npm - @sfdxy/mule-lint - Versions diffs - 1.18.0 → 1.19.0 - Mend

@sfdxy/mule-lint 1.18.0 → 1.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (245) hide show

package/docs/best-practices/rules-catalog.md CHANGED Viewed

@@ -30,38 +30,38 @@
 ## Rule Categories
-| Family | Prefix | Count | Description |
-|--------|--------|-------|-------------|
-| Error Handling | MULE-001/003/005/007/009, ERR-001 | 6 | Error handler configuration and best practices |
-| Naming | MULE-002/101/102 | 3 | Naming conventions for flows and variables |
-| Security | MULE-004/201/202, SEC-002/003/004/006 | 7 | Security vulnerabilities, TLS, rate limiting |
-| Logging | MULE-006/301/303, LOG-001/004, HYG-001 | 6 | Logging standards, structured logging, hygiene |
-| HTTP | MULE-401/402/403 | 3 | HTTP configuration and headers |
-| Performance | MULE-501/502/503, PERF-002, RES-001 | 5 | Performance anti-patterns and resilience |
-| Documentation | MULE-601/604, DOC-001 | 3 | Documentation requirements |
-| Standards | MULE-008/010/701, OPS-001/002/003, API-005 | 7 | Coding standards and operations |
-| Complexity | MULE-801 | 1 | Code complexity |
-| Structure | MULE-802/803/804 | 3 | Project structure |
-| YAML | YAML-001/003/004 | 3 | YAML configuration validation |
-| DataWeave | DW-001/002/003/004 | 4 | DataWeave file validation |
-| API-Led | API-001/002/003/004 | 4 | API-Led connectivity patterns |
-| Governance | PROJ-001/002 | 2 | POM and Git hygiene |
-| Code Hygiene | HYG-002/003 | 2 | Commented code and unused flows |
-| Experimental | EXP-001/002/003 | 3 | Beta rules for evaluation |
+| Family         | Prefix                                     | Count | Description                                    |
+| -------------- | ------------------------------------------ | ----- | ---------------------------------------------- |
+| Error Handling | MULE-001/003/005/007/009, ERR-001          | 6     | Error handler configuration and best practices |
+| Naming         | MULE-002/101/102                           | 3     | Naming conventions for flows and variables     |
+| Security       | MULE-004/201/202, SEC-002/003/004/006      | 7     | Security vulnerabilities, TLS, rate limiting   |
+| Logging        | MULE-006/301/303, LOG-001/004, HYG-001     | 6     | Logging standards, structured logging, hygiene |
+| HTTP           | MULE-401/402/403                           | 3     | HTTP configuration and headers                 |
+| Performance    | MULE-501/502/503, PERF-002, RES-001        | 5     | Performance anti-patterns and resilience       |
+| Documentation  | MULE-601/604, DOC-001                      | 3     | Documentation requirements                     |
+| Standards      | MULE-008/010/701, OPS-001/002/003, API-005 | 7     | Coding standards and operations                |
+| Complexity     | MULE-801                                   | 1     | Code complexity                                |
+| Structure      | MULE-802/803/804                           | 3     | Project structure                              |
+| YAML           | YAML-001/003/004                           | 3     | YAML configuration validation                  |
+| DataWeave      | DW-001/002/003/004                         | 4     | DataWeave file validation                      |
+| API-Led        | API-001/002/003/004                        | 4     | API-Led connectivity patterns                  |
+| Governance     | PROJ-001/002                               | 2     | POM and Git hygiene                            |
+| Code Hygiene   | HYG-002/003                                | 2     | Commented code and unused flows                |
+| Experimental   | EXP-001/002/003                            | 3     | Beta rules for evaluation                      |
 ### MULE Category ID Ranges
-| Range | Category | Description |
-|-------|----------|-------------|
-| 001-099 | Error Handling | Error handler configuration and best practices |
-| 100-199 | Naming | Naming conventions for flows, variables, files |
-| 200-299 | Security | Security vulnerabilities and hardcoded values |
-| 300-399 | Logging | Logging standards and structured logging |
-| 400-499 | HTTP | HTTP configuration and headers |
-| 500-599 | Performance | Performance anti-patterns |
-| 600-699 | Documentation | Documentation requirements |
-| 700-799 | Standards | General coding standards |
-| 800-899 | Complexity/Structure | Code complexity and project structure |
+| Range   | Category             | Description                                    |
+| ------- | -------------------- | ---------------------------------------------- |
+| 001-099 | Error Handling       | Error handler configuration and best practices |
+| 100-199 | Naming               | Naming conventions for flows, variables, files |
+| 200-299 | Security             | Security vulnerabilities and hardcoded values  |
+| 300-399 | Logging              | Logging standards and structured logging       |
+| 400-499 | HTTP                 | HTTP configuration and headers                 |
+| 500-599 | Performance          | Performance anti-patterns                      |
+| 600-699 | Documentation        | Documentation requirements                     |
+| 700-799 | Standards            | General coding standards                       |
+| 800-899 | Complexity/Structure | Code complexity and project structure          |
 ---
@@ -73,15 +73,16 @@
 ### MULE-001: Global Error Handler Exists
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value          |
+| ------------ | -------------- |
+| **Severity** | Error          |
 | **Category** | Error Handling |
-| **Fixable** | No |
+| **Fixable**  | No             |
 **Description:** Every Mule project should have a global error handler file with a reusable error-handler configuration.
 **Check Logic:**
 1. Verify file exists: `src/main/mule/global-error-handler.xml`
 2. Verify contains: `<error-handler name="global-error-handler">`
@@ -91,15 +92,16 @@
 ### MULE-003: Missing Error Handler
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value          |
+| ------------ | -------------- |
+| **Severity** | Error          |
 | **Category** | Error Handling |
-| **Fixable** | No |
+| **Fixable**  | No             |
 **Description:** Every flow should have an error handler or reference the global one.
 **XPath:**
 ```xpath
 //mule:flow[not(mule:error-handler) and not(contains(@name, 'api-main'))]
 ```
@@ -108,11 +110,11 @@
 ### MULE-005: HTTP Status in Error Handler
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value          |
+| ------------ | -------------- |
+| **Severity** | Warning        |
 | **Category** | Error Handling |
-| **Fixable** | No |
+| **Fixable**  | No             |
 **Description:** Error handlers should set an `httpStatus` variable for proper API responses.
@@ -122,11 +124,11 @@
 ### MULE-007: Correlation ID in Error Handler
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value          |
+| ------------ | -------------- |
+| **Severity** | Warning        |
 | **Category** | Error Handling |
-| **Fixable** | No |
+| **Fixable**  | No             |
 **Description:** Error handlers should reference `correlationId` for traceability across distributed systems.
@@ -134,11 +136,11 @@
 ### MULE-009: Generic Error Type
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value          |
+| ------------ | -------------- |
+| **Severity** | Warning        |
 | **Category** | Error Handling |
-| **Fixable** | No |
+| **Fixable**  | No             |
 **Description:** Avoid catching `type="ANY"` in error handlers. Be specific about error types.
@@ -148,18 +150,19 @@
 ### ERR-001: Try Scope Best Practice
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
-| **Category** | Error Handling |
-| **Issue Type** | Bug |
-| **Fixable** | No |
+| Property       | Value          |
+| -------------- | -------------- |
+| **Severity**   | Info           |
+| **Category**   | Error Handling |
+| **Issue Type** | Bug            |
+| **Fixable**    | No             |
 **Description:** Complex operations (DB calls, HTTP requests) should use Try scope for granular error isolation and handling.
 **Check Logic:** Flags flows that have 2+ external calls (HTTP requests, DB operations) without any Try scope wrapping them.
 **Example:**
 ```xml
 <!-- ❌ Bad - multiple calls without Try -->
 <flow name="process-order-flow">
@@ -188,15 +191,16 @@
 ### MULE-002: Flow Naming Convention
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
-| **Category** | Naming |
-| **Fixable** | Yes |
+| **Category** | Naming  |
+| **Fixable**  | Yes     |
 **Description:** Flows must end with `-flow` suffix, sub-flows with `-subflow`.
 **Examples:**
 ```xml
 <!-- ✅ Good -->
 <flow name="process-order-flow">
@@ -211,15 +215,16 @@
 ### MULE-101: Flow Name Casing
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
-| **Category** | Naming |
-| **Fixable** | No |
+| **Category** | Naming  |
+| **Fixable**  | No      |
 **Description:** Flow names should follow consistent casing (kebab-case recommended).
 **Options:**
 - `kebab-case`: `my-flow-name` (recommended)
 - `camelCase`: `myFlowName`
 - `snake_case`: `my_flow_name`
@@ -228,11 +233,11 @@
 ### MULE-102: Variable Naming Convention
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
-| **Category** | Naming |
-| **Fixable** | No |
+| **Category** | Naming  |
+| **Fixable**  | No      |
 **Description:** Variables set via `set-variable` should follow camelCase naming.
@@ -244,15 +249,16 @@
 ### MULE-004: Hardcoded HTTP URLs
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value    |
+| ------------ | -------- |
+| **Severity** | Error    |
 | **Category** | Security |
-| **Fixable** | No |
+| **Fixable**  | No       |
 **Description:** HTTP/HTTPS URLs should use property placeholders, not hardcoded values.
 **Examples:**
 ```xml
 <!-- ❌ Bad -->
 <http:request url="https://api.example.com/orders" />
@@ -265,11 +271,11 @@
 ### MULE-201: Hardcoded Credentials
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value    |
+| ------------ | -------- |
+| **Severity** | Error    |
 | **Category** | Security |
-| **Fixable** | No |
+| **Fixable**  | No       |
 **Description:** Passwords and secrets should never be hardcoded. Use secure properties.
@@ -279,11 +285,11 @@
 ### MULE-202: Insecure TLS Configuration
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value    |
+| ------------ | -------- |
+| **Severity** | Error    |
 | **Category** | Security |
-| **Fixable** | No |
+| **Fixable**  | No       |
 **Description:** TLS configurations should not use insecure protocols or disable certificate verification.
@@ -291,18 +297,19 @@
 ### SEC-002: TLS Version Check
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
-| **Category** | Security |
+| Property       | Value         |
+| -------------- | ------------- |
+| **Severity**   | Error         |
+| **Category**   | Security      |
 | **Issue Type** | Vulnerability |
-| **Fixable** | No |
+| **Fixable**    | No            |
 **Description:** Detect use of deprecated TLS versions (< 1.2). TLS 1.0 and 1.1 are deprecated and should not be used per current security standards.
 **Deprecated Protocols:** `TLSv1`, `TLSv1.0`, `TLSv1.1`, `SSLv3`, `SSLv2`
 **Example:**
 ```xml
 <!-- ❌ Bad - deprecated protocol -->
 <tls:context enabledProtocols="TLSv1.1,TLSv1.2">
@@ -315,12 +322,12 @@
 ### SEC-003: Rate Limiting Policy
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
-| **Category** | Security |
+| Property       | Value         |
+| -------------- | ------------- |
+| **Severity**   | Warning       |
+| **Category**   | Security      |
 | **Issue Type** | Vulnerability |
-| **Fixable** | No |
+| **Fixable**    | No            |
 **Description:** APIs should have rate limiting or throttling configured to prevent DoS attacks and manage API consumption.
@@ -332,18 +339,19 @@
 ### SEC-004: Input Validation
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
-| **Category** | Security |
+| Property       | Value         |
+| -------------- | ------------- |
+| **Severity**   | Warning       |
+| **Category**   | Security      |
 | **Issue Type** | Vulnerability |
-| **Fixable** | No |
+| **Fixable**    | No            |
 **Description:** Incoming payloads should be validated using JSON or XML schema validation to prevent injection attacks and malformed data processing.
 **Check Logic:** Flags flows accepting POST/PUT/PATCH requests that have no schema validation or DataWeave validation patterns.
 **Example:**
 ```xml
 <!-- ✅ Good - schema validation -->
 <flow name="post:\orders:api-config">
@@ -356,17 +364,18 @@
 ### SEC-006: Encryption Key in Logs
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value    |
+| ------------ | -------- |
+| **Severity** | Error    |
 | **Category** | Security |
-| **Fixable** | No |
+| **Fixable**  | No       |
 **Description:** Encryption keys, passwords, and sensitive credentials should not appear in log statements.
 **Detected Patterns:** `encrypt.*key`, `password`, `credentials`, `api_key`, `secret.*key`, `mule.key`, `secure::.*key`
 **Example:**
 ```xml
 <!-- ❌ Bad -->
 <logger message="Key: #[vars.encryptionKey]"/>
@@ -383,15 +392,16 @@
 ### MULE-006: Logger Category Required
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
 | **Category** | Logging |
-| **Fixable** | Yes |
+| **Fixable**  | Yes     |
 **Description:** All loggers must have a `category` attribute for proper log filtering.
 **Example:**
 ```xml
 <!-- ✅ Good -->
 <logger category="com.myorg.orders" message="Processing order" level="INFO"/>
@@ -401,15 +411,16 @@
 ### MULE-301: Logger Payload Reference
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
 | **Category** | Logging |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** Loggers should not directly reference `#[payload]` as it may log sensitive data and cause performance issues.
 **Examples:**
 ```xml
 <!-- ❌ Bad - logs entire payload -->
 <logger message="#[payload]" />
@@ -422,11 +433,11 @@
 ### MULE-303: Logger in Until-Successful
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
 | **Category** | Logging |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** Having a logger inside `until-successful` may flood logs on retries.
@@ -434,11 +445,11 @@
 ### LOG-001: Structured Logging
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value   |
+| ------------ | ------- |
+| **Severity** | Info    |
 | **Category** | Logging |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** Recommend JSON logger format over plain text for production applications to enable better log parsing and analysis.
@@ -450,17 +461,18 @@
 ### LOG-004: Sensitive Data in Logs
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value   |
+| ------------ | ------- |
+| **Severity** | Error   |
 | **Category** | Logging |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** Log statements should not contain sensitive data values (passwords, tokens, SSNs, PII).
 **Detected Patterns:** Variable references like `vars.password`, `payload.token`, `${secure::*}`, concatenated sensitive values.
 **Example:**
 ```xml
 <!-- ❌ Bad - logs sensitive variable value -->
 <logger message="#['Token: ' ++ vars.accessToken]"/>
@@ -473,15 +485,16 @@
 ### HYG-001: Excessive Loggers
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
 | **Category** | Logging |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** Flows should not have too many loggers, which can impact performance.
 **Configuration:**
 ```json
 {
   "HYG-001": {
@@ -502,11 +515,11 @@
 ### MULE-401: HTTP Request Missing User-Agent
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
-| **Category** | HTTP |
-| **Fixable** | No |
+| **Category** | HTTP    |
+| **Fixable**  | No      |
 **Description:** All HTTP requests should include a `User-Agent` header for API identification.
@@ -514,11 +527,11 @@
 ### MULE-402: HTTP Request Missing Content-Type
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
-| **Category** | HTTP |
-| **Fixable** | No |
+| **Category** | HTTP    |
+| **Fixable**  | No      |
 **Description:** POST/PUT HTTP requests should include a `Content-Type` header.
@@ -526,11 +539,11 @@
 ### MULE-403: HTTP Request Timeout
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
-| **Category** | HTTP |
-| **Fixable** | No |
+| **Category** | HTTP    |
+| **Fixable**  | No      |
 **Description:** HTTP requests should have explicit timeout configuration.
@@ -544,11 +557,11 @@
 ### MULE-501: Scatter-Gather Routes
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value       |
+| ------------ | ----------- |
+| **Severity** | Info        |
 | **Category** | Performance |
-| **Fixable** | No |
+| **Fixable**  | No          |
 **Description:** Scatter-gather with many routes may cause memory issues. Consider limiting routes.
@@ -556,11 +569,11 @@
 ### MULE-502: Async Without Error Handler
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value       |
+| ------------ | ----------- |
+| **Severity** | Warning     |
 | **Category** | Performance |
-| **Fixable** | No |
+| **Fixable**  | No          |
 **Description:** Async scopes should have their own error handling since they don't propagate errors to the parent flow.
@@ -570,11 +583,11 @@
 ### MULE-503: Large Choice Blocks
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value       |
+| ------------ | ----------- |
+| **Severity** | Warning     |
 | **Category** | Performance |
-| **Fixable** | No |
+| **Fixable**  | No          |
 **Description:** Choice blocks with many when clauses should be refactored to DataWeave lookups or routing slip pattern.
@@ -582,17 +595,18 @@
 ### PERF-002: Connection Pooling
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value       |
+| ------------ | ----------- |
+| **Severity** | Warning     |
 | **Category** | Performance |
-| **Fixable** | No |
+| **Fixable**  | No          |
 **Description:** DB and HTTP connectors should configure connection pools for optimal performance and resource management.
 **Check Logic:** Flags HTTP request configs missing `maxConnections`/`connectionIdleTimeout` and DB configs missing `pooling-profile`.
 **Example:**
 ```xml
 <!-- ✅ Good - HTTP with pooling -->
 <http:request-config name="API_Config" maxConnections="20" connectionIdleTimeout="30000"/>
@@ -607,17 +621,18 @@
 ### RES-001: Reconnection Strategy
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value       |
+| ------------ | ----------- |
+| **Severity** | Warning     |
 | **Category** | Performance |
-| **Fixable** | No |
+| **Fixable**  | No          |
 **Description:** Connectors should have reconnection strategies configured for resilience.
 **Checked Connectors:** HTTP Request, HTTP Listener, JMS, AMQP, SFTP, FTP, VM, Database
 **Example:**
 ```xml
 <!-- ✅ Good -->
 <http:request-config name="API_Config">
@@ -637,11 +652,11 @@
 ### MULE-601: Flow Missing Description
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value         |
+| ------------ | ------------- |
+| **Severity** | Info          |
 | **Category** | Documentation |
-| **Fixable** | No |
+| **Fixable**  | No            |
 **Description:** Flows should have a `doc:description` attribute for documentation.
@@ -649,11 +664,11 @@
 ### MULE-604: Missing doc:name
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value         |
+| ------------ | ------------- |
+| **Severity** | Warning       |
 | **Category** | Documentation |
-| **Fixable** | No |
+| **Fixable**  | No            |
 **Description:** Key components (logger, set-variable, transform, etc.) should have `doc:name` for Anypoint Studio visibility.
@@ -661,17 +676,18 @@
 ### DOC-001: Display Name Enforcement
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value         |
+| ------------ | ------------- |
+| **Severity** | Info          |
 | **Category** | Documentation |
-| **Fixable** | No |
+| **Fixable**  | No            |
 **Description:** Key components should have meaningful `doc:name` attributes, not default/generic names.
 **Flagged Defaults:** `Set Payload`, `Set Variable`, `Transform Message`, `Flow Reference`, `Logger`, `Choice`
 **Example:**
 ```xml
 <!-- ❌ Bad - generic default name -->
 <set-payload doc:name="Set Payload" value="#[output application/json --- {}]"/>
@@ -686,11 +702,11 @@
 ### MULE-008: Choice Anti-Pattern
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Avoid using `raise-error` directly inside `choice/otherwise`. Use a more descriptive error type.
@@ -698,11 +714,11 @@
 ### MULE-010: DWL Standards File
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Info      |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Project should have a standard error DataWeave file at `src/main/resources/dwl/standard-error.dwl`.
@@ -710,11 +726,11 @@
 ### MULE-701: Deprecated Component Usage
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Detect usage of deprecated Mule components.
@@ -722,17 +738,18 @@
 ### OPS-001: Auto-Discovery Configuration
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Info      |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** APIs should have auto-discovery configured for API Manager integration.
 **Check Logic:** Flags API projects (those with APIKit router) that are missing `<api-gateway:autodiscovery>`. Also verifies that `apiId` uses a property placeholder.
 **Example:**
 ```xml
 <!-- ✅ Good -->
 <api-gateway:autodiscovery apiId="${api.id}" flowRef="api-main"/>
@@ -742,15 +759,16 @@
 ### OPS-002: HTTP Port Placeholder
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** HTTP listener ports should use property placeholders, not hardcoded values.
 **Example:**
 ```xml
 <!-- ❌ Bad -->
 <http:listener-config port="8081"/>
@@ -763,15 +781,16 @@
 ### OPS-003: Externalized Cron Expression
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Cron expressions in schedulers should use property placeholders to allow environment-specific scheduling.
 **Example:**
 ```xml
 <!-- ❌ Bad -->
 <scheduling-strategy>
@@ -788,11 +807,11 @@
 ### API-005: APIKit Validation
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Info      |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** APIs should use APIKit for auto-generated implementation interfaces.
@@ -808,11 +827,11 @@
 ### MULE-801: Flow Complexity
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value      |
+| ------------ | ---------- |
+| **Severity** | Warning    |
 | **Category** | Complexity |
-| **Fixable** | No |
+| **Fixable**  | No         |
 **Description:** Flow cyclomatic complexity should not exceed threshold.
@@ -831,6 +850,7 @@
 | `<on-error-*>` | Error handlers |
 **Configuration:**
 ```json
 {
   "MULE-801": {
@@ -850,19 +870,21 @@
 ### MULE-802: Project Structure
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Structure |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Validate standard MuleSoft project folder structure.
 **Required Directories:**
 - `src/main/mule`
 - `src/main/resources`
 **Recommended Directories:**
 - `src/main/resources/dwl`
 - `src/main/resources/api`
 - `src/test/munit`
@@ -871,11 +893,11 @@
 ### MULE-803: Global Config File
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Structure |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Project should have `global.xml` with shared configurations (HTTP listeners, error handlers, etc.).
@@ -883,11 +905,11 @@
 ### MULE-804: Monolithic XML File
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Structure |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** XML files should not exceed 10 flows/sub-flows. Split large files by domain.
@@ -899,15 +921,16 @@
 ### YAML-001: Environment Properties Files
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Environment-specific YAML property files should exist for each environment.
 **Expected Files:**
 - `dev.yaml` or `config-dev.yaml`
 - `qa.yaml` or `config-qa.yaml`
 - `prod.yaml` or `config-prod.yaml`
@@ -916,15 +939,16 @@
 ### YAML-003: Property Naming Convention
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Info      |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Property keys should follow `category.property` format.
 **Examples:**
 ```yaml
 # ✅ Good
 db.host: localhost
@@ -939,15 +963,16 @@ ApiTimeout: 30000
 ### YAML-004: No Plaintext Secrets
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value    |
+| ------------ | -------- |
+| **Severity** | Error    |
 | **Category** | Security |
-| **Fixable** | No |
+| **Fixable**  | No       |
 **Description:** Sensitive properties (passwords, keys, secrets) should be encrypted with `![...]` syntax.
 **Example:**
 ```yaml
 # ❌ Bad - plaintext secret
 db.password: mySecretPassword
@@ -964,11 +989,11 @@ db.password: "![encryptedValue]"
 ### DW-001: External DWL for Complex Transforms
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | DataWeave |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Complex DataWeave (10+ lines) should be externalized to `.dwl` files.
@@ -976,11 +1001,11 @@ db.password: "![encryptedValue]"
 ### DW-002: DWL File Naming
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Info      |
 | **Category** | DataWeave |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** DataWeave files should use kebab-case naming (`my-transform.dwl`).
@@ -988,11 +1013,11 @@ db.password: "![encryptedValue]"
 ### DW-003: DWL Modules
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Info      |
 | **Category** | DataWeave |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Project should have common reusable DataWeave modules (`common.dwl`, `utils.dwl`).
@@ -1000,24 +1025,25 @@ db.password: "![encryptedValue]"
 ### DW-004: Java 17 DataWeave Error Handling
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Error     |
 | **Category** | DataWeave |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Enforces DataWeave error handling patterns compatible with Java 17 encapsulation. Detects restricted property access patterns that fail at runtime on Java 17.
 **Forbidden Patterns & Replacements:**
-| Forbidden | Replacement |
-|-----------|-------------|
-| `error.description` | `error.detailedDescription` |
+| Forbidden                  | Replacement                                                      |
+| -------------------------- | ---------------------------------------------------------------- |
+| `error.description`        | `error.detailedDescription`                                      |
 | `error.errorType.asString` | `error.errorType.namespace ++ ":" ++ error.errorType.identifier` |
-| `error.muleMessage` | `error.errorMessage` |
-| `error.errors` | `error.childErrors` |
+| `error.muleMessage`        | `error.errorMessage`                                             |
+| `error.errors`             | `error.childErrors`                                              |
 **Example:**
 ```dataweave
 // ❌ Bad - restricted in Java 17
 error.description
@@ -1033,17 +1059,18 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ## API-Led Rules
 > **Best Practice**: Follow API-Led Connectivity architecture with clear layer separation:
+>
 > - **Experience Layer**: Channel-specific APIs (web, mobile)
 > - **Process Layer**: Orchestration and business logic
 > - **System Layer**: Backend system connectivity
 ### API-001: Experience Layer Pattern
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value   |
+| ------------ | ------- |
+| **Severity** | Info    |
 | **Category** | API-Led |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** Experience layer APIs (with `-exp-` in name) should have HTTP listeners as entry points.
@@ -1051,11 +1078,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### API-002: Process Layer Pattern
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value   |
+| ------------ | ------- |
+| **Severity** | Info    |
 | **Category** | API-Led |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** Process layer APIs (with `-proc-` in name) should orchestrate other APIs via flow-refs or HTTP requests.
@@ -1063,11 +1090,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### API-003: System Layer Pattern
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value   |
+| ------------ | ------- |
+| **Severity** | Info    |
 | **Category** | API-Led |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** System layer APIs (with `-sys-` in name) should connect to external systems (databases, HTTP services).
@@ -1075,11 +1102,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### API-004: Single System Per SAPI
-| Property | Value |
-|----------|-------|
+| Property     | Value   |
+| ------------ | ------- |
 | **Severity** | Warning |
 | **Category** | API-Led |
-| **Fixable** | No |
+| **Fixable**  | No      |
 **Description:** System API should integrate with only one backend system. This promotes clear separation of concerns, easier maintenance, better reusability, and simplified error handling.
@@ -1093,11 +1120,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### HYG-002: Commented Code Detection
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Info      |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Detects potentially commented-out code blocks in Mule configurations.
@@ -1109,15 +1136,16 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### HYG-003: Unused Flow Detection
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Standards |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Detects flows and sub-flows that are never referenced by `flow-ref` within the same file.
 **Check Logic:**
 - **Sub-flows**: Always expected to be referenced; flagged if no `flow-ref` points to them.
 - **Flows without triggers**: Flows that have no HTTP listener, scheduler, or VM listener and aren't referenced are flagged.
 - **Exclusions**: Flows matching common external patterns (`-main`, `-api`, `api-`, `-console`, `-error-handler`, `global`) are excluded.
@@ -1128,15 +1156,16 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### PROJ-001: POM Validation
-| Property | Value |
-|----------|-------|
-| **Severity** | Error |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Error     |
 | **Category** | Structure |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Validates `pom.xml` existence and critical plugins.
 **Checks:**
 1. `pom.xml` exists in project root
 2. Contains `mule-maven-plugin` in build configuration
 3. Contains `munit-maven-plugin` if test files exist
@@ -1145,11 +1174,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### PROJ-002: Git Hygiene
-| Property | Value |
-|----------|-------|
-| **Severity** | Warning |
+| Property     | Value     |
+| ------------ | --------- |
+| **Severity** | Warning   |
 | **Category** | Structure |
-| **Fixable** | No |
+| **Fixable**  | No        |
 **Description:** Validates `.gitignore` existence and standard entries in git repositories.
@@ -1163,11 +1192,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### EXP-001: Flow Reference Depth
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value        |
+| ------------ | ------------ |
+| **Severity** | Info         |
 | **Category** | Experimental |
-| **Fixable** | No |
+| **Fixable**  | No           |
 **Description:** Limit the number of flow-refs in a single flow to avoid deep call chains.
@@ -1175,11 +1204,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### EXP-002: Connector Config Naming
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value        |
+| ------------ | ------------ |
+| **Severity** | Info         |
 | **Category** | Experimental |
-| **Fixable** | No |
+| **Fixable**  | No           |
 **Description:** Connector configurations should follow `Convention_Type` pattern (e.g., `HTTP_Request_Config`).
@@ -1187,11 +1216,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ### EXP-003: MUnit Coverage
-| Property | Value |
-|----------|-------|
-| **Severity** | Info |
+| Property     | Value        |
+| ------------ | ------------ |
+| **Severity** | Info         |
 | **Category** | Experimental |
-| **Fixable** | No |
+| **Fixable**  | No           |
 **Description:** Flows should have corresponding MUnit tests in `src/test/munit`.
@@ -1199,11 +1228,11 @@ error.errorType.namespace ++ ":" ++ error.errorType.identifier
 ## Rule Priority Matrix
-| Severity | Count | Rules |
-|----------|-------|-------|
-| Error | 10 | MULE-001, 003, 004, 201, 202, SEC-002, SEC-006, LOG-004, DW-004, YAML-004, PROJ-001 |
-| Warning | 25 | MULE-002, 005, 006, 007, 008, 009, 101, 102, 301, 303, 401, 402, 403, 502, 503, 604, 701, 801, 802, 803, 804, SEC-003, SEC-004, PERF-002, RES-001, OPS-002, OPS-003, HYG-001, HYG-003, API-004, PROJ-002 |
-| Info | 21 | MULE-010, 501, 601, YAML-001, 003, DW-001, 002, 003, API-001, 002, 003, 005, EXP-001, 002, 003, ERR-001, LOG-001, OPS-001, DOC-001, HYG-002 |
+| Severity | Count | Rules                                                                                                                                                                                                    |
+| -------- | ----- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Error    | 10    | MULE-001, 003, 004, 201, 202, SEC-002, SEC-006, LOG-004, DW-004, YAML-004, PROJ-001                                                                                                                      |
+| Warning  | 25    | MULE-002, 005, 006, 007, 008, 009, 101, 102, 301, 303, 401, 402, 403, 502, 503, 604, 701, 801, 802, 803, 804, SEC-003, SEC-004, PERF-002, RES-001, OPS-002, OPS-003, HYG-001, HYG-003, API-004, PROJ-002 |
+| Info     | 21    | MULE-010, 501, 601, YAML-001, 003, DW-001, 002, 003, API-001, 002, 003, 005, EXP-001, 002, 003, ERR-001, LOG-001, OPS-001, DOC-001, HYG-002                                                              |
 ---