@lunora/advisor 0.0.0 → 1.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/LICENSE.md +105 -0
  2. package/README.md +130 -9
  3. package/__assets__/package-og.svg +14 -0
  4. package/dist/index.d.mts +1392 -0
  5. package/dist/index.d.ts +1392 -0
  6. package/dist/index.mjs +77 -0
  7. package/dist/packem_shared/AE_METRIC_EVENTS-DexctYv6.mjs +85 -0
  8. package/dist/packem_shared/adminRouteWithoutGuard-UUGBkAjU.mjs +33 -0
  9. package/dist/packem_shared/authApiCallWithoutHeaders-BeJhCZaf.mjs +38 -0
  10. package/dist/packem_shared/circularFk-B2freHrP.mjs +84 -0
  11. package/dist/packem_shared/constraintValidator-Dr9Py3FD.mjs +186 -0
  12. package/dist/packem_shared/containerOversizedInstance-5U1VKPRM.mjs +36 -0
  13. package/dist/packem_shared/containerPublicInternet-CuNerJE5.mjs +30 -0
  14. package/dist/packem_shared/duplicateIndex-BOublMSt.mjs +57 -0
  15. package/dist/packem_shared/emptyIndex-BX8EuEY7.mjs +32 -0
  16. package/dist/packem_shared/filterWithoutIndex-BYVeJaSs.mjs +31 -0
  17. package/dist/packem_shared/finding-Dm_zvzS1.mjs +16 -0
  18. package/dist/packem_shared/fk-index-IUK1ukgs.mjs +7 -0
  19. package/dist/packem_shared/fromServerSchema-DinF1nph.mjs +50 -0
  20. package/dist/packem_shared/hardcodedSecret-W2pz1UZB.mjs +35 -0
  21. package/dist/packem_shared/helpers-DNCkMWZQ.mjs +4 -0
  22. package/dist/packem_shared/hotShard-Ir5D0B6J.mjs +48 -0
  23. package/dist/packem_shared/hyperdriveOutsideAction-BgZqX7Xg.mjs +30 -0
  24. package/dist/packem_shared/indexReferencesUnknownField-DH0_dbUY.mjs +36 -0
  25. package/dist/packem_shared/indexUtilization-B5DMQ3bI.mjs +45 -0
  26. package/dist/packem_shared/maskUncoveredPiiColumn-DjGIPG6M.mjs +61 -0
  27. package/dist/packem_shared/nondeterministicQueryMutation-GXES1fLp.mjs +35 -0
  28. package/dist/packem_shared/policyReferencesUnknownTable-DtaIEovd.mjs +38 -0
  29. package/dist/packem_shared/publicArgumentUsesAny-C71b2NCf.mjs +32 -0
  30. package/dist/packem_shared/publicMutationWithoutRatelimit-xBpJ6GWK.mjs +36 -0
  31. package/dist/packem_shared/relationReferencesUnknownField-YznyXt_7.mjs +54 -0
  32. package/dist/packem_shared/relationReferencesUnknownTable-DrorpKYe.mjs +33 -0
  33. package/dist/packem_shared/rlsUncoveredTable-CxEfZ5eZ.mjs +56 -0
  34. package/dist/packem_shared/sqlInjectionRisk-zwytYGLt.mjs +26 -0
  35. package/dist/packem_shared/tableWithoutInsert-CbbaYIP4.mjs +34 -0
  36. package/dist/packem_shared/unboundedStringArgument-DThg2-wt.mjs +32 -0
  37. package/dist/packem_shared/unindexedForeignKey-BgJbKyqK.mjs +45 -0
  38. package/dist/packem_shared/unindexedRelationTarget-D6eyj6Xx.mjs +53 -0
  39. package/dist/packem_shared/userCreatingMutationWithoutCaptcha-CH31YsUZ.mjs +42 -0
  40. package/dist/packem_shared/workflowUnknownTarget-Cdd7WhKQ.mjs +34 -0
  41. package/dist/packem_shared/workflowUnused-D0jHxdz9.mjs +38 -0
  42. package/package.json +40 -17
package/LICENSE.md ADDED
@@ -0,0 +1,105 @@
1
+ # Functional Source License, Version 1.1, Apache 2.0 Future License
2
+
3
+ ## Abbreviation
4
+
5
+ FSL-1.1-Apache-2.0
6
+
7
+ ## Notice
8
+
9
+ Copyright 2026 anolilab and contributors
10
+
11
+ ## Terms and Conditions
12
+
13
+ ### Licensor ("We")
14
+
15
+ The party offering the Software under these Terms and Conditions.
16
+
17
+ ### The Software
18
+
19
+ The "Software" is each version of the software that we make available under
20
+ these Terms and Conditions, as indicated by our inclusion of these Terms and
21
+ Conditions with the Software.
22
+
23
+ ### License Grant
24
+
25
+ Subject to your compliance with this License Grant and the Patents,
26
+ Redistribution and Trademark clauses below, we hereby grant you the right to
27
+ use, copy, modify, create derivative works, publicly perform, publicly display
28
+ and redistribute the Software for any Permitted Purpose identified below.
29
+
30
+ ### Permitted Purpose
31
+
32
+ A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
33
+ means making the Software available to others in a commercial product or service
34
+ that:
35
+
36
+ 1. substitutes for the Software;
37
+
38
+ 2. substitutes for any other product or service we offer using the Software that
39
+ exists as of the date we make the Software available; or
40
+
41
+ 3. offers the same or substantially similar functionality as the Software.
42
+
43
+ Permitted Purposes specifically include using the Software:
44
+
45
+ 1. for your internal use and access;
46
+
47
+ 2. for non-commercial education;
48
+
49
+ 3. for non-commercial research; and
50
+
51
+ 4. in connection with professional services that you provide to a licensee using
52
+ the Software in accordance with these Terms and Conditions.
53
+
54
+ ### Patents
55
+
56
+ To the extent your use for a Permitted Purpose would necessarily infringe our
57
+ patents, the license grant above includes a license under our patents. If you
58
+ make a claim against any party that the Software infringes or contributes to the
59
+ infringement of any patent, then your patent license to the Software ends
60
+ immediately.
61
+
62
+ ### Redistribution
63
+
64
+ The Terms and Conditions apply to all copies, modifications and derivatives of
65
+ the Software.
66
+
67
+ If you redistribute any copies, modifications or derivatives of the Software,
68
+ you must include a copy of or a link to these Terms and Conditions and not
69
+ remove any copyright notices provided in or with the Software.
70
+
71
+ ### Disclaimer
72
+
73
+ THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
74
+ IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
75
+ PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
76
+
77
+ IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
78
+ SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN
79
+ IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
80
+
81
+ ### Trademarks
82
+
83
+ Except for displaying the License Details and identifying us as the origin of
84
+ the Software, you have no right under these Terms and Conditions to use our
85
+ trademarks, trade names, service marks or product names.
86
+
87
+ ## Grant of Future License
88
+
89
+ We hereby irrevocably grant you an additional license to use the Software under
90
+ the Apache License, Version 2.0 that is effective on the second anniversary of
91
+ the date we make the Software available. On or after that date, you may use the
92
+ Software under the Apache License, Version 2.0, in which case the following will
93
+ apply:
94
+
95
+ Licensed under the Apache License, Version 2.0 (the "License"); you may not use
96
+ this file except in compliance with the License.
97
+
98
+ You may obtain a copy of the License at
99
+
100
+ http://www.apache.org/licenses/LICENSE-2.0
101
+
102
+ Unless required by applicable law or agreed to in writing, software distributed
103
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
104
+ CONDITIONS OF ANY KIND, either express or implied. See the License for the
105
+ specific language governing permissions and limitations under the License.
package/README.md CHANGED
@@ -1,18 +1,139 @@
1
- # @lunora/advisor
1
+ <!-- START_PACKAGE_OG_IMAGE_PLACEHOLDER -->
2
2
 
3
- > ⚠️ **Placeholder release.** This package name is reserved for the [Lunora](https://lunora.sh) framework. The real `1.0.0-alpha` release is coming soon.
3
+ <a href="https://www.anolilab.com/open-source" align="center">
4
4
 
5
- Schema & query lints (splinter-style advisors) for Lunora, feeding the Studio Advisors view
5
+ <img src="__assets__/package-og.svg" alt="advisor" />
6
6
 
7
- Lunora is a type-safe, real-time backend framework for Cloudflare Workers + Durable Objects with a Vite-first developer experience.
7
+ </a>
8
8
 
9
- - Website: https://lunora.sh
10
- - Repository: https://github.com/anolilab/lunora
9
+ <h3 align="center">Schema &amp; query lints (splinter-style advisors) for Lunora, feeding the Studio Advisors view</h3>
11
10
 
12
- ## Status
11
+ <!-- END_PACKAGE_OG_IMAGE_PLACEHOLDER -->
13
12
 
14
- This is a `0.0.0` placeholder to reserve the npm name. Do not depend on it yet — APIs and exports are not published in this version. Watch the repository for the alpha release.
13
+ <br />
14
+
15
+ <div align="center">
16
+
17
+ [![typescript-image][typescript-badge]][typescript-url]
18
+ [![FSL-1.1-Apache-2.0 licence][license-badge]][license]
19
+ [![npm version][npm-version-badge]][npm-version]
20
+ [![npm downloads][npm-downloads-badge]][npm-downloads]
21
+ [![PRs Welcome][prs-welcome-badge]][prs-welcome]
22
+
23
+ </div>
24
+
25
+ ---
26
+
27
+ <div align="center">
28
+ <p>
29
+ <sup>
30
+ Daniel Bannert's open source work is supported by the community on <a href="https://github.com/sponsors/prisis">GitHub Sponsors</a>
31
+ </sup>
32
+ </p>
33
+ </div>
34
+
35
+ ---
36
+
37
+ Schema and query lints for Lunora, modeled on Supabase's splinter. Each lint is a pure rule over a normalized `LintContext`; `runAdvisor()` runs a set and flattens their findings for the CLI, the Vite plugin, and the Studio Advisors view.
38
+
39
+ Most lints are `static`: they run against the declared schema (and the query reads / inserts the codegen feeder discovers in your function bodies), so a problem surfaces at codegen time before it ships — the edge over a live-database-only advisor. A smaller `runtime` tier (`hot_shard`, `index_utilization`, `constraint_validator`) reads observed signal from a running deployment.
40
+
41
+ Part of the [Lunora](https://github.com/anolilab/lunora) framework — a type-safe, real-time backend on Cloudflare Workers + Durable Objects with a Vite-first DX.
42
+
43
+ ## Install
44
+
45
+ ```sh
46
+ npm install @lunora/advisor
47
+ ```
48
+
49
+ ```sh
50
+ yarn add @lunora/advisor
51
+ ```
52
+
53
+ ```sh
54
+ pnpm add @lunora/advisor
55
+ ```
56
+
57
+ ## Usage
58
+
59
+ You usually don't call this package directly — `@lunora/codegen` runs the static lints during `lunora dev` / `lunora codegen` and the Studio renders the findings. To run them yourself, adapt your schema with `fromServerSchema` and pass it to `runAdvisor`:
60
+
61
+ ```ts
62
+ import { fromServerSchema, runAdvisor } from "@lunora/advisor";
63
+
64
+ import schema from "./lunora/schema";
65
+
66
+ // `source: "static"` skips the runtime lints, which need a live deployment.
67
+ const findings = runAdvisor({ schema: fromServerSchema(schema) }, { source: "static" });
68
+
69
+ for (const finding of findings) {
70
+ // Finding has: level, name, title, detail, description, remediation, metadata, …
71
+ console.log(`[${finding.level}] ${finding.name}: ${finding.detail}`);
72
+ }
73
+ ```
74
+
75
+ `runAdvisor(context, options)` returns a flat `Finding[]` in lint-declaration order. Options:
76
+
77
+ - `lints` — the lint set to run (default `ALL_LINTS`; also exported: `STATIC_LINTS`, `RUNTIME_LINTS`, and each lint by name, e.g. `unindexedForeignKey`).
78
+ - `source` — restrict to one evidence tier, `"static"` or `"runtime"`. Omit to run both.
79
+
80
+ ### Runtime lints
81
+
82
+ The runtime tier (`hot_shard`, `index_utilization`, `constraint_validator`) reads observed signal off the `LintContext` (`shardTraffic`, `tableScans`, `indexHits`, `tableSamples`). The Studio backend fills those from each shard's durable counters. As an alternative feeder, `loadAnalyticsRuntimeMetrics` reconstructs the same arrays from the Analytics Engine SQL API:
83
+
84
+ ```ts
85
+ import { fromServerSchema, loadAnalyticsRuntimeMetrics, runAdvisor } from "@lunora/advisor";
86
+
87
+ import schema from "./lunora/schema";
88
+
89
+ // `client` is an `@lunora/analytics` SQL client (anything with `query(sql)`).
90
+ const metrics = await loadAnalyticsRuntimeMetrics(client, { dataset: "ANALYTICS" });
91
+ const findings = runAdvisor({ schema: fromServerSchema(schema), ...metrics }, { source: "runtime" });
92
+ ```
93
+
94
+ A missing metric degrades to an empty array rather than throwing, so a partially configured read path still returns what it can.
95
+
96
+ > This README covers the basics. For the full API, options, and guides, see the **[documentation](https://lunora.sh/docs/addons/studio)**.
97
+
98
+ ## Related
99
+
100
+ - [`@lunora/server`](https://www.npmjs.com/package/@lunora/server) — the `defineSchema` / `defineTable` schema these lints analyze.
101
+ - [`@lunora/codegen`](https://www.npmjs.com/package/@lunora/codegen) — runs the static lints at codegen time and returns them on `CodegenResult.advisories`.
102
+ - [`@lunora/studio`](https://www.npmjs.com/package/@lunora/studio) — renders the findings in the Advisors view.
103
+
104
+ ## Supported Node.js Versions
105
+
106
+ Libraries in this ecosystem make the best effort to track [Node.js' release schedule](https://github.com/nodejs/release#release-schedule).
107
+ Here's [a post on why we think this is important](https://medium.com/the-node-js-collection/maintainers-should-consider-following-node-js-release-schedule-ab08ed4de71a).
108
+
109
+ ## Contributing
110
+
111
+ If you would like to help take a look at the [list of issues](https://github.com/anolilab/lunora/issues) and check our [Contributing](https://github.com/anolilab/lunora/blob/alpha/.github/CONTRIBUTING.md) guidelines.
112
+
113
+ > **Note:** please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
114
+
115
+ ## Credits
116
+
117
+ - [Daniel Bannert](https://github.com/prisis)
118
+ - [All Contributors](https://github.com/anolilab/lunora/graphs/contributors)
119
+
120
+ ## Made with ❤️ at Anolilab
121
+
122
+ This is an open source project and will always remain free to use. If you think it's cool, please star it 🌟. [Anolilab](https://www.anolilab.com/open-source) is a Development and AI Studio. Contact us at [hello@anolilab.com](mailto:hello@anolilab.com) if you need any help with these technologies or just want to say hi!
15
123
 
16
124
  ## License
17
125
 
18
- FSL-1.1-Apache-2.0
126
+ The Lunora advisor package is open-sourced software licensed under the [FSL-1.1-Apache-2.0][license].
127
+
128
+ <!-- badges -->
129
+
130
+ [license-badge]: https://img.shields.io/badge/license-FSL--1.1--Apache--2.0-blue.svg?style=for-the-badge
131
+ [license]: https://github.com/anolilab/lunora/blob/alpha/LICENSE.md
132
+ [npm-version-badge]: https://img.shields.io/npm/v/@lunora/advisor?style=for-the-badge
133
+ [npm-version]: https://www.npmjs.com/package/@lunora/advisor
134
+ [npm-downloads-badge]: https://img.shields.io/npm/dm/@lunora/advisor?style=for-the-badge
135
+ [npm-downloads]: https://www.npmjs.com/package/@lunora/advisor
136
+ [prs-welcome-badge]: https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=for-the-badge
137
+ [prs-welcome]: https://github.com/anolilab/lunora/blob/alpha/.github/CONTRIBUTING.md
138
+ [typescript-badge]: https://img.shields.io/badge/Typescript-294E80.svg?style=for-the-badge&logo=typescript
139
+ [typescript-url]: https://www.typescriptlang.org/