFiles'
+        // include matching is intentionally loose, so it cannot do `**`-anchored scoping).
+        const files = (await discoverFiles({ workdir: context.workdir }))
+            .filter((file) => include.some((glob) => matchesGlob(file, glob)))
+            .filter((file) => !exclude.some((glob) => matchesGlob(file, glob)));
+        const findings = [];
+        for (const file of files) {
+            const lines = (await readWorkdirFile(context.workdir, file)).split('\n');
+            for (const [index, line] of lines.entries()) {
+                const hit = entries.find((entry) => entry.regex.test(line));
+                if (hit !== undefined) {
+                    findings.push(createFinding(rule, `Forbidden import/usage of "${hit.label}"`, file, {
+                        line: index + 1,
+                        code: 'import:forbidden',
+                    }));
+                }
+            }
+        }
+        return { findings, fixes: [] };
+    }
+}
+/** Extract the specifier from an import/require/dynamic-import line, if any. */
+function importSpecifier(line) {
+    return /(?:from\s+|import\s*\(|^\s*import\s*)['"](?<specifier>[^'"]+)['"]/.exec(line)?.groups?.specifier;
+}
+/** Compile a forbidden entry into a line-matching regex. */
+function compileEntry(entry) {
+    if ('specifier' in entry) {
+        const spec = escapeRegExp(entry.specifier);
+        const boundary = `(?:/|['"])`;
+        const source = entry.includeRequire === false
+            ? `from\\s+['"]${spec}${boundary}`
+            : `(?:from\\s+|require\\(\\s*|import\\(\\s*)['"]${spec}${boundary}`;
+        return { regex: new RegExp(source), label: entry.specifier };
+    }
+    return { regex: new RegExp(entry.pattern), label: entry.pattern };
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 }
 function arrayConfig(config, key) {
     const value = config[key];
@@ -40,3 +102,6 @@ function arrayConfig(config, key) {
         return [value];
     throw new Error(`forbidden-import evaluator requires string[] config "${key}"`);
 }
+function stringArray(value) {
+    return Array.isArray(value) && value.every((item) => typeof item === 'string') ? value : undefined;
+}

package/dist/evaluators/import-boundary-evaluator.d.ts

@@ -0,0 +1,19 @@
+import { type ConstraintRule, type RuleContext, type RuleEvaluationResult, type RuleEvaluator } from '../types';
+/**
+ * Enforces architectural import boundaries without spawning a subprocess.
+ *
+ * Files matching a boundary's `scope` glob are scanned in-memory. Each forbidden
+ * entry is either a string (matched as an import-specifier substring) or an object
+ * with a `pattern` regex and an optional `mode` (`import` | `usage`).
+ *
+ * ## Options (in `evaluator.config`)
+ * - `boundaries` — non-empty array of boundary declarations:
+ *   - `scope` — glob pattern selecting files this boundary applies to.
+ *   - `forbidden` — array of strings or `{ pattern, mode?, syntax? }` objects.
+ *   - `exclude` — optional globs within the scope to ignore.
+ */
+export declare class ImportBoundaryEvaluator implements RuleEvaluator {
+    /** Evaluate import boundaries across all in-scope files. */
+    evaluate(rule: ConstraintRule, context: RuleContext): Promise<RuleEvaluationResult>;
+}
+//# sourceMappingURL=import-boundary-evaluator.d.ts.map

package/dist/evaluators/import-boundary-evaluator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"import-boundary-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/import-boundary-evaluator.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AA4BlB;;;;;;;;;;;;GAYG;AACH,qBAAa,uBAAwB,YAAW,aAAa;IACzD,4DAA4D;IACtD,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAuC5F"}

package/dist/evaluators/import-boundary-evaluator.js

@@ -0,0 +1,85 @@
+import { createFinding, } from '../types.js';
+import { discoverFiles, matchesGlob, readWorkdirFile } from './file-utils.js';
+/**
+ * Enforces architectural import boundaries without spawning a subprocess.
+ *
+ * Files matching a boundary's `scope` glob are scanned in-memory. Each forbidden
+ * entry is either a string (matched as an import-specifier substring) or an object
+ * with a `pattern` regex and an optional `mode` (`import` | `usage`).
+ *
+ * ## Options (in `evaluator.config`)
+ * - `boundaries` — non-empty array of boundary declarations:
+ *   - `scope` — glob pattern selecting files this boundary applies to.
+ *   - `forbidden` — array of strings or `{ pattern, mode?, syntax? }` objects.
+ *   - `exclude` — optional globs within the scope to ignore.
+ */
+export class ImportBoundaryEvaluator {
+    /** Evaluate import boundaries across all in-scope files. */
+    async evaluate(rule, context) {
+        const config = rule.evaluator.config ?? {};
+        const boundaries = config.boundaries;
+        if (!Array.isArray(boundaries) || boundaries.length === 0) {
+            throw new Error('import-boundary evaluator requires non-empty array config "boundaries"');
+        }
+        const compiled = boundaries.map((b) => compileBoundary(b));
+        // Discover all files once; filter per boundary below.
+        const allFiles = await discoverFiles({ workdir: context.workdir });
+        const findings = [];
+        for (const boundary of compiled) {
+            const inScope = allFiles
+                .filter((file) => matchesGlob(file, boundary.scope))
+                .filter((file) => !boundary.excludePatterns.some((ex) => matchesGlob(file, ex)));
+            for (const file of inScope) {
+                const content = await readWorkdirFile(context.workdir, file);
+                const lines = content.split('\n');
+                for (const [index, line] of lines.entries()) {
+                    for (const entry of boundary.forbidden) {
+                        if (entry.importOnly && !isImportLine(line))
+                            continue;
+                        if (entry.regex.test(line)) {
+                            findings.push(createFinding(rule, `forbidden in boundary "${boundary.scope}": ${entry.label}`, file, {
+                                line: index + 1,
+                                code: 'import-boundary:violation',
+                            }));
+                        }
+                    }
+                }
+            }
+        }
+        return { findings, fixes: [] };
+    }
+}
+/** Compile a raw boundary declaration into a scan-ready form. */
+function compileBoundary(decl) {
+    return {
+        scope: decl.scope,
+        excludePatterns: decl.exclude ?? [],
+        forbidden: decl.forbidden.map((entry) => compileEntry(entry)),
+    };
+}
+/** Compile one forbidden entry into a regex + metadata. */
+function compileEntry(entry) {
+    if (typeof entry === 'string') {
+        // String form: match as an import specifier substring.
+        const escaped = escapeRegExp(entry);
+        return {
+            regex: new RegExp(`(?:from\\s+|require\\(\\s*|import\\(\\s*)['"](?:[^'"]*)?${escaped}(?:[^'"]*)?['"]`),
+            label: entry,
+            importOnly: true,
+        };
+    }
+    // Object form with `pattern`.
+    const importOnly = (entry.mode ?? 'import') !== 'usage';
+    return {
+        regex: new RegExp(entry.pattern),
+        label: entry.pattern,
+        importOnly,
+    };
+}
+/** Return true when a source line is an import/export/require/dynamic-import statement. */
+function isImportLine(line) {
+    return /(?:^\s*import\b|^\s*export\b.*\bfrom\b|(?:from|require|import)\s*\(?\s*['"])/.test(line);
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}

package/dist/evaluators/path-evaluator.d.ts

@@ -1,9 +1,22 @@
 import { type ConstraintRule, type RuleContext, type RuleEvaluationResult, type RuleEvaluator } from '../types';
-/** Evaluates file or directory existence constraints. */
+/**
+ * Evaluates file/directory presence constraints.
+ *
+ * Two config shapes are supported:
+ * - Glob form: `{ must: 'present' | 'absent' }` scoped by the rule's `include` /
+ *   `exclude` globs. `present` flags each include glob that matches zero files;
+ *   `absent` flags each in-scope file that exists.
+ * - Explicit form: `{ paths: string[], mode?: 'require' | 'forbid' }` — checks the
+ *   exact paths relative to the workdir (`require` = must exist, `forbid` = must not).
+ */
 export declare class PathEvaluator implements RuleEvaluator {
     private readonly fs;
     constructor();
-    /** Evaluate required or forbidden paths. */
+    /** Evaluate required or forbidden paths in either config form. */
     evaluate(rule: ConstraintRule, context: RuleContext): Promise<RuleEvaluationResult>;
+    /** Glob form driven by `must` + the rule's include/exclude globs. */
+    private evaluateGlob;
+    /** Explicit form: exact `paths` checked with `mode` require/forbid. */
+    private evaluateExplicit;
 }
 //# sourceMappingURL=path-evaluator.d.ts.map

package/dist/evaluators/path-evaluator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"path-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/path-evaluator.ts"],"names":[],"mappings":"AAEA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AAElB,yDAAyD;AACzD,qBAAa,aAAc,YAAW,aAAa;IAC/C,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAiB;;IAMpC,4CAA4C;IACtC,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAgB5F"}
+{"version":3,"file":"path-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/path-evaluator.ts"],"names":[],"mappings":"AAEA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AAGlB;;;;;;;;;GASG;AACH,qBAAa,aAAc,YAAW,aAAa;IAC/C,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAiB;;IAMpC,kEAAkE;IAC5D,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;IASzF,qEAAqE;YACvD,YAAY;IAuC1B,uEAAuE;YACzD,gBAAgB;CAmBjC"}

package/dist/evaluators/path-evaluator.js

@@ -1,15 +1,61 @@
 import { resolve } from 'node:path';
 import { NodeFileSystem } from '@gobing-ai/ts-runtime';
 import { createFinding, } from '../types.js';
-/** Evaluates file or directory existence constraints. */
+import { discoverFiles, matchesGlob } from './file-utils.js';
+/**
+ * Evaluates file/directory presence constraints.
+ *
+ * Two config shapes are supported:
+ * - Glob form: `{ must: 'present' | 'absent' }` scoped by the rule's `include` /
+ *   `exclude` globs. `present` flags each include glob that matches zero files;
+ *   `absent` flags each in-scope file that exists.
+ * - Explicit form: `{ paths: string[], mode?: 'require' | 'forbid' }` — checks the
+ *   exact paths relative to the workdir (`require` = must exist, `forbid` = must not).
+ */
 export class PathEvaluator {
     fs;
     constructor() {
         this.fs = new NodeFileSystem();
     }
-    /** Evaluate required or forbidden paths. */
+    /** Evaluate required or forbidden paths in either config form. */
     async evaluate(rule, context) {
         const config = rule.evaluator.config ?? {};
+        const must = config.must;
+        if (must === 'present' || must === 'absent') {
+            return this.evaluateGlob(rule, context, must);
+        }
+        return this.evaluateExplicit(rule, context, config);
+    }
+    /** Glob form driven by `must` + the rule's include/exclude globs. */
+    async evaluateGlob(rule, context, must) {
+        const include = rule.include ?? ['**'];
+        const exclude = rule.exclude ?? [];
+        const files = await discoverFiles({ workdir: context.workdir });
+        const inScope = (file) => include.some((glob) => matchesGlob(file, glob)) && !exclude.some((glob) => matchesGlob(file, glob));
+        const findings = [];
+        if (must === 'present') {
+            for (const pattern of include) {
+                const present = files.some((file) => matchesGlob(file, pattern) && !exclude.some((g) => matchesGlob(file, g)));
+                if (!present) {
+                    findings.push(createFinding(rule, `expected files matching "${pattern}", but none found`, pattern, {
+                        code: 'path:missing',
+                    }));
+                }
+            }
+        }
+        else {
+            for (const file of files) {
+                if (inScope(file)) {
+                    findings.push(createFinding(rule, 'file should be absent (forbidden by rule)', file, {
+                        code: 'path:forbidden',
+                    }));
+                }
+            }
+        }
+        return { findings, fixes: [] };
+    }
+    /** Explicit form: exact `paths` checked with `mode` require/forbid. */
+    async evaluateExplicit(rule, context, config) {
         const paths = arrayConfig(config, 'paths');
         const mode = stringConfig(config, 'mode', 'require');
         const findings = [];
@@ -31,7 +77,7 @@ function arrayConfig(config, key) {
         return value;
     if (typeof value === 'string')
         return [value];
-    throw new Error(`path evaluator requires string[] config "${key}"`);
+    throw new Error(`path evaluator requires config "${key}" (string[]) or "must" (present|absent)`);
 }
 function stringConfig(config, key, fallback) {
     const value = config[key];

package/dist/evaluators/regex-evaluator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"regex-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/regex-evaluator.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AAGlB,qEAAqE;AACrE,qBAAa,cAAe,YAAW,aAAa;;IAGhD,4DAA4D;IACtD,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;CA2B5F"}
+{"version":3,"file":"regex-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/regex-evaluator.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AAGlB,qEAAqE;AACrE,qBAAa,cAAe,YAAW,aAAa;;IAGhD,4DAA4D;IACtD,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAuC5F"}

package/dist/evaluators/regex-evaluator.js

@@ -6,26 +6,61 @@ export class RegexEvaluator {
     /** Evaluate regex-based presence or absence constraints. */
     async evaluate(rule, context) {
         const config = rule.evaluator.config ?? {};
-        const pattern = stringConfig(config, 'pattern');
+        const { pattern, flags } = normalizePattern(stringConfig(config, 'pattern'), stringConfig(config, 'flags', ''), config.multiline === true);
         const mode = stringConfig(config, 'mode', 'forbid');
-        const flags = stringConfig(config, 'flags', 'm');
         const regex = new RegExp(pattern, flags);
         const files = await discoverFiles({ workdir: context.workdir, include: rule.include, exclude: rule.exclude });
         const findings = [];
         for (const file of files) {
             const content = await readWorkdirFile(context.workdir, file);
-            regex.lastIndex = 0;
-            const match = regex.exec(content);
-            if (mode === 'require' && match === null) {
-                findings.push(createFinding(rule, `Required pattern not found: ${pattern}`, file, { code: 'regex:missing' }));
+            if (mode === 'require') {
+                regex.lastIndex = 0;
+                if (!regex.test(content)) {
+                    findings.push(createFinding(rule, `required pattern not found: ${pattern}`, file, { code: 'regex:missing' }));
+                }
+                continue;
             }
-            if (mode !== 'require' && match !== null) {
-                findings.push(createFinding(rule, `Forbidden pattern found: ${pattern}`, file, { code: 'regex:found' }));
+            // forbid: report each matching line so findings carry precise locations.
+            for (const [index, line] of content.split('\n').entries()) {
+                regex.lastIndex = 0;
+                if (regex.test(line)) {
+                    findings.push(createFinding(rule, `forbidden pattern found: ${pattern}`, file, {
+                        line: index + 1,
+                        code: 'regex:found',
+                    }));
+                }
             }
         }
         return { findings, fixes: [] };
     }
 }
+/**
+ * Normalize a pattern + flags for JS `RegExp`.
+ *
+ * Accepts a leading `(?i)`/`(?im)` inline flag group (ripgrep/PCRE style) and
+ * folds it into the JS flags. `multiline` adds the `s` (dotAll) flag so `.`
+ * spans newlines, matching the old `--multiline` behavior. `m` is always set so
+ * `^`/`$` work per line.
+ */
+function normalizePattern(rawPattern, rawFlags, multiline) {
+    const flagSet = new Set(['m']);
+    for (const flag of rawFlags) {
+        if ('gimsuy'.includes(flag))
+            flagSet.add(flag);
+    }
+    let pattern = rawPattern;
+    const inline = /^\(\?([a-z]+)\)/.exec(pattern);
+    if (inline) {
+        for (const flag of inline[1] ?? '') {
+            if ('imsu'.includes(flag))
+                flagSet.add(flag);
+        }
+        pattern = pattern.slice(inline[0].length);
+    }
+    if (multiline)
+        flagSet.add('s');
+    return { pattern, flags: [...flagSet].join('') };
+}
 function stringConfig(config, key, fallback) {
     const value = config[key];
     if (typeof value === 'string')

package/dist/evaluators/schema-artifact-evaluator.d.ts

@@ -0,0 +1,21 @@
+import { type ConstraintRule, type RuleContext, type RuleEvaluationResult, type RuleEvaluator } from '../types';
+/**
+ * Evaluates JSON schema artifact files for structural integrity.
+ *
+ * Pure JS — no subprocess. Validates JSON validity, title, required properties,
+ * `$defs` / `definitions` entries, and the presence of a top-level `required` array.
+ *
+ * ## Options (in `evaluator.config`)
+ * - `file` — path to the JSON file relative to the workdir (required).
+ * - `requiredTitle` — expected `title` value (optional).
+ * - `requiredProperties` — top-level `properties` keys that must exist (optional).
+ * - `requiredDefs` — `$defs` or `definitions` keys that must exist (optional).
+ * - `requireRequiredArray` — enforce that `required` is a non-empty array (default: `false`).
+ */
+export declare class SchemaArtifactEvaluator implements RuleEvaluator {
+    private readonly fs;
+    constructor();
+    /** Evaluate the configured JSON schema artifact. */
+    evaluate(rule: ConstraintRule, context: RuleContext): Promise<RuleEvaluationResult>;
+}
+//# sourceMappingURL=schema-artifact-evaluator.d.ts.map

package/dist/evaluators/schema-artifact-evaluator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-artifact-evaluator.d.ts","sourceRoot":"","sources":["../../src/evaluators/schema-artifact-evaluator.ts"],"names":[],"mappings":"AAEA,OAAO,EACH,KAAK,cAAc,EAEnB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EACrB,MAAM,UAAU,CAAC;AAElB;;;;;;;;;;;;GAYG;AACH,qBAAa,uBAAwB,YAAW,aAAa;IACzD,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAiB;;IAMpC,oDAAoD;IAC9C,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAiG5F"}