@lamentis/naome 1.3.16 → 1.4.0

package/crates/naome-core/src/architecture/config_findings.rs

@@ -0,0 +1,50 @@
+mod configuration;
+mod imports;
+
+use super::output::{ArchitectureAgentFeedback, ArchitectureConfigFinding};
+use super::scan::ArchitectureScanReport;
+
+pub fn architecture_config_agent_feedback(
+    findings: &[ArchitectureConfigFinding],
+) -> Vec<ArchitectureAgentFeedback> {
+    findings
+        .iter()
+        .filter(|finding| finding.id == "arch.import.unresolved")
+        .map(|finding| ArchitectureAgentFeedback {
+            problem: finding.message.clone(),
+            repair: finding.suggestion.clone(),
+            files: finding
+                .subject
+                .strip_prefix("file:")
+                .map(|path| vec![path.to_string()])
+                .unwrap_or_default(),
+            must_not_do: vec![
+                "Do not leave unresolved imports hidden from architecture validation.".to_string(),
+                "Do not suppress architecture findings without an explicit ignore reason."
+                    .to_string(),
+            ],
+        })
+        .collect()
+}
+
+pub fn config_findings_for(scan: &ArchitectureScanReport) -> Vec<ArchitectureConfigFinding> {
+    let mut findings = Vec::new();
+    findings.extend(configuration::findings(scan));
+    findings.extend(imports::findings(scan));
+    findings.sort_by(|left, right| {
+        (
+            left.id.as_str(),
+            left.subject.as_str(),
+            left.message.as_str(),
+        )
+            .cmp(&(
+                right.id.as_str(),
+                right.subject.as_str(),
+                right.message.as_str(),
+            ))
+    });
+    findings.dedup_by(|left, right| {
+        left.id == right.id && left.subject == right.subject && left.message == right.message
+    });
+    findings
+}

package/crates/naome-core/src/architecture/explain.rs

@@ -0,0 +1,45 @@
+use super::config_findings::config_findings_for;
+use super::output::ARCHITECTURE_RULE_IDS;
+use super::scan::ArchitectureScanReport;
+
+pub fn format_architecture_explain(scan: &ArchitectureScanReport) -> String {
+    let findings = config_findings_for(scan);
+    let layers = scan
+        .config
+        .layers
+        .keys()
+        .cloned()
+        .collect::<Vec<_>>()
+        .join(", ");
+    let contexts = scan
+        .config
+        .contexts
+        .keys()
+        .cloned()
+        .collect::<Vec<_>>()
+        .join(", ");
+    let mut output = format!(
+        "NAOME Architecture Fitness\nrules: {}\nlayers: {}\ncontexts: {}\npath extractor: enabled for every repository\nimport extractors: typescript, javascript, rust, python, go, swift\n",
+        ARCHITECTURE_RULE_IDS.join(", "),
+        empty_label(&layers),
+        empty_label(&contexts)
+    );
+    if !findings.is_empty() {
+        output.push_str(&format!("configuration findings: {}\n", findings.len()));
+        for finding in findings.iter().take(5) {
+            output.push_str(&format!(
+                "- {} {}: {}\n",
+                finding.severity, finding.subject, finding.message
+            ));
+        }
+    }
+    output
+}
+
+fn empty_label(value: &str) -> &str {
+    if value.is_empty() {
+        "<none>"
+    } else {
+        value
+    }
+}

package/crates/naome-core/src/architecture/output.rs

@@ -1,8 +1,14 @@
 use serde::{Deserialize, Serialize};
+use serde_json::{json, Value};
+use std::collections::BTreeSet;
+use std::path::Path;
 
 use super::model::{Severity, SourceRange};
 use super::scan::ArchitectureScanReport;
 
+const SARIF_REPO_ROOT_BASE_ID: &str = "REPO_ROOT";
+const ARCHITECTURE_CONFIG_PATH: &str = "naome.arch.yaml";
+
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "camelCase")]
 pub struct ViolationSummary {
@@ -86,138 +92,40 @@ pub fn architecture_agent_feedback(
         .map(|violation| ArchitectureAgentFeedback {
             problem: violation.message.clone(),
             repair: violation.suggestion.clone(),
-            files: violation.path.iter().cloned().collect(),
-            must_not_do: vec![
-                "Do not suppress architecture rules without an explicit ignore reason.".to_string(),
-                "Do not edit generated files unless the architecture config allows it.".to_string(),
-            ],
+            files: feedback_files(violation),
+            must_not_do: feedback_must_not_do(violation),
         })
         .collect()
 }
 
-pub fn config_findings_for(scan: &ArchitectureScanReport) -> Vec<ArchitectureConfigFinding> {
-    let mut findings = Vec::new();
-    findings.extend(broad_layer_findings(scan));
-    findings.extend(catch_all_context_findings(scan));
-    findings.sort_by(|left, right| {
-        (left.id.as_str(), left.subject.as_str()).cmp(&(right.id.as_str(), right.subject.as_str()))
-    });
-    findings.dedup_by(|left, right| left.id == right.id && left.subject == right.subject);
-    findings
-}
-
-fn broad_layer_findings(scan: &ArchitectureScanReport) -> Vec<ArchitectureConfigFinding> {
-    let mut findings = Vec::new();
-    for (layer_name, layer) in &scan.config.layers {
-        let Some(broad_pattern) = layer
-            .paths
-            .iter()
-            .find(|pattern| is_broad_source_pattern(pattern))
+fn feedback_files(violation: &ArchitectureViolation) -> Vec<String> {
+    let mut files = Vec::new();
+    if let Some(path) = &violation.path {
+        files.push(path.clone());
+    }
+    for endpoint in [&violation.from, &violation.to] {
+        let Some(path) = endpoint
+            .as_deref()
+            .and_then(|value| value.strip_prefix("file:"))
         else {
             continue;
         };
-        let overlapping_layers = scan
-            .config
-            .layers
-            .iter()
-            .filter(|(other_name, other_layer)| {
-                other_name.as_str() != layer_name.as_str()
-                    && other_layer
-                        .paths
-                        .iter()
-                        .any(|pattern| pattern_is_narrower_than(pattern, broad_pattern))
-            })
-            .map(|(name, _)| name.clone())
-            .collect::<Vec<_>>();
-        if overlapping_layers.is_empty() {
-            continue;
+        if !files.iter().any(|existing| existing == path) {
+            files.push(path.to_string());
         }
-        findings.push(ArchitectureConfigFinding {
-            id: "arch.config.broad_layer_overlap".to_string(),
-            severity: "warning".to_string(),
-            subject: format!("layer:{layer_name}"),
-            message: format!(
-                "Layer {layer_name} uses broad path pattern {broad_pattern} while narrower layers also match inside it: {}.",
-                overlapping_layers.join(", ")
-            ),
-            suggestion: format!(
-                "Keep broad compatibility layers intentional and make allowed_dependencies explicit, or narrow {layer_name} so files do not inherit multiple architectural meanings by default."
-            ),
-            agent_instruction: format!(
-                "Do not rely on broad layer {layer_name} to hide architecture boundaries; prefer narrower layer paths or explicit allow rules."
-            ),
-        });
     }
-    findings
+    files
 }
 
-fn catch_all_context_findings(scan: &ArchitectureScanReport) -> Vec<ArchitectureConfigFinding> {
-    if scan.config.contexts.len() <= 1 {
-        return Vec::new();
-    }
-    scan.config
-        .contexts
-        .iter()
-        .filter(|(_, context)| {
-            context
-                .paths
-                .iter()
-                .any(|pattern| is_broad_source_pattern(pattern))
-        })
-        .filter_map(|(context_name, context)| {
-            let broad_pattern = context
-                .paths
-                .iter()
-                .find(|pattern| is_broad_source_pattern(pattern))?;
-            let specific_contexts = scan
-                .config
-                .contexts
-                .iter()
-                .filter(|(other_name, other_context)| {
-                    other_name.as_str() != context_name.as_str()
-                        && other_context
-                            .paths
-                            .iter()
-                            .any(|pattern| pattern_is_narrower_than(pattern, broad_pattern))
-                })
-                .map(|(name, _)| name.clone())
-                .collect::<Vec<_>>();
-            if specific_contexts.is_empty() {
-                return None;
-            }
-            Some(ArchitectureConfigFinding {
-                id: "arch.config.catch_all_context_with_specific_contexts".to_string(),
-                severity: "warning".to_string(),
-                subject: format!("context:{context_name}"),
-                message: format!(
-                    "Context {context_name} uses catch-all path pattern {broad_pattern} alongside narrower contexts: {}.",
-                    specific_contexts.join(", ")
-                ),
-                suggestion: format!(
-                    "Treat {context_name} as a compatibility bucket only. Move shared code into explicit public APIs or replace the catch-all context with narrower bounded contexts."
-                ),
-                agent_instruction: format!(
-                    "Do not classify cross-context imports as safe only because {context_name} also matches them; model the real bounded context or public API."
-                ),
-            })
-        })
-        .collect()
-}
-
-fn is_broad_source_pattern(pattern: &str) -> bool {
-    matches!(pattern, "**" | "**/*" | "src/**" | "packages/**/src/**")
-}
-
-fn pattern_is_narrower_than(pattern: &str, broad_pattern: &str) -> bool {
-    if pattern == broad_pattern {
-        return false;
-    }
-    match broad_pattern {
-        "**" | "**/*" => true,
-        "src/**" => pattern.starts_with("src/") && pattern != "src/**",
-        "packages/**/src/**" => pattern.starts_with("packages/") && pattern.contains("/src/"),
-        _ => false,
+fn feedback_must_not_do(violation: &ArchitectureViolation) -> Vec<String> {
+    let mut items = vec![
+        "Do not suppress architecture rules without an explicit ignore reason.".to_string(),
+        "Do not edit generated files unless the architecture config allows it.".to_string(),
+    ];
+    if violation.id == "arch.no_forbidden_layer_dependencies" {
+        items.push(violation.agent_instruction.clone());
     }
+    items
 }
 
 pub fn summary_for(violations: &[ArchitectureViolation]) -> ViolationSummary {
@@ -315,44 +223,192 @@ pub fn format_architecture_scan(report: &ArchitectureScanReport) -> String {
     output
 }
 
-pub fn format_architecture_explain(scan: &ArchitectureScanReport) -> String {
-    let findings = config_findings_for(scan);
-    let layers = scan
-        .config
-        .layers
-        .keys()
-        .cloned()
-        .collect::<Vec<_>>()
-        .join(", ");
-    let contexts = scan
-        .config
-        .contexts
-        .keys()
-        .cloned()
-        .collect::<Vec<_>>()
-        .join(", ");
-    let mut output = format!(
-        "NAOME Architecture Fitness\nrules: {}\nlayers: {}\ncontexts: {}\npath extractor: enabled for every repository\nimport extractors: typescript, javascript, rust, python, go, swift\n",
-        ARCHITECTURE_RULE_IDS.join(", "),
-        empty_label(&layers),
-        empty_label(&contexts)
-    );
-    if !findings.is_empty() {
-        output.push_str(&format!("configuration findings: {}\n", findings.len()));
-        for finding in findings.iter().take(5) {
-            output.push_str(&format!(
-                "- {} {}: {}\n",
-                finding.severity, finding.subject, finding.message
-            ));
+pub fn architecture_validation_sarif(report: &ArchitectureValidation) -> Value {
+    architecture_validation_sarif_with_root(report, Path::new("/"))
+}
+
+pub fn architecture_validation_sarif_with_root(
+    report: &ArchitectureValidation,
+    repo_root: &Path,
+) -> Value {
+    let mut rule_ids = ARCHITECTURE_RULE_IDS
+        .iter()
+        .map(|rule| rule.to_string())
+        .collect::<BTreeSet<_>>();
+    for finding in &report.config_findings {
+        rule_ids.insert(finding.id.clone());
+    }
+    for violation in &report.violations {
+        rule_ids.insert(violation.id.clone());
+    }
+
+    let rules = rule_ids
+        .iter()
+        .map(|id| {
+            json!({
+                "id": id,
+                "name": id,
+                "shortDescription": {
+                    "text": id
+                },
+                "helpUri": "https://github.com/Lamentis-O/naome/blob/main/docs/naome/architecture-fitness.md"
+            })
+        })
+        .collect::<Vec<_>>();
+
+    let mut results = Vec::new();
+    for violation in &report.violations {
+        results.push(sarif_result_for_violation(violation));
+    }
+    for finding in &report.config_findings {
+        results.push(sarif_result_for_config_finding(finding));
+    }
+
+    json!({
+        "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
+        "version": "2.1.0",
+        "runs": [
+            {
+                "tool": {
+                    "driver": {
+                        "name": "NAOME Architecture Fitness",
+                        "informationUri": "https://github.com/Lamentis-O/naome",
+                        "rules": rules
+                    }
+                },
+                "originalUriBaseIds": {
+                    "REPO_ROOT": {
+                        "uri": file_uri_for_directory(repo_root)
+                    }
+                },
+                "results": results,
+                "properties": {
+                    "status": report.status,
+                    "filesScanned": report.files_scanned,
+                    "graphNodes": report.graph_nodes,
+                    "graphEdges": report.graph_edges,
+                    "changedOnlyRequested": report.changed_only_requested,
+                    "changedOnlyMode": report.changed_only_mode,
+                    "changedOnlyDegradedToFullScan": report.changed_only_degraded_to_full_scan,
+                    "changedOnlyDegradationReason": report.changed_only_degradation_reason
+                }
+            }
+        ]
+    })
+}
+
+fn sarif_result_for_violation(violation: &ArchitectureViolation) -> Value {
+    json!({
+        "ruleId": violation.id,
+        "level": sarif_level_for_severity(violation.severity),
+        "message": {
+            "text": violation.message
+        },
+        "locations": sarif_locations(
+            violation.path.as_deref().or_else(|| violation_file_endpoint(violation)),
+            violation.source_range.as_ref()
+        ),
+        "properties": {
+            "type": violation.violation_type,
+            "from": violation.from,
+            "to": violation.to,
+            "suggestion": violation.suggestion,
+            "agentInstruction": violation.agent_instruction
         }
+    })
+}
+
+fn sarif_result_for_config_finding(finding: &ArchitectureConfigFinding) -> Value {
+    let path = config_finding_path(finding);
+    json!({
+        "ruleId": finding.id,
+        "level": sarif_level_for_config_finding(&finding.severity),
+        "message": {
+            "text": finding.message
+        },
+        "locations": sarif_locations(Some(path.as_str()), None),
+        "properties": {
+            "subject": finding.subject,
+            "suggestion": finding.suggestion,
+            "agentInstruction": finding.agent_instruction
+        }
+    })
+}
+
+fn sarif_locations(path: Option<&str>, source_range: Option<&SourceRange>) -> Vec<Value> {
+    let Some(path) = path else {
+        return Vec::new();
+    };
+    let mut physical_location = json!({
+        "artifactLocation": {
+            "uri": path,
+            "uriBaseId": SARIF_REPO_ROOT_BASE_ID
+        }
+    });
+    if let Some(range) = source_range {
+        physical_location["region"] = json!({
+            "startLine": range.start_line,
+            "startColumn": range.start_column,
+            "endLine": range.end_line,
+            "endColumn": range.end_column
+        });
     }
-    output
+    vec![json!({
+        "physicalLocation": physical_location
+    })]
+}
+
+fn violation_file_endpoint(violation: &ArchitectureViolation) -> Option<&str> {
+    [&violation.from, &violation.to]
+        .into_iter()
+        .flatten()
+        .find_map(|endpoint| endpoint.strip_prefix("file:"))
+}
+
+fn config_finding_path(finding: &ArchitectureConfigFinding) -> String {
+    finding
+        .subject
+        .strip_prefix("file:")
+        .unwrap_or(ARCHITECTURE_CONFIG_PATH)
+        .to_string()
 }
 
-fn empty_label(value: &str) -> &str {
-    if value.is_empty() {
-        "<none>"
-    } else {
-        value
+fn sarif_level_for_severity(severity: Severity) -> &'static str {
+    match severity {
+        Severity::Error => "error",
+        Severity::Warning => "warning",
+        Severity::Info => "note",
+    }
+}
+
+fn sarif_level_for_config_finding(severity: &str) -> &'static str {
+    match severity {
+        "error" => "error",
+        "warning" => "warning",
+        _ => "note",
+    }
+}
+
+fn file_uri_for_directory(path: &Path) -> String {
+    let mut normalized = path.to_string_lossy().replace('\\', "/");
+    if !normalized.starts_with('/') {
+        normalized.insert(0, '/');
+    }
+    while normalized.ends_with('/') && normalized.len() > 1 {
+        normalized.pop();
+    }
+    format!("file://{}/", encode_uri_path(&normalized))
+}
+
+fn encode_uri_path(path: &str) -> String {
+    let mut encoded = String::new();
+    for byte in path.as_bytes() {
+        match *byte {
+            b'A'..=b'Z' | b'a'..=b'z' | b'0'..=b'9' | b'/' | b'-' | b'.' | b'_' | b'~' => {
+                encoded.push(*byte as char)
+            }
+            value => encoded.push_str(&format!("%{value:02X}")),
+        }
     }
+    encoded
 }

package/crates/naome-core/src/architecture/rules.rs

@@ -1,9 +1,9 @@
 use crate::paths;
 
+use super::config_findings::{architecture_config_agent_feedback, config_findings_for};
 use super::model::Severity;
 use super::output::{
-    architecture_agent_feedback, config_findings_for, summary_for, ArchitectureValidation,
-    ArchitectureViolation,
+    architecture_agent_feedback, summary_for, ArchitectureValidation, ArchitectureViolation,
 };
 use super::scan::ArchitectureScanReport;
 use crate::architecture::model::ArchitectureEdgeKind;
@@ -44,8 +44,9 @@ pub fn validate_scan(scan: ArchitectureScanReport) -> ArchitectureValidation {
     });
     let summary = summary_for(&violations);
     let status = if summary.errors > 0 { "fail" } else { "pass" }.to_string();
-    let agent_feedback = architecture_agent_feedback(&violations);
     let config_findings = config_findings_for(&scan);
+    let mut agent_feedback = architecture_agent_feedback(&violations);
+    agent_feedback.extend(architecture_config_agent_feedback(&config_findings));
 
     ArchitectureValidation {
         schema: "naome.arch.validation.v1".to_string(),

package/crates/naome-core/src/architecture/scan/cache.rs

@@ -9,7 +9,7 @@ use super::FileFact;
 use crate::models::NaomeError;
 
 const CACHE_SCHEMA: &str = "naome.architecture-cache.v1";
-const EXTRACTOR_VERSION: &str = "architecture-cache-v1.3.14";
+const EXTRACTOR_VERSION: &str = "architecture-cache-v1.4.0";
 const CACHE_PATH: &str = ".naome/cache/architecture/cache.json";
 
 #[derive(Debug, Clone, Serialize, Deserialize)]

package/crates/naome-core/src/architecture/scan/imports/resolver/candidates.rs

@@ -0,0 +1,71 @@
+use std::collections::BTreeSet;
+
+pub(super) fn resolve_candidates(
+    candidate: &str,
+    repository_files: &BTreeSet<String>,
+    language: Option<&str>,
+) -> Option<String> {
+    candidate_paths(candidate, language)
+        .into_iter()
+        .find(|path| repository_files.contains(path))
+}
+
+pub(super) fn resolve_progressively(
+    candidate: &str,
+    repository_files: &BTreeSet<String>,
+    language: Option<&str>,
+    separator: char,
+) -> Option<String> {
+    let mut current = candidate.to_string();
+    loop {
+        if let Some(path) = resolve_candidates(&current, repository_files, language) {
+            return Some(path);
+        }
+        let Some((parent, _)) = current.rsplit_once(separator) else {
+            return None;
+        };
+        current = parent.to_string();
+    }
+}
+
+fn candidate_paths(candidate: &str, language: Option<&str>) -> Vec<String> {
+    let extensions = extensions_for_language(language);
+    let mut candidates = extensions
+        .iter()
+        .map(|extension| format!("{candidate}{extension}"))
+        .collect::<Vec<_>>();
+    match language {
+        Some("rust") => candidates.push(format!("{candidate}/mod.rs")),
+        Some("python") => candidates.push(format!("{candidate}/__init__.py")),
+        Some("go") => {}
+        Some("typescript") | Some("javascript") => candidates.extend([
+            format!("{candidate}/index.ts"),
+            format!("{candidate}/index.tsx"),
+            format!("{candidate}/index.js"),
+            format!("{candidate}/index.jsx"),
+        ]),
+        _ => candidates.extend([
+            format!("{candidate}/index.ts"),
+            format!("{candidate}/index.tsx"),
+            format!("{candidate}/index.js"),
+            format!("{candidate}/index.jsx"),
+            format!("{candidate}/mod.rs"),
+            format!("{candidate}/__init__.py"),
+        ]),
+    }
+    candidates
+}
+
+fn extensions_for_language(language: Option<&str>) -> &'static [&'static str] {
+    match language {
+        Some("rust") => &["", ".rs"],
+        Some("python") => &["", ".py"],
+        Some("go") => &["", ".go"],
+        Some("swift") => &["", ".swift"],
+        Some("typescript") => &["", ".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"],
+        Some("javascript") => &["", ".js", ".jsx", ".mjs", ".cjs", ".ts", ".tsx"],
+        _ => &[
+            "", ".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".rs", ".py", ".go", ".swift",
+        ],
+    }
+}