@opensip-cli/checks-universal 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (620) hide show
  1. package/LICENSE +202 -0
  2. package/NOTICE +8 -0
  3. package/README.md +31 -0
  4. package/dist/__tests__/all-checks-execute.test.d.ts +17 -0
  5. package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
  6. package/dist/__tests__/all-checks-execute.test.js +452 -0
  7. package/dist/__tests__/all-checks-execute.test.js.map +1 -0
  8. package/dist/__tests__/behavior-fixtures-10.test.d.ts +8 -0
  9. package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -0
  10. package/dist/__tests__/behavior-fixtures-10.test.js +200 -0
  11. package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -0
  12. package/dist/__tests__/behavior-fixtures-11.test.d.ts +8 -0
  13. package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -0
  14. package/dist/__tests__/behavior-fixtures-11.test.js +120 -0
  15. package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -0
  16. package/dist/__tests__/behavior-fixtures-12.test.d.ts +8 -0
  17. package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -0
  18. package/dist/__tests__/behavior-fixtures-12.test.js +157 -0
  19. package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -0
  20. package/dist/__tests__/behavior-fixtures-2.test.d.ts +8 -0
  21. package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
  22. package/dist/__tests__/behavior-fixtures-2.test.js +785 -0
  23. package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
  24. package/dist/__tests__/behavior-fixtures-3.test.d.ts +6 -0
  25. package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
  26. package/dist/__tests__/behavior-fixtures-3.test.js +663 -0
  27. package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
  28. package/dist/__tests__/behavior-fixtures-4.test.d.ts +5 -0
  29. package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
  30. package/dist/__tests__/behavior-fixtures-4.test.js +612 -0
  31. package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
  32. package/dist/__tests__/behavior-fixtures-5.test.d.ts +5 -0
  33. package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
  34. package/dist/__tests__/behavior-fixtures-5.test.js +469 -0
  35. package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
  36. package/dist/__tests__/behavior-fixtures-6.test.d.ts +8 -0
  37. package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
  38. package/dist/__tests__/behavior-fixtures-6.test.js +591 -0
  39. package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
  40. package/dist/__tests__/behavior-fixtures-7.test.d.ts +5 -0
  41. package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -0
  42. package/dist/__tests__/behavior-fixtures-7.test.js +662 -0
  43. package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -0
  44. package/dist/__tests__/behavior-fixtures-8.test.d.ts +11 -0
  45. package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -0
  46. package/dist/__tests__/behavior-fixtures-8.test.js +634 -0
  47. package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -0
  48. package/dist/__tests__/behavior-fixtures-9.test.d.ts +11 -0
  49. package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -0
  50. package/dist/__tests__/behavior-fixtures-9.test.js +271 -0
  51. package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -0
  52. package/dist/__tests__/behavior-fixtures.test.d.ts +14 -0
  53. package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
  54. package/dist/__tests__/behavior-fixtures.test.js +1423 -0
  55. package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
  56. package/dist/__tests__/checks.test.d.ts +2 -0
  57. package/dist/__tests__/checks.test.d.ts.map +1 -0
  58. package/dist/__tests__/checks.test.js +61 -0
  59. package/dist/__tests__/checks.test.js.map +1 -0
  60. package/dist/__tests__/env-var-validation.test.d.ts +14 -0
  61. package/dist/__tests__/env-var-validation.test.d.ts.map +1 -0
  62. package/dist/__tests__/env-var-validation.test.js +53 -0
  63. package/dist/__tests__/env-var-validation.test.js.map +1 -0
  64. package/dist/__tests__/file-length-limit.test.d.ts +2 -0
  65. package/dist/__tests__/file-length-limit.test.d.ts.map +1 -0
  66. package/dist/__tests__/file-length-limit.test.js +29 -0
  67. package/dist/__tests__/file-length-limit.test.js.map +1 -0
  68. package/dist/__tests__/fixture-coverage.allowlist.d.ts +18 -0
  69. package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
  70. package/dist/__tests__/fixture-coverage.allowlist.js +35 -0
  71. package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
  72. package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
  73. package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
  74. package/dist/__tests__/fixture-coverage.test.js +57 -0
  75. package/dist/__tests__/fixture-coverage.test.js.map +1 -0
  76. package/dist/__tests__/iic.test.d.ts +15 -0
  77. package/dist/__tests__/iic.test.d.ts.map +1 -0
  78. package/dist/__tests__/iic.test.js +316 -0
  79. package/dist/__tests__/iic.test.js.map +1 -0
  80. package/dist/__tests__/no-skipped-tests.test.d.ts +14 -0
  81. package/dist/__tests__/no-skipped-tests.test.d.ts.map +1 -0
  82. package/dist/__tests__/no-skipped-tests.test.js +144 -0
  83. package/dist/__tests__/no-skipped-tests.test.js.map +1 -0
  84. package/dist/__tests__/no-todo-comments.test.d.ts +2 -0
  85. package/dist/__tests__/no-todo-comments.test.d.ts.map +1 -0
  86. package/dist/__tests__/no-todo-comments.test.js +31 -0
  87. package/dist/__tests__/no-todo-comments.test.js.map +1 -0
  88. package/dist/__tests__/no-unimplemented-markers.test.d.ts +2 -0
  89. package/dist/__tests__/no-unimplemented-markers.test.d.ts.map +1 -0
  90. package/dist/__tests__/no-unimplemented-markers.test.js +140 -0
  91. package/dist/__tests__/no-unimplemented-markers.test.js.map +1 -0
  92. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts +10 -0
  93. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts.map +1 -0
  94. package/dist/__tests__/public-api-jsdoc-scope.test.js +176 -0
  95. package/dist/__tests__/public-api-jsdoc-scope.test.js.map +1 -0
  96. package/dist/__tests__/resilience-fp.test.d.ts +14 -0
  97. package/dist/__tests__/resilience-fp.test.d.ts.map +1 -0
  98. package/dist/__tests__/resilience-fp.test.js +110 -0
  99. package/dist/__tests__/resilience-fp.test.js.map +1 -0
  100. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts +2 -0
  101. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts.map +1 -0
  102. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js +32 -0
  103. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js.map +1 -0
  104. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts +2 -0
  105. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts.map +1 -0
  106. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js +152 -0
  107. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js.map +1 -0
  108. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts +2 -0
  109. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts.map +1 -0
  110. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js +129 -0
  111. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js.map +1 -0
  112. package/dist/checks/architecture/_yaml-doc-bindings.d.ts +23 -0
  113. package/dist/checks/architecture/_yaml-doc-bindings.d.ts.map +1 -0
  114. package/dist/checks/architecture/_yaml-doc-bindings.js +29 -0
  115. package/dist/checks/architecture/_yaml-doc-bindings.js.map +1 -0
  116. package/dist/checks/architecture/dependencies/index.d.ts +2 -0
  117. package/dist/checks/architecture/dependencies/index.d.ts.map +1 -0
  118. package/dist/checks/architecture/dependencies/index.js +2 -0
  119. package/dist/checks/architecture/dependencies/index.js.map +1 -0
  120. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts +11 -0
  121. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -0
  122. package/dist/checks/architecture/dependencies/no-duplicate-packages.js +171 -0
  123. package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -0
  124. package/dist/checks/architecture/docker-best-practices.d.ts +23 -0
  125. package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -0
  126. package/dist/checks/architecture/docker-best-practices.js +427 -0
  127. package/dist/checks/architecture/docker-best-practices.js.map +1 -0
  128. package/dist/checks/architecture/docker-ignore-validation.d.ts +18 -0
  129. package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -0
  130. package/dist/checks/architecture/docker-ignore-validation.js +117 -0
  131. package/dist/checks/architecture/docker-ignore-validation.js.map +1 -0
  132. package/dist/checks/architecture/docker-version-sync.d.ts +16 -0
  133. package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -0
  134. package/dist/checks/architecture/docker-version-sync.js +193 -0
  135. package/dist/checks/architecture/docker-version-sync.js.map +1 -0
  136. package/dist/checks/architecture/env-var-validation.d.ts +14 -0
  137. package/dist/checks/architecture/env-var-validation.d.ts.map +1 -0
  138. package/dist/checks/architecture/env-var-validation.js +289 -0
  139. package/dist/checks/architecture/env-var-validation.js.map +1 -0
  140. package/dist/checks/architecture/heavy-import-detection.d.ts +11 -0
  141. package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -0
  142. package/dist/checks/architecture/heavy-import-detection.js +91 -0
  143. package/dist/checks/architecture/heavy-import-detection.js.map +1 -0
  144. package/dist/checks/architecture/index.d.ts +16 -0
  145. package/dist/checks/architecture/index.d.ts.map +1 -0
  146. package/dist/checks/architecture/index.js +16 -0
  147. package/dist/checks/architecture/index.js.map +1 -0
  148. package/dist/checks/architecture/modules/empty-package-detection.d.ts +11 -0
  149. package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -0
  150. package/dist/checks/architecture/modules/empty-package-detection.js +277 -0
  151. package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -0
  152. package/dist/checks/architecture/modules/index.d.ts +3 -0
  153. package/dist/checks/architecture/modules/index.d.ts.map +1 -0
  154. package/dist/checks/architecture/modules/index.js +3 -0
  155. package/dist/checks/architecture/modules/index.js.map +1 -0
  156. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts +12 -0
  157. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -0
  158. package/dist/checks/architecture/modules/interface-implementation-consistency.js +555 -0
  159. package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -0
  160. package/dist/checks/architecture/no-custom-event-emitter.d.ts +11 -0
  161. package/dist/checks/architecture/no-custom-event-emitter.d.ts.map +1 -0
  162. package/dist/checks/architecture/no-custom-event-emitter.js +123 -0
  163. package/dist/checks/architecture/no-custom-event-emitter.js.map +1 -0
  164. package/dist/checks/architecture/no-kebab-option-indexing.d.ts +33 -0
  165. package/dist/checks/architecture/no-kebab-option-indexing.d.ts.map +1 -0
  166. package/dist/checks/architecture/no-kebab-option-indexing.js +81 -0
  167. package/dist/checks/architecture/no-kebab-option-indexing.js.map +1 -0
  168. package/dist/checks/architecture/node-version-consistency.d.ts +22 -0
  169. package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -0
  170. package/dist/checks/architecture/node-version-consistency.js +225 -0
  171. package/dist/checks/architecture/node-version-consistency.js.map +1 -0
  172. package/dist/checks/architecture/project-readme-existence.d.ts +13 -0
  173. package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -0
  174. package/dist/checks/architecture/project-readme-existence.js +55 -0
  175. package/dist/checks/architecture/project-readme-existence.js.map +1 -0
  176. package/dist/checks/architecture/stale-build-artifacts.d.ts +10 -0
  177. package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -0
  178. package/dist/checks/architecture/stale-build-artifacts.js +55 -0
  179. package/dist/checks/architecture/stale-build-artifacts.js.map +1 -0
  180. package/dist/checks/architecture/tool-has-manifest.d.ts +27 -0
  181. package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -0
  182. package/dist/checks/architecture/tool-has-manifest.js +135 -0
  183. package/dist/checks/architecture/tool-has-manifest.js.map +1 -0
  184. package/dist/checks/architecture/vitest-config-extends-base.d.ts +15 -0
  185. package/dist/checks/architecture/vitest-config-extends-base.d.ts.map +1 -0
  186. package/dist/checks/architecture/vitest-config-extends-base.js +104 -0
  187. package/dist/checks/architecture/vitest-config-extends-base.js.map +1 -0
  188. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts +49 -0
  189. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -0
  190. package/dist/checks/architecture/vitest-config-required-with-tests.js +199 -0
  191. package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -0
  192. package/dist/checks/documentation/_directives/eslint.d.ts +9 -0
  193. package/dist/checks/documentation/_directives/eslint.d.ts.map +1 -0
  194. package/dist/checks/documentation/_directives/eslint.js +168 -0
  195. package/dist/checks/documentation/_directives/eslint.js.map +1 -0
  196. package/dist/checks/documentation/_directives/fitness.d.ts +9 -0
  197. package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -0
  198. package/dist/checks/documentation/_directives/fitness.js +64 -0
  199. package/dist/checks/documentation/_directives/fitness.js.map +1 -0
  200. package/dist/checks/documentation/_directives/graph.d.ts +10 -0
  201. package/dist/checks/documentation/_directives/graph.d.ts.map +1 -0
  202. package/dist/checks/documentation/_directives/graph.js +65 -0
  203. package/dist/checks/documentation/_directives/graph.js.map +1 -0
  204. package/dist/checks/documentation/_directives/graph.test.d.ts +2 -0
  205. package/dist/checks/documentation/_directives/graph.test.d.ts.map +1 -0
  206. package/dist/checks/documentation/_directives/graph.test.js +54 -0
  207. package/dist/checks/documentation/_directives/graph.test.js.map +1 -0
  208. package/dist/checks/documentation/_directives/semgrep.d.ts +8 -0
  209. package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -0
  210. package/dist/checks/documentation/_directives/semgrep.js +72 -0
  211. package/dist/checks/documentation/_directives/semgrep.js.map +1 -0
  212. package/dist/checks/documentation/_directives/types.d.ts +21 -0
  213. package/dist/checks/documentation/_directives/types.d.ts.map +1 -0
  214. package/dist/checks/documentation/_directives/types.js +9 -0
  215. package/dist/checks/documentation/_directives/types.js.map +1 -0
  216. package/dist/checks/documentation/_directives/typescript.d.ts +10 -0
  217. package/dist/checks/documentation/_directives/typescript.d.ts.map +1 -0
  218. package/dist/checks/documentation/_directives/typescript.js +54 -0
  219. package/dist/checks/documentation/_directives/typescript.js.map +1 -0
  220. package/dist/checks/documentation/_public-api-graph.d.ts +30 -0
  221. package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -0
  222. package/dist/checks/documentation/_public-api-graph.js +304 -0
  223. package/dist/checks/documentation/_public-api-graph.js.map +1 -0
  224. package/dist/checks/documentation/directive-audit.d.ts +26 -0
  225. package/dist/checks/documentation/directive-audit.d.ts.map +1 -0
  226. package/dist/checks/documentation/directive-audit.js +144 -0
  227. package/dist/checks/documentation/directive-audit.js.map +1 -0
  228. package/dist/checks/documentation/index.d.ts +3 -0
  229. package/dist/checks/documentation/index.d.ts.map +1 -0
  230. package/dist/checks/documentation/index.js +3 -0
  231. package/dist/checks/documentation/index.js.map +1 -0
  232. package/dist/checks/documentation/public-api-jsdoc.d.ts +10 -0
  233. package/dist/checks/documentation/public-api-jsdoc.d.ts.map +1 -0
  234. package/dist/checks/documentation/public-api-jsdoc.js +131 -0
  235. package/dist/checks/documentation/public-api-jsdoc.js.map +1 -0
  236. package/dist/checks/file-length-limit.d.ts +16 -0
  237. package/dist/checks/file-length-limit.d.ts.map +1 -0
  238. package/dist/checks/file-length-limit.js +47 -0
  239. package/dist/checks/file-length-limit.js.map +1 -0
  240. package/dist/checks/index.d.ts +16 -0
  241. package/dist/checks/index.d.ts.map +1 -0
  242. package/dist/checks/index.js +16 -0
  243. package/dist/checks/index.js.map +1 -0
  244. package/dist/checks/no-todo-comments.d.ts +18 -0
  245. package/dist/checks/no-todo-comments.d.ts.map +1 -0
  246. package/dist/checks/no-todo-comments.js +79 -0
  247. package/dist/checks/no-todo-comments.js.map +1 -0
  248. package/dist/checks/no-unimplemented-markers.d.ts +24 -0
  249. package/dist/checks/no-unimplemented-markers.d.ts.map +1 -0
  250. package/dist/checks/no-unimplemented-markers.js +198 -0
  251. package/dist/checks/no-unimplemented-markers.js.map +1 -0
  252. package/dist/checks/quality/api/graphql-offset-pagination.d.ts +9 -0
  253. package/dist/checks/quality/api/graphql-offset-pagination.d.ts.map +1 -0
  254. package/dist/checks/quality/api/graphql-offset-pagination.js +63 -0
  255. package/dist/checks/quality/api/graphql-offset-pagination.js.map +1 -0
  256. package/dist/checks/quality/api/index.d.ts +3 -0
  257. package/dist/checks/quality/api/index.d.ts.map +1 -0
  258. package/dist/checks/quality/api/index.js +3 -0
  259. package/dist/checks/quality/api/index.js.map +1 -0
  260. package/dist/checks/quality/api/zod-openapi-sync.d.ts +13 -0
  261. package/dist/checks/quality/api/zod-openapi-sync.d.ts.map +1 -0
  262. package/dist/checks/quality/api/zod-openapi-sync.js +88 -0
  263. package/dist/checks/quality/api/zod-openapi-sync.js.map +1 -0
  264. package/dist/checks/quality/code-structure/dead-code.d.ts +12 -0
  265. package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -0
  266. package/dist/checks/quality/code-structure/dead-code.js +238 -0
  267. package/dist/checks/quality/code-structure/dead-code.js.map +1 -0
  268. package/dist/checks/quality/code-structure/index.d.ts +5 -0
  269. package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
  270. package/dist/checks/quality/code-structure/index.js +5 -0
  271. package/dist/checks/quality/code-structure/index.js.map +1 -0
  272. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts +25 -0
  273. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts.map +1 -0
  274. package/dist/checks/quality/code-structure/no-ai-attribution.js +76 -0
  275. package/dist/checks/quality/code-structure/no-ai-attribution.js.map +1 -0
  276. package/dist/checks/quality/code-structure/no-console-log.d.ts +17 -0
  277. package/dist/checks/quality/code-structure/no-console-log.d.ts.map +1 -0
  278. package/dist/checks/quality/code-structure/no-console-log.js +106 -0
  279. package/dist/checks/quality/code-structure/no-console-log.js.map +1 -0
  280. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts +25 -0
  281. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts.map +1 -0
  282. package/dist/checks/quality/code-structure/no-process-artifacts.js +104 -0
  283. package/dist/checks/quality/code-structure/no-process-artifacts.js.map +1 -0
  284. package/dist/checks/quality/dependency-version-consistency.d.ts +20 -0
  285. package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -0
  286. package/dist/checks/quality/dependency-version-consistency.js +266 -0
  287. package/dist/checks/quality/dependency-version-consistency.js.map +1 -0
  288. package/dist/checks/quality/fitness-ignore-hygiene.d.ts +10 -0
  289. package/dist/checks/quality/fitness-ignore-hygiene.d.ts.map +1 -0
  290. package/dist/checks/quality/fitness-ignore-hygiene.js +93 -0
  291. package/dist/checks/quality/fitness-ignore-hygiene.js.map +1 -0
  292. package/dist/checks/quality/frontend/expo-vector-icons.d.ts +13 -0
  293. package/dist/checks/quality/frontend/expo-vector-icons.d.ts.map +1 -0
  294. package/dist/checks/quality/frontend/expo-vector-icons.js +80 -0
  295. package/dist/checks/quality/frontend/expo-vector-icons.js.map +1 -0
  296. package/dist/checks/quality/frontend/image-optimization.d.ts +13 -0
  297. package/dist/checks/quality/frontend/image-optimization.d.ts.map +1 -0
  298. package/dist/checks/quality/frontend/image-optimization.js +166 -0
  299. package/dist/checks/quality/frontend/image-optimization.js.map +1 -0
  300. package/dist/checks/quality/frontend/index.d.ts +4 -0
  301. package/dist/checks/quality/frontend/index.d.ts.map +1 -0
  302. package/dist/checks/quality/frontend/index.js +4 -0
  303. package/dist/checks/quality/frontend/index.js.map +1 -0
  304. package/dist/checks/quality/frontend/navigation-typing.d.ts +12 -0
  305. package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -0
  306. package/dist/checks/quality/frontend/navigation-typing.js +77 -0
  307. package/dist/checks/quality/frontend/navigation-typing.js.map +1 -0
  308. package/dist/checks/quality/graph-ignore-hygiene.d.ts +10 -0
  309. package/dist/checks/quality/graph-ignore-hygiene.d.ts.map +1 -0
  310. package/dist/checks/quality/graph-ignore-hygiene.js +95 -0
  311. package/dist/checks/quality/graph-ignore-hygiene.js.map +1 -0
  312. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts +14 -0
  313. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts.map +1 -0
  314. package/dist/checks/quality/graph-ignore-hygiene.test.js +58 -0
  315. package/dist/checks/quality/graph-ignore-hygiene.test.js.map +1 -0
  316. package/dist/checks/quality/index.d.ts +16 -0
  317. package/dist/checks/quality/index.d.ts.map +1 -0
  318. package/dist/checks/quality/index.js +16 -0
  319. package/dist/checks/quality/index.js.map +1 -0
  320. package/dist/checks/quality/linting/eslint-justifications.d.ts +12 -0
  321. package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -0
  322. package/dist/checks/quality/linting/eslint-justifications.js +328 -0
  323. package/dist/checks/quality/linting/eslint-justifications.js.map +1 -0
  324. package/dist/checks/quality/linting/index.d.ts +4 -0
  325. package/dist/checks/quality/linting/index.d.ts.map +1 -0
  326. package/dist/checks/quality/linting/index.js +4 -0
  327. package/dist/checks/quality/linting/index.js.map +1 -0
  328. package/dist/checks/quality/linting/semgrep-justifications.d.ts +16 -0
  329. package/dist/checks/quality/linting/semgrep-justifications.d.ts.map +1 -0
  330. package/dist/checks/quality/linting/semgrep-justifications.js +229 -0
  331. package/dist/checks/quality/linting/semgrep-justifications.js.map +1 -0
  332. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts +12 -0
  333. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts.map +1 -0
  334. package/dist/checks/quality/linting/typescript-directive-hygiene.js +142 -0
  335. package/dist/checks/quality/linting/typescript-directive-hygiene.js.map +1 -0
  336. package/dist/checks/quality/no-compatibility-layer-names.d.ts +13 -0
  337. package/dist/checks/quality/no-compatibility-layer-names.d.ts.map +1 -0
  338. package/dist/checks/quality/no-compatibility-layer-names.js +100 -0
  339. package/dist/checks/quality/no-compatibility-layer-names.js.map +1 -0
  340. package/dist/checks/quality/no-deprecated-tags.d.ts +11 -0
  341. package/dist/checks/quality/no-deprecated-tags.d.ts.map +1 -0
  342. package/dist/checks/quality/no-deprecated-tags.js +76 -0
  343. package/dist/checks/quality/no-deprecated-tags.js.map +1 -0
  344. package/dist/checks/quality/no-markdown-references.d.ts +16 -0
  345. package/dist/checks/quality/no-markdown-references.d.ts.map +1 -0
  346. package/dist/checks/quality/no-markdown-references.js +145 -0
  347. package/dist/checks/quality/no-markdown-references.js.map +1 -0
  348. package/dist/checks/quality/no-raw-regex-on-code.d.ts +9 -0
  349. package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -0
  350. package/dist/checks/quality/no-raw-regex-on-code.js +61 -0
  351. package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -0
  352. package/dist/checks/quality/no-temporary-workarounds.d.ts +11 -0
  353. package/dist/checks/quality/no-temporary-workarounds.d.ts.map +1 -0
  354. package/dist/checks/quality/no-temporary-workarounds.js +69 -0
  355. package/dist/checks/quality/no-temporary-workarounds.js.map +1 -0
  356. package/dist/checks/quality/no-window-alert.d.ts +19 -0
  357. package/dist/checks/quality/no-window-alert.d.ts.map +1 -0
  358. package/dist/checks/quality/no-window-alert.js +74 -0
  359. package/dist/checks/quality/no-window-alert.js.map +1 -0
  360. package/dist/checks/quality/observability/index.d.ts +2 -0
  361. package/dist/checks/quality/observability/index.d.ts.map +1 -0
  362. package/dist/checks/quality/observability/index.js +2 -0
  363. package/dist/checks/quality/observability/index.js.map +1 -0
  364. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts +15 -0
  365. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts.map +1 -0
  366. package/dist/checks/quality/observability/pino-serializer-coverage.js +209 -0
  367. package/dist/checks/quality/observability/pino-serializer-coverage.js.map +1 -0
  368. package/dist/checks/quality/patterns/async-state-pattern.d.ts +14 -0
  369. package/dist/checks/quality/patterns/async-state-pattern.d.ts.map +1 -0
  370. package/dist/checks/quality/patterns/async-state-pattern.js +80 -0
  371. package/dist/checks/quality/patterns/async-state-pattern.js.map +1 -0
  372. package/dist/checks/quality/patterns/index.d.ts +4 -0
  373. package/dist/checks/quality/patterns/index.d.ts.map +1 -0
  374. package/dist/checks/quality/patterns/index.js +4 -0
  375. package/dist/checks/quality/patterns/index.js.map +1 -0
  376. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts +10 -0
  377. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts.map +1 -0
  378. package/dist/checks/quality/patterns/no-non-null-assertions.js +97 -0
  379. package/dist/checks/quality/patterns/no-non-null-assertions.js.map +1 -0
  380. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +16 -0
  381. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -0
  382. package/dist/checks/quality/patterns/performance-anti-patterns.js +239 -0
  383. package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -0
  384. package/dist/checks/resilience/_helpers/config-validation.d.ts +27 -0
  385. package/dist/checks/resilience/_helpers/config-validation.d.ts.map +1 -0
  386. package/dist/checks/resilience/_helpers/config-validation.js +61 -0
  387. package/dist/checks/resilience/_helpers/config-validation.js.map +1 -0
  388. package/dist/checks/resilience/batch-operations.d.ts +22 -0
  389. package/dist/checks/resilience/batch-operations.d.ts.map +1 -0
  390. package/dist/checks/resilience/batch-operations.js +422 -0
  391. package/dist/checks/resilience/batch-operations.js.map +1 -0
  392. package/dist/checks/resilience/cache-ttl-validation.d.ts +13 -0
  393. package/dist/checks/resilience/cache-ttl-validation.d.ts.map +1 -0
  394. package/dist/checks/resilience/cache-ttl-validation.js +222 -0
  395. package/dist/checks/resilience/cache-ttl-validation.js.map +1 -0
  396. package/dist/checks/resilience/catch-clause-safety.d.ts +12 -0
  397. package/dist/checks/resilience/catch-clause-safety.d.ts.map +1 -0
  398. package/dist/checks/resilience/catch-clause-safety.js +110 -0
  399. package/dist/checks/resilience/catch-clause-safety.js.map +1 -0
  400. package/dist/checks/resilience/dangerous-config-defaults.d.ts +11 -0
  401. package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -0
  402. package/dist/checks/resilience/dangerous-config-defaults.js +304 -0
  403. package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -0
  404. package/dist/checks/resilience/error-code-registration.d.ts +11 -0
  405. package/dist/checks/resilience/error-code-registration.d.ts.map +1 -0
  406. package/dist/checks/resilience/error-code-registration.js +88 -0
  407. package/dist/checks/resilience/error-code-registration.js.map +1 -0
  408. package/dist/checks/resilience/event-patterns.d.ts +21 -0
  409. package/dist/checks/resilience/event-patterns.d.ts.map +1 -0
  410. package/dist/checks/resilience/event-patterns.js +232 -0
  411. package/dist/checks/resilience/event-patterns.js.map +1 -0
  412. package/dist/checks/resilience/exit-code-correctness.d.ts +12 -0
  413. package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -0
  414. package/dist/checks/resilience/exit-code-correctness.js +107 -0
  415. package/dist/checks/resilience/exit-code-correctness.js.map +1 -0
  416. package/dist/checks/resilience/index.d.ts +18 -0
  417. package/dist/checks/resilience/index.d.ts.map +1 -0
  418. package/dist/checks/resilience/index.js +18 -0
  419. package/dist/checks/resilience/index.js.map +1 -0
  420. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts +10 -0
  421. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts.map +1 -0
  422. package/dist/checks/resilience/no-hardcoded-timeouts.js +291 -0
  423. package/dist/checks/resilience/no-hardcoded-timeouts.js.map +1 -0
  424. package/dist/checks/resilience/no-process-exit-in-finally.d.ts +11 -0
  425. package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -0
  426. package/dist/checks/resilience/no-process-exit-in-finally.js +89 -0
  427. package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -0
  428. package/dist/checks/resilience/readline-cleanup.d.ts +11 -0
  429. package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -0
  430. package/dist/checks/resilience/readline-cleanup.js +107 -0
  431. package/dist/checks/resilience/readline-cleanup.js.map +1 -0
  432. package/dist/checks/resilience/recovery-patterns.d.ts +25 -0
  433. package/dist/checks/resilience/recovery-patterns.d.ts.map +1 -0
  434. package/dist/checks/resilience/recovery-patterns.js +273 -0
  435. package/dist/checks/resilience/recovery-patterns.js.map +1 -0
  436. package/dist/checks/resilience/reentrancy-guard.d.ts +12 -0
  437. package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -0
  438. package/dist/checks/resilience/reentrancy-guard.js +86 -0
  439. package/dist/checks/resilience/reentrancy-guard.js.map +1 -0
  440. package/dist/checks/resilience/retry-config-validation.d.ts +13 -0
  441. package/dist/checks/resilience/retry-config-validation.d.ts.map +1 -0
  442. package/dist/checks/resilience/retry-config-validation.js +159 -0
  443. package/dist/checks/resilience/retry-config-validation.js.map +1 -0
  444. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +25 -0
  445. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -0
  446. package/dist/checks/resilience/sentry/_helpers/sentry.js +68 -0
  447. package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -0
  448. package/dist/checks/resilience/sentry/index.d.ts +8 -0
  449. package/dist/checks/resilience/sentry/index.d.ts.map +1 -0
  450. package/dist/checks/resilience/sentry/index.js +8 -0
  451. package/dist/checks/resilience/sentry/index.js.map +1 -0
  452. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts +12 -0
  453. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -0
  454. package/dist/checks/resilience/sentry/sentry-dsn-configured.js +55 -0
  455. package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -0
  456. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts +12 -0
  457. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -0
  458. package/dist/checks/resilience/sentry/sentry-environment-set.js +51 -0
  459. package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -0
  460. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts +12 -0
  461. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts.map +1 -0
  462. package/dist/checks/resilience/sentry/sentry-error-boundary.js +75 -0
  463. package/dist/checks/resilience/sentry/sentry-error-boundary.js.map +1 -0
  464. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts +13 -0
  465. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts.map +1 -0
  466. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js +125 -0
  467. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js.map +1 -0
  468. package/dist/checks/resilience/sentry/sentry-release-set.d.ts +12 -0
  469. package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -0
  470. package/dist/checks/resilience/sentry/sentry-release-set.js +51 -0
  471. package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -0
  472. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts +12 -0
  473. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts.map +1 -0
  474. package/dist/checks/resilience/sentry/sentry-sample-rate.js +78 -0
  475. package/dist/checks/resilience/sentry/sentry-sample-rate.js.map +1 -0
  476. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts +12 -0
  477. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts.map +1 -0
  478. package/dist/checks/resilience/sentry/sentry-source-maps.js +83 -0
  479. package/dist/checks/resilience/sentry/sentry-source-maps.js.map +1 -0
  480. package/dist/checks/resilience/service-patterns.d.ts +18 -0
  481. package/dist/checks/resilience/service-patterns.d.ts.map +1 -0
  482. package/dist/checks/resilience/service-patterns.js +230 -0
  483. package/dist/checks/resilience/service-patterns.js.map +1 -0
  484. package/dist/checks/resilience/timer-lifecycle.d.ts +10 -0
  485. package/dist/checks/resilience/timer-lifecycle.d.ts.map +1 -0
  486. package/dist/checks/resilience/timer-lifecycle.js +78 -0
  487. package/dist/checks/resilience/timer-lifecycle.js.map +1 -0
  488. package/dist/checks/resilience/transaction-patterns.d.ts +21 -0
  489. package/dist/checks/resilience/transaction-patterns.d.ts.map +1 -0
  490. package/dist/checks/resilience/transaction-patterns.js +258 -0
  491. package/dist/checks/resilience/transaction-patterns.js.map +1 -0
  492. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts +9 -0
  493. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts.map +1 -0
  494. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js +37 -0
  495. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js.map +1 -0
  496. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts +2 -0
  497. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts.map +1 -0
  498. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js +128 -0
  499. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js.map +1 -0
  500. package/dist/checks/security/api-key-rotation.d.ts +10 -0
  501. package/dist/checks/security/api-key-rotation.d.ts.map +1 -0
  502. package/dist/checks/security/api-key-rotation.js +186 -0
  503. package/dist/checks/security/api-key-rotation.js.map +1 -0
  504. package/dist/checks/security/auth-middleware-coverage.d.ts +11 -0
  505. package/dist/checks/security/auth-middleware-coverage.d.ts.map +1 -0
  506. package/dist/checks/security/auth-middleware-coverage.js +210 -0
  507. package/dist/checks/security/auth-middleware-coverage.js.map +1 -0
  508. package/dist/checks/security/auth-route-guard.d.ts +12 -0
  509. package/dist/checks/security/auth-route-guard.d.ts.map +1 -0
  510. package/dist/checks/security/auth-route-guard.js +70 -0
  511. package/dist/checks/security/auth-route-guard.js.map +1 -0
  512. package/dist/checks/security/cors-configuration.d.ts +11 -0
  513. package/dist/checks/security/cors-configuration.d.ts.map +1 -0
  514. package/dist/checks/security/cors-configuration.js +126 -0
  515. package/dist/checks/security/cors-configuration.js.map +1 -0
  516. package/dist/checks/security/csp-headers.d.ts +11 -0
  517. package/dist/checks/security/csp-headers.d.ts.map +1 -0
  518. package/dist/checks/security/csp-headers.js +192 -0
  519. package/dist/checks/security/csp-headers.js.map +1 -0
  520. package/dist/checks/security/dependency-vulnerability-audit.d.ts +15 -0
  521. package/dist/checks/security/dependency-vulnerability-audit.d.ts.map +1 -0
  522. package/dist/checks/security/dependency-vulnerability-audit.js +184 -0
  523. package/dist/checks/security/dependency-vulnerability-audit.js.map +1 -0
  524. package/dist/checks/security/env-secret-exposure.d.ts +11 -0
  525. package/dist/checks/security/env-secret-exposure.d.ts.map +1 -0
  526. package/dist/checks/security/env-secret-exposure.js +127 -0
  527. package/dist/checks/security/env-secret-exposure.js.map +1 -0
  528. package/dist/checks/security/hasura-production-config.d.ts +11 -0
  529. package/dist/checks/security/hasura-production-config.d.ts.map +1 -0
  530. package/dist/checks/security/hasura-production-config.js +122 -0
  531. package/dist/checks/security/hasura-production-config.js.map +1 -0
  532. package/dist/checks/security/index.d.ts +17 -0
  533. package/dist/checks/security/index.d.ts.map +1 -0
  534. package/dist/checks/security/index.js +17 -0
  535. package/dist/checks/security/index.js.map +1 -0
  536. package/dist/checks/security/jwt-validation.d.ts +11 -0
  537. package/dist/checks/security/jwt-validation.d.ts.map +1 -0
  538. package/dist/checks/security/jwt-validation.js +294 -0
  539. package/dist/checks/security/jwt-validation.js.map +1 -0
  540. package/dist/checks/security/no-eval.d.ts +16 -0
  541. package/dist/checks/security/no-eval.d.ts.map +1 -0
  542. package/dist/checks/security/no-eval.js +83 -0
  543. package/dist/checks/security/no-eval.js.map +1 -0
  544. package/dist/checks/security/no-hardcoded-secrets.d.ts +28 -0
  545. package/dist/checks/security/no-hardcoded-secrets.d.ts.map +1 -0
  546. package/dist/checks/security/no-hardcoded-secrets.js +209 -0
  547. package/dist/checks/security/no-hardcoded-secrets.js.map +1 -0
  548. package/dist/checks/security/package-supply-chain-policy.d.ts +12 -0
  549. package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -0
  550. package/dist/checks/security/package-supply-chain-policy.js +534 -0
  551. package/dist/checks/security/package-supply-chain-policy.js.map +1 -0
  552. package/dist/checks/security/rate-limit-coverage.d.ts +10 -0
  553. package/dist/checks/security/rate-limit-coverage.d.ts.map +1 -0
  554. package/dist/checks/security/rate-limit-coverage.js +143 -0
  555. package/dist/checks/security/rate-limit-coverage.js.map +1 -0
  556. package/dist/checks/security/semgrep-scan.d.ts +13 -0
  557. package/dist/checks/security/semgrep-scan.d.ts.map +1 -0
  558. package/dist/checks/security/semgrep-scan.js +86 -0
  559. package/dist/checks/security/semgrep-scan.js.map +1 -0
  560. package/dist/checks/security/use-centralized-crypto.d.ts +11 -0
  561. package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -0
  562. package/dist/checks/security/use-centralized-crypto.js +129 -0
  563. package/dist/checks/security/use-centralized-crypto.js.map +1 -0
  564. package/dist/checks/security/webhook-signature-verification.d.ts +10 -0
  565. package/dist/checks/security/webhook-signature-verification.d.ts.map +1 -0
  566. package/dist/checks/security/webhook-signature-verification.js +183 -0
  567. package/dist/checks/security/webhook-signature-verification.js.map +1 -0
  568. package/dist/checks/testing/index.d.ts +6 -0
  569. package/dist/checks/testing/index.d.ts.map +1 -0
  570. package/dist/checks/testing/index.js +6 -0
  571. package/dist/checks/testing/index.js.map +1 -0
  572. package/dist/checks/testing/no-skipped-tests.d.ts +40 -0
  573. package/dist/checks/testing/no-skipped-tests.d.ts.map +1 -0
  574. package/dist/checks/testing/no-skipped-tests.js +174 -0
  575. package/dist/checks/testing/no-skipped-tests.js.map +1 -0
  576. package/dist/checks/testing/no-stub-tests.d.ts +11 -0
  577. package/dist/checks/testing/no-stub-tests.d.ts.map +1 -0
  578. package/dist/checks/testing/no-stub-tests.js +103 -0
  579. package/dist/checks/testing/no-stub-tests.js.map +1 -0
  580. package/dist/checks/testing/test-convention-consistency.d.ts +14 -0
  581. package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -0
  582. package/dist/checks/testing/test-convention-consistency.js +93 -0
  583. package/dist/checks/testing/test-convention-consistency.js.map +1 -0
  584. package/dist/checks/testing/test-file-naming.d.ts +13 -0
  585. package/dist/checks/testing/test-file-naming.d.ts.map +1 -0
  586. package/dist/checks/testing/test-file-naming.js +218 -0
  587. package/dist/checks/testing/test-file-naming.js.map +1 -0
  588. package/dist/checks/testing/test-file-pairing.d.ts +13 -0
  589. package/dist/checks/testing/test-file-pairing.d.ts.map +1 -0
  590. package/dist/checks/testing/test-file-pairing.js +274 -0
  591. package/dist/checks/testing/test-file-pairing.js.map +1 -0
  592. package/dist/display/architecture.d.ts +9 -0
  593. package/dist/display/architecture.d.ts.map +1 -0
  594. package/dist/display/architecture.js +29 -0
  595. package/dist/display/architecture.js.map +1 -0
  596. package/dist/display/index.d.ts +20 -0
  597. package/dist/display/index.d.ts.map +1 -0
  598. package/dist/display/index.js +30 -0
  599. package/dist/display/index.js.map +1 -0
  600. package/dist/display/quality.d.ts +7 -0
  601. package/dist/display/quality.d.ts.map +1 -0
  602. package/dist/display/quality.js +34 -0
  603. package/dist/display/quality.js.map +1 -0
  604. package/dist/display/resilience.d.ts +7 -0
  605. package/dist/display/resilience.d.ts.map +1 -0
  606. package/dist/display/resilience.js +36 -0
  607. package/dist/display/resilience.js.map +1 -0
  608. package/dist/display/security-testing.d.ts +9 -0
  609. package/dist/display/security-testing.d.ts.map +1 -0
  610. package/dist/display/security-testing.js +31 -0
  611. package/dist/display/security-testing.js.map +1 -0
  612. package/dist/display/types.d.ts +6 -0
  613. package/dist/display/types.d.ts.map +1 -0
  614. package/dist/display/types.js +6 -0
  615. package/dist/display/types.js.map +1 -0
  616. package/dist/index.d.ts +19 -0
  617. package/dist/index.d.ts.map +1 -0
  618. package/dist/index.js +21 -0
  619. package/dist/index.js.map +1 -0
  620. package/package.json +52 -0
@@ -0,0 +1,427 @@
1
+ // @fitness-ignore-file fitness-check-standards -- Dockerfile check scans non-standard file types that do not map to a fileTypes extension array
2
+ // @fitness-ignore-file file-length-limit -- Complex module with tightly coupled logic; refactoring would risk breaking changes
3
+ /**
4
+ * @fileoverview Docker best practices fitness check
5
+ * @invariants
6
+ * - Security rules (non-root user, no secrets, production-dependencies) are errors (blocking)
7
+ * - Efficiency rules (layer ordering, multi-stage, no-build-tools-in-runner) are warnings (advisory)
8
+ * - All Dockerfiles in the repository are scanned
9
+ */
10
+ import * as path from 'node:path';
11
+ import { defineCheck } from '@opensip-cli/fitness';
12
+ // =============================================================================
13
+ // PRE-COMPILED REGEX PATTERNS (for safety and performance)
14
+ // =============================================================================
15
+ // Maximum line length for regex matching to prevent DoS
16
+ const MAX_DOCKERFILE_LINE_LENGTH = 2000;
17
+ /**
18
+ * Safely truncate a line for regex matching.
19
+ */
20
+ function safeDockerLine(line) {
21
+ /* v8 ignore next -- defensive: real Dockerfile lines never exceed 2000 chars */
22
+ return line.length > MAX_DOCKERFILE_LINE_LENGTH
23
+ ? line.slice(0, MAX_DOCKERFILE_LINE_LENGTH)
24
+ : line;
25
+ }
26
+ // Secret patterns - using word character classes with bounded quantifiers
27
+ // Using \w for alphanumeric plus underscore, adding dash separately with explicit bounds
28
+ const SECRET_API_KEY_PATTERN = /(?:API_KEY|APIKEY|API_SECRET|SECRET_KEY|AUTH_TOKEN|ACCESS_TOKEN)\s{0,10}=\s{0,10}['"]?[\w-]{16,200}/i;
29
+ const SECRET_AWS_PATTERN = /(?:AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY)\s{0,10}=\s{0,10}['"]?[\w/+=]{20,200}/i;
30
+ const SECRET_DB_URL_PATTERN = /(?:DATABASE_URL|DB_URL|MONGO_URL|REDIS_URL)\s{0,10}=\s{0,10}['"]?[a-z]{1,20}:\/\/[^:]{1,100}:[^@]{1,100}@/i;
31
+ const SECRET_PASSWORD_PATTERN = /(?:PASSWORD|PASSWD|DB_PASSWORD|ADMIN_PASSWORD)\s{0,10}=\s{0,10}['"]?[^\s'"]{8,200}/i;
32
+ const SECRET_PRIVATE_KEY_PATTERN = /-----BEGIN\s{1,10}(?:RSA\s{1,10})?PRIVATE\s{1,10}KEY-----/;
33
+ const SECRET_JWT_PATTERN = /JWT_SECRET\s{0,10}=\s{0,10}['"]?[\w-]{32,500}/i;
34
+ const SECRET_PATTERNS = [
35
+ SECRET_API_KEY_PATTERN,
36
+ SECRET_AWS_PATTERN,
37
+ SECRET_DB_URL_PATTERN,
38
+ SECRET_PASSWORD_PATTERN,
39
+ SECRET_PRIVATE_KEY_PATTERN,
40
+ SECRET_JWT_PATTERN,
41
+ ];
42
+ // Package manager patterns - pre-compiled with bounded quantifiers
43
+ const PNPM_INSTALL_PATTERN = /pnpm\s{1,10}install(?!\s{1,10}--frozen-lockfile)/;
44
+ const NPM_INSTALL_PATTERN = /npm\s{1,10}(?:install|ci)(?!\s{1,10}-g)(?!\s{1,10}--global)(?!\s{1,10}--ci)(?!\s{1,10}--frozen-lockfile)/;
45
+ const YARN_INSTALL_PATTERN = /yarn\s{1,10}install(?!\s{1,10}--frozen-lockfile)(?!\s{1,10}--immutable)/;
46
+ const PACKAGE_MANAGER_PATTERNS = [
47
+ { pattern: PNPM_INSTALL_PATTERN, manager: 'pnpm', fix: '--frozen-lockfile' },
48
+ { pattern: NPM_INSTALL_PATTERN, manager: 'npm', fix: '--ci or npm ci' },
49
+ {
50
+ pattern: YARN_INSTALL_PATTERN,
51
+ manager: 'yarn',
52
+ fix: '--frozen-lockfile or --immutable',
53
+ },
54
+ ];
55
+ // Cache mount patterns - pre-compiled with bounded quantifiers
56
+ const PKG_INSTALL_PATTERN = /(?:pnpm|npm|yarn)\s{1,10}install(?!\s{1,10}-g)(?!\s{1,10}--global)/;
57
+ // Production dependency patterns - pre-compiled with bounded quantifiers
58
+ const PROD_DEPS_FLAG_PATTERN = /(?:--prod\b|--production\b)/;
59
+ // Other patterns - pre-compiled with bounded quantifiers
60
+ const APT_UPGRADE_PATTERN = /apt-get\s{1,10}upgrade/i;
61
+ const COPY_PATTERN = /COPY\s{1,10}(?:--from=\S{1,100}\s{1,10})?(\S{1,500})/i;
62
+ const PACKAGE_FILE_COPY_PATTERN = /COPY\s{1,10}[^\n]{0,500}(?:package\.json|pnpm-lock|yarn\.lock|package-lock)/i;
63
+ const NODE_MODULES_FROM_STAGE_PATTERN = /COPY\s{1,10}--from=\S{1,100}[^\n]{0,500}node_modules/i;
64
+ const FROM_IMAGE_PATTERN = /FROM\s{1,10}(\S{1,200})/i;
65
+ const FROM_STAGE_PATTERN = /\bAS\s{1,10}(\w{1,100})/i;
66
+ const USER_PATTERN = /USER\s{1,10}(\S{1,100})/i;
67
+ const NODE_ENV_PROD_PATTERN = /NODE_ENV\s{0,10}=\s{0,10}production/i;
68
+ const RUNNER_STAGE_NAMES = new Set(['runner', 'production', 'prod', 'final', 'runtime']);
69
+ // =============================================================================
70
+ // ANALYSIS FUNCTIONS
71
+ // =============================================================================
72
+ function checkForSecrets(line, lineNum, file, filePath) {
73
+ const safeLine = safeDockerLine(line);
74
+ for (const pattern of SECRET_PATTERNS) {
75
+ if (pattern.test(safeLine)) {
76
+ return {
77
+ file,
78
+ filePath,
79
+ line: lineNum,
80
+ rule: 'no-hardcoded-secrets',
81
+ message: 'Hardcoded secret detected in Dockerfile',
82
+ severity: 'error',
83
+ suggestion: 'Use build arguments, runtime environment variables, or a secrets manager instead',
84
+ };
85
+ }
86
+ }
87
+ return null;
88
+ }
89
+ function checkRunCommand(line, lineNum, file, filePath) {
90
+ const violations = [];
91
+ let hasFrozenLockfileViolation = false;
92
+ const safeLine = safeDockerLine(line);
93
+ for (const { pattern, manager, fix } of PACKAGE_MANAGER_PATTERNS) {
94
+ if (pattern.test(safeLine)) {
95
+ hasFrozenLockfileViolation = true;
96
+ violations.push({
97
+ file,
98
+ filePath,
99
+ line: lineNum,
100
+ rule: 'frozen-lockfile',
101
+ message: `${manager} install without frozen lockfile flag`,
102
+ severity: 'error',
103
+ suggestion: `Add ${fix} to ensure reproducible builds`,
104
+ });
105
+ }
106
+ }
107
+ if (APT_UPGRADE_PATTERN.test(safeLine)) {
108
+ violations.push({
109
+ file,
110
+ filePath,
111
+ line: lineNum,
112
+ rule: 'no-apt-upgrade',
113
+ message: 'apt-get upgrade makes builds non-reproducible',
114
+ severity: 'warning',
115
+ suggestion: 'Pin specific package versions instead of upgrading all packages',
116
+ });
117
+ }
118
+ return { violations, hasFrozenLockfileViolation };
119
+ }
120
+ function checkCopyOrder(options) {
121
+ const { line, lineNum, file, filePath, lines, lastFromLine, lineIndex } = options;
122
+ /* v8 ignore next 4 -- defensive: callers always pass an array */
123
+ // Validate array parameter
124
+ if (!Array.isArray(lines)) {
125
+ return null;
126
+ }
127
+ const safeLine = safeDockerLine(line);
128
+ const copyMatch = COPY_PATTERN.exec(safeLine);
129
+ if (copyMatch?.[1] !== '.' && copyMatch?.[1] !== './')
130
+ return null;
131
+ if (safeLine.includes('--from='))
132
+ return null;
133
+ const stageLines = lines.slice(lastFromLine, lineIndex);
134
+ const hasPackageFileCopy = stageLines.some((l) => PACKAGE_FILE_COPY_PATTERN.test(safeDockerLine(l)));
135
+ const hasNodeModulesFromStage = stageLines.some((l) => NODE_MODULES_FROM_STAGE_PATTERN.test(safeDockerLine(l)));
136
+ if (!hasPackageFileCopy && !hasNodeModulesFromStage) {
137
+ return {
138
+ file,
139
+ filePath,
140
+ line: lineNum,
141
+ rule: 'copy-order',
142
+ message: 'COPY . before copying dependency files',
143
+ severity: 'warning',
144
+ suggestion: 'Copy package.json and lockfile first, run install, then copy source for better layer caching',
145
+ };
146
+ }
147
+ return null;
148
+ }
149
+ function checkCacheMount(line, lineNum, file, filePath) {
150
+ const safeLine = safeDockerLine(line);
151
+ if (PKG_INSTALL_PATTERN.test(safeLine) && !safeLine.includes('--mount=type=cache')) {
152
+ return {
153
+ file,
154
+ filePath,
155
+ line: lineNum,
156
+ rule: 'cache-mount',
157
+ message: 'Package install without BuildKit cache mount',
158
+ severity: 'warning',
159
+ suggestion: 'Add --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store to cache the package store across builds',
160
+ };
161
+ }
162
+ return null;
163
+ }
164
+ /* v8 ignore start -- Dockerfile multi-stage state-machine; many edge-case branches covered by integration */
165
+ function processFromLine(line, lineNum, state) {
166
+ state.fromCount++;
167
+ state.lastFromLine = lineNum;
168
+ const safeLine = safeDockerLine(line);
169
+ const match = FROM_IMAGE_PATTERN.exec(safeLine);
170
+ const baseImage = match?.[1] ?? null;
171
+ if (baseImage)
172
+ state.baseImages.push(baseImage);
173
+ const stageMatch = FROM_STAGE_PATTERN.exec(safeLine);
174
+ const stageName = stageMatch?.[1]?.toLowerCase() ?? null;
175
+ // Determine if this is the runner stage
176
+ if (stageName) {
177
+ state.isInRunnerStage = RUNNER_STAGE_NAMES.has(stageName);
178
+ }
179
+ else if (state.fromCount > 1) {
180
+ state.isInRunnerStage = true;
181
+ }
182
+ if (state.isInRunnerStage) {
183
+ state.runnerStageBaseImage = baseImage;
184
+ state.runnerFromLine = lineNum;
185
+ // Check if runner's base image references a previously defined build stage
186
+ if (baseImage) {
187
+ const baseImageLower = baseImage.toLowerCase();
188
+ state.runnerInheritsBuildStage = state.stageNames.includes(baseImageLower);
189
+ }
190
+ }
191
+ // Record stage name after checks (to avoid self-matching)
192
+ if (stageName) {
193
+ state.stageNames.push(stageName);
194
+ }
195
+ }
196
+ function addMissingBestPracticeViolations(file, filePath, lineCount, state) {
197
+ const violations = [];
198
+ const hasMultiStage = state.fromCount >= 2;
199
+ if (!hasMultiStage && state.fromCount > 0) {
200
+ violations.push({
201
+ file,
202
+ filePath,
203
+ line: 1,
204
+ rule: 'multi-stage-build',
205
+ message: 'Dockerfile does not use multi-stage build',
206
+ severity: 'error',
207
+ suggestion: 'Use separate stages for building and running to reduce image size and attack surface',
208
+ });
209
+ }
210
+ if (!state.hasNonRootUser && state.fromCount > 0) {
211
+ violations.push({
212
+ file,
213
+ filePath,
214
+ line: lineCount,
215
+ rule: 'non-root-user',
216
+ message: 'Dockerfile does not specify a non-root user',
217
+ severity: 'error',
218
+ suggestion: String.raw `Add USER directive with a non-root user: RUN addgroup --system app && adduser --system --ingroup app app\nUSER app`,
219
+ });
220
+ }
221
+ if (!state.hasHealthcheck && state.fromCount > 0) {
222
+ violations.push({
223
+ file,
224
+ filePath,
225
+ line: lineCount,
226
+ rule: 'healthcheck',
227
+ message: 'Dockerfile does not include a HEALTHCHECK instruction',
228
+ severity: 'warning',
229
+ suggestion: 'Add HEALTHCHECK to help orchestrators verify container health',
230
+ });
231
+ }
232
+ // Check NODE_ENV only if runner stage uses Node.js
233
+ const runnerUsesNode = state.runnerStageBaseImage?.includes('node') ?? false;
234
+ if (runnerUsesNode && !state.hasNodeEnvProduction) {
235
+ violations.push({
236
+ file,
237
+ filePath,
238
+ line: lineCount,
239
+ rule: 'node-env-production',
240
+ message: 'NODE_ENV=production not set in runtime stage',
241
+ severity: 'warning',
242
+ suggestion: 'Add ENV NODE_ENV=production in the runner stage for Node.js optimizations',
243
+ });
244
+ }
245
+ // Check if runner copies node_modules without production-only dependency resolution
246
+ if (state.runnerCopiesNodeModules && !state.hasProductionDepsFlag) {
247
+ violations.push({
248
+ file,
249
+ filePath,
250
+ line: state.runnerNodeModulesLine,
251
+ rule: 'production-dependencies',
252
+ message: 'Runtime image copies node_modules without production-only dependency resolution',
253
+ severity: 'error',
254
+ suggestion: 'Use "pnpm deploy --prod" to create a production bundle, or add --prod to install command to exclude devDependencies from the runtime image',
255
+ });
256
+ }
257
+ // Check if runner stage inherits from a build stage (includes build tools)
258
+ if (state.runnerInheritsBuildStage) {
259
+ violations.push({
260
+ file,
261
+ filePath,
262
+ line: state.runnerFromLine,
263
+ rule: 'no-build-tools-in-runner',
264
+ message: 'Runtime stage inherits from a build stage that may include build tools (pnpm, corepack, etc.)',
265
+ severity: 'warning',
266
+ suggestion: 'Use a clean base image (e.g., node:20-alpine) for the runtime stage instead of inheriting from a build stage',
267
+ });
268
+ }
269
+ return violations;
270
+ }
271
+ /* v8 ignore stop */
272
+ function analyzeDockerfile(content, filePath, file) {
273
+ const lines = content.split('\n');
274
+ const violations = [];
275
+ const state = {
276
+ hasNonRootUser: false,
277
+ hasHealthcheck: false,
278
+ hasFrozenLockfile: true,
279
+ hasNodeEnvProduction: false,
280
+ hasProductionDepsFlag: false,
281
+ baseImages: [],
282
+ fromCount: 0,
283
+ isInRunnerStage: false,
284
+ runnerStageBaseImage: null,
285
+ lastFromLine: 0,
286
+ stageNames: [],
287
+ runnerCopiesNodeModules: false,
288
+ runnerNodeModulesLine: 0,
289
+ runnerInheritsBuildStage: false,
290
+ runnerFromLine: 0,
291
+ };
292
+ for (let i = 0; i < lines.length; i++) {
293
+ processDockerfileLine({
294
+ line: lines[i],
295
+ index: i,
296
+ lines,
297
+ state,
298
+ violations,
299
+ file,
300
+ filePath,
301
+ });
302
+ }
303
+ // Add violations for missing best practices
304
+ violations.push(...addMissingBestPracticeViolations(file, filePath, lines.length, state));
305
+ return violations;
306
+ }
307
+ function processUserLine(trimmedLine, state) {
308
+ const safeLine = safeDockerLine(trimmedLine);
309
+ const userMatch = USER_PATTERN.exec(safeLine);
310
+ if (userMatch?.[1] && userMatch[1] !== 'root') {
311
+ state.hasNonRootUser = true;
312
+ }
313
+ }
314
+ function processRunLine(options) {
315
+ const { trimmedLine, lineNum, file, filePath, state, violations } = options;
316
+ const runResult = checkRunCommand(trimmedLine, lineNum, file, filePath);
317
+ violations.push(...runResult.violations);
318
+ if (runResult.hasFrozenLockfileViolation)
319
+ state.hasFrozenLockfile = false;
320
+ const cacheMountViolation = checkCacheMount(trimmedLine, lineNum, file, filePath);
321
+ if (cacheMountViolation)
322
+ violations.push(cacheMountViolation);
323
+ if (PROD_DEPS_FLAG_PATTERN.test(safeDockerLine(trimmedLine))) {
324
+ state.hasProductionDepsFlag = true;
325
+ }
326
+ }
327
+ function processCopyLine(options) {
328
+ const { trimmedLine, lineNum, index, lines, file, filePath, state, violations } = options;
329
+ const copyViolation = checkCopyOrder({
330
+ line: trimmedLine,
331
+ lineNum,
332
+ file,
333
+ filePath,
334
+ lines,
335
+ lastFromLine: state.lastFromLine,
336
+ lineIndex: index,
337
+ });
338
+ if (copyViolation)
339
+ violations.push(copyViolation);
340
+ if (state.isInRunnerStage && NODE_MODULES_FROM_STAGE_PATTERN.test(safeDockerLine(trimmedLine))) {
341
+ state.runnerCopiesNodeModules = true;
342
+ state.runnerNodeModulesLine = lineNum;
343
+ }
344
+ }
345
+ function processDockerfileLine(options) {
346
+ const { line, index, lines, state, violations, file, filePath } = options;
347
+ /* v8 ignore next -- defensive: lines.entries() never yields undefined */
348
+ const trimmedLine = line?.trim() ?? '';
349
+ if (!trimmedLine || trimmedLine.startsWith('#'))
350
+ return;
351
+ const upperLine = trimmedLine.toUpperCase();
352
+ const lineNum = index + 1;
353
+ if (upperLine.startsWith('FROM ')) {
354
+ processFromLine(trimmedLine, lineNum, state);
355
+ }
356
+ if (upperLine.startsWith('USER ')) {
357
+ processUserLine(trimmedLine, state);
358
+ }
359
+ if (upperLine.startsWith('HEALTHCHECK ')) {
360
+ state.hasHealthcheck = true;
361
+ }
362
+ if (NODE_ENV_PROD_PATTERN.test(safeDockerLine(trimmedLine))) {
363
+ state.hasNodeEnvProduction = true;
364
+ }
365
+ const secretViolation = checkForSecrets(trimmedLine, lineNum, file, filePath);
366
+ if (secretViolation)
367
+ violations.push(secretViolation);
368
+ if (upperLine.startsWith('RUN ')) {
369
+ processRunLine({ trimmedLine, lineNum, file, filePath, state, violations });
370
+ }
371
+ if (upperLine.startsWith('COPY ')) {
372
+ processCopyLine({ trimmedLine, lineNum, index, lines, file, filePath, state, violations });
373
+ }
374
+ }
375
+ // =============================================================================
376
+ // CHECK DEFINITION
377
+ // =============================================================================
378
+ /**
379
+ * Check: architecture/docker-best-practices
380
+ *
381
+ * Validates Dockerfiles follow security and efficiency best practices:
382
+ * - Multi-stage builds
383
+ * - Non-root user
384
+ * - No hardcoded secrets
385
+ * - Frozen lockfiles for package managers
386
+ * - HEALTHCHECK instruction
387
+ * - Proper COPY order for layer caching
388
+ * - Production-only dependencies in runtime image (no devDependencies)
389
+ * - No build tools (pnpm, corepack) inherited in runtime stage
390
+ * - BuildKit cache mounts for package install commands
391
+ */
392
+ export const dockerBestPractices = defineCheck({
393
+ id: '9870251d-6d3c-49b7-a680-864bc892b19e',
394
+ slug: 'docker-best-practices',
395
+ disabled: true,
396
+ scope: { languages: ['json', 'typescript', 'yaml'], concerns: ['config'] },
397
+ contentFilter: 'raw',
398
+ confidence: 'medium',
399
+ description: 'Validate Dockerfiles follow security and efficiency best practices',
400
+ longDescription: `**Purpose:** Enforces security and efficiency best practices in Dockerfiles across the repository.
401
+
402
+ **Detects:**
403
+ - Hardcoded secrets (API keys, AWS credentials, passwords, JWT secrets, private keys)
404
+ - Missing multi-stage builds, missing non-root \`USER\` directive, missing \`HEALTHCHECK\`
405
+ - Package installs without \`--frozen-lockfile\` (pnpm/npm/yarn)
406
+ - \`COPY .\` before dependency file copy (poor layer caching)
407
+ - Missing BuildKit cache mounts on package installs
408
+ - Runtime stage inheriting from build stage or copying \`node_modules\` without \`--prod\`
409
+
410
+ **Why it matters:** Prevents security vulnerabilities (running as root, leaked secrets), non-reproducible builds, and bloated production images.
411
+
412
+ **Scope:** General best practice. Analyzes each file individually.`,
413
+ tags: ['docker', 'security', 'best-practices', 'architecture'],
414
+ analyze(content, filePath) {
415
+ const file = path.relative(process.cwd(), filePath);
416
+ const violations = analyzeDockerfile(content, filePath, file);
417
+ return violations.map((violation) => ({
418
+ line: violation.line,
419
+ message: violation.message + (violation.suggestion ? ` (${violation.suggestion})` : ''),
420
+ severity: violation.severity,
421
+ suggestion: violation.suggestion ?? 'See Docker best practices documentation.',
422
+ match: violation.rule,
423
+ type: violation.rule,
424
+ }));
425
+ },
426
+ });
427
+ //# sourceMappingURL=docker-best-practices.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-best-practices.js","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices.ts"],"names":[],"mappings":"AAAA,gJAAgJ;AAChJ,+HAA+H;AAC/H;;;;;;GAMG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAkCxE,gFAAgF;AAChF,2DAA2D;AAC3D,gFAAgF;AAEhF,wDAAwD;AACxD,MAAM,0BAA0B,GAAG,IAAI,CAAC;AAExC;;GAEG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,gFAAgF;IAChF,OAAO,IAAI,CAAC,MAAM,GAAG,0BAA0B;QAC7C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,0BAA0B,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,0EAA0E;AAC1E,yFAAyF;AACzF,MAAM,sBAAsB,GAC1B,sGAAsG,CAAC;AACzG,MAAM,kBAAkB,GACtB,mFAAmF,CAAC;AACtF,MAAM,qBAAqB,GACzB,4GAA4G,CAAC;AAC/G,MAAM,uBAAuB,GAC3B,qFAAqF,CAAC;AACxF,MAAM,0BAA0B,GAAG,2DAA2D,CAAC;AAC/F,MAAM,kBAAkB,GAAG,gDAAgD,CAAC;AAE5E,MAAM,eAAe,GAAG;IACtB,sBAAsB;IACtB,kBAAkB;IAClB,qBAAqB;IACrB,uBAAuB;IACvB,0BAA0B;IAC1B,kBAAkB;CACnB,CAAC;AAEF,mEAAmE;AACnE,MAAM,oBAAoB,GAAG,kDAAkD,CAAC;AAChF,MAAM,mBAAmB,GACvB,0GAA0G,CAAC;AAC7G,MAAM,oBAAoB,GACxB,yEAAyE,CAAC;AAQ5E,MAAM,wBAAwB,GAA4B;IACxD,EAAE,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,mBAAmB,EAAE;IAC5E,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,gBAAgB,EAAE;IACvE;QACE,OAAO,EAAE,oBAAoB;QAC7B,OAAO,EAAE,MAAM;QACf,GAAG,EAAE,kCAAkC;KACxC;CACF,CAAC;AAEF,+DAA+D;AAC/D,MAAM,mBAAmB,GAAG,oEAAoE,CAAC;AAEjG,yEAAyE;AACzE,MAAM,sBAAsB,GAAG,6BAA6B,CAAC;AAE7D,yDAAyD;AACzD,MAAM,mBAAmB,GAAG,yBAAyB,CAAC;AACtD,MAAM,YAAY,GAAG,uDAAuD,CAAC;AAC7E,MAAM,yBAAyB,GAC7B,8EAA8E,CAAC;AACjF,MAAM,+BAA+B,GAAG,uDAAuD,CAAC;AAChG,MAAM,kBAAkB,GAAG,0BAA0B,CAAC;AACtD,MAAM,kBAAkB,GAAG,0BAA0B,CAAC;AACtD,MAAM,YAAY,GAAG,0BAA0B,CAAC;AAChD,MAAM,qBAAqB,GAAG,sCAAsC,CAAC;AAErE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;AAEzF,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACL,IAAI;gBACJ,QAAQ;gBACR,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EAAE,yCAAyC;gBAClD,QAAQ,EAAE,OAAO;gBACjB,UAAU,EACR,kFAAkF;aACrF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,IAAI,0BAA0B,GAAG,KAAK,CAAC;IACvC,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEtC,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,wBAAwB,EAAE,CAAC;QACjE,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,0BAA0B,GAAG,IAAI,CAAC;YAClC,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI;gBACJ,QAAQ;gBACR,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,GAAG,OAAO,uCAAuC;gBAC1D,QAAQ,EAAE,OAAO;gBACjB,UAAU,EAAE,OAAO,GAAG,gCAAgC;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,+CAA+C;YACxD,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,iEAAiE;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,0BAA0B,EAAE,CAAC;AACpD,CAAC;AAYD,SAAS,cAAc,CAAC,OAA8B;IACpD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAElF,iEAAiE;IACjE,2BAA2B;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnE,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAExD,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,yBAAyB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAClD,CAAC;IAEF,MAAM,uBAAuB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACpD,+BAA+B,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CACxD,CAAC;IAEF,IAAI,CAAC,kBAAkB,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACpD,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,wCAAwC;YACjD,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8FAA8F;SACjG,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACnF,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,8CAA8C;YACvD,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8GAA8G;SACjH,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6GAA6G;AAC7G,SAAS,eAAe,CAAC,IAAY,EAAE,OAAe,EAAE,KAAoB;IAC1E,KAAK,CAAC,SAAS,EAAE,CAAC;IAClB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC;IAC7B,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACrC,IAAI,SAAS;QAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAEzD,wCAAwC;IACxC,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,eAAe,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC5D,CAAC;SAAM,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,eAAe,GAAG,IAAI,CAAC;IAC/B,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QAC1B,KAAK,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACvC,KAAK,CAAC,cAAc,GAAG,OAAO,CAAC;QAE/B,2EAA2E;QAC3E,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;YAC/C,KAAK,CAAC,wBAAwB,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,SAAS,gCAAgC,CACvC,IAAY,EACZ,QAAgB,EAChB,SAAiB,EACjB,KAAoB;IAEpB,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,IAAI,CAAC,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QAC1C,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,CAAC;YACP,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,2CAA2C;YACpD,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,sFAAsF;SACzF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,6CAA6C;YACtD,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,MAAM,CAAC,GAAG,CAAA,oHAAoH;SAC3I,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,uDAAuD;YAChE,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,+DAA+D;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,MAAM,cAAc,GAAG,KAAK,CAAC,oBAAoB,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;IAC7E,IAAI,cAAc,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAClD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,8CAA8C;YACvD,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,2EAA2E;SACxF,CAAC,CAAC;IACL,CAAC;IAED,oFAAoF;IACpF,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;QAClE,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,qBAAqB;YACjC,IAAI,EAAE,yBAAyB;YAC/B,OAAO,EAAE,iFAAiF;YAC1F,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,4IAA4I;SAC/I,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,IAAI,KAAK,CAAC,wBAAwB,EAAE,CAAC;QACnC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,cAAc;YAC1B,IAAI,EAAE,0BAA0B;YAChC,OAAO,EACL,+FAA+F;YACjG,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8GAA8G;SACjH,CAAC,CAAC;IACL,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AACD,oBAAoB;AAEpB,SAAS,iBAAiB,CAAC,OAAe,EAAE,QAAgB,EAAE,IAAY;IACxE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAA0B,EAAE,CAAC;IAE7C,MAAM,KAAK,GAAkB;QAC3B,cAAc,EAAE,KAAK;QACrB,cAAc,EAAE,KAAK;QACrB,iBAAiB,EAAE,IAAI;QACvB,oBAAoB,EAAE,KAAK;QAC3B,qBAAqB,EAAE,KAAK;QAC5B,UAAU,EAAE,EAAE;QACd,SAAS,EAAE,CAAC;QACZ,eAAe,EAAE,KAAK;QACtB,oBAAoB,EAAE,IAAI;QAC1B,YAAY,EAAE,CAAC;QACf,UAAU,EAAE,EAAE;QACd,uBAAuB,EAAE,KAAK;QAC9B,qBAAqB,EAAE,CAAC;QACxB,wBAAwB,EAAE,KAAK;QAC/B,cAAc,EAAE,CAAC;KAClB,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,qBAAqB,CAAC;YACpB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,KAAK,EAAE,CAAC;YACR,KAAK;YACL,KAAK;YACL,UAAU;YACV,IAAI;YACJ,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,UAAU,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1F,OAAO,UAAU,CAAC;AACpB,CAAC;AAYD,SAAS,eAAe,CAAC,WAAmB,EAAE,KAAoB;IAChE,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAC9C,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,CAAC;AACH,CAAC;AAWD,SAAS,cAAc,CAAC,OAA8B;IACpD,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAC5E,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACxE,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACzC,IAAI,SAAS,CAAC,0BAA0B;QAAE,KAAK,CAAC,iBAAiB,GAAG,KAAK,CAAC;IAE1E,MAAM,mBAAmB,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAClF,IAAI,mBAAmB;QAAE,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,sBAAsB,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC7D,KAAK,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACrC,CAAC;AACH,CAAC;AAaD,SAAS,eAAe,CAAC,OAA+B;IACtD,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAC1F,MAAM,aAAa,GAAG,cAAc,CAAC;QACnC,IAAI,EAAE,WAAW;QACjB,OAAO;QACP,IAAI;QACJ,QAAQ;QACR,KAAK;QACL,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK;KACjB,CAAC,CAAC;IACH,IAAI,aAAa;QAAE,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAElD,IAAI,KAAK,CAAC,eAAe,IAAI,+BAA+B,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC/F,KAAK,CAAC,uBAAuB,GAAG,IAAI,CAAC;QACrC,KAAK,CAAC,qBAAqB,GAAG,OAAO,CAAC;IACxC,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAqC;IAClE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAC1E,yEAAyE;IACzE,MAAM,WAAW,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO;IAExD,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,CAAC;IAE1B,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC5D,KAAK,CAAC,oBAAoB,GAAG,IAAI,CAAC;IACpC,CAAC;IAED,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9E,IAAI,eAAe;QAAE,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAEtD,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,cAAc,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IAC7F,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,uBAAuB;IAC7B,QAAQ,EAAE,IAAI;IACd,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC1E,aAAa,EAAE,KAAK;IAEpB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,oEAAoE;IACjF,eAAe,EAAE;;;;;;;;;;;;mEAYgD;IACjE,IAAI,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,cAAc,CAAC;IAE9D,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;QACpD,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE9D,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACpC,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,OAAO,EAAE,SAAS,CAAC,OAAO,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvF,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,UAAU,EAAE,SAAS,CAAC,UAAU,IAAI,0CAA0C;YAC9E,KAAK,EAAE,SAAS,CAAC,IAAI;YACrB,IAAI,EAAE,SAAS,CAAC,IAAI;SACrB,CAAC,CAAC,CAAC;IACN,CAAC;CACF,CAAC,CAAC"}
@@ -0,0 +1,18 @@
1
+ /**
2
+ * @fileoverview Docker .dockerignore validation fitness check
3
+ * @invariants
4
+ * - Every Dockerfile directory must have a .dockerignore file
5
+ * - .dockerignore must include .git pattern
6
+ * - Node-based Dockerfiles must also include node_modules pattern
7
+ */
8
+ /**
9
+ * Check: architecture/docker-ignore-validation
10
+ *
11
+ * Validates that every Dockerfile has a corresponding .dockerignore with required patterns:
12
+ * 1. .git — always required
13
+ * 2. node_modules — required for Node-based Dockerfiles
14
+ *
15
+ * @throws {Error} When a .dockerignore file exceeds 10MB
16
+ */
17
+ export declare const dockerIgnoreValidation: import("@opensip-cli/fitness").Check;
18
+ //# sourceMappingURL=docker-ignore-validation.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-ignore-validation.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-ignore-validation.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AAsCH;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,sCA+EjC,CAAC"}
@@ -0,0 +1,117 @@
1
+ // @fitness-ignore-file batch-operation-limits -- iterates bounded collections (config entries, registry items, or small analysis results)
2
+ // @fitness-ignore-file fitness-check-standards -- Uses fs for .dockerignore reading, not source file content
3
+ /**
4
+ * @fileoverview Docker .dockerignore validation fitness check
5
+ * @invariants
6
+ * - Every Dockerfile directory must have a .dockerignore file
7
+ * - .dockerignore must include .git pattern
8
+ * - Node-based Dockerfiles must also include node_modules pattern
9
+ */
10
+ import * as fs from 'node:fs';
11
+ import * as path from 'node:path';
12
+ import { defineCheck } from '@opensip-cli/fitness';
13
+ // =============================================================================
14
+ // REGEX PATTERNS
15
+ // =============================================================================
16
+ /** Matches FROM node:XX or FROM node:XX-alpine etc. */
17
+ const FROM_NODE_PATTERN = /^FROM\s+node:/im;
18
+ // =============================================================================
19
+ // HELPERS
20
+ // =============================================================================
21
+ /**
22
+ * Check if a .dockerignore file contains a required pattern.
23
+ * Matches exact lines (trimmed), not substrings.
24
+ */
25
+ function hasPattern(dockerignoreContent, pattern) {
26
+ const lines = dockerignoreContent.split('\n').map((l) => l.trim());
27
+ return lines.includes(pattern);
28
+ }
29
+ /**
30
+ * Determine if a Dockerfile is Node-based by checking for FROM node: directives.
31
+ */
32
+ function isNodeDockerfile(content) {
33
+ return FROM_NODE_PATTERN.test(content);
34
+ }
35
+ // =============================================================================
36
+ // CHECK DEFINITION
37
+ // =============================================================================
38
+ /**
39
+ * Check: architecture/docker-ignore-validation
40
+ *
41
+ * Validates that every Dockerfile has a corresponding .dockerignore with required patterns:
42
+ * 1. .git — always required
43
+ * 2. node_modules — required for Node-based Dockerfiles
44
+ *
45
+ * @throws {Error} When a .dockerignore file exceeds 10MB
46
+ */
47
+ export const dockerIgnoreValidation = defineCheck({
48
+ id: '70123fbb-c538-4186-a82e-fdb5e53d52d7',
49
+ slug: 'docker-ignore-validation',
50
+ disabled: true,
51
+ scope: { languages: ['json', 'typescript', 'yaml'], concerns: ['config'] },
52
+ contentFilter: 'raw',
53
+ confidence: 'medium',
54
+ description: 'Validate .dockerignore files exist alongside Dockerfiles with required patterns',
55
+ longDescription: `**Purpose:** Ensures every Dockerfile has a corresponding \`.dockerignore\` with required exclusion patterns to keep build contexts small and secure.
56
+
57
+ **Detects:**
58
+ - Missing \`.dockerignore\` file in the same directory as a Dockerfile
59
+ - \`.dockerignore\` missing the \`.git\` pattern (always required)
60
+ - \`.dockerignore\` missing the \`node_modules\` pattern for Node-based Dockerfiles (detected via \`FROM node:\` directives)
61
+
62
+ **Why it matters:** Without proper \`.dockerignore\` files, Docker build contexts include unnecessary files (.git history, node_modules), causing slow builds and potential secret leaks.
63
+
64
+ **Scope:** General best practice. Cross-file analysis via \`analyzeAll\`.`,
65
+ tags: ['docker', 'dockerignore', 'architecture'],
66
+ /** @throws {Error} When file system operations fail */
67
+ async analyzeAll(files) {
68
+ const violations = [];
69
+ for (const filePath of files.paths) {
70
+ const dockerfileDir = path.dirname(filePath);
71
+ const dockerignorePath = path.join(dockerfileDir, '.dockerignore');
72
+ const relPath = path.relative(process.cwd(), filePath);
73
+ // Check if .dockerignore exists
74
+ if (!fs.existsSync(dockerignorePath)) {
75
+ violations.push({
76
+ line: 1,
77
+ filePath,
78
+ message: `No .dockerignore found alongside ${relPath}`,
79
+ severity: 'warning',
80
+ suggestion: `Create a .dockerignore file in ${path.relative(process.cwd(), dockerfileDir)} with at least .git pattern`,
81
+ type: 'missing-dockerignore',
82
+ });
83
+ continue;
84
+ }
85
+ // Read .dockerignore and validate required patterns
86
+ const dockerignoreStats = fs.statSync(dockerignorePath);
87
+ if (dockerignoreStats.size > 10_000_000)
88
+ throw new Error(`File too large: ${dockerignorePath}`);
89
+ const dockerignoreContent = fs.readFileSync(dockerignorePath, 'utf8');
90
+ const content = await files.read(filePath);
91
+ // .git is always required
92
+ if (!hasPattern(dockerignoreContent, '.git')) {
93
+ violations.push({
94
+ line: 1,
95
+ filePath,
96
+ message: `.dockerignore for ${relPath} is missing required pattern: .git`,
97
+ severity: 'warning',
98
+ suggestion: 'Add .git to .dockerignore to exclude version control data from build context',
99
+ type: 'missing-pattern',
100
+ });
101
+ }
102
+ // node_modules is required for Node-based Dockerfiles
103
+ if (isNodeDockerfile(content) && !hasPattern(dockerignoreContent, 'node_modules')) {
104
+ violations.push({
105
+ line: 1,
106
+ filePath,
107
+ message: `.dockerignore for ${relPath} is missing required pattern: node_modules`,
108
+ severity: 'warning',
109
+ suggestion: 'Add node_modules to .dockerignore to exclude local dependencies from build context',
110
+ type: 'missing-pattern',
111
+ });
112
+ }
113
+ }
114
+ return violations;
115
+ },
116
+ });
117
+ //# sourceMappingURL=docker-ignore-validation.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-ignore-validation.js","sourceRoot":"","sources":["../../../src/checks/architecture/docker-ignore-validation.ts"],"names":[],"mappings":"AAAA,0IAA0I;AAC1I,6GAA6G;AAC7G;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,WAAW,EAA0C,MAAM,sBAAsB,CAAC;AAE3F,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF,uDAAuD;AACvD,MAAM,iBAAiB,GAAG,iBAAiB,CAAC;AAE5C,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;;GAGG;AACH,SAAS,UAAU,CAAC,mBAA2B,EAAE,OAAe;IAC9D,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACnE,OAAO,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe;IACvC,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,WAAW,CAAC;IAChD,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,0BAA0B;IAChC,QAAQ,EAAE,IAAI;IACd,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC1E,aAAa,EAAE,KAAK;IAEpB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,iFAAiF;IAC9F,eAAe,EAAE;;;;;;;;;0EASuD;IACxE,IAAI,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,cAAc,CAAC;IAEhD,uDAAuD;IACvD,KAAK,CAAC,UAAU,CAAC,KAAmB;QAClC,MAAM,UAAU,GAAqB,EAAE,CAAC;QAExC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YACnC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC7C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;YACnE,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;YAEvD,gCAAgC;YAChC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACrC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,CAAC;oBACP,QAAQ;oBACR,OAAO,EAAE,oCAAoC,OAAO,EAAE;oBACtD,QAAQ,EAAE,SAAS;oBACnB,UAAU,EAAE,kCAAkC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,CAAC,6BAA6B;oBACtH,IAAI,EAAE,sBAAsB;iBAC7B,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,oDAAoD;YACpD,MAAM,iBAAiB,GAAG,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;YACxD,IAAI,iBAAiB,CAAC,IAAI,GAAG,UAAU;gBACrC,MAAM,IAAI,KAAK,CAAC,mBAAmB,gBAAgB,EAAE,CAAC,CAAC;YACzD,MAAM,mBAAmB,GAAG,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;YACtE,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAE3C,0BAA0B;YAC1B,IAAI,CAAC,UAAU,CAAC,mBAAmB,EAAE,MAAM,CAAC,EAAE,CAAC;gBAC7C,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,CAAC;oBACP,QAAQ;oBACR,OAAO,EAAE,qBAAqB,OAAO,oCAAoC;oBACzE,QAAQ,EAAE,SAAS;oBACnB,UAAU,EACR,8EAA8E;oBAChF,IAAI,EAAE,iBAAiB;iBACxB,CAAC,CAAC;YACL,CAAC;YAED,sDAAsD;YACtD,IAAI,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,mBAAmB,EAAE,cAAc,CAAC,EAAE,CAAC;gBAClF,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,CAAC;oBACP,QAAQ;oBACR,OAAO,EAAE,qBAAqB,OAAO,4CAA4C;oBACjF,QAAQ,EAAE,SAAS;oBACnB,UAAU,EACR,oFAAoF;oBACtF,IAAI,EAAE,iBAAiB;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
@@ -0,0 +1,16 @@
1
+ /**
2
+ * @fileoverview Docker version sync fitness check
3
+ * @invariants
4
+ * - Node major version in FROM directives must match engines.node from root package.json
5
+ * - pnpm version should be derived dynamically from package.json packageManager field
6
+ * - Hardcoded pnpm versions that don't match packageManager are errors
7
+ */
8
+ /**
9
+ * Check: architecture/docker-version-sync
10
+ *
11
+ * Validates that Dockerfiles keep Node and pnpm versions in sync with package.json:
12
+ * 1. FROM node:XX major version matches engines.node
13
+ * 2. pnpm version is either dynamically derived (preferred) or hardcoded consistently
14
+ */
15
+ export declare const dockerVersionSync: import("@opensip-cli/fitness").Check;
16
+ //# sourceMappingURL=docker-version-sync.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-version-sync.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-version-sync.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AA8LH;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB,sCAkD5B,CAAC"}