@lamentis/naome 1.3.12 → 1.3.13

package/crates/naome-core/tests/architecture_manifests.rs

@@ -0,0 +1,289 @@
+use naome_core::{scan_architecture, ArchitectureEdgeKind, ArchitectureScanOptions};
+
+mod architecture_support;
+
+use architecture_support::FixtureRepo;
+
+#[test]
+fn manifest_extractors_add_package_dependency_graph_nodes() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "package.json",
+        r#"{
+  "name": "@acme/web",
+  "dependencies": { "react": "^18.0.0" },
+  "devDependencies": { "vite": "^5.0.0" }
+}
+"#,
+    );
+    repo.write(
+        "crates/app/Cargo.toml",
+        "[package]\nname = \"app\"\nversion = \"0.1.0\"\n[dependencies]\nserde = \"1\"\n",
+    );
+    repo.write(
+        "pyproject.toml",
+        "[project]\nname = \"acme-python\"\ndependencies = [\"requests>=2\", \"fastapi\"]\n",
+    );
+    repo.write(
+        "go.mod",
+        "module github.com/acme/app\nrequire github.com/gin-gonic/gin v1.9.0\n",
+    );
+    repo.write(
+        "pom.xml",
+        "<project><groupId>com.acme</groupId><artifactId>service</artifactId><dependencies><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId></dependency></dependencies></project>",
+    );
+    repo.write(
+        "build.gradle",
+        "plugins { id 'java' }\ndependencies { implementation 'com.google.guava:guava:33.0.0-jre' }\n",
+    );
+
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+
+    for node_id in [
+        "package:npm:package.json",
+        "package:cargo:crates/app/Cargo.toml",
+        "package:python:pyproject.toml",
+        "package:go:go.mod",
+        "package:maven:pom.xml",
+        "package:gradle:build.gradle",
+        "external:react",
+        "external:vite",
+        "external:serde",
+        "external:requests",
+        "external:fastapi",
+        "external:github.com/gin-gonic/gin",
+        "external:org.slf4j:slf4j-api",
+        "external:com.google.guava:guava",
+    ] {
+        assert!(
+            scan.graph.nodes.iter().any(|node| node.id == node_id),
+            "missing {node_id}"
+        );
+    }
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:npm:package.json"
+            && edge.to == "external:react"
+            && edge.metadata.extractor == "manifest:package.json"
+    }));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:go:go.mod"
+            && edge.to == "external:github.com/gin-gonic/gin"
+    }));
+    assert!(scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| { node.id == "package:npm:package.json" && node.label == "@acme/web" }));
+}
+
+#[test]
+fn manifest_package_ids_are_namespaced_and_parse_common_multiline_forms() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "package.json",
+        r#"{
+  "name": "core",
+  "dependencies": { "react": "^18.0.0" }
+}
+"#,
+    );
+    repo.write(
+        "crates/core/Cargo.toml",
+        "[package]\nname = \"core\"\nversion = \"0.1.0\"\n[dependencies.serde]\nversion = \"1\"\n",
+    );
+    repo.write(
+        "pyproject.toml",
+        "[project]\nname = \"core\"\ndependencies = [\n  \"requests>=2\",\n  \"fastapi\",\n]\n",
+    );
+    repo.write(
+        "build.gradle.kts",
+        "dependencies {\n  // implementation(\"com.acme:old-lib:1.0\")\n  implementation(\"com.google.guava:guava:33.0.0-jre\")\n  implementation group: 'com.squareup.okio', name: 'okio', version: '3.9.0'\n}\n",
+    );
+    repo.write(
+        "child/pom.xml",
+        r#"<project>
+  <parent>
+    <groupId>com.acme.parent</groupId>
+    <artifactId>parent</artifactId>
+  </parent>
+  <groupId>com.acme.child</groupId>
+  <artifactId>service</artifactId>
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>com.acme</groupId>
+        <artifactId>managed-only</artifactId>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+  <dependencies>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <dependencies>
+          <dependency>
+            <groupId>com.acme</groupId>
+            <artifactId>plugin-only</artifactId>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+</project>"#,
+    );
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+
+    for (node_id, label) in [
+        ("package:npm:package.json", "core"),
+        ("package:cargo:crates/core/Cargo.toml", "core"),
+        ("package:python:pyproject.toml", "core"),
+        ("package:gradle:build.gradle.kts", "gradle:build.gradle.kts"),
+        ("package:maven:child/pom.xml", "com.acme.child:service"),
+    ] {
+        assert!(
+            scan.graph
+                .nodes
+                .iter()
+                .any(|node| node.id == node_id && node.label == label),
+            "missing {node_id} with label {label}"
+        );
+    }
+    for (package_id, dependency_id) in [
+        ("package:npm:package.json", "external:react"),
+        ("package:cargo:crates/core/Cargo.toml", "external:serde"),
+        ("package:python:pyproject.toml", "external:requests"),
+        ("package:python:pyproject.toml", "external:fastapi"),
+        (
+            "package:gradle:build.gradle.kts",
+            "external:com.google.guava:guava",
+        ),
+        (
+            "package:gradle:build.gradle.kts",
+            "external:com.squareup.okio:okio",
+        ),
+        (
+            "package:maven:child/pom.xml",
+            "external:org.slf4j:slf4j-api",
+        ),
+    ] {
+        assert!(
+            scan.graph.edges.iter().any(|edge| {
+                edge.kind == ArchitectureEdgeKind::DependsOn
+                    && edge.from == package_id
+                    && edge.to == dependency_id
+            }),
+            "missing edge {package_id} -> {dependency_id}"
+        );
+    }
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:com.acme:old-lib"));
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:com.acme:managed-only"));
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:com.acme:plugin-only"));
+}
+
+#[test]
+fn swift_manifests_emit_package_and_dependency_nodes() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "Package.swift",
+        r#"// swift-tools-version: 5.9
+import PackageDescription
+
+let package = Package(
+  name: "Tickets",
+  dependencies: [
+    .package(url: "https://github.com/Alamofire/Alamofire.git", from: "5.9.0"),
+    .package(url: "https://github.com/pointfreeco/swift-composable-architecture", exact: "1.8.0")
+  ]
+)
+"#,
+    );
+    repo.write(
+        "Tickets.xcodeproj/project.pbxproj",
+        r#"
+/* Begin XCRemoteSwiftPackageReference section */
+  repositoryURL = "https://github.com/onevcat/Kingfisher.git";
+/* End XCRemoteSwiftPackageReference section */
+"#,
+    );
+
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+
+    for node_id in [
+        "package:swift:Package.swift",
+        "package:xcode:Tickets.xcodeproj/project.pbxproj",
+        "external:Alamofire",
+        "external:swift-composable-architecture",
+        "external:Kingfisher",
+    ] {
+        assert!(
+            scan.graph.nodes.iter().any(|node| node.id == node_id),
+            "missing {node_id}"
+        );
+    }
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:swift:Package.swift"
+            && edge.to == "external:Alamofire"
+    }));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:xcode:Tickets.xcodeproj/project.pbxproj"
+            && edge.to == "external:Kingfisher"
+    }));
+}
+
+#[test]
+fn swift_manifests_ignore_commented_package_declarations() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "Package.swift",
+        r#"// swift-tools-version: 5.9
+import PackageDescription
+
+let package = Package(
+  name: "CoreSwift",
+  dependencies: [
+    // .package(url: "https://github.com/Old/Old.git", from: "1.0.0"),
+    .package(url: "https://github.com/Alamofire/Alamofire.git", from: "5.9.0")
+  ]
+)
+"#,
+    );
+
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+
+    assert!(scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "package:swift:Package.swift" && node.label == "CoreSwift"));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:swift:Package.swift"
+            && edge.to == "external:Alamofire"
+    }));
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:Old"));
+}

package/crates/naome-core/tests/architecture_support/mod.rs

@@ -1,3 +1,5 @@
+#![allow(dead_code)]
+
 use std::fs;
 use std::path::{Path, PathBuf};
 use std::process::Command;

package/crates/naome-core/tests/architecture_swift.rs

@@ -0,0 +1,111 @@
+use naome_core::{scan_architecture, validate_architecture, ArchitectureScanOptions};
+
+mod architecture_support;
+
+use architecture_support::FixtureRepo;
+
+#[test]
+fn swift_imports_emit_external_dependency_edges_for_ios_apps() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "Sources/Tickets/AppView.swift",
+        "import SwiftUI\nimport UIKit\n@testable import TicketsCore\n@preconcurrency import Alamofire\n@_implementationOnly import Firebase\n",
+    );
+
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    let fact = scan
+        .file_facts
+        .get("Sources/Tickets/AppView.swift")
+        .unwrap();
+
+    assert_eq!(fact.language.as_deref(), Some("swift"));
+    for package in ["SwiftUI", "UIKit", "TicketsCore", "Alamofire", "Firebase"] {
+        assert!(
+            scan.graph
+                .nodes
+                .iter()
+                .any(|node| { node.id == format!("external:{package}") && node.label == package }),
+            "missing external node for {package}"
+        );
+    }
+}
+
+#[test]
+fn swift_apple_frameworks_do_not_violate_external_dependency_policy() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "naome.arch.yaml",
+        r#"
+layers:
+  domain:
+    paths:
+      - "Sources/Domain/**"
+rules:
+  external_dependency_policy:
+    enabled: true
+    severity: error
+external_dependencies:
+  domain:
+    allow: []
+"#,
+    );
+    repo.write(
+        "Sources/Domain/EventView.swift",
+        "import Foundation\nimport SwiftUI\nimport UIKit\nimport CoreBluetooth\nimport CoreImage\nimport CoreML\nimport Network\nimport Vision\nimport Alamofire\n",
+    );
+
+    let report = validate_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+
+    assert_eq!(report.summary.errors, 1);
+    assert_eq!(
+        report.violations[0].to.as_deref(),
+        Some("external:Alamofire")
+    );
+}
+
+#[test]
+fn swiftpm_target_imports_resolve_to_local_target_files() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "naome.arch.yaml",
+        r#"
+layers:
+  ui:
+    paths:
+      - "Sources/App/**"
+      - "Tests/**"
+rules:
+  external_dependency_policy:
+    enabled: true
+    severity: error
+external_dependencies:
+  ui:
+    allow: []
+"#,
+    );
+    repo.write(
+        "Sources/App/AppView.swift",
+        "import SwiftUI\nimport Core\nimport Alamofire\n",
+    );
+    repo.write("Sources/Core/Model.swift", "public struct Model {}\n");
+    repo.write(
+        "Tests/CoreTests/CoreTests.swift",
+        "import XCTest\n@testable import Core\n",
+    );
+
+    let report = validate_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.from == "file:Sources/App/AppView.swift" && edge.to == "file:Sources/Core/Model.swift"
+    }));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.from == "file:Tests/CoreTests/CoreTests.swift"
+            && edge.to == "file:Sources/Core/Model.swift"
+    }));
+    assert_eq!(report.summary.errors, 1);
+    assert_eq!(
+        report.violations[0].to.as_deref(),
+        Some("external:Alamofire")
+    );
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lamentis/naome",
-  "version": "1.3.12",
+  "version": "1.3.13",
   "description": "Native-first CLI for the NAOME agent harness.",
   "license": "Apache-2.0",
   "type": "module",

package/templates/naome-root/.naome/manifest.json

@@ -1,5 +1,5 @@
 {
-  "harnessVersion": "1.3.11",
+  "harnessVersion": "1.3.13",
   "installedAt": null,
   "integrity": {
     ".naome/bin/check-harness-health.js": "sha256:802d7419774981a6af1826b3882270ff8f41259d516f98c52a02b4ddc184c467",
@@ -9,7 +9,7 @@
     ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
     "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
     "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
-    "docs/naome/architecture-fitness.md": "sha256:3963d9a92d6481d4e72815a4dd749549320f23c45100b4821e75b7e6f3ffd00b",
+    "docs/naome/architecture-fitness.md": "sha256:26f04884c3ada083380bee5c3cb1aa3f39d8c8a1cc31ccc84c4ae795c594de5b",
     "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
     "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
     "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/docs/naome/architecture-fitness.md

@@ -137,16 +137,26 @@ fails only on configured error rules.
 
 ## Language Support
 
-The v1.3.12 foundation classifies TypeScript, JavaScript, Rust, Python, Go,
+The v1.3.13 foundation classifies TypeScript, JavaScript, Rust, Python, Go,
 Java, Kotlin, and Swift files by path extension. It extracts import facts for
-TypeScript, JavaScript, Rust, Python, and Go, resolves relative imports and
-simple repository-absolute aliases, and represents unresolved imports
-explicitly as graph nodes instead of dropping them. Architecture rules now
-cover layers, bounded contexts, public APIs, cycles, transitive layer reach,
-import/fan-out budgets, and external dependency policies.
+TypeScript, JavaScript, Rust, Python, Go, and Swift, resolves relative imports
+and simple repository-absolute aliases where the language supports them, and
+represents unresolved imports explicitly as graph nodes instead of dropping
+them. Swift and iOS app repositories get Apple framework imports, SwiftPM
+manifests, and Xcode Swift package references represented in the normalized
+graph; Apple SDK frameworks are treated as platform APIs for external policy.
+It also extracts package and dependency facts from `package.json`,
+`Cargo.toml`, `pyproject.toml`, `go.mod`, lightweight `pom.xml` / Gradle
+manifests, `Package.swift`, and `.xcodeproj/project.pbxproj`, then emits
+manifest-identity package nodes and manifest-owned `DependsOn` edges to
+external dependencies.
+Architecture rules now cover layers, bounded contexts, public APIs, cycles,
+transitive layer reach, import/fan-out budgets, and external dependency
+policies.
 
 ## Limitations
 
 This release intentionally keeps validation file-graph based. Manifest
-extractors, SARIF output, persistent scan caching, and deeper symbol-level call
+extractors are dependency-owner oriented and do not yet parse every build-tool
+feature. SARIF output, persistent scan caching, and deeper symbol-level call
 analysis remain planned follow-up slices before v1.4.0.