@sfdxy/mule-lint 1.20.0 → 1.22.0

package/dist/src/mcp/resources/index.js

@@ -76,68 +76,166 @@ function registerRulesResource(server) {
 }
 /**
  * Resource: mule-lint://docs/{slug}
- * Access official MuleSoft development best practices documentation
+ * Access official MuleSoft development best practices documentation.
+ *
+ * Each slug maps to a focused, self-contained guide optimized for LLM consumption.
+ * Guides are typically < 200 lines and cover a single topic with decision matrices,
+ * code examples, anti-patterns, and checklists.
  */
 function registerDocsResource(server) {
     server.registerResource('docs', new mcp_js_1.ResourceTemplate('mule-lint://docs/{slug}', {
         list: () => {
             return {
                 resources: [
+                    // ── Core Development ──
                     {
-                        uri: 'mule-lint://docs/architecture',
-                        name: 'Architecture',
+                        uri: 'mule-lint://docs/error-handling',
+                        name: 'Error Handling',
+                        description: 'Global error handlers, HTTP vs event-driven patterns, connector error types, centralized CRM error log objects, self-healing error flows',
                         mimeType: 'text/markdown',
                     },
                     {
-                        uri: 'mule-lint://docs/best-practices',
-                        name: 'Best Practices',
+                        uri: 'mule-lint://docs/variables',
+                        name: 'Variable Contracts',
+                        description: 'Standard variable sets for APIKit routes and event listeners, correlation ID sourcing, array mirroring',
                         mimeType: 'text/markdown',
                     },
                     {
-                        uri: 'mule-lint://docs/documentation-standards',
-                        name: 'Documentation Standards',
+                        uri: 'mule-lint://docs/logging',
+                        name: 'Logging Standards',
+                        description: 'Logger categories, structured JSON logging, MDC/tracing module, PII prevention, log levels',
+                        mimeType: 'text/markdown',
+                    },
+                    {
+                        uri: 'mule-lint://docs/security',
+                        name: 'Security',
+                        description: 'Secure properties, TLS 1.2+, credential management, zero-trust architecture, input validation',
+                        mimeType: 'text/markdown',
+                    },
+                    {
+                        uri: 'mule-lint://docs/performance',
+                        name: 'Performance',
+                        description: 'Timeouts, connection pooling, async error handling, streaming, flow complexity limits, pre-batch bulk lookup (N+1 prevention with scatter-gather + groupBy)',
+                        mimeType: 'text/markdown',
+                    },
+                    // ── Architecture & Patterns ──
+                    {
+                        uri: 'mule-lint://docs/event-driven',
+                        name: 'Event-Driven Patterns',
+                        description: 'Platform Events, Anypoint MQ, VM Queue Dispatcher, scheduler watermarking with ObjectStore, deferred task polling, AsyncAPI 2.6, deduplication',
                         mimeType: 'text/markdown',
                     },
-                    { uri: 'mule-lint://docs/extending', name: 'Extending', mimeType: 'text/markdown' },
+                    {
+                        uri: 'mule-lint://docs/connectors',
+                        name: 'Connector Patterns',
+                        description: 'Entity config YAML pattern, Salesforce/NetSuite connector gotchas, protocol negotiation, ObjectStore caching, DWL utility modules',
+                        mimeType: 'text/markdown',
+                    },
+                    {
+                        uri: 'mule-lint://docs/dataweave',
+                        name: 'DataWeave Patterns',
+                        description: 'DWL modules, type coercion for connectors, cross-system value mapping (4 strategies: DWL, JSON dictionary, bidirectional, external), import path rules',
+                        mimeType: 'text/markdown',
+                    },
+                    // ── Project & Operations ──
                     {
                         uri: 'mule-lint://docs/folder-structure',
                         name: 'Folder Structure',
+                        description: 'Standard Maven layout for Mule 4 projects, file naming, directory organization',
                         mimeType: 'text/markdown',
                     },
                     {
-                        uri: 'mule-lint://docs/naming',
-                        name: 'Naming Conventions',
+                        uri: 'mule-lint://docs/documentation-standards',
+                        name: 'Documentation Standards',
+                        description: 'Flow doc:description, README templates, DataWeave comments, commit message conventions',
+                        mimeType: 'text/markdown',
+                    },
+                    {
+                        uri: 'mule-lint://docs/testing',
+                        name: 'Testing (MUnit)',
+                        description: 'MUnit test structure, error scenario testing, event-driven testing, coverage goals',
+                        mimeType: 'text/markdown',
+                    },
+                    {
+                        uri: 'mule-lint://docs/ci-cd',
+                        name: 'CI/CD Integration',
+                        description: 'Pipeline stages, mule-lint integration, quality gates, SARIF output, GitHub Actions',
+                        mimeType: 'text/markdown',
+                    },
+                    {
+                        uri: 'mule-lint://docs/deployment',
+                        name: 'Deployment & Modernization (2026)',
+                        description: 'CloudHub 2.0, Java 17 migration, Anypoint Code Builder, API Governance, monitoring',
+                        mimeType: 'text/markdown',
+                    },
+                    // ── Reference ──
+                    {
+                        uri: 'mule-lint://docs/best-practices',
+                        name: 'Best Practices Index',
+                        description: 'Master index linking to all topic-specific guides with quick reference card and API-Led overview',
                         mimeType: 'text/markdown',
                     },
                     {
                         uri: 'mule-lint://docs/rules-catalog',
                         name: 'Rules Catalog',
+                        description: 'Complete reference for all 82 lint rules with severity, examples, and configuration options',
+                        mimeType: 'text/markdown',
+                    },
+                    // ── Linter Internals (for contributors) ──
+                    {
+                        uri: 'mule-lint://docs/architecture',
+                        name: 'Linter Architecture',
+                        description: 'Internal linter design, patterns, and data flow (for contributors)',
+                        mimeType: 'text/markdown',
+                    },
+                    {
+                        uri: 'mule-lint://docs/extending',
+                        name: 'Extending the Linter',
+                        description: 'How to create custom rules and extend mule-lint (for contributors)',
                         mimeType: 'text/markdown',
                     },
                 ],
             };
         },
     }), {
-        description: 'Access the official MuleSoft development best practices and internal documentation. Read these documents to ensure your generated code aligns with our architectural standards, naming conventions, and project structure.',
+        description: 'Access MuleSoft development best practices and linter documentation. Each slug maps to a focused topic guide. Start by listing available resources, then read the guides relevant to your current task. For example, read "error-handling" when implementing error handlers, or "connectors" when configuring Salesforce/NetSuite connectors.',
         mimeType: 'text/markdown',
     }, (uri, variables) => {
         const slug = variables.slug;
+        // Map slugs to file paths — topic-specific best practices + linter docs
         const docsMap = {
-            architecture: 'docs/linter/architecture.md',
-            'best-practices': 'docs/best-practices/mulesoft-best-practices.md',
+            // Core Development
+            'error-handling': 'docs/best-practices/error-handling.md',
+            variables: 'docs/best-practices/variable-contracts.md',
+            logging: 'docs/best-practices/logging.md',
+            security: 'docs/best-practices/security.md',
+            performance: 'docs/best-practices/performance.md',
+            // Architecture & Patterns
+            'event-driven': 'docs/best-practices/event-driven-patterns.md',
+            connectors: 'docs/best-practices/connector-patterns.md',
+            dataweave: 'docs/best-practices/dataweave-patterns.md',
+            // Project & Operations
+            'folder-structure': 'docs/best-practices/folder-structure.md',
             'documentation-standards': 'docs/best-practices/documentation-standards.md',
+            testing: 'docs/best-practices/testing.md',
+            'ci-cd': 'docs/best-practices/ci-cd.md',
+            deployment: 'docs/best-practices/deployment-2026.md',
+            // Reference
+            'best-practices': 'docs/best-practices/mulesoft-best-practices.md',
+            'rules-catalog': 'docs/best-practices/rules-catalog.md',
+            // Linter Internals — keep for contributors
+            architecture: 'docs/linter/architecture.md',
             extending: 'docs/linter/extending.md',
-            'folder-structure': 'docs/best-practices/folder-structure.md',
             naming: 'docs/linter/naming-conventions.md',
-            'rules-catalog': 'docs/best-practices/rules-catalog.md',
         };
         const relativePath = docsMap[slug];
         if (!relativePath) {
+            const available = Object.keys(docsMap).join(', ');
             return {
                 contents: [
                     {
                         uri: uri.href,
-                        text: `Document not found: ${slug}. Available: ${Object.keys(docsMap).join(', ')}`,
+                        text: `Document not found: "${slug}". Available slugs: ${available}`,
                         mimeType: 'text/plain',
                     },
                 ],

package/dist/src/mcp/resources/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/mcp/resources/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,8CAGC;AAbD,oEAAsF;AAEtF,8CAAoD;AACpD,uCAAwC;AACxC,2CAA6B;AAC7B,uCAAyB;AAEzB;;GAEG;AACH,SAAgB,iBAAiB,CAAC,MAAiB;IACjD,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC9B,oBAAoB,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAAiB;IAC9C,MAAM,CAAC,gBAAgB,CACrB,OAAO,EACP,mBAAmB,EACnB;QACE,WAAW,EACT,2LAA2L;QAC7L,QAAQ,EAAE,kBAAkB;KAC7B,EACD,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,SAAS,GAAG,iBAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtC,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,SAAS,EAAE,CAAC,CAAC,SAAS,IAAI,YAAY;YACtC,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;oBACxC,QAAQ,EAAE,kBAAkB;iBAC7B;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,MAAiB;IAC7C,MAAM,CAAC,gBAAgB,CACrB,MAAM,EACN,IAAI,yBAAgB,CAAC,yBAAyB,EAAE;QAE9C,IAAI,EAAE,GAAG,EAAE;YACT,OAAO;gBACL,SAAS,EAAE;oBACT;wBACE,GAAG,EAAE,+BAA+B;wBACpC,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,iCAAiC;wBACtC,IAAI,EAAE,gBAAgB;wBACtB,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,0CAA0C;wBAC/C,IAAI,EAAE,yBAAyB;wBAC/B,QAAQ,EAAE,eAAe;qBAC1B;oBACD,EAAE,GAAG,EAAE,4BAA4B,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,eAAe,EAAE;oBACnF;wBACE,GAAG,EAAE,mCAAmC;wBACxC,IAAI,EAAE,kBAAkB;wBACxB,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,yBAAyB;wBAC9B,IAAI,EAAE,oBAAoB;wBAC1B,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,gCAAgC;wBACrC,IAAI,EAAE,eAAe;wBACrB,QAAQ,EAAE,eAAe;qBAC1B;iBACF;aACF,CAAC;QACJ,CAAC;KACF,CAAC,EACF;QACE,WAAW,EACT,4NAA4N;QAC9N,QAAQ,EAAE,eAAe;KAC1B,EACD,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;QACjB,MAAM,IAAI,GAAG,SAAS,CAAC,IAAc,CAAC;QACtC,MAAM,OAAO,GAA2B;YACtC,YAAY,EAAE,6BAA6B;YAC3C,gBAAgB,EAAE,gDAAgD;YAClE,yBAAyB,EAAE,gDAAgD;YAC3E,SAAS,EAAE,0BAA0B;YACrC,kBAAkB,EAAE,yCAAyC;YAC7D,MAAM,EAAE,mCAAmC;YAC3C,eAAe,EAAE,sCAAsC;SACxD,CAAC;QAEF,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG,EAAE,GAAG,CAAC,IAAI;wBACb,IAAI,EAAE,uBAAuB,IAAI,gBAAgB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;wBAClF,QAAQ,EAAE,YAAY;qBACvB;iBACF;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,uEAAuE;YACvE,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;YACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;YAC/D,CAAC;YAED,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,GAAG,CAAC,IAAI;4BACb,IAAI,EAAE,OAAO;4BACb,QAAQ,EAAE,eAAe;yBAC1B;qBACF;iBACF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,GAAG,CAAC,IAAI;4BACb,IAAI,EAAE,+BAA+B,OAAO,EAAE;4BAC9C,QAAQ,EAAE,YAAY;yBACvB;qBACF;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG,EAAE,GAAG,CAAC,IAAI;wBACb,IAAI,EAAE,2BAA2B,IAAA,wBAAe,EAAC,KAAK,CAAC,EAAE;wBACzD,QAAQ,EAAE,YAAY;qBACvB;iBACF;aACF,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/mcp/resources/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,8CAGC;AAbD,oEAAsF;AAEtF,8CAAoD;AACpD,uCAAwC;AACxC,2CAA6B;AAC7B,uCAAyB;AAEzB;;GAEG;AACH,SAAgB,iBAAiB,CAAC,MAAiB;IACjD,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC9B,oBAAoB,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAAiB;IAC9C,MAAM,CAAC,gBAAgB,CACrB,OAAO,EACP,mBAAmB,EACnB;QACE,WAAW,EACT,2LAA2L;QAC7L,QAAQ,EAAE,kBAAkB;KAC7B,EACD,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,SAAS,GAAG,iBAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtC,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,SAAS,EAAE,CAAC,CAAC,SAAS,IAAI,YAAY;YACtC,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;oBACxC,QAAQ,EAAE,kBAAkB;iBAC7B;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAAC,MAAiB;IAC7C,MAAM,CAAC,gBAAgB,CACrB,MAAM,EACN,IAAI,yBAAgB,CAAC,yBAAyB,EAAE;QAC9C,IAAI,EAAE,GAAG,EAAE;YACT,OAAO;gBACL,SAAS,EAAE;oBACT,yBAAyB;oBACzB;wBACE,GAAG,EAAE,iCAAiC;wBACtC,IAAI,EAAE,gBAAgB;wBACtB,WAAW,EACT,0IAA0I;wBAC5I,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,4BAA4B;wBACjC,IAAI,EAAE,oBAAoB;wBAC1B,WAAW,EACT,wGAAwG;wBAC1G,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,0BAA0B;wBAC/B,IAAI,EAAE,mBAAmB;wBACzB,WAAW,EACT,4FAA4F;wBAC9F,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,2BAA2B;wBAChC,IAAI,EAAE,UAAU;wBAChB,WAAW,EACT,+FAA+F;wBACjG,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,8BAA8B;wBACnC,IAAI,EAAE,aAAa;wBACnB,WAAW,EACT,6JAA6J;wBAC/J,QAAQ,EAAE,eAAe;qBAC1B;oBACD,gCAAgC;oBAChC;wBACE,GAAG,EAAE,+BAA+B;wBACpC,IAAI,EAAE,uBAAuB;wBAC7B,WAAW,EACT,gJAAgJ;wBAClJ,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,6BAA6B;wBAClC,IAAI,EAAE,oBAAoB;wBAC1B,WAAW,EACT,mIAAmI;wBACrI,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,4BAA4B;wBACjC,IAAI,EAAE,oBAAoB;wBAC1B,WAAW,EACT,wJAAwJ;wBAC1J,QAAQ,EAAE,eAAe;qBAC1B;oBACD,6BAA6B;oBAC7B;wBACE,GAAG,EAAE,mCAAmC;wBACxC,IAAI,EAAE,kBAAkB;wBACxB,WAAW,EACT,gFAAgF;wBAClF,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,0CAA0C;wBAC/C,IAAI,EAAE,yBAAyB;wBAC/B,WAAW,EACT,wFAAwF;wBAC1F,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,0BAA0B;wBAC/B,IAAI,EAAE,iBAAiB;wBACvB,WAAW,EACT,oFAAoF;wBACtF,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,wBAAwB;wBAC7B,IAAI,EAAE,mBAAmB;wBACzB,WAAW,EACT,qFAAqF;wBACvF,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,6BAA6B;wBAClC,IAAI,EAAE,mCAAmC;wBACzC,WAAW,EACT,oFAAoF;wBACtF,QAAQ,EAAE,eAAe;qBAC1B;oBACD,kBAAkB;oBAClB;wBACE,GAAG,EAAE,iCAAiC;wBACtC,IAAI,EAAE,sBAAsB;wBAC5B,WAAW,EACT,kGAAkG;wBACpG,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,gCAAgC;wBACrC,IAAI,EAAE,eAAe;wBACrB,WAAW,EACT,6FAA6F;wBAC/F,QAAQ,EAAE,eAAe;qBAC1B;oBACD,4CAA4C;oBAC5C;wBACE,GAAG,EAAE,+BAA+B;wBACpC,IAAI,EAAE,qBAAqB;wBAC3B,WAAW,EAAE,oEAAoE;wBACjF,QAAQ,EAAE,eAAe;qBAC1B;oBACD;wBACE,GAAG,EAAE,4BAA4B;wBACjC,IAAI,EAAE,sBAAsB;wBAC5B,WAAW,EAAE,oEAAoE;wBACjF,QAAQ,EAAE,eAAe;qBAC1B;iBACF;aACF,CAAC;QACJ,CAAC;KACF,CAAC,EACF;QACE,WAAW,EACT,+UAA+U;QACjV,QAAQ,EAAE,eAAe;KAC1B,EACD,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;QACjB,MAAM,IAAI,GAAG,SAAS,CAAC,IAAc,CAAC;QAEtC,wEAAwE;QACxE,MAAM,OAAO,GAA2B;YACtC,mBAAmB;YACnB,gBAAgB,EAAE,uCAAuC;YACzD,SAAS,EAAE,2CAA2C;YACtD,OAAO,EAAE,gCAAgC;YACzC,QAAQ,EAAE,iCAAiC;YAC3C,WAAW,EAAE,oCAAoC;YAEjD,0BAA0B;YAC1B,cAAc,EAAE,8CAA8C;YAC9D,UAAU,EAAE,2CAA2C;YACvD,SAAS,EAAE,2CAA2C;YAEtD,uBAAuB;YACvB,kBAAkB,EAAE,yCAAyC;YAC7D,yBAAyB,EAAE,gDAAgD;YAC3E,OAAO,EAAE,gCAAgC;YACzC,OAAO,EAAE,8BAA8B;YACvC,UAAU,EAAE,wCAAwC;YAEpD,YAAY;YACZ,gBAAgB,EAAE,gDAAgD;YAClE,eAAe,EAAE,sCAAsC;YAEvD,2CAA2C;YAC3C,YAAY,EAAE,6BAA6B;YAC3C,SAAS,EAAE,0BAA0B;YACrC,MAAM,EAAE,mCAAmC;SAC5C,CAAC;QAEF,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG,EAAE,GAAG,CAAC,IAAI;wBACb,IAAI,EAAE,wBAAwB,IAAI,uBAAuB,SAAS,EAAE;wBACpE,QAAQ,EAAE,YAAY;qBACvB;iBACF;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,uEAAuE;YACvE,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;YACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;YAC/D,CAAC;YAED,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,GAAG,CAAC,IAAI;4BACb,IAAI,EAAE,OAAO;4BACb,QAAQ,EAAE,eAAe;yBAC1B;qBACF;iBACF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,GAAG,CAAC,IAAI;4BACb,IAAI,EAAE,+BAA+B,OAAO,EAAE;4BAC9C,QAAQ,EAAE,YAAY;yBACvB;qBACF;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG,EAAE,GAAG,CAAC,IAAI;wBACb,IAAI,EAAE,2BAA2B,IAAA,wBAAe,EAAC,KAAK,CAAC,EAAE;wBACzD,QAAQ,EAAE,YAAY;qBACvB;iBACF;aACF,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/src/mcp/tools/getRuleDetails.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getRuleDetails.d.ts","sourceRoot":"","sources":["../../../../src/mcp/tools/getRuleDetails.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAIpE;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA4C9D"}
+{"version":3,"file":"getRuleDetails.d.ts","sourceRoot":"","sources":["../../../../src/mcp/tools/getRuleDetails.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA4BpE;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAmD9D"}

package/dist/src/mcp/tools/getRuleDetails.js

@@ -3,12 +3,35 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerGetRuleDetails = registerGetRuleDetails;
 const zod_1 = require("zod");
 const rules_1 = require("../../rules");
+/**
+ * Mapping from rule category to the best-practice doc slug.
+ * Used by get_rule_details to point agents at the relevant guide.
+ */
+const categoryToDocSlug = {
+    'error-handling': 'error-handling',
+    naming: 'variables',
+    security: 'security',
+    logging: 'logging',
+    http: 'performance',
+    performance: 'performance',
+    documentation: 'documentation-standards',
+    standards: 'best-practices',
+    complexity: 'performance',
+    structure: 'folder-structure',
+    yaml: 'security',
+    dataweave: 'dataweave',
+    'api-led': 'best-practices',
+    connector: 'connectors',
+    governance: 'ci-cd',
+    operations: 'ci-cd',
+    experimental: 'best-practices',
+};
 /**
  * Register the get_rule_details tool on the MCP server
  */
 function registerGetRuleDetails(server) {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any -- MCP SDK generic type inference exceeds TS depth limits (TS2589)
-    server.tool('get_rule_details', 'Retrieve detailed documentation for a specific linting rule ID (e.g., MULE-001). Use this to understand WHY a rule failed and HOW to fix it properly according to best practices.', {
+    server.tool('get_rule_details', 'Retrieve detailed documentation for a specific linting rule ID (e.g., MULE-001). Use this to understand WHY a rule failed and HOW to fix it properly according to best practices. Returns rule metadata, the relevant best-practice guide slug, and related rules.', {
         ruleId: zod_1.z.string().describe('The ID of the rule to retrieve (e.g., "MULE-001", "DW-004")'),
     }, ({ ruleId }) => {
         const rule = (0, rules_1.getRuleById)(ruleId);
@@ -23,6 +46,7 @@ function registerGetRuleDetails(server) {
                 isError: true,
             };
         }
+        const docSlug = categoryToDocSlug[rule.category] || 'best-practices';
         return {
             content: [
                 {
@@ -35,6 +59,11 @@ function registerGetRuleDetails(server) {
                         severity: rule.severity,
                         issueType: rule.issueType ?? 'code-smell',
                         docsUrl: rule.docsUrl,
+                        bestPracticeGuide: {
+                            slug: docSlug,
+                            uri: `mule-lint://docs/${docSlug}`,
+                            hint: `Read the "${docSlug}" resource for detailed patterns, code examples, and checklists related to this rule.`,
+                        },
                     }, null, 2),
                 },
             ],

package/dist/src/mcp/tools/getRuleDetails.js.map

@@ -1 +1 @@
-{"version":3,"file":"getRuleDetails.js","sourceRoot":"","sources":["../../../../src/mcp/tools/getRuleDetails.ts"],"names":[],"mappings":";;AAQA,wDA4CC;AApDD,6BAAwB;AAGxB,uCAA0C;AAE1C;;GAEG;AACH,SAAgB,sBAAsB,CAAC,MAAiB;IACtD,iIAAiI;IAChI,MAAc,CAAC,IAAI,CAClB,kBAAkB,EAClB,mLAAmL,EACnL;QACE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;KAC3F,EACD,CAAC,EAAE,MAAM,EAAsB,EAAE,EAAE;QACjC,MAAM,IAAI,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,mBAAmB,MAAM,EAAE;qBAClC;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;wBACE,EAAE,EAAE,IAAI,CAAC,EAAE;wBACX,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,YAAY;wBACzC,OAAO,EAAE,IAAI,CAAC,OAAO;qBACtB,EACD,IAAI,EACJ,CAAC,CACF;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"getRuleDetails.js","sourceRoot":"","sources":["../../../../src/mcp/tools/getRuleDetails.ts"],"names":[],"mappings":";;AAgCA,wDAmDC;AAnFD,6BAAwB;AAGxB,uCAA0C;AAE1C;;;GAGG;AACH,MAAM,iBAAiB,GAA2B;IAChD,gBAAgB,EAAE,gBAAgB;IAClC,MAAM,EAAE,WAAW;IACnB,QAAQ,EAAE,UAAU;IACpB,OAAO,EAAE,SAAS;IAClB,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,aAAa;IAC1B,aAAa,EAAE,yBAAyB;IACxC,SAAS,EAAE,gBAAgB;IAC3B,UAAU,EAAE,aAAa;IACzB,SAAS,EAAE,kBAAkB;IAC7B,IAAI,EAAE,UAAU;IAChB,SAAS,EAAE,WAAW;IACtB,SAAS,EAAE,gBAAgB;IAC3B,SAAS,EAAE,YAAY;IACvB,UAAU,EAAE,OAAO;IACnB,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE,gBAAgB;CAC/B,CAAC;AAEF;;GAEG;AACH,SAAgB,sBAAsB,CAAC,MAAiB;IACtD,iIAAiI;IAChI,MAAc,CAAC,IAAI,CAClB,kBAAkB,EAClB,oQAAoQ,EACpQ;QACE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;KAC3F,EACD,CAAC,EAAE,MAAM,EAAsB,EAAE,EAAE;QACjC,MAAM,IAAI,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,mBAAmB,MAAM,EAAE;qBAClC;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,gBAAgB,CAAC;QAErE,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;wBACE,EAAE,EAAE,IAAI,CAAC,EAAE;wBACX,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,YAAY;wBACzC,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,iBAAiB,EAAE;4BACjB,IAAI,EAAE,OAAO;4BACb,GAAG,EAAE,oBAAoB,OAAO,EAAE;4BAClC,IAAI,EAAE,aAAa,OAAO,uFAAuF;yBAClH;qBACF,EACD,IAAI,EACJ,CAAC,CACF;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/src/rules/api-led/ApikitConsoleProductionRule.d.ts

@@ -0,0 +1,22 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * API-008: APIKit Console in Production
+ *
+ * The APIKit console endpoint should not be enabled in production.
+ * While useful for development, it exposes API documentation and
+ * testing capabilities that should be disabled in production
+ * environments.
+ *
+ * Detects: <apikit:console config-ref="..."/> elements
+ */
+export declare class ApikitConsoleProductionRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "warning";
+    category: "api-led";
+    issueType: IssueType;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+}
+//# sourceMappingURL=ApikitConsoleProductionRule.d.ts.map

package/dist/src/rules/api-led/ApikitConsoleProductionRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApikitConsoleProductionRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/api-led/ApikitConsoleProductionRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;GASG;AACH,qBAAa,2BAA4B,SAAQ,QAAQ;IACvD,EAAE,SAAa;IACf,IAAI,SAAkC;IACtC,WAAW,SAA8E;IACzF,QAAQ,EAAG,SAAS,CAAU;IAC9B,QAAQ,EAAG,SAAS,CAAU;IAC9B,SAAS,EAAE,SAAS,CAAmB;IAEvC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;CAgC9D"}

package/dist/src/rules/api-led/ApikitConsoleProductionRule.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApikitConsoleProductionRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * API-008: APIKit Console in Production
+ *
+ * The APIKit console endpoint should not be enabled in production.
+ * While useful for development, it exposes API documentation and
+ * testing capabilities that should be disabled in production
+ * environments.
+ *
+ * Detects: <apikit:console config-ref="..."/> elements
+ */
+class ApikitConsoleProductionRule extends BaseRule_1.BaseRule {
+    id = 'API-008';
+    name = 'APIKit Console in Production';
+    description = 'APIKit console should be disabled or protected in production deployments';
+    severity = 'warning';
+    category = 'api-led';
+    issueType = 'vulnerability';
+    validate(doc, _context) {
+        const issues = [];
+        // Find apikit:console elements
+        const consoleElements = this.select('//*[local-name()="console"]', doc);
+        for (const el of consoleElements) {
+            // Confirm it's an APIKit console (has config-ref or is in apikit namespace)
+            const configRef = this.getAttribute(el, 'config-ref');
+            const nodeName = el.nodeName ?? '';
+            // Only flag if it looks like an apikit console
+            if (nodeName.includes('apikit') ||
+                configRef?.includes('api') ||
+                configRef?.includes('router')) {
+                issues.push(this.createIssue(el, 'APIKit console is enabled — ensure it is disabled or protected in production', {
+                    suggestion: 'Remove the apikit:console flow or gate it behind an environment check (e.g., only enable when mule.env != "prod")',
+                }));
+            }
+        }
+        return issues;
+    }
+}
+exports.ApikitConsoleProductionRule = ApikitConsoleProductionRule;
+//# sourceMappingURL=ApikitConsoleProductionRule.js.map

package/dist/src/rules/api-led/ApikitConsoleProductionRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApikitConsoleProductionRule.js","sourceRoot":"","sources":["../../../../src/rules/api-led/ApikitConsoleProductionRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;GASG;AACH,MAAa,2BAA4B,SAAQ,mBAAQ;IACvD,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,8BAA8B,CAAC;IACtC,WAAW,GAAG,0EAA0E,CAAC;IACzF,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,SAAkB,CAAC;IAC9B,SAAS,GAAc,eAAe,CAAC;IAEvC,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,+BAA+B;QAC/B,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAExE,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;YACjC,4EAA4E;YAC5E,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;YACtD,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC;YAEnC,+CAA+C;YAC/C,IACE,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC3B,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC;gBAC1B,SAAS,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAC7B,CAAC;gBACD,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,EAAE,EACF,8EAA8E,EAC9E;oBACE,UAAU,EACR,mHAAmH;iBACtH,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAxCD,kEAwCC"}

package/dist/src/rules/api-led/ApikitMainFlowStructureRule.d.ts

@@ -0,0 +1,24 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * API-006: APIKit Main Flow Structure
+ *
+ * The main flow in an APIKit project should follow the standard pattern:
+ *   <http:listener> → <apikit:router>
+ *
+ * The main flow should not contain business logic — it should only
+ * receive requests and delegate to APIKit-generated implementation flows.
+ * This is the pattern used in all accelerator projects.
+ */
+export declare class ApikitMainFlowStructureRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "warning";
+    category: "api-led";
+    issueType: IssueType;
+    /** Max number of direct child elements (excluding error-handler) allowed in main flow */
+    private readonly MAX_MAIN_FLOW_CHILDREN;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+}
+//# sourceMappingURL=ApikitMainFlowStructureRule.d.ts.map

package/dist/src/rules/api-led/ApikitMainFlowStructureRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApikitMainFlowStructureRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/api-led/ApikitMainFlowStructureRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;GASG;AACH,qBAAa,2BAA4B,SAAQ,QAAQ;IACvD,EAAE,SAAa;IACf,IAAI,SAAgC;IACpC,WAAW,SAAiF;IAC5F,QAAQ,EAAG,SAAS,CAAU;IAC9B,QAAQ,EAAG,SAAS,CAAU;IAC9B,SAAS,EAAE,SAAS,CAAgB;IAEpC,yFAAyF;IACzF,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAK;IAE5C,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;CA+C9D"}

package/dist/src/rules/api-led/ApikitMainFlowStructureRule.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApikitMainFlowStructureRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * API-006: APIKit Main Flow Structure
+ *
+ * The main flow in an APIKit project should follow the standard pattern:
+ *   <http:listener> → <apikit:router>
+ *
+ * The main flow should not contain business logic — it should only
+ * receive requests and delegate to APIKit-generated implementation flows.
+ * This is the pattern used in all accelerator projects.
+ */
+class ApikitMainFlowStructureRule extends BaseRule_1.BaseRule {
+    id = 'API-006';
+    name = 'APIKit Main Flow Structure';
+    description = 'APIKit main flow should contain only listener and router, no business logic';
+    severity = 'warning';
+    category = 'api-led';
+    issueType = 'code-smell';
+    /** Max number of direct child elements (excluding error-handler) allowed in main flow */
+    MAX_MAIN_FLOW_CHILDREN = 4;
+    validate(doc, _context) {
+        const issues = [];
+        // Find flows that look like APIKit main flows
+        const flows = this.select('//mule:flow', doc);
+        for (const flow of flows) {
+            const flowName = this.getAttribute(flow, 'name') ?? '';
+            // Detect main flow: typically *-main or contains apikit:router
+            const hasRouter = this.exists('.//*[local-name()="router"]', flow);
+            if (!hasRouter) {
+                continue; // Not an APIKit main flow
+            }
+            const isMainFlow = flowName.endsWith('-main') ||
+                flowName.includes('-api-main') ||
+                flowName.includes('api-main');
+            if (!isMainFlow && !hasRouter) {
+                continue;
+            }
+            // Count child elements (excluding error-handler and comments)
+            const children = this.select('./*[not(local-name()="error-handler") and not(local-name()="description")]', flow);
+            if (children.length > this.MAX_MAIN_FLOW_CHILDREN) {
+                issues.push(this.createIssue(flow, `APIKit main flow "${flowName}" has ${children.length} operations — should contain only listener and router`, {
+                    suggestion: 'Move business logic to APIKit implementation flows (e.g., get:\\resource:config). The main flow should only receive and route.',
+                }));
+            }
+        }
+        return issues;
+    }
+}
+exports.ApikitMainFlowStructureRule = ApikitMainFlowStructureRule;
+//# sourceMappingURL=ApikitMainFlowStructureRule.js.map

package/dist/src/rules/api-led/ApikitMainFlowStructureRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApikitMainFlowStructureRule.js","sourceRoot":"","sources":["../../../../src/rules/api-led/ApikitMainFlowStructureRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;GASG;AACH,MAAa,2BAA4B,SAAQ,mBAAQ;IACvD,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,4BAA4B,CAAC;IACpC,WAAW,GAAG,6EAA6E,CAAC;IAC5F,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,SAAkB,CAAC;IAC9B,SAAS,GAAc,YAAY,CAAC;IAEpC,yFAAyF;IACxE,sBAAsB,GAAG,CAAC,CAAC;IAE5C,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,8CAA8C;QAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;YAEvD,+DAA+D;YAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,6BAA6B,EAAE,IAAI,CAAC,CAAC;YAEnE,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS,CAAC,0BAA0B;YACtC,CAAC;YAED,MAAM,UAAU,GACd,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAC1B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC9B,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAEhC,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YAED,8DAA8D;YAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAC1B,4EAA4E,EAC5E,IAAgB,CACjB,CAAC;YAEF,IAAI,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAClD,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,IAAI,EACJ,qBAAqB,QAAQ,SAAS,QAAQ,CAAC,MAAM,uDAAuD,EAC5G;oBACE,UAAU,EACR,gIAAgI;iBACnI,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AA1DD,kEA0DC"}

package/dist/src/rules/api-led/ApikitStatusCodeVariableRule.d.ts

@@ -0,0 +1,25 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * API-007: APIKit httpStatus Variable
+ *
+ * APIKit implementation flows should set the httpStatus variable so the
+ * HTTP listener can return the correct status code. The accelerator
+ * pattern uses ee:set-variable with variableName="httpStatus" in both
+ * success paths and error handlers.
+ *
+ * Common values: 200 (GET), 201 (POST/create), 204 (DELETE/no content)
+ */
+export declare class ApikitStatusCodeVariableRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "info";
+    category: "api-led";
+    issueType: IssueType;
+    /** Pattern that matches APIKit-generated flow names like get:\resource:config */
+    private readonly APIKIT_FLOW_PATTERN;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+    private getExpectedStatusCode;
+}
+//# sourceMappingURL=ApikitStatusCodeVariableRule.d.ts.map

package/dist/src/rules/api-led/ApikitStatusCodeVariableRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApikitStatusCodeVariableRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/api-led/ApikitStatusCodeVariableRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;GASG;AACH,qBAAa,4BAA6B,SAAQ,QAAQ;IACxD,EAAE,SAAa;IACf,IAAI,SAAiC;IACrC,WAAW,SAC+E;IAC1F,QAAQ,EAAG,MAAM,CAAU;IAC3B,QAAQ,EAAG,SAAS,CAAU;IAC9B,SAAS,EAAE,SAAS,CAAgB;IAEpC,iFAAiF;IACjF,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAkD;IAEtF,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;IAkC7D,OAAO,CAAC,qBAAqB;CAU9B"}

package/dist/src/rules/api-led/ApikitStatusCodeVariableRule.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApikitStatusCodeVariableRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * API-007: APIKit httpStatus Variable
+ *
+ * APIKit implementation flows should set the httpStatus variable so the
+ * HTTP listener can return the correct status code. The accelerator
+ * pattern uses ee:set-variable with variableName="httpStatus" in both
+ * success paths and error handlers.
+ *
+ * Common values: 200 (GET), 201 (POST/create), 204 (DELETE/no content)
+ */
+class ApikitStatusCodeVariableRule extends BaseRule_1.BaseRule {
+    id = 'API-007';
+    name = 'APIKit Status Code Variable';
+    description = 'APIKit implementation flows should set httpStatus variable for correct response codes';
+    severity = 'info';
+    category = 'api-led';
+    issueType = 'code-smell';
+    /** Pattern that matches APIKit-generated flow names like get:\resource:config */
+    APIKIT_FLOW_PATTERN = /^(get|post|put|patch|delete|head|options):\\/;
+    validate(doc, _context) {
+        const issues = [];
+        const flows = this.select('//mule:flow', doc);
+        for (const flow of flows) {
+            const flowName = this.getAttribute(flow, 'name') ?? '';
+            // Only check APIKit implementation flows
+            if (!this.APIKIT_FLOW_PATTERN.test(flowName)) {
+                continue;
+            }
+            // Check if httpStatus is set anywhere in the flow
+            const setsHttpStatus = this.exists('.//*[local-name()="set-variable" and @variableName="httpStatus"]', flow) ||
+                this.exists('.//*[local-name()="set-variable" and @variableName="httpStatus"]', flow);
+            if (!setsHttpStatus) {
+                // Determine expected status code from HTTP method
+                const method = flowName.split(':')[0].toUpperCase();
+                const expectedCode = this.getExpectedStatusCode(method);
+                issues.push(this.createIssue(flow, `APIKit flow "${flowName}" does not set httpStatus variable`, {
+                    suggestion: `Add <set-variable variableName="httpStatus" value="${expectedCode}"/> for ${method} operations`,
+                }));
+            }
+        }
+        return issues;
+    }
+    getExpectedStatusCode(method) {
+        switch (method) {
+            case 'POST':
+                return '201';
+            case 'DELETE':
+                return '204';
+            default:
+                return '200';
+        }
+    }
+}
+exports.ApikitStatusCodeVariableRule = ApikitStatusCodeVariableRule;
+//# sourceMappingURL=ApikitStatusCodeVariableRule.js.map

package/dist/src/rules/api-led/ApikitStatusCodeVariableRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApikitStatusCodeVariableRule.js","sourceRoot":"","sources":["../../../../src/rules/api-led/ApikitStatusCodeVariableRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;GASG;AACH,MAAa,4BAA6B,SAAQ,mBAAQ;IACxD,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,6BAA6B,CAAC;IACrC,WAAW,GACT,uFAAuF,CAAC;IAC1F,QAAQ,GAAG,MAAe,CAAC;IAC3B,QAAQ,GAAG,SAAkB,CAAC;IAC9B,SAAS,GAAc,YAAY,CAAC;IAEpC,iFAAiF;IAChE,mBAAmB,GAAG,8CAA8C,CAAC;IAEtF,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;YAEvD,yCAAyC;YACzC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7C,SAAS;YACX,CAAC;YAED,kDAAkD;YAClD,MAAM,cAAc,GAClB,IAAI,CAAC,MAAM,CAAC,kEAAkE,EAAE,IAAI,CAAC;gBACrF,IAAI,CAAC,MAAM,CAAC,kEAAkE,EAAE,IAAI,CAAC,CAAC;YAExF,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,kDAAkD;gBAClD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpD,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;gBAExD,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,gBAAgB,QAAQ,oCAAoC,EAAE;oBACnF,UAAU,EAAE,sDAAsD,YAAY,WAAW,MAAM,aAAa;iBAC7G,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAAC,MAAc;QAC1C,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,MAAM;gBACT,OAAO,KAAK,CAAC;YACf,KAAK,QAAQ;gBACX,OAAO,KAAK,CAAC;YACf;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;CACF;AAxDD,oEAwDC"}

package/dist/src/rules/connector/EventListenerNullGuardRule.d.ts

@@ -0,0 +1,24 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * SF-002: Event Listener Null Guard
+ *
+ * Salesforce CDC (Change Data Capture) and Platform Event listeners receive
+ * events where fields can be null (e.g., unchanged fields in CDC events
+ * come through as null). Flows processing these events should include
+ * null-safety checks to avoid NullPointerExceptions.
+ *
+ * This rule flags flows with Salesforce event listeners (subscribe-channel,
+ * replay-channel) that contain DataWeave transforms accessing payload fields
+ * without null-safety operators (?., default, !isEmpty, etc.).
+ */
+export declare class EventListenerNullGuardRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "info";
+    category: "operations";
+    issueType: IssueType;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+}
+//# sourceMappingURL=EventListenerNullGuardRule.d.ts.map

package/dist/src/rules/connector/EventListenerNullGuardRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EventListenerNullGuardRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/connector/EventListenerNullGuardRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;;GAWG;AACH,qBAAa,0BAA2B,SAAQ,QAAQ;IACtD,EAAE,SAAY;IACd,IAAI,SAA+B;IACnC,WAAW,SAC4F;IACvG,QAAQ,EAAG,MAAM,CAAU;IAC3B,QAAQ,EAAG,YAAY,CAAU;IACjC,SAAS,EAAE,SAAS,CAAS;IAE7B,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;CAoD9D"}

package/dist/src/rules/connector/EventListenerNullGuardRule.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventListenerNullGuardRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * SF-002: Event Listener Null Guard
+ *
+ * Salesforce CDC (Change Data Capture) and Platform Event listeners receive
+ * events where fields can be null (e.g., unchanged fields in CDC events
+ * come through as null). Flows processing these events should include
+ * null-safety checks to avoid NullPointerExceptions.
+ *
+ * This rule flags flows with Salesforce event listeners (subscribe-channel,
+ * replay-channel) that contain DataWeave transforms accessing payload fields
+ * without null-safety operators (?., default, !isEmpty, etc.).
+ */
+class EventListenerNullGuardRule extends BaseRule_1.BaseRule {
+    id = 'SF-002';
+    name = 'Event Listener Null Guard';
+    description = 'Salesforce CDC/Platform Event listeners should include null-safety checks for event payload fields';
+    severity = 'info';
+    category = 'operations';
+    issueType = 'bug';
+    validate(doc, _context) {
+        const issues = [];
+        const flows = this.select('//mule:flow', doc);
+        for (const flow of flows) {
+            const flowName = this.getAttribute(flow, 'name') ?? '';
+            // Check if this flow has a Salesforce event source (CDC or Platform Event)
+            const hasSfListener = this.exists('.//*[local-name()="subscribe-channel" or local-name()="replay-channel" or local-name()="subscribe-topic" or local-name()="replay-topic"]', flow);
+            if (!hasSfListener) {
+                continue;
+            }
+            // Find DataWeave transforms in this flow
+            const transforms = this.select('.//*[local-name()="transform"]', flow);
+            for (const transform of transforms) {
+                const transformText = transform.textContent ?? '';
+                // Check if the transform accesses payload fields directly without null guards
+                // Look for patterns like: payload.fieldName (without ?.)
+                const hasDirectAccess = /payload\.\w+/.test(transformText);
+                const hasNullSafety = /payload\?\.\w+/.test(transformText) ||
+                    /default\s/.test(transformText) ||
+                    /isEmpty/.test(transformText) ||
+                    /if\s*\(/.test(transformText) ||
+                    /unless/.test(transformText) ||
+                    /payload\s+default/.test(transformText);
+                if (hasDirectAccess && !hasNullSafety) {
+                    issues.push(this.createIssue(transform, `DataWeave transform in CDC/event flow "${flowName}" accesses payload fields without null-safety checks`, {
+                        suggestion: 'Use null-safe navigation (payload?.field), default operators, or isEmpty checks when processing CDC event payloads — unchanged fields arrive as null',
+                    }));
+                }
+            }
+        }
+        return issues;
+    }
+}
+exports.EventListenerNullGuardRule = EventListenerNullGuardRule;
+//# sourceMappingURL=EventListenerNullGuardRule.js.map