@lunora/advisor 0.0.0 → 1.0.0-alpha.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +105 -0
- package/README.md +130 -9
- package/__assets__/package-og.svg +14 -0
- package/dist/index.d.mts +1680 -0
- package/dist/index.d.ts +1680 -0
- package/dist/index.mjs +89 -0
- package/dist/packem_shared/AE_METRIC_EVENTS-DexctYv6.mjs +85 -0
- package/dist/packem_shared/adminRouteWithoutGuard-UUGBkAjU.mjs +33 -0
- package/dist/packem_shared/authApiCallWithoutHeaders-BeJhCZaf.mjs +38 -0
- package/dist/packem_shared/circularFk-B2freHrP.mjs +84 -0
- package/dist/packem_shared/constraintValidator-Dr9Py3FD.mjs +186 -0
- package/dist/packem_shared/containerOversizedInstance-5U1VKPRM.mjs +36 -0
- package/dist/packem_shared/containerPublicInternet-CuNerJE5.mjs +30 -0
- package/dist/packem_shared/duplicateIndex-BOublMSt.mjs +57 -0
- package/dist/packem_shared/emptyIndex-BX8EuEY7.mjs +32 -0
- package/dist/packem_shared/externalSourceOnGlobal-Bg-NfCX9.mjs +30 -0
- package/dist/packem_shared/externalSourceUnscoped-5vT-Bup3.mjs +44 -0
- package/dist/packem_shared/filterWithoutIndex-BYVeJaSs.mjs +31 -0
- package/dist/packem_shared/finding-Dm_zvzS1.mjs +16 -0
- package/dist/packem_shared/fk-index-IUK1ukgs.mjs +7 -0
- package/dist/packem_shared/fromServerSchema-WVRvXPy8.mjs +56 -0
- package/dist/packem_shared/hardcodedSecret-W2pz1UZB.mjs +35 -0
- package/dist/packem_shared/helpers-DNCkMWZQ.mjs +4 -0
- package/dist/packem_shared/hotShard-Ir5D0B6J.mjs +48 -0
- package/dist/packem_shared/hyperdriveOutsideAction-BgZqX7Xg.mjs +30 -0
- package/dist/packem_shared/indexReferencesUnknownField-DH0_dbUY.mjs +36 -0
- package/dist/packem_shared/indexUtilization-B5DMQ3bI.mjs +45 -0
- package/dist/packem_shared/maskUncoveredPiiColumn-DjGIPG6M.mjs +61 -0
- package/dist/packem_shared/mutatorFullRowReplace-BJnNDaIV.mjs +26 -0
- package/dist/packem_shared/nondeterministicQueryMutation-GXES1fLp.mjs +35 -0
- package/dist/packem_shared/policyReferencesUnknownTable-DtaIEovd.mjs +38 -0
- package/dist/packem_shared/publicArgumentUsesAny-C71b2NCf.mjs +32 -0
- package/dist/packem_shared/publicMutationWithoutRatelimit-xBpJ6GWK.mjs +36 -0
- package/dist/packem_shared/r2sqlOutsideAction-CtqxvMuV.mjs +30 -0
- package/dist/packem_shared/relationReferencesUnknownField-YznyXt_7.mjs +54 -0
- package/dist/packem_shared/relationReferencesUnknownTable-DrorpKYe.mjs +33 -0
- package/dist/packem_shared/rlsUncoveredTable-CxEfZ5eZ.mjs +56 -0
- package/dist/packem_shared/shapeTargetsGlobalTable-DHrf4Koi.mjs +34 -0
- package/dist/packem_shared/shapeUnknownTable-C8aDWFoe.mjs +34 -0
- package/dist/packem_shared/sqlInjectionRisk-zwytYGLt.mjs +26 -0
- package/dist/packem_shared/tableWithoutInsert-CbbaYIP4.mjs +34 -0
- package/dist/packem_shared/unboundedStringArgument-DThg2-wt.mjs +32 -0
- package/dist/packem_shared/unindexedForeignKey-BgJbKyqK.mjs +45 -0
- package/dist/packem_shared/unindexedRelationTarget-D6eyj6Xx.mjs +53 -0
- package/dist/packem_shared/userCreatingMutationWithoutCaptcha-CH31YsUZ.mjs +42 -0
- package/dist/packem_shared/workflowDuplicateStepName-ioBxPBCy.mjs +48 -0
- package/dist/packem_shared/workflowUnknownTarget-Cdd7WhKQ.mjs +34 -0
- package/dist/packem_shared/workflowUnused-D0jHxdz9.mjs +38 -0
- package/package.json +40 -17
package/LICENSE.md
ADDED
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
# Functional Source License, Version 1.1, Apache 2.0 Future License
|
|
2
|
+
|
|
3
|
+
## Abbreviation
|
|
4
|
+
|
|
5
|
+
FSL-1.1-Apache-2.0
|
|
6
|
+
|
|
7
|
+
## Notice
|
|
8
|
+
|
|
9
|
+
Copyright 2026 anolilab and contributors
|
|
10
|
+
|
|
11
|
+
## Terms and Conditions
|
|
12
|
+
|
|
13
|
+
### Licensor ("We")
|
|
14
|
+
|
|
15
|
+
The party offering the Software under these Terms and Conditions.
|
|
16
|
+
|
|
17
|
+
### The Software
|
|
18
|
+
|
|
19
|
+
The "Software" is each version of the software that we make available under
|
|
20
|
+
these Terms and Conditions, as indicated by our inclusion of these Terms and
|
|
21
|
+
Conditions with the Software.
|
|
22
|
+
|
|
23
|
+
### License Grant
|
|
24
|
+
|
|
25
|
+
Subject to your compliance with this License Grant and the Patents,
|
|
26
|
+
Redistribution and Trademark clauses below, we hereby grant you the right to
|
|
27
|
+
use, copy, modify, create derivative works, publicly perform, publicly display
|
|
28
|
+
and redistribute the Software for any Permitted Purpose identified below.
|
|
29
|
+
|
|
30
|
+
### Permitted Purpose
|
|
31
|
+
|
|
32
|
+
A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
|
|
33
|
+
means making the Software available to others in a commercial product or service
|
|
34
|
+
that:
|
|
35
|
+
|
|
36
|
+
1. substitutes for the Software;
|
|
37
|
+
|
|
38
|
+
2. substitutes for any other product or service we offer using the Software that
|
|
39
|
+
exists as of the date we make the Software available; or
|
|
40
|
+
|
|
41
|
+
3. offers the same or substantially similar functionality as the Software.
|
|
42
|
+
|
|
43
|
+
Permitted Purposes specifically include using the Software:
|
|
44
|
+
|
|
45
|
+
1. for your internal use and access;
|
|
46
|
+
|
|
47
|
+
2. for non-commercial education;
|
|
48
|
+
|
|
49
|
+
3. for non-commercial research; and
|
|
50
|
+
|
|
51
|
+
4. in connection with professional services that you provide to a licensee using
|
|
52
|
+
the Software in accordance with these Terms and Conditions.
|
|
53
|
+
|
|
54
|
+
### Patents
|
|
55
|
+
|
|
56
|
+
To the extent your use for a Permitted Purpose would necessarily infringe our
|
|
57
|
+
patents, the license grant above includes a license under our patents. If you
|
|
58
|
+
make a claim against any party that the Software infringes or contributes to the
|
|
59
|
+
infringement of any patent, then your patent license to the Software ends
|
|
60
|
+
immediately.
|
|
61
|
+
|
|
62
|
+
### Redistribution
|
|
63
|
+
|
|
64
|
+
The Terms and Conditions apply to all copies, modifications and derivatives of
|
|
65
|
+
the Software.
|
|
66
|
+
|
|
67
|
+
If you redistribute any copies, modifications or derivatives of the Software,
|
|
68
|
+
you must include a copy of or a link to these Terms and Conditions and not
|
|
69
|
+
remove any copyright notices provided in or with the Software.
|
|
70
|
+
|
|
71
|
+
### Disclaimer
|
|
72
|
+
|
|
73
|
+
THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
|
|
74
|
+
IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
|
|
75
|
+
PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
|
|
76
|
+
|
|
77
|
+
IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
|
|
78
|
+
SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN
|
|
79
|
+
IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
|
|
80
|
+
|
|
81
|
+
### Trademarks
|
|
82
|
+
|
|
83
|
+
Except for displaying the License Details and identifying us as the origin of
|
|
84
|
+
the Software, you have no right under these Terms and Conditions to use our
|
|
85
|
+
trademarks, trade names, service marks or product names.
|
|
86
|
+
|
|
87
|
+
## Grant of Future License
|
|
88
|
+
|
|
89
|
+
We hereby irrevocably grant you an additional license to use the Software under
|
|
90
|
+
the Apache License, Version 2.0 that is effective on the second anniversary of
|
|
91
|
+
the date we make the Software available. On or after that date, you may use the
|
|
92
|
+
Software under the Apache License, Version 2.0, in which case the following will
|
|
93
|
+
apply:
|
|
94
|
+
|
|
95
|
+
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
|
|
96
|
+
this file except in compliance with the License.
|
|
97
|
+
|
|
98
|
+
You may obtain a copy of the License at
|
|
99
|
+
|
|
100
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
101
|
+
|
|
102
|
+
Unless required by applicable law or agreed to in writing, software distributed
|
|
103
|
+
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
|
104
|
+
CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
|
105
|
+
specific language governing permissions and limitations under the License.
|
package/README.md
CHANGED
|
@@ -1,18 +1,139 @@
|
|
|
1
|
-
|
|
1
|
+
<!-- START_PACKAGE_OG_IMAGE_PLACEHOLDER -->
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
<a href="https://www.anolilab.com/open-source" align="center">
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
<img src="__assets__/package-og.svg" alt="advisor" />
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
</a>
|
|
8
8
|
|
|
9
|
-
-
|
|
10
|
-
- Repository: https://github.com/anolilab/lunora
|
|
9
|
+
<h3 align="center">Schema & query lints (splinter-style advisors) for Lunora, feeding the Studio Advisors view</h3>
|
|
11
10
|
|
|
12
|
-
|
|
11
|
+
<!-- END_PACKAGE_OG_IMAGE_PLACEHOLDER -->
|
|
13
12
|
|
|
14
|
-
|
|
13
|
+
<br />
|
|
14
|
+
|
|
15
|
+
<div align="center">
|
|
16
|
+
|
|
17
|
+
[![typescript-image][typescript-badge]][typescript-url]
|
|
18
|
+
[![FSL-1.1-Apache-2.0 licence][license-badge]][license]
|
|
19
|
+
[![npm version][npm-version-badge]][npm-version]
|
|
20
|
+
[![npm downloads][npm-downloads-badge]][npm-downloads]
|
|
21
|
+
[![PRs Welcome][prs-welcome-badge]][prs-welcome]
|
|
22
|
+
|
|
23
|
+
</div>
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
<div align="center">
|
|
28
|
+
<p>
|
|
29
|
+
<sup>
|
|
30
|
+
Daniel Bannert's open source work is supported by the community on <a href="https://github.com/sponsors/prisis">GitHub Sponsors</a>
|
|
31
|
+
</sup>
|
|
32
|
+
</p>
|
|
33
|
+
</div>
|
|
34
|
+
|
|
35
|
+
---
|
|
36
|
+
|
|
37
|
+
Schema and query lints for Lunora, modeled on Supabase's splinter. Each lint is a pure rule over a normalized `LintContext`; `runAdvisor()` runs a set and flattens their findings for the CLI, the Vite plugin, and the Studio Advisors view.
|
|
38
|
+
|
|
39
|
+
Most lints are `static`: they run against the declared schema (and the query reads / inserts the codegen feeder discovers in your function bodies), so a problem surfaces at codegen time before it ships — the edge over a live-database-only advisor. A smaller `runtime` tier (`hot_shard`, `index_utilization`, `constraint_validator`) reads observed signal from a running deployment.
|
|
40
|
+
|
|
41
|
+
Part of the [Lunora](https://github.com/anolilab/lunora) framework — a type-safe, real-time backend on Cloudflare Workers + Durable Objects with a Vite-first DX.
|
|
42
|
+
|
|
43
|
+
## Install
|
|
44
|
+
|
|
45
|
+
```sh
|
|
46
|
+
npm install @lunora/advisor
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
```sh
|
|
50
|
+
yarn add @lunora/advisor
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
```sh
|
|
54
|
+
pnpm add @lunora/advisor
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## Usage
|
|
58
|
+
|
|
59
|
+
You usually don't call this package directly — `@lunora/codegen` runs the static lints during `lunora dev` / `lunora codegen` and the Studio renders the findings. To run them yourself, adapt your schema with `fromServerSchema` and pass it to `runAdvisor`:
|
|
60
|
+
|
|
61
|
+
```ts
|
|
62
|
+
import { fromServerSchema, runAdvisor } from "@lunora/advisor";
|
|
63
|
+
|
|
64
|
+
import schema from "./lunora/schema";
|
|
65
|
+
|
|
66
|
+
// `source: "static"` skips the runtime lints, which need a live deployment.
|
|
67
|
+
const findings = runAdvisor({ schema: fromServerSchema(schema) }, { source: "static" });
|
|
68
|
+
|
|
69
|
+
for (const finding of findings) {
|
|
70
|
+
// Finding has: level, name, title, detail, description, remediation, metadata, …
|
|
71
|
+
console.log(`[${finding.level}] ${finding.name}: ${finding.detail}`);
|
|
72
|
+
}
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
`runAdvisor(context, options)` returns a flat `Finding[]` in lint-declaration order. Options:
|
|
76
|
+
|
|
77
|
+
- `lints` — the lint set to run (default `ALL_LINTS`; also exported: `STATIC_LINTS`, `RUNTIME_LINTS`, and each lint by name, e.g. `unindexedForeignKey`).
|
|
78
|
+
- `source` — restrict to one evidence tier, `"static"` or `"runtime"`. Omit to run both.
|
|
79
|
+
|
|
80
|
+
### Runtime lints
|
|
81
|
+
|
|
82
|
+
The runtime tier (`hot_shard`, `index_utilization`, `constraint_validator`) reads observed signal off the `LintContext` (`shardTraffic`, `tableScans`, `indexHits`, `tableSamples`). The Studio backend fills those from each shard's durable counters. As an alternative feeder, `loadAnalyticsRuntimeMetrics` reconstructs the same arrays from the Analytics Engine SQL API:
|
|
83
|
+
|
|
84
|
+
```ts
|
|
85
|
+
import { fromServerSchema, loadAnalyticsRuntimeMetrics, runAdvisor } from "@lunora/advisor";
|
|
86
|
+
|
|
87
|
+
import schema from "./lunora/schema";
|
|
88
|
+
|
|
89
|
+
// `client` is an `@lunora/bindings/analytics` SQL client (anything with `query(sql)`).
|
|
90
|
+
const metrics = await loadAnalyticsRuntimeMetrics(client, { dataset: "ANALYTICS" });
|
|
91
|
+
const findings = runAdvisor({ schema: fromServerSchema(schema), ...metrics }, { source: "runtime" });
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
A missing metric degrades to an empty array rather than throwing, so a partially configured read path still returns what it can.
|
|
95
|
+
|
|
96
|
+
> This README covers the basics. For the full API, options, and guides, see the **[documentation](https://lunora.sh/docs/addons/studio)**.
|
|
97
|
+
|
|
98
|
+
## Related
|
|
99
|
+
|
|
100
|
+
- [`@lunora/server`](https://www.npmjs.com/package/@lunora/server) — the `defineSchema` / `defineTable` schema these lints analyze.
|
|
101
|
+
- [`@lunora/codegen`](https://www.npmjs.com/package/@lunora/codegen) — runs the static lints at codegen time and returns them on `CodegenResult.advisories`.
|
|
102
|
+
- [`@lunora/studio`](https://www.npmjs.com/package/@lunora/studio) — renders the findings in the Advisors view.
|
|
103
|
+
|
|
104
|
+
## Supported Node.js Versions
|
|
105
|
+
|
|
106
|
+
Libraries in this ecosystem make the best effort to track [Node.js' release schedule](https://github.com/nodejs/release#release-schedule).
|
|
107
|
+
Here's [a post on why we think this is important](https://medium.com/the-node-js-collection/maintainers-should-consider-following-node-js-release-schedule-ab08ed4de71a).
|
|
108
|
+
|
|
109
|
+
## Contributing
|
|
110
|
+
|
|
111
|
+
If you would like to help take a look at the [list of issues](https://github.com/anolilab/lunora/issues) and check our [Contributing](https://github.com/anolilab/lunora/blob/alpha/.github/CONTRIBUTING.md) guidelines.
|
|
112
|
+
|
|
113
|
+
> **Note:** please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
|
|
114
|
+
|
|
115
|
+
## Credits
|
|
116
|
+
|
|
117
|
+
- [Daniel Bannert](https://github.com/prisis)
|
|
118
|
+
- [All Contributors](https://github.com/anolilab/lunora/graphs/contributors)
|
|
119
|
+
|
|
120
|
+
## Made with ❤️ at Anolilab
|
|
121
|
+
|
|
122
|
+
This is an open source project and will always remain free to use. If you think it's cool, please star it 🌟. [Anolilab](https://www.anolilab.com/open-source) is a Development and AI Studio. Contact us at [hello@anolilab.com](mailto:hello@anolilab.com) if you need any help with these technologies or just want to say hi!
|
|
15
123
|
|
|
16
124
|
## License
|
|
17
125
|
|
|
18
|
-
FSL-1.1-Apache-2.0
|
|
126
|
+
The Lunora advisor package is open-sourced software licensed under the [FSL-1.1-Apache-2.0][license].
|
|
127
|
+
|
|
128
|
+
<!-- badges -->
|
|
129
|
+
|
|
130
|
+
[license-badge]: https://img.shields.io/badge/license-FSL--1.1--Apache--2.0-blue.svg?style=for-the-badge
|
|
131
|
+
[license]: https://github.com/anolilab/lunora/blob/alpha/LICENSE.md
|
|
132
|
+
[npm-version-badge]: https://img.shields.io/npm/v/@lunora/advisor?style=for-the-badge
|
|
133
|
+
[npm-version]: https://www.npmjs.com/package/@lunora/advisor
|
|
134
|
+
[npm-downloads-badge]: https://img.shields.io/npm/dm/@lunora/advisor?style=for-the-badge
|
|
135
|
+
[npm-downloads]: https://www.npmjs.com/package/@lunora/advisor
|
|
136
|
+
[prs-welcome-badge]: https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=for-the-badge
|
|
137
|
+
[prs-welcome]: https://github.com/anolilab/lunora/blob/alpha/.github/CONTRIBUTING.md
|
|
138
|
+
[typescript-badge]: https://img.shields.io/badge/Typescript-294E80.svg?style=for-the-badge&logo=typescript
|
|
139
|
+
[typescript-url]: https://www.typescriptlang.org/
|