@hatem427/code-guard-ci 3.3.0 → 3.4.0

package/config/hono.config.ts

@@ -1,331 +0,0 @@
-/**
- * ============================================================================
- * hono.config.ts — Hono-specific coding rules
- * ============================================================================
- *
- * Registers rules that apply to Hono (edge + server) projects:
- *   - Zod validation enforcement
- *   - Context variable typing
- *   - Middleware chaining patterns
- *   - HTTPException usage
- *   - Environment access patterns
- *   - Stateless / edge-first patterns
- */
-
-import { registerRules, Rule } from './guidelines.config';
-
-const honoRules: Rule[] = [
-
-  // ── Validation ────────────────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: hono-use-zod-validator
-  // ROLE: Enforce schema-based request validation
-  // PURPOSE: Accessing c.req.json() or c.req.query() without validation
-  //          passes raw untyped data to your handlers. Using @hono/zod-validator
-  //          ensures type safety and returns a 400 automatically on bad input.
-  // EXAMPLE:
-  //   WRONG:
-  //     app.post('/users', async (c) => {
-  //       const body = await c.req.json();  // untyped, unvalidated
-  //     });
-  //   RIGHT:
-  //     import { zValidator } from '@hono/zod-validator';
-  //     app.post('/users', zValidator('json', CreateUserSchema), async (c) => {
-  //       const body = c.req.valid('json');  // typed and validated
-  //     });
-  // ─────────────────────────────────────────
-  {
-    id: 'hono-use-zod-validator',
-    label: 'Use zValidator for request body validation',
-    description:
-      'Use @hono/zod-validator middleware on routes that accept request bodies. Calling c.req.json() directly bypasses type safety and validation.',
-    severity: 'error',
-    fileExtensions: ['ts'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      if (
-        !file.relativePath.includes('/routes/') &&
-        !file.relativePath.endsWith('.route.ts') &&
-        !file.relativePath.endsWith('.routes.ts')
-      ) {
-        return [];
-      }
-
-      // Detect routes that use c.req.json() without zValidator
-      for (let i = 0; i < file.lines.length; i++) {
-        const line = file.lines[i];
-        if (/c\.req\.json\s*\(/.test(line)) {
-          // Check surrounding context for zValidator
-          const context = file.lines.slice(Math.max(0, i - 10), i).join('\n');
-          if (!context.includes('zValidator') && !context.includes('z.object')) {
-            violations.push({
-              line: i + 1,
-              message:
-                'c.req.json() used without zValidator middleware. Use zValidator("json", schema) before the handler and access via c.req.valid("json").',
-            });
-          }
-        }
-      }
-
-      return violations;
-    },
-    applicableTo: ['hono'],
-    category: 'Validation',
-  },
-
-  // ─────────────────────────────────────────
-  // RULE: hono-use-valid-not-json
-  // ROLE: Enforce validated data access after zValidator
-  // PURPOSE: After applying zValidator middleware, handlers must use
-  //          c.req.valid() to access the validated, typed data.
-  //          c.req.json() bypasses validation and returns raw untyped data.
-  // EXAMPLE:
-  //   WRONG:
-  //     app.post('/user', zValidator('json', schema), async (c) => {
-  //       const body = await c.req.json(); // still untyped!
-  //     });
-  //   RIGHT:
-  //     app.post('/user', zValidator('json', schema), async (c) => {
-  //       const body = c.req.valid('json'); // typed + validated
-  //     });
-  // ─────────────────────────────────────────
-  {
-    id: 'hono-use-valid-not-json',
-    label: 'After zValidator, use c.req.valid() not c.req.json()',
-    description:
-      'When zValidator middleware is applied, access validated data via c.req.valid("json") instead of await c.req.json(). The latter bypasses type narrowing.',
-    severity: 'warning',
-    fileExtensions: ['ts'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      if (!file.content.includes('zValidator')) return [];
-
-      for (let i = 0; i < file.lines.length; i++) {
-        if (/await c\.req\.json\s*\(/.test(file.lines[i])) {
-          violations.push({
-            line: i + 1,
-            message:
-              'zValidator is used in this file. Replace await c.req.json() with c.req.valid("json") to access the typed validated data.',
-          });
-        }
-      }
-
-      return violations;
-    },
-    applicableTo: ['hono'],
-    category: 'Validation',
-  },
-
-  // ── Error Handling ────────────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: hono-use-http-exception
-  // ROLE: Enforce HTTPException for expected errors
-  // PURPOSE: Throwing a raw Error in a Hono handler produces a generic 500
-  //          response with no meaningful body. HTTPException allows you to set
-  //          a specific status code and message that will be formatted by
-  //          Hono's onError handler consistently.
-  // EXAMPLE:
-  //   WRONG:
-  //     throw new Error('User not found');
-  //   RIGHT:
-  //     throw new HTTPException(404, { message: 'User not found' });
-  // ─────────────────────────────────────────
-  {
-    id: 'hono-use-http-exception',
-    label: 'Use HTTPException instead of raw Error',
-    description:
-      'Throw HTTPException from hono with a status code and message for expected errors (404, 401, 400, etc.). Raw Error objects produce unformatted 500 responses.',
-    severity: 'warning',
-    fileExtensions: ['ts'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      if (
-        !file.relativePath.includes('/routes/') &&
-        !file.relativePath.includes('/handlers/') &&
-        !file.relativePath.endsWith('.route.ts') &&
-        !file.relativePath.endsWith('.handler.ts')
-      ) {
-        return [];
-      }
-
-      for (let i = 0; i < file.lines.length; i++) {
-        if (/throw\s+new\s+Error\s*\(/.test(file.lines[i])) {
-          violations.push({
-            line: i + 1,
-            message:
-              'Raw Error thrown. Use HTTPException: throw new HTTPException(404, { message: "Not found" })',
-          });
-        }
-      }
-
-      return violations;
-    },
-    applicableTo: ['hono'],
-    category: 'Error Handling',
-  },
-
-  // ── Context Variables ─────────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: hono-type-context-variables
-  // ROLE: Enforce typed context variables
-  // PURPOSE: Using c.get() and c.set() without typed Variables means the
-  //          TypeScript compiler cannot verify keys exist, leading to
-  //          undefined value bugs at runtime.
-  // EXAMPLE:
-  //   WRONG:
-  //     app.use(async (c, next) => {
-  //       c.set('user', user); // no type checking on 'user' key
-  //     });
-  //   RIGHT:
-  //     type Variables = { user: User };
-  //     const app = new Hono<{ Variables: Variables }>();
-  //     app.use(async (c, next) => { c.set('user', user); });
-  // ─────────────────────────────────────────
-  {
-    id: 'hono-type-context-variables',
-    label: 'Type context Variables for c.get() / c.set()',
-    description:
-      'Declare a typed Variables interface and pass it as a generic to new Hono<{ Variables: Variables }>(). This enables TypeScript to validate context variable keys and values.',
-    severity: 'warning',
-    fileExtensions: ['ts'],
-    pattern: null,
-    customCheck: (file) => {
-      const hasContextSet = /c\.set\s*\(/.test(file.content);
-      const hasHonoGeneric = /new\s+Hono\s*</.test(file.content);
-      const hasVariablesType = /Variables\s*=\s*\{/.test(file.content);
-
-      if (hasContextSet && !hasHonoGeneric && !hasVariablesType) {
-        return [
-          {
-            line: null,
-            message:
-              'c.set() is used without typed Variables. Define: type Variables = { ... } and use new Hono<{ Variables: Variables }>().',
-          },
-        ];
-      }
-
-      return [];
-    },
-    applicableTo: ['hono'],
-    category: 'Type Safety',
-  },
-
-  // ── Environment Access ────────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: hono-use-c-env
-  // ROLE: Enforce correct env access on edge runtimes
-  // PURPOSE: On Cloudflare Workers and similar runtimes, process.env is
-  //          unavailable. Environment bindings are accessed via c.env.
-  //          Even on Node.js, centralising env access via c.env makes
-  //          the app portable across runtimes.
-  // EXAMPLE:
-  //   WRONG:
-  //     const secret = process.env['JWT_SECRET'];
-  //   RIGHT:
-  //     // In Hono handler:
-  //     const secret = c.env.JWT_SECRET;
-  // ─────────────────────────────────────────
-  {
-    id: 'hono-use-c-env',
-    label: 'Use c.env for environment variables (edge-compatible)',
-    description:
-      'Prefer c.env over process.env for environment variables. process.env is not available in Cloudflare Workers or Deno and makes apps runtime-specific.',
-    severity: 'warning',
-    fileExtensions: ['ts'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      if (
-        !file.relativePath.includes('/routes/') &&
-        !file.relativePath.includes('/handlers/') &&
-        !file.relativePath.endsWith('.route.ts') &&
-        !file.relativePath.endsWith('.handler.ts') &&
-        !file.relativePath.endsWith('.middleware.ts')
-      ) {
-        return [];
-      }
-
-      for (let i = 0; i < file.lines.length; i++) {
-        if (/process\.env\b/.test(file.lines[i])) {
-          violations.push({
-            line: i + 1,
-            message:
-              'process.env used in Hono handler/route. Use c.env.VARIABLE_NAME for edge-runtime portability.',
-          });
-        }
-      }
-
-      return violations;
-    },
-    applicableTo: ['hono'],
-    category: 'Security',
-  },
-
-  // ── Route Organisation ────────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: hono-use-sub-apps
-  // ROLE: Enforce composable route architecture
-  // PURPOSE: Defining all routes on a single root Hono instance leads to a
-  //          monolithic file. Sub-apps (separate Hono instances per domain)
-  //          composed via app.route() enable feature isolation and per-domain
-  //          middleware application.
-  // EXAMPLE:
-  //   WRONG:
-  //     app.get('/users', ...)
-  //     app.post('/users', ...)
-  //     app.get('/products', ...)   // all in one file
-  //   RIGHT:
-  //     // users.route.ts
-  //     const users = new Hono();
-  //     users.get('/', ...)
-  //     export default users;
-  //     // app.ts
-  //     app.route('/users', users);
-  // ─────────────────────────────────────────
-  {
-    id: 'hono-use-sub-apps',
-    label: 'Organise routes as Hono sub-apps using app.route()',
-    description:
-      'Define each domain\'s routes in a separate Hono sub-app and compose them via app.route("/prefix", subApp). Avoid putting all routes on a single root instance.',
-    severity: 'info',
-    fileExtensions: ['ts'],
-    pattern: null,
-    customCheck: (file) => {
-      if (!file.relativePath.endsWith('index.ts') && !file.relativePath.endsWith('app.ts')) {
-        return [];
-      }
-
-      const routeCount = (file.content.match(/app\.\s*(?:get|post|put|patch|delete)\s*\(/g) || []).length;
-
-      if (routeCount > 5) {
-        return [
-          {
-            line: null,
-            message: `${routeCount} routes defined on a single Hono instance. Extract into domain sub-apps and use app.route('/prefix', subApp).`,
-          },
-        ];
-      }
-
-      return [];
-    },
-    applicableTo: ['hono'],
-    category: 'Architecture',
-  },
-];
-
-// Register all Hono-specific rules
-registerRules('hono', honoRules);
-
-export { honoRules };