npm - @hatem427/code-guard-ci - Versions diffs - 3.0.0 → 3.1.0 - Mend

@hatem427/code-guard-ci 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (102) hide show

package/config/fastify.config.ts +326 -0
package/config/hono.config.ts +331 -0
package/config/nestjs.config.ts +500 -0
package/config/node.config.ts +425 -0
package/config/python.config.ts +512 -0
package/dist/config/fastify.config.d.ts +17 -0
package/dist/config/fastify.config.d.ts.map +1 -0
package/dist/config/fastify.config.js +279 -0
package/dist/config/fastify.config.js.map +1 -0
package/dist/config/hono.config.d.ts +17 -0
package/dist/config/hono.config.d.ts.map +1 -0
package/dist/config/hono.config.js +287 -0
package/dist/config/hono.config.js.map +1 -0
package/dist/config/nestjs.config.d.ts +17 -0
package/dist/config/nestjs.config.d.ts.map +1 -0
package/dist/config/nestjs.config.js +440 -0
package/dist/config/nestjs.config.js.map +1 -0
package/dist/config/node.config.d.ts +17 -0
package/dist/config/node.config.d.ts.map +1 -0
package/dist/config/node.config.js +363 -0
package/dist/config/node.config.js.map +1 -0
package/dist/config/python.config.d.ts +15 -0
package/dist/config/python.config.d.ts.map +1 -0
package/dist/config/python.config.js +475 -0
package/dist/config/python.config.js.map +1 -0
package/dist/scripts/auto-fix.d.ts +5 -0
package/dist/scripts/auto-fix.d.ts.map +1 -1
package/dist/scripts/auto-fix.js +5 -0
package/dist/scripts/auto-fix.js.map +1 -1
package/dist/scripts/cli.js +2 -2
package/dist/scripts/cli.js.map +1 -1
package/dist/scripts/config-generators/ai-config-generator.d.ts.map +1 -1
package/dist/scripts/config-generators/ai-config-generator.js +6 -0
package/dist/scripts/config-generators/ai-config-generator.js.map +1 -1
package/dist/scripts/config-generators/eslint-generator.d.ts.map +1 -1
package/dist/scripts/config-generators/eslint-generator.js +108 -0
package/dist/scripts/config-generators/eslint-generator.js.map +1 -1
package/dist/scripts/config-generators/frameworks/fastify.d.ts +6 -0
package/dist/scripts/config-generators/frameworks/fastify.d.ts.map +1 -0
package/dist/scripts/config-generators/frameworks/fastify.js +68 -0
package/dist/scripts/config-generators/frameworks/fastify.js.map +1 -0
package/dist/scripts/config-generators/frameworks/hono.d.ts +6 -0
package/dist/scripts/config-generators/frameworks/hono.d.ts.map +1 -0
package/dist/scripts/config-generators/frameworks/hono.js +63 -0
package/dist/scripts/config-generators/frameworks/hono.js.map +1 -0
package/dist/scripts/config-generators/frameworks/index.d.ts +3 -0
package/dist/scripts/config-generators/frameworks/index.d.ts.map +1 -1
package/dist/scripts/config-generators/frameworks/index.js +7 -1
package/dist/scripts/config-generators/frameworks/index.js.map +1 -1
package/dist/scripts/config-generators/frameworks/nestjs.d.ts +6 -0
package/dist/scripts/config-generators/frameworks/nestjs.d.ts.map +1 -0
package/dist/scripts/config-generators/frameworks/nestjs.js +83 -0
package/dist/scripts/config-generators/frameworks/nestjs.js.map +1 -0
package/dist/scripts/config-generators/frameworks/node.d.ts +2 -2
package/dist/scripts/config-generators/frameworks/node.d.ts.map +1 -1
package/dist/scripts/config-generators/frameworks/node.js +56 -11
package/dist/scripts/config-generators/frameworks/node.js.map +1 -1
package/dist/scripts/config-generators/typescript-generator.d.ts.map +1 -1
package/dist/scripts/config-generators/typescript-generator.js +33 -0
package/dist/scripts/config-generators/typescript-generator.js.map +1 -1
package/dist/scripts/config-generators/vscode-generator.d.ts.map +1 -1
package/dist/scripts/config-generators/vscode-generator.js +73 -0
package/dist/scripts/config-generators/vscode-generator.js.map +1 -1
package/dist/scripts/generate-pr-checklist.d.ts +5 -0
package/dist/scripts/generate-pr-checklist.d.ts.map +1 -1
package/dist/scripts/generate-pr-checklist.js +6 -1
package/dist/scripts/generate-pr-checklist.js.map +1 -1
package/dist/scripts/postinstall.js +38 -0
package/dist/scripts/postinstall.js.map +1 -1
package/dist/scripts/precommit-check.d.ts +13 -0
package/dist/scripts/precommit-check.d.ts.map +1 -1
package/dist/scripts/precommit-check.js +288 -5
package/dist/scripts/precommit-check.js.map +1 -1
package/dist/scripts/utils/naming-validator.d.ts.map +1 -1
package/dist/scripts/utils/naming-validator.js +96 -2
package/dist/scripts/utils/naming-validator.js.map +1 -1
package/dist/scripts/utils/project-detector.d.ts +12 -9
package/dist/scripts/utils/project-detector.d.ts.map +1 -1
package/dist/scripts/utils/project-detector.js +63 -11
package/dist/scripts/utils/project-detector.js.map +1 -1
package/dist/scripts/utils/structure-validator.d.ts.map +1 -1
package/dist/scripts/utils/structure-validator.js +50 -0
package/dist/scripts/utils/structure-validator.js.map +1 -1
package/package.json +10 -3
package/scripts/auto-fix.ts +5 -0
package/scripts/cli.ts +2 -2
package/scripts/config-generators/ai-config-generator.ts +9 -0
package/scripts/config-generators/eslint-generator.ts +110 -0
package/scripts/config-generators/frameworks/fastify.ts +65 -0
package/scripts/config-generators/frameworks/hono.ts +60 -0
package/scripts/config-generators/frameworks/index.ts +3 -0
package/scripts/config-generators/frameworks/nestjs.ts +80 -0
package/scripts/config-generators/frameworks/node.ts +57 -11
package/scripts/config-generators/typescript-generator.ts +36 -0
package/scripts/config-generators/vscode-generator.ts +84 -0
package/scripts/generate-pr-checklist.ts +6 -1
package/scripts/postinstall.ts +38 -0
package/scripts/precommit-check.ts +334 -6
package/scripts/utils/naming-validator.ts +104 -2
package/scripts/utils/project-detector.ts +78 -11
package/scripts/utils/structure-validator.ts +54 -0
package/templates/feature-doc-backend.md +114 -0

package/dist/config/nestjs.config.js ADDED Viewed

@@ -0,0 +1,440 @@
+"use strict";
+/**
+ * ============================================================================
+ * nestjs.config.ts — NestJS-specific coding rules
+ * ============================================================================
+ *
+ * Registers rules that only apply to NestJS projects:
+ *   - Module / controller / service separation
+ *   - DTO validation enforcement
+ *   - Security patterns (no raw process.env, no eval)
+ *   - Error handling with HttpException
+ *   - Dependency injection correctness
+ *   - Async/await patterns
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.nestjsRules = void 0;
+const guidelines_config_1 = require("./guidelines.config");
+const nestjsRules = [
+    // ── Architecture ──────────────────────────────────────────────────────────
+    // ─────────────────────────────────────────
+    // RULE: nestjs-no-logic-in-controller
+    // ROLE: Enforce thin controllers
+    // PURPOSE: Controllers should only parse the HTTP request and delegate to
+    //          the service layer. Business logic in a controller cannot be
+    //          unit-tested without spinning up a full HTTP context.
+    // EXAMPLE:
+    //   WRONG:
+    //     @Post()
+    //     async create(@Body() dto: CreateUserDto) {
+    //       const salt = await bcrypt.genSalt();
+    //       const hash = await bcrypt.hash(dto.password, salt);
+    //       return this.usersRepo.save({ ...dto, password: hash });
+    //     }
+    //   RIGHT:
+    //     @Post()
+    //     async create(@Body() dto: CreateUserDto) {
+    //       return this.usersService.create(dto);
+    //     }
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-no-logic-in-controller',
+        label: 'No business logic in controllers',
+        description: 'Controllers should only handle HTTP concerns (parse request, call service, return response). Move all business logic to the service layer.',
+        severity: 'warning',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            const violations = [];
+            if (!file.relativePath.includes('.controller.'))
+                return [];
+            // Flag common business logic patterns inside controllers
+            const businessPatterns = [
+                { regex: /bcrypt\.(hash|compare|genSalt)/g, label: 'bcrypt hashing' },
+                { regex: /\.save\s*\(/g, label: 'direct repository save()' },
+                { regex: /\.find\s*\(/g, label: 'direct repository find()' },
+                { regex: /new\s+\w+(?:Service|Repository)\s*\(/g, label: 'manual service instantiation' },
+            ];
+            for (let i = 0; i < file.lines.length; i++) {
+                for (const { regex, label } of businessPatterns) {
+                    regex.lastIndex = 0;
+                    if (regex.test(file.lines[i])) {
+                        violations.push({
+                            line: i + 1,
+                            message: `Business logic found in controller (${label}). Move to the service layer.`,
+                        });
+                    }
+                }
+            }
+            return violations;
+        },
+        applicableTo: ['nestjs'],
+        category: 'Architecture',
+    },
+    // ─────────────────────────────────────────
+    // RULE: nestjs-use-dto
+    // ROLE: Enforce DTO type-safety on route handlers
+    // PURPOSE: Using plain 'any' or 'object' types on @Body()/@Param()/@Query()
+    //          bypasses TypeScript type safety and class-validator validation.
+    //          DTOs document the API contract and allow automatic validation.
+    // EXAMPLE:
+    //   WRONG:
+    //     @Post() create(@Body() body: any) { ... }
+    //   RIGHT:
+    //     @Post() create(@Body() body: CreateUserDto) { ... }
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-use-dto',
+        label: 'Use DTOs for @Body(), @Param(), @Query()',
+        description: 'Always type @Body(), @Param(), and @Query() parameters with dedicated DTO classes, not "any" or "object". DTOs enforce validation and document the API contract.',
+        severity: 'error',
+        fileExtensions: ['ts'],
+        pattern: /@(?:Body|Param|Query)\(\s*\)\s*\w+\s*:\s*(?:any|object)\b/g,
+        applicableTo: ['nestjs'],
+        category: 'Type Safety',
+    },
+    // ── Validation ────────────────────────────────────────────────────────────
+    // ─────────────────────────────────────────
+    // RULE: nestjs-dto-needs-class-validator
+    // ROLE: Enforce class-validator decorators on DTO files
+    // PURPOSE: A DTO class without class-validator decorators gets no runtime
+    //          validation. The ValidationPipe only enforces rules declared
+    //          with @IsString(), @IsEmail(), @IsNotEmpty(), etc.
+    // EXAMPLE:
+    //   WRONG:
+    //     export class CreateUserDto { email: string; name: string; }
+    //   RIGHT:
+    //     export class CreateUserDto {
+    //       @IsEmail() email: string;
+    //       @IsNotEmpty() @IsString() name: string;
+    //     }
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-dto-needs-class-validator',
+        label: 'DTOs must use class-validator decorators',
+        description: 'DTO files must import and use class-validator decorators (@IsString, @IsEmail, @IsNotEmpty, etc.) for runtime validation with ValidationPipe.',
+        severity: 'error',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            if (!file.relativePath.endsWith('.dto.ts'))
+                return [];
+            const hasClassValidator = /from ['"]class-validator['"]/.test(file.content);
+            const hasClass = /export\s+class\s+\w+Dto/.test(file.content);
+            if (hasClass && !hasClassValidator) {
+                return [
+                    {
+                        line: null,
+                        message: 'DTO file is missing class-validator imports. Add @IsString(), @IsEmail(), @IsNotEmpty(), etc. for runtime validation.',
+                    },
+                ];
+            }
+            return [];
+        },
+        applicableTo: ['nestjs'],
+        category: 'Validation',
+    },
+    // ─────────────────────────────────────────
+    // RULE: nestjs-dto-whitelist-validation
+    // ROLE: Enforce input sanitization at ValidationPipe level
+    // PURPOSE: Without { whitelist: true }, extra properties sent by clients
+    //          pass through to the service layer unchecked, creating mass
+    //          assignment vulnerabilities.
+    // EXAMPLE:
+    //   WRONG:
+    //     app.useGlobalPipes(new ValidationPipe());
+    //   RIGHT:
+    //     app.useGlobalPipes(new ValidationPipe({ whitelist: true, forbidNonWhitelisted: true }));
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-dto-whitelist-validation',
+        label: 'ValidationPipe must use whitelist: true',
+        description: 'Set whitelist: true and forbidNonWhitelisted: true on ValidationPipe to strip/reject extra properties and prevent mass assignment vulnerabilities.',
+        severity: 'error',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            // Only check main.ts or bootstrap files
+            if (!file.relativePath.endsWith('main.ts'))
+                return [];
+            const hasValidationPipe = /new\s+ValidationPipe/.test(file.content);
+            const hasWhitelist = /whitelist\s*:\s*true/.test(file.content);
+            if (hasValidationPipe && !hasWhitelist) {
+                return [
+                    {
+                        line: null,
+                        message: 'ValidationPipe is missing whitelist: true. Add: new ValidationPipe({ whitelist: true, forbidNonWhitelisted: true })',
+                    },
+                ];
+            }
+            return [];
+        },
+        applicableTo: ['nestjs'],
+        category: 'Validation',
+    },
+    // ── Error Handling ────────────────────────────────────────────────────────
+    // ─────────────────────────────────────────
+    // RULE: nestjs-use-http-exception
+    // ROLE: Enforce NestJS-native error throwing
+    // PURPOSE: Throwing raw Error objects in a NestJS context bypasses the
+    //          exception filter pipeline, resulting in a generic 500 with
+    //          an exposed stack trace. Use built-in HttpException subclasses
+    //          (NotFoundException, BadRequestException, etc.) so the global
+    //          filter can shape the response correctly.
+    // EXAMPLE:
+    //   WRONG:
+    //     throw new Error('User not found');
+    //   RIGHT:
+    //     throw new NotFoundException('User not found');
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-use-http-exception',
+        label: 'Throw HttpException subclasses, not raw Error',
+        description: 'Throw NestJS HttpException subclasses (NotFoundException, BadRequestException, ForbiddenException, etc.) instead of raw Error objects to ensure proper HTTP response shaping.',
+        severity: 'warning',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            const violations = [];
+            if (!file.relativePath.includes('.service.') && !file.relativePath.includes('.controller.')) {
+                return [];
+            }
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                // Match "throw new Error(" but not "throw new HttpException", "throw new NotFoundException", etc.
+                if (/throw\s+new\s+Error\s*\(/.test(line)) {
+                    violations.push({
+                        line: i + 1,
+                        message: 'Raw Error thrown. Use NestJS HttpException subclasses: NotFoundException, BadRequestException, ForbiddenException, ConflictException, etc.',
+                    });
+                }
+            }
+            return violations;
+        },
+        applicableTo: ['nestjs'],
+        category: 'Error Handling',
+    },
+    // ── Security ──────────────────────────────────────────────────────────────
+    // ─────────────────────────────────────────
+    // RULE: nestjs-no-process-env-in-services
+    // ROLE: Enforce centralised configuration access
+    // PURPOSE: Accessing process.env directly in services scatters
+    //          configuration reads across the codebase, making it impossible
+    //          to validate env vars at startup or mock config in tests.
+    //          ConfigService provides a single validated source of truth.
+    // EXAMPLE:
+    //   WRONG:
+    //     const secret = process.env['JWT_SECRET'];
+    //   RIGHT:
+    //     constructor(private config: ConfigService) {}
+    //     const secret = this.config.get<string>('JWT_SECRET');
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-no-process-env-in-services',
+        label: 'Use ConfigService, not process.env directly',
+        description: 'Access environment variables via NestJS ConfigService, not process.env directly. This enables validation at startup and simplifies testing.',
+        severity: 'warning',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            const violations = [];
+            // Only check services and controllers (not main.ts, config files)
+            if (!file.relativePath.includes('.service.') &&
+                !file.relativePath.includes('.controller.') &&
+                !file.relativePath.includes('.guard.')) {
+                return [];
+            }
+            for (let i = 0; i < file.lines.length; i++) {
+                if (/process\.env\b/.test(file.lines[i])) {
+                    violations.push({
+                        line: i + 1,
+                        message: 'process.env used directly. Inject ConfigService and use this.config.get("VAR_NAME") instead.',
+                    });
+                }
+            }
+            return violations;
+        },
+        applicableTo: ['nestjs'],
+        category: 'Security',
+    },
+    // ─────────────────────────────────────────
+    // RULE: nestjs-no-manual-instantiation
+    // ROLE: Enforce NestJS Dependency Injection
+    // PURPOSE: Manually instantiating services with `new` bypasses NestJS's
+    //          DI container. The new instance won't have its own dependencies
+    //          resolved, won't be scoped correctly, and can't be mocked in tests.
+    // EXAMPLE:
+    //   WRONG:
+    //     const service = new UserService(new UsersRepository());
+    //   RIGHT:
+    //     constructor(private readonly usersService: UsersService) {}
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-no-manual-instantiation',
+        label: 'No manual service instantiation with new',
+        description: 'Never instantiate NestJS services, repositories, or guards with "new". Let the DI container manage lifecycle and dependency resolution.',
+        severity: 'error',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            const violations = [];
+            if (!file.relativePath.includes('.service.') &&
+                !file.relativePath.includes('.controller.') &&
+                !file.relativePath.includes('.module.')) {
+                return [];
+            }
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                // Detect `new SomeService(` or `new SomeRepository(` patterns
+                if (/new\s+[A-Z]\w*(?:Service|Repository|Guard|Pipe)\s*\(/.test(line)) {
+                    violations.push({
+                        line: i + 1,
+                        message: 'Manual service/guard/repository instantiation found. Inject via constructor or use the DI container.',
+                    });
+                }
+            }
+            return violations;
+        },
+        applicableTo: ['nestjs'],
+        category: 'Dependency Injection',
+    },
+    // ── Async Patterns ────────────────────────────────────────────────────────
+    // ─────────────────────────────────────────
+    // RULE: nestjs-async-await-consistency
+    // ROLE: Enforce consistent async patterns
+    // PURPOSE: Mixing Promises and callbacks without await or without
+    //          propagating errors upward leads to unhandled rejections that
+    //          silently crash the process or produce incorrect API responses.
+    // EXAMPLE:
+    //   WRONG:
+    //     findUser(id: string) {
+    //       return this.repo.findOne(id).then(user => {
+    //         if (!user) throw new NotFoundException();
+    //         return user;
+    //       });
+    //     }
+    //   RIGHT:
+    //     async findUser(id: string): Promise<User> {
+    //       const user = await this.repo.findOne({ where: { id } });
+    //       if (!user) throw new NotFoundException('User not found');
+    //       return user;
+    //     }
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-async-await-consistency',
+        label: 'Use async/await, not .then()/.catch() chains',
+        description: 'Prefer async/await over .then()/.catch() chains in NestJS services and controllers for consistent, readable async code that handles errors properly.',
+        severity: 'warning',
+        fileExtensions: ['ts'],
+        pattern: /\.then\s*\(\s*(?:async\s*)?\(|\.catch\s*\(\s*(?:async\s*)?\(/g,
+        applicableTo: ['nestjs'],
+        category: 'Async Patterns',
+    },
+    // ── Module Structure ──────────────────────────────────────────────────────
+    // ─────────────────────────────────────────
+    // RULE: nestjs-injectable-decorator
+    // ROLE: Enforce @Injectable() on all service classes
+    // PURPOSE: A service class without @Injectable() cannot be resolved by
+    //          the NestJS DI container. The app will throw a runtime error
+    //          when the module tries to instantiate it.
+    // EXAMPLE:
+    //   WRONG:
+    //     export class UserService { ... }
+    //   RIGHT:
+    //     @Injectable()
+    //     export class UserService { ... }
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-injectable-decorator',
+        label: 'Service classes must use @Injectable()',
+        description: 'All service classes must be decorated with @Injectable() to be manageable by the NestJS DI container.',
+        severity: 'error',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            if (!file.relativePath.endsWith('.service.ts'))
+                return [];
+            const hasInjectable = /@Injectable\s*\(/.test(file.content);
+            const hasExportedClass = /export\s+class\s+\w+Service/.test(file.content);
+            if (hasExportedClass && !hasInjectable) {
+                return [
+                    {
+                        line: null,
+                        message: 'Service class is missing @Injectable() decorator. NestJS cannot inject this service without it.',
+                    },
+                ];
+            }
+            return [];
+        },
+        applicableTo: ['nestjs'],
+        category: 'Module Structure',
+    },
+    // ─────────────────────────────────────────
+    // RULE: nestjs-response-type-annotation
+    // ROLE: Enforce explicit return types on controllers
+    // PURPOSE: Controller handler methods without explicit return types make
+    //          it hard to know the API contract from code alone and can lead
+    //          to accidental leaking of internal fields (e.g., passwords).
+    // EXAMPLE:
+    //   WRONG:
+    //     @Get(':id') findOne(@Param('id') id: string) { ... }
+    //   RIGHT:
+    //     @Get(':id') findOne(@Param('id') id: string): Promise<UserResponseDto> { ... }
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-response-type-annotation',
+        label: 'Controller handlers must declare return types',
+        description: 'Add explicit return types to all controller handler methods to document the response contract and prevent accidental data leaks.',
+        severity: 'warning',
+        fileExtensions: ['ts'],
+        pattern: null,
+        customCheck: (file) => {
+            const violations = [];
+            if (!file.relativePath.includes('.controller.'))
+                return [];
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                // Handler: has @Get/@Post/@Put/@Patch/@Delete decorator on previous lines
+                // and async method without return type annotation
+                if (/(?:async\s+\w+|(?<!\/\/)\w+)\s*\(@(?:Body|Param|Query)/.test(line) &&
+                    !/\)\s*:\s*(?:Promise|Observable|\w+)/.test(line)) {
+                    violations.push({
+                        line: i + 1,
+                        message: 'Controller handler is missing an explicit return type. Add `: Promise<ResponseDto>` to document the API contract.',
+                    });
+                }
+            }
+            return violations;
+        },
+        applicableTo: ['nestjs'],
+        category: 'Type Safety',
+    },
+    // ── Security - Sensitive Data ──────────────────────────────────────────────
+    // ─────────────────────────────────────────
+    // RULE: nestjs-no-password-in-response
+    // ROLE: Prevent credential leaks in API responses
+    // PURPOSE: Returning entity objects directly from controllers exposes
+    //          all fields including password hashes. Always map to a response
+    //          DTO that explicitly includes only safe fields.
+    // EXAMPLE:
+    //   WRONG:
+    //     return this.usersService.findOne(id); // returns User entity with password
+    //   RIGHT:
+    //     const user = await this.usersService.findOne(id);
+    //     return plainToInstance(UserResponseDto, user, { excludeExtraneousValues: true });
+    // ─────────────────────────────────────────
+    {
+        id: 'nestjs-no-password-in-response',
+        label: 'Never return password fields in responses',
+        description: 'Map entity results to response DTOs using class-transformer. Never return raw entity objects that may contain password hashes or sensitive fields.',
+        severity: 'error',
+        fileExtensions: ['ts'],
+        pattern: /(?:password|passwordHash|hashedPassword)\s*[,}]|select\s*:\s*{[^}]*password/g,
+        applicableTo: ['nestjs'],
+        category: 'Security',
+    },
+];
+exports.nestjsRules = nestjsRules;
+// Register all NestJS-specific rules
+(0, guidelines_config_1.registerRules)('nestjs', nestjsRules);
+//# sourceMappingURL=nestjs.config.js.map

package/dist/config/nestjs.config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"nestjs.config.js","sourceRoot":"","sources":["../../config/nestjs.config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,2DAA0D;AAE1D,MAAM,WAAW,GAAW;IAE1B,6EAA6E;IAE7E,4CAA4C;IAC5C,sCAAsC;IACtC,iCAAiC;IACjC,0EAA0E;IAC1E,uEAAuE;IACvE,gEAAgE;IAChE,WAAW;IACX,WAAW;IACX,cAAc;IACd,iDAAiD;IACjD,6CAA6C;IAC7C,4DAA4D;IAC5D,gEAAgE;IAChE,QAAQ;IACR,WAAW;IACX,cAAc;IACd,iDAAiD;IACjD,8CAA8C;IAC9C,QAAQ;IACR,4CAA4C;IAC5C;QACE,EAAE,EAAE,+BAA+B;QACnC,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,4IAA4I;QAC9I,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAAE,OAAO,EAAE,CAAC;YAE3D,yDAAyD;YACzD,MAAM,gBAAgB,GAAG;gBACvB,EAAE,KAAK,EAAE,iCAAiC,EAAE,KAAK,EAAE,gBAAgB,EAAE;gBACrE,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,0BAA0B,EAAE;gBAC5D,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,0BAA0B,EAAE;gBAC5D,EAAE,KAAK,EAAE,uCAAuC,EAAE,KAAK,EAAE,8BAA8B,EAAE;aAC1F,CAAC;YAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,KAAK,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,gBAAgB,EAAE,CAAC;oBAChD,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;oBACpB,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC9B,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,uCAAuC,KAAK,+BAA+B;yBACrF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,cAAc;KACzB;IAED,4CAA4C;IAC5C,uBAAuB;IACvB,kDAAkD;IAClD,4EAA4E;IAC5E,2EAA2E;IAC3E,0EAA0E;IAC1E,WAAW;IACX,WAAW;IACX,gDAAgD;IAChD,WAAW;IACX,0DAA0D;IAC1D,4CAA4C;IAC5C;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,0CAA0C;QACjD,WAAW,EACT,kKAAkK;QACpK,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,4DAA4D;QACrE,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,aAAa;KACxB;IAED,6EAA6E;IAE7E,4CAA4C;IAC5C,yCAAyC;IACzC,wDAAwD;IACxD,0EAA0E;IAC1E,uEAAuE;IACvE,6DAA6D;IAC7D,WAAW;IACX,WAAW;IACX,kEAAkE;IAClE,WAAW;IACX,mCAAmC;IACnC,kCAAkC;IAClC,gDAAgD;IAChD,QAAQ;IACR,4CAA4C;IAC5C;QACE,EAAE,EAAE,kCAAkC;QACtC,KAAK,EAAE,0CAA0C;QACjD,WAAW,EACT,+IAA+I;QACjJ,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,OAAO,EAAE,CAAC;YAEtD,MAAM,iBAAiB,GAAG,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5E,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE9D,IAAI,QAAQ,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACnC,OAAO;oBACL;wBACE,IAAI,EAAE,IAAI;wBACV,OAAO,EACL,uHAAuH;qBAC1H;iBACF,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,YAAY;KACvB;IAED,4CAA4C;IAC5C,wCAAwC;IACxC,2DAA2D;IAC3D,yEAAyE;IACzE,sEAAsE;IACtE,uCAAuC;IACvC,WAAW;IACX,WAAW;IACX,gDAAgD;IAChD,WAAW;IACX,+FAA+F;IAC/F,4CAA4C;IAC5C;QACE,EAAE,EAAE,iCAAiC;QACrC,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,oJAAoJ;QACtJ,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,wCAAwC;YACxC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,OAAO,EAAE,CAAC;YAEtD,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpE,MAAM,YAAY,GAAG,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE/D,IAAI,iBAAiB,IAAI,CAAC,YAAY,EAAE,CAAC;gBACvC,OAAO;oBACL;wBACE,IAAI,EAAE,IAAI;wBACV,OAAO,EACL,qHAAqH;qBACxH;iBACF,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,YAAY;KACvB;IAED,6EAA6E;IAE7E,4CAA4C;IAC5C,kCAAkC;IAClC,6CAA6C;IAC7C,uEAAuE;IACvE,sEAAsE;IACtE,yEAAyE;IACzE,wEAAwE;IACxE,oDAAoD;IACpD,WAAW;IACX,WAAW;IACX,yCAAyC;IACzC,WAAW;IACX,qDAAqD;IACrD,4CAA4C;IAC5C;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,+CAA+C;QACtD,WAAW,EACT,+KAA+K;QACjL,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC5F,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,kGAAkG;gBAClG,IAAI,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EACL,4IAA4I;qBAC/I,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,gBAAgB;KAC3B;IAED,6EAA6E;IAE7E,4CAA4C;IAC5C,0CAA0C;IAC1C,iDAAiD;IACjD,+DAA+D;IAC/D,yEAAyE;IACzE,oEAAoE;IACpE,sEAAsE;IACtE,WAAW;IACX,WAAW;IACX,gDAAgD;IAChD,WAAW;IACX,oDAAoD;IACpD,4DAA4D;IAC5D,4CAA4C;IAC5C;QACE,EAAE,EAAE,mCAAmC;QACvC,KAAK,EAAE,6CAA6C;QACpD,WAAW,EACT,6IAA6I;QAC/I,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,kEAAkE;YAClE,IACE,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACxC,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC3C,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EACtC,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzC,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EACL,8FAA8F;qBACjG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,UAAU;KACrB;IAED,4CAA4C;IAC5C,uCAAuC;IACvC,4CAA4C;IAC5C,wEAAwE;IACxE,0EAA0E;IAC1E,8EAA8E;IAC9E,WAAW;IACX,WAAW;IACX,8DAA8D;IAC9D,WAAW;IACX,kEAAkE;IAClE,4CAA4C;IAC5C;QACE,EAAE,EAAE,gCAAgC;QACpC,KAAK,EAAE,0CAA0C;QACjD,WAAW,EACT,yIAAyI;QAC3I,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,IACE,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACxC,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC3C,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,EACvC,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,8DAA8D;gBAC9D,IAAI,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtE,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EACL,sGAAsG;qBACzG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,sBAAsB;KACjC;IAED,6EAA6E;IAE7E,4CAA4C;IAC5C,uCAAuC;IACvC,0CAA0C;IAC1C,kEAAkE;IAClE,wEAAwE;IACxE,0EAA0E;IAC1E,WAAW;IACX,WAAW;IACX,6BAA6B;IAC7B,oDAAoD;IACpD,oDAAoD;IACpD,uBAAuB;IACvB,YAAY;IACZ,QAAQ;IACR,WAAW;IACX,kDAAkD;IAClD,iEAAiE;IACjE,kEAAkE;IAClE,qBAAqB;IACrB,QAAQ;IACR,4CAA4C;IAC5C;QACE,EAAE,EAAE,gCAAgC;QACpC,KAAK,EAAE,8CAA8C;QACrD,WAAW,EACT,sJAAsJ;QACxJ,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,+DAA+D;QACxE,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,gBAAgB;KAC3B;IAED,6EAA6E;IAE7E,4CAA4C;IAC5C,oCAAoC;IACpC,qDAAqD;IACrD,uEAAuE;IACvE,uEAAuE;IACvE,oDAAoD;IACpD,WAAW;IACX,WAAW;IACX,uCAAuC;IACvC,WAAW;IACX,oBAAoB;IACpB,uCAAuC;IACvC,4CAA4C;IAC5C;QACE,EAAE,EAAE,6BAA6B;QACjC,KAAK,EAAE,wCAAwC;QAC/C,WAAW,EACT,uGAAuG;QACzG,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAAE,OAAO,EAAE,CAAC;YAE1D,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5D,MAAM,gBAAgB,GAAG,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE1E,IAAI,gBAAgB,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvC,OAAO;oBACL;wBACE,IAAI,EAAE,IAAI;wBACV,OAAO,EACL,iGAAiG;qBACpG;iBACF,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,kBAAkB;KAC7B;IAED,4CAA4C;IAC5C,wCAAwC;IACxC,qDAAqD;IACrD,yEAAyE;IACzE,yEAAyE;IACzE,uEAAuE;IACvE,WAAW;IACX,WAAW;IACX,2DAA2D;IAC3D,WAAW;IACX,qFAAqF;IACrF,4CAA4C;IAC5C;QACE,EAAE,EAAE,iCAAiC;QACrC,KAAK,EAAE,+CAA+C;QACtD,WAAW,EACT,kIAAkI;QACpI,QAAQ,EAAE,SAAS;QACnB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,MAAM,UAAU,GAAoD,EAAE,CAAC;YAEvE,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAAE,OAAO,EAAE,CAAC;YAE3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,0EAA0E;gBAC1E,kDAAkD;gBAClD,IAAI,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC;oBACnE,CAAC,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EACL,mHAAmH;qBACtH,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,aAAa;KACxB;IAED,8EAA8E;IAE9E,4CAA4C;IAC5C,uCAAuC;IACvC,kDAAkD;IAClD,sEAAsE;IACtE,0EAA0E;IAC1E,0DAA0D;IAC1D,WAAW;IACX,WAAW;IACX,iFAAiF;IACjF,WAAW;IACX,wDAAwD;IACxD,wFAAwF;IACxF,4CAA4C;IAC5C;QACE,EAAE,EAAE,gCAAgC;QACpC,KAAK,EAAE,2CAA2C;QAClD,WAAW,EACT,oJAAoJ;QACtJ,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,CAAC,IAAI,CAAC;QACtB,OAAO,EAAE,8EAA8E;QACvF,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,QAAQ,EAAE,UAAU;KACrB;CACF,CAAC;AAKO,kCAAW;AAHpB,qCAAqC;AACrC,IAAA,iCAAa,EAAC,QAAQ,EAAE,WAAW,CAAC,CAAC"}

package/dist/config/node.config.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * ============================================================================
+ * node.config.ts — Express / Node.js-specific coding rules
+ * ============================================================================
+ *
+ * Registers rules that apply to Express and generic Node.js backend projects:
+ *   - Route handler / service separation
+ *   - Async error propagation
+ *   - Input validation enforcement
+ *   - Security: helmet, CORS, parameterized queries
+ *   - Environment configuration patterns
+ *   - Graceful shutdown
+ */
+import { Rule } from './guidelines.config';
+declare const nodeRules: Rule[];
+export { nodeRules };
+//# sourceMappingURL=node.config.d.ts.map

package/dist/config/node.config.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"node.config.d.ts","sourceRoot":"","sources":["../../config/node.config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAiB,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAE1D,QAAA,MAAM,SAAS,EAAE,IAAI,EAmZpB,CAAC;AAKF,OAAO,EAAE,SAAS,EAAE,CAAC"}