npm - @sfdxy/mule-lint - Versions diffs - 1.20.0 → 1.22.0 - Mend

@sfdxy/mule-lint 1.20.0 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/dist/src/rules/security/SecurePropertiesEncryptionRule.js ADDED Viewed

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurePropertiesEncryptionRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * SEC-010: Secure Properties Encryption Algorithm
+ *
+ * When `<secure-properties:config>` specifies an encryption algorithm, it
+ * should use a strong algorithm (AES, Blowfish) and not a weak or
+ * deprecated one (DES, RC2, RC4).
+ *
+ * Also validates that when secure properties are used, the `encrypt`
+ * element exists (i.e., properties are actually encrypted, not just
+ * marked as "secure" with no encryption).
+ */
+class SecurePropertiesEncryptionRule extends BaseRule_1.BaseRule {
+    id = 'SEC-010';
+    name = 'Secure Properties Encryption';
+    description = 'Secure properties must use strong encryption algorithms';
+    severity = 'warning';
+    category = 'security';
+    issueType = 'vulnerability';
+    WEAK_ALGORITHMS = ['DES', 'DESede', 'RC2', 'RC4'];
+    STRONG_ALGORITHMS = ['AES', 'Blowfish'];
+    validate(doc, _context) {
+        const issues = [];
+        // Match secure-properties:config or secure-configuration-properties
+        const secureConfigs = this.select('//*[local-name()="config" and contains(namespace-uri(), "secure-properties")] | ' +
+            '//*[local-name()="secure-configuration-properties"]', doc);
+        for (const config of secureConfigs) {
+            // Check for encrypt element presence
+            const encryptElements = this.select('.//*[local-name()="encrypt"]', config);
+            if (encryptElements.length === 0) {
+                const docName = this.getDocName(config) ?? 'Secure Properties Config';
+                issues.push(this.createIssue(config, `"${docName}" has no <encrypt> element — properties may not be encrypted`, {
+                    severity: 'warning',
+                    suggestion: 'Add <secure-properties:encrypt algorithm="AES" mode="CBC"/> to enable encryption',
+                }));
+                continue;
+            }
+            // Check encryption algorithm
+            for (const encrypt of encryptElements) {
+                const algorithm = this.getAttribute(encrypt, 'algorithm');
+                if (!algorithm) {
+                    continue;
+                }
+                if (this.WEAK_ALGORITHMS.includes(algorithm)) {
+                    issues.push(this.createIssue(encrypt, `Weak encryption algorithm "${algorithm}" — use ${this.STRONG_ALGORITHMS.join(' or ')} instead`, {
+                        severity: 'error',
+                        suggestion: `Replace algorithm="${algorithm}" with algorithm="AES"`,
+                    }));
+                }
+            }
+        }
+        return issues;
+    }
+}
+exports.SecurePropertiesEncryptionRule = SecurePropertiesEncryptionRule;
+//# sourceMappingURL=SecurePropertiesEncryptionRule.js.map

package/dist/src/rules/security/SecurePropertiesEncryptionRule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecurePropertiesEncryptionRule.js","sourceRoot":"","sources":["../../../../src/rules/security/SecurePropertiesEncryptionRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;GAUG;AACH,MAAa,8BAA+B,SAAQ,mBAAQ;IAC1D,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,8BAA8B,CAAC;IACtC,WAAW,GAAG,yDAAyD,CAAC;IACxE,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAc,eAAe,CAAC;IAEtB,eAAe,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IAClD,iBAAiB,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAEzD,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,oEAAoE;QACpE,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAC/B,kFAAkF;YAChF,qDAAqD,EACvD,GAAG,CACJ,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,qCAAqC;YACrC,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,MAAkB,CAAC,CAAC;YAExF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,0BAA0B,CAAC;gBACtE,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,MAAM,EACN,IAAI,OAAO,8DAA8D,EACzE;oBACE,QAAQ,EAAE,SAAS;oBACnB,UAAU,EACR,kFAAkF;iBACrF,CACF,CACF,CAAC;gBACF,SAAS;YACX,CAAC;YAED,6BAA6B;YAC7B,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;gBAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,SAAS;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC7C,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,OAAO,EACP,8BAA8B,SAAS,WAAW,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAC/F;wBACE,QAAQ,EAAE,OAAO;wBACjB,UAAU,EAAE,sBAAsB,SAAS,wBAAwB;qBACpE,CACF,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAjED,wEAiEC"}

package/dist/src/rules/security/SecurePropertiesKeyRule.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * SEC-008: Secure Properties Key Configuration
+ *
+ * The `<secure-properties:config>` element's `key` attribute must use a
+ * property placeholder (`${...}`) — never a hardcoded encryption key.
+ *
+ * A hardcoded key in the XML defeats the purpose of encryption because
+ * anyone with access to the source code can decrypt all secure properties.
+ * The key should be injected via a system property or environment variable
+ * at deployment time (e.g., `-Dsecure.key=...` in the Mule runtime args).
+ */
+export declare class SecurePropertiesKeyRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "error";
+    category: "security";
+    issueType: IssueType;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+}
+//# sourceMappingURL=SecurePropertiesKeyRule.d.ts.map

package/dist/src/rules/security/SecurePropertiesKeyRule.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecurePropertiesKeyRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/security/SecurePropertiesKeyRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;GAUG;AACH,qBAAa,uBAAwB,SAAQ,QAAQ;IACnD,EAAE,SAAa;IACf,IAAI,SAA2B;IAC/B,WAAW,SAA4D;IACvE,QAAQ,EAAG,OAAO,CAAU;IAC5B,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,SAAS,CAAmB;IAEvC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;CAkC9D"}

package/dist/src/rules/security/SecurePropertiesKeyRule.js ADDED Viewed

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurePropertiesKeyRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * SEC-008: Secure Properties Key Configuration
+ *
+ * The `<secure-properties:config>` element's `key` attribute must use a
+ * property placeholder (`${...}`) — never a hardcoded encryption key.
+ *
+ * A hardcoded key in the XML defeats the purpose of encryption because
+ * anyone with access to the source code can decrypt all secure properties.
+ * The key should be injected via a system property or environment variable
+ * at deployment time (e.g., `-Dsecure.key=...` in the Mule runtime args).
+ */
+class SecurePropertiesKeyRule extends BaseRule_1.BaseRule {
+    id = 'SEC-008';
+    name = 'Secure Properties Key';
+    description = 'Secure properties encryption key must not be hardcoded';
+    severity = 'error';
+    category = 'security';
+    issueType = 'vulnerability';
+    validate(doc, _context) {
+        const issues = [];
+        // Match secure-properties:config or secure-configuration-properties
+        const secureConfigs = this.select('//*[local-name()="config" and contains(namespace-uri(), "secure-properties")] | ' +
+            '//*[local-name()="secure-configuration-properties"]', doc);
+        for (const config of secureConfigs) {
+            const key = this.getAttribute(config, 'key');
+            if (!key) {
+                continue;
+            }
+            // Key must be a property placeholder
+            if (!key.includes('${')) {
+                const docName = this.getDocName(config) ?? 'Secure Properties Config';
+                issues.push(this.createIssue(config, `"${docName}" has hardcoded encryption key — defeats the purpose of property encryption`, {
+                    suggestion: 'Use a property placeholder: key="${secure.key}" and inject via -Dsecure.key=... at runtime',
+                }));
+            }
+        }
+        return issues;
+    }
+}
+exports.SecurePropertiesKeyRule = SecurePropertiesKeyRule;
+//# sourceMappingURL=SecurePropertiesKeyRule.js.map

package/dist/src/rules/security/SecurePropertiesKeyRule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecurePropertiesKeyRule.js","sourceRoot":"","sources":["../../../../src/rules/security/SecurePropertiesKeyRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;GAUG;AACH,MAAa,uBAAwB,SAAQ,mBAAQ;IACnD,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,uBAAuB,CAAC;IAC/B,WAAW,GAAG,wDAAwD,CAAC;IACvE,QAAQ,GAAG,OAAgB,CAAC;IAC5B,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAc,eAAe,CAAC;IAEvC,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,oEAAoE;QACpE,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAC/B,kFAAkF;YAChF,qDAAqD,EACvD,GAAG,CACJ,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC7C,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,0BAA0B,CAAC;gBACtE,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,MAAM,EACN,IAAI,OAAO,6EAA6E,EACxF;oBACE,UAAU,EACR,4FAA4F;iBAC/F,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AA1CD,0DA0CC"}

package/dist/src/rules/security/TlsKeystorePasswordRule.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * SEC-009: TLS Keystore/Truststore Passwords Secured
+ *
+ * TLS context keystore and truststore passwords must use secure property
+ * placeholders (`${secure::...}`) rather than plain-text placeholders or
+ * hardcoded values.
+ *
+ * These passwords protect the private keys and certificates used for
+ * mutual TLS (mTLS) authentication.  Leaking them enables impersonation
+ * attacks and man-in-the-middle interception.
+ */
+export declare class TlsKeystorePasswordRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "error";
+    category: "security";
+    issueType: IssueType;
+    private readonly PASSWORD_ATTRS;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+    private extractPropName;
+}
+//# sourceMappingURL=TlsKeystorePasswordRule.d.ts.map

package/dist/src/rules/security/TlsKeystorePasswordRule.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"TlsKeystorePasswordRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/security/TlsKeystorePasswordRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;GAUG;AACH,qBAAa,uBAAwB,SAAQ,QAAQ;IACnD,EAAE,SAAa;IACf,IAAI,SAAmC;IACvC,WAAW,SAAyE;IACpF,QAAQ,EAAG,OAAO,CAAU;IAC5B,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,SAAS,CAAmB;IAEvC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA+B;IAE9D,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;IAoD7D,OAAO,CAAC,eAAe;CAIxB"}

package/dist/src/rules/security/TlsKeystorePasswordRule.js ADDED Viewed

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TlsKeystorePasswordRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * SEC-009: TLS Keystore/Truststore Passwords Secured
+ *
+ * TLS context keystore and truststore passwords must use secure property
+ * placeholders (`${secure::...}`) rather than plain-text placeholders or
+ * hardcoded values.
+ *
+ * These passwords protect the private keys and certificates used for
+ * mutual TLS (mTLS) authentication.  Leaking them enables impersonation
+ * attacks and man-in-the-middle interception.
+ */
+class TlsKeystorePasswordRule extends BaseRule_1.BaseRule {
+    id = 'SEC-009';
+    name = 'TLS Keystore Password Secured';
+    description = 'TLS keystore/truststore passwords must use ${secure::} placeholders';
+    severity = 'error';
+    category = 'security';
+    issueType = 'vulnerability';
+    PASSWORD_ATTRS = ['password', 'keyPassword'];
+    validate(doc, _context) {
+        const issues = [];
+        // Select all key-store and trust-store elements
+        const stores = this.select('//*[local-name()="key-store" or local-name()="trust-store"]', doc);
+        for (const store of stores) {
+            for (const attrName of this.PASSWORD_ATTRS) {
+                const value = this.getAttribute(store, attrName);
+                if (!value || value.trim() === '') {
+                    continue;
+                }
+                // DataWeave expressions are OK
+                if (value.startsWith('#[')) {
+                    continue;
+                }
+                // Must use ${secure::...}
+                if (value.includes('${') && !value.includes('${secure::')) {
+                    const storeName = store.localName;
+                    issues.push(this.createIssue(store, `TLS ${storeName} "${attrName}" uses plain property placeholder — must use \${secure::}`, {
+                        suggestion: `Replace ${value} with \${secure::${this.extractPropName(value)}}`,
+                    }));
+                }
+                // Hardcoded value
+                if (!value.includes('${') && !value.startsWith('#[')) {
+                    const storeName = store.localName;
+                    issues.push(this.createIssue(store, `TLS ${storeName} "${attrName}" is hardcoded — must use \${secure::} placeholder`, {
+                        severity: 'error',
+                        suggestion: `Use \${secure::tls.${storeName}.${attrName}} instead of the hardcoded value`,
+                    }));
+                }
+            }
+        }
+        return issues;
+    }
+    extractPropName(placeholder) {
+        const match = /\$\{([^}]+)\}/.exec(placeholder);
+        return match ? match[1] : placeholder;
+    }
+}
+exports.TlsKeystorePasswordRule = TlsKeystorePasswordRule;
+//# sourceMappingURL=TlsKeystorePasswordRule.js.map

package/dist/src/rules/security/TlsKeystorePasswordRule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"TlsKeystorePasswordRule.js","sourceRoot":"","sources":["../../../../src/rules/security/TlsKeystorePasswordRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;GAUG;AACH,MAAa,uBAAwB,SAAQ,mBAAQ;IACnD,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,+BAA+B,CAAC;IACvC,WAAW,GAAG,qEAAqE,CAAC;IACpF,QAAQ,GAAG,OAAgB,CAAC;IAC5B,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAc,eAAe,CAAC;IAEtB,cAAc,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAE9D,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,gDAAgD;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,6DAA6D,EAAE,GAAG,CAAC,CAAC;QAE/F,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;gBACjD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;oBAClC,SAAS;gBACX,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,0BAA0B;gBAC1B,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC1D,MAAM,SAAS,GAAI,KAAiB,CAAC,SAAS,CAAC;oBAC/C,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,KAAK,EACL,OAAO,SAAS,KAAK,QAAQ,2DAA2D,EACxF;wBACE,UAAU,EAAE,WAAW,KAAK,oBAAoB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG;qBAC/E,CACF,CACF,CAAC;gBACJ,CAAC;gBAED,kBAAkB;gBAClB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrD,MAAM,SAAS,GAAI,KAAiB,CAAC,SAAS,CAAC;oBAC/C,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,KAAK,EACL,OAAO,SAAS,KAAK,QAAQ,oDAAoD,EACjF;wBACE,QAAQ,EAAE,OAAO;wBACjB,UAAU,EAAE,sBAAsB,SAAS,IAAI,QAAQ,kCAAkC;qBAC1F,CACF,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,eAAe,CAAC,WAAmB;QACzC,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACxC,CAAC;CACF;AAlED,0DAkEC"}

package/dist/src/rules/standards/ApikitRouteVariableConsistencyRule.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * STD-001: APIKit Route Variable Consistency
+ *
+ * In APIKit projects, implementation flows (get:\resource:config, etc.)
+ * should follow a consistent pattern for setting response variables.
+ * For example, if some flows set httpStatus but others don't, this
+ * inconsistency can lead to unexpected HTTP responses.
+ *
+ * This rule flags APIKit implementation flows that deviate from the
+ * most common pattern in the file (e.g., if 4/5 flows set httpStatus
+ * but one doesn't, the outlier is flagged).
+ */
+export declare class ApikitRouteVariableConsistencyRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "info";
+    category: "standards";
+    issueType: IssueType;
+    /** Pattern for APIKit-generated flow names */
+    private readonly APIKIT_FLOW_PATTERN;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+}
+//# sourceMappingURL=ApikitRouteVariableConsistencyRule.d.ts.map

package/dist/src/rules/standards/ApikitRouteVariableConsistencyRule.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ApikitRouteVariableConsistencyRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/standards/ApikitRouteVariableConsistencyRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;;GAWG;AACH,qBAAa,kCAAmC,SAAQ,QAAQ;IAC9D,EAAE,SAAa;IACf,IAAI,SAAuC;IAC3C,WAAW,SAC8E;IACzF,QAAQ,EAAG,MAAM,CAAU;IAC3B,QAAQ,EAAG,WAAW,CAAU;IAChC,SAAS,EAAE,SAAS,CAAgB;IAEpC,8CAA8C;IAC9C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAkD;IAEtF,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;CAoD9D"}

package/dist/src/rules/standards/ApikitRouteVariableConsistencyRule.js ADDED Viewed

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApikitRouteVariableConsistencyRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * STD-001: APIKit Route Variable Consistency
+ *
+ * In APIKit projects, implementation flows (get:\resource:config, etc.)
+ * should follow a consistent pattern for setting response variables.
+ * For example, if some flows set httpStatus but others don't, this
+ * inconsistency can lead to unexpected HTTP responses.
+ *
+ * This rule flags APIKit implementation flows that deviate from the
+ * most common pattern in the file (e.g., if 4/5 flows set httpStatus
+ * but one doesn't, the outlier is flagged).
+ */
+class ApikitRouteVariableConsistencyRule extends BaseRule_1.BaseRule {
+    id = 'STD-001';
+    name = 'APIKit Route Variable Consistency';
+    description = 'APIKit implementation flows should follow consistent patterns for response variables';
+    severity = 'info';
+    category = 'standards';
+    issueType = 'code-smell';
+    /** Pattern for APIKit-generated flow names */
+    APIKIT_FLOW_PATTERN = /^(get|post|put|patch|delete|head|options):\\/;
+    validate(doc, _context) {
+        const issues = [];
+        const flows = this.select('//mule:flow', doc);
+        // Collect APIKit implementation flows
+        const apikitFlows = [];
+        for (const flow of flows) {
+            const flowName = this.getAttribute(flow, 'name') ?? '';
+            if (!this.APIKIT_FLOW_PATTERN.test(flowName)) {
+                continue;
+            }
+            const setsHttpStatus = this.exists('.//*[local-name()="set-variable" and @variableName="httpStatus"]', flow);
+            apikitFlows.push({ name: flowName, node: flow, setsHttpStatus });
+        }
+        // Need at least 3 flows to detect a meaningful pattern
+        if (apikitFlows.length < 3) {
+            return issues;
+        }
+        // Determine the majority pattern
+        const withStatus = apikitFlows.filter((f) => f.setsHttpStatus).length;
+        const withoutStatus = apikitFlows.length - withStatus;
+        // Only flag if there's a clear majority (>60%) and at least one outlier
+        if (withStatus > withoutStatus && withoutStatus > 0 && withStatus / apikitFlows.length > 0.6) {
+            // Majority sets httpStatus — flag those that don't
+            for (const flow of apikitFlows) {
+                if (!flow.setsHttpStatus) {
+                    issues.push(this.createIssue(flow.node, `APIKit flow "${flow.name}" does not set httpStatus, but ${withStatus}/${apikitFlows.length} other flows do`, {
+                        suggestion: 'Add a set-variable for httpStatus to maintain consistency across all APIKit implementation flows',
+                    }));
+                }
+            }
+        }
+        return issues;
+    }
+}
+exports.ApikitRouteVariableConsistencyRule = ApikitRouteVariableConsistencyRule;
+//# sourceMappingURL=ApikitRouteVariableConsistencyRule.js.map

package/dist/src/rules/standards/ApikitRouteVariableConsistencyRule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ApikitRouteVariableConsistencyRule.js","sourceRoot":"","sources":["../../../../src/rules/standards/ApikitRouteVariableConsistencyRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;;GAWG;AACH,MAAa,kCAAmC,SAAQ,mBAAQ;IAC9D,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,mCAAmC,CAAC;IAC3C,WAAW,GACT,sFAAsF,CAAC;IACzF,QAAQ,GAAG,MAAe,CAAC;IAC3B,QAAQ,GAAG,WAAoB,CAAC;IAChC,SAAS,GAAc,YAAY,CAAC;IAEpC,8CAA8C;IAC7B,mBAAmB,GAAG,8CAA8C,CAAC;IAEtF,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QAE9C,sCAAsC;QACtC,MAAM,WAAW,GAAiE,EAAE,CAAC;QAErF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7C,SAAS;YACX,CAAC;YAED,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAChC,kEAAkE,EAClE,IAAI,CACL,CAAC;YAEF,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,uDAAuD;QACvD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,iCAAiC;QACjC,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;QACtE,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,GAAG,UAAU,CAAC;QAEtD,wEAAwE;QACxE,IAAI,UAAU,GAAG,aAAa,IAAI,aAAa,GAAG,CAAC,IAAI,UAAU,GAAG,WAAW,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC7F,mDAAmD;YACnD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;oBACzB,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,IAAI,CAAC,IAAI,EACT,gBAAgB,IAAI,CAAC,IAAI,kCAAkC,UAAU,IAAI,WAAW,CAAC,MAAM,iBAAiB,EAC5G;wBACE,UAAU,EACR,kGAAkG;qBACrG,CACF,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAhED,gFAgEC"}

package/dist/src/rules/standards/ConfigPropertiesOrderingRule.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { ValidationContext, Issue } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * CFG-001: Configuration Properties Ordering
+ *
+ * Mule configuration-properties elements should be loaded in the correct
+ * order: global defaults first, then environment-specific overrides, then
+ * secure properties. This ensures predictable property resolution (Mule
+ * uses last-wins for overlapping keys).
+ *
+ * Expected ordering pattern:
+ *   1. config/global.yaml (or common.yaml, defaults.yaml)
+ *   2. config/${mule.env}.yaml (environment-specific)
+ *   3. secure-properties:config (encrypted secrets)
+ *   4. entity-config/*.yaml (optional, additive)
+ *
+ * This rule flags when env-specific properties appear before global
+ * defaults, which would cause globals to override env-specific values.
+ */
+export declare class ConfigPropertiesOrderingRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "info";
+    category: "standards";
+    /** Patterns that identify global/default property files */
+    private readonly GLOBAL_PATTERNS;
+    /** Patterns that identify env-specific property files */
+    private readonly ENV_PATTERNS;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+    private isGlobalFile;
+    private isEnvSpecificFile;
+}
+//# sourceMappingURL=ConfigPropertiesOrderingRule.d.ts.map

package/dist/src/rules/standards/ConfigPropertiesOrderingRule.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ConfigPropertiesOrderingRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/standards/ConfigPropertiesOrderingRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,4BAA6B,SAAQ,QAAQ;IACxD,EAAE,SAAa;IACf,IAAI,SAAuC;IAC3C,WAAW,SACwF;IACnG,QAAQ,EAAG,MAAM,CAAU;IAC3B,QAAQ,EAAG,WAAW,CAAU;IAEhC,2DAA2D;IAC3D,OAAO,CAAC,QAAQ,CAAC,eAAe,CAO9B;IAEF,yDAAyD;IACzD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoD;IAEjF,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;IA6C7D,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,iBAAiB;CAG1B"}

package/dist/src/rules/standards/ConfigPropertiesOrderingRule.js ADDED Viewed

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfigPropertiesOrderingRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * CFG-001: Configuration Properties Ordering
+ *
+ * Mule configuration-properties elements should be loaded in the correct
+ * order: global defaults first, then environment-specific overrides, then
+ * secure properties. This ensures predictable property resolution (Mule
+ * uses last-wins for overlapping keys).
+ *
+ * Expected ordering pattern:
+ *   1. config/global.yaml (or common.yaml, defaults.yaml)
+ *   2. config/${mule.env}.yaml (environment-specific)
+ *   3. secure-properties:config (encrypted secrets)
+ *   4. entity-config/*.yaml (optional, additive)
+ *
+ * This rule flags when env-specific properties appear before global
+ * defaults, which would cause globals to override env-specific values.
+ */
+class ConfigPropertiesOrderingRule extends BaseRule_1.BaseRule {
+    id = 'CFG-001';
+    name = 'Configuration Properties Ordering';
+    description = 'Configuration properties should be loaded in correct order: global before environment-specific';
+    severity = 'info';
+    category = 'standards';
+    /** Patterns that identify global/default property files */
+    GLOBAL_PATTERNS = [
+        'global.yaml',
+        'global.properties',
+        'common.yaml',
+        'common.properties',
+        'defaults.yaml',
+        'defaults.properties',
+    ];
+    /** Patterns that identify env-specific property files */
+    ENV_PATTERNS = ['${mule.env}', '${env}', '${mule.environment}'];
+    validate(doc, _context) {
+        const issues = [];
+        // Find all configuration-properties elements in document order
+        const configProps = this.select('//*[local-name()="configuration-properties"]', doc);
+        if (configProps.length < 2) {
+            return issues; // Not enough elements to have ordering issues
+        }
+        let globalIndex = -1;
+        let envIndex = -1;
+        for (let i = 0; i < configProps.length; i++) {
+            const file = this.getAttribute(configProps[i], 'file') ?? '';
+            const fileLower = file.toLowerCase();
+            if (this.isGlobalFile(fileLower)) {
+                globalIndex = i;
+            }
+            if (this.isEnvSpecificFile(file)) {
+                if (envIndex === -1) {
+                    envIndex = i; // Track the first env-specific file
+                }
+            }
+        }
+        // Flag if env-specific appears before global defaults
+        if (globalIndex >= 0 && envIndex >= 0 && envIndex < globalIndex) {
+            issues.push(this.createIssue(configProps[envIndex], 'Environment-specific properties file is loaded before global defaults', {
+                suggestion: 'Load global/common properties first (e.g., config/global.yaml) before environment-specific files (e.g., config/${mule.env}.yaml) to ensure correct override behavior',
+            }));
+        }
+        return issues;
+    }
+    isGlobalFile(fileLower) {
+        return this.GLOBAL_PATTERNS.some((p) => fileLower.includes(p));
+    }
+    isEnvSpecificFile(file) {
+        return this.ENV_PATTERNS.some((p) => file.includes(p));
+    }
+}
+exports.ConfigPropertiesOrderingRule = ConfigPropertiesOrderingRule;
+//# sourceMappingURL=ConfigPropertiesOrderingRule.js.map

package/dist/src/rules/standards/ConfigPropertiesOrderingRule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ConfigPropertiesOrderingRule.js","sourceRoot":"","sources":["../../../../src/rules/standards/ConfigPropertiesOrderingRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,4BAA6B,SAAQ,mBAAQ;IACxD,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,mCAAmC,CAAC;IAC3C,WAAW,GACT,gGAAgG,CAAC;IACnG,QAAQ,GAAG,MAAe,CAAC;IAC3B,QAAQ,GAAG,WAAoB,CAAC;IAEhC,2DAA2D;IAC1C,eAAe,GAAG;QACjC,aAAa;QACb,mBAAmB;QACnB,aAAa;QACb,mBAAmB;QACnB,eAAe;QACf,qBAAqB;KACtB,CAAC;IAEF,yDAAyD;IACxC,YAAY,GAAG,CAAC,aAAa,EAAE,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAEjF,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,+DAA+D;QAC/D,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,8CAA8C,EAAE,GAAG,CAAC,CAAC;QAErF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC,CAAC,8CAA8C;QAC/D,CAAC;QAED,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;QACrB,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC;QAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;YAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAErC,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjC,WAAW,GAAG,CAAC,CAAC;YAClB,CAAC;YAED,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;oBACpB,QAAQ,GAAG,CAAC,CAAC,CAAC,oCAAoC;gBACpD,CAAC;YACH,CAAC;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,WAAW,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,IAAI,QAAQ,GAAG,WAAW,EAAE,CAAC;YAChE,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,WAAW,CAAC,QAAQ,CAAC,EACrB,uEAAuE,EACvE;gBACE,UAAU,EACR,sKAAsK;aACzK,CACF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,YAAY,CAAC,SAAiB;QACpC,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,CAAC;IAEO,iBAAiB,CAAC,IAAY;QACpC,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;CACF;AAzED,oEAyEC"}

package/dist/src/rules/standards/MissingEnvPropertiesDeclarationRule.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { ProjectRule } from '../base/ProjectRule';
+/**
+ * CFG-002: Missing Environment Properties Declaration
+ *
+ * Projects using configuration-properties with environment placeholders
+ * (e.g., ${mule.env}.yaml) should have at least dev and prod property files.
+ * Missing environment files cause deployment failures.
+ *
+ * Checks that for each pattern like `${mule.env}.yaml`, the project has
+ * at minimum: dev.yaml and prod.yaml (or the equivalent with the pattern).
+ */
+export declare class MissingEnvPropertiesDeclarationRule extends ProjectRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "warning";
+    category: "standards";
+    issueType: IssueType;
+    /** Required environments */
+    private readonly REQUIRED_ENVS;
+    protected validateProject(context: ValidationContext): Issue[];
+    private listFiles;
+}
+//# sourceMappingURL=MissingEnvPropertiesDeclarationRule.d.ts.map

package/dist/src/rules/standards/MissingEnvPropertiesDeclarationRule.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"MissingEnvPropertiesDeclarationRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/standards/MissingEnvPropertiesDeclarationRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAIlD;;;;;;;;;GASG;AACH,qBAAa,mCAAoC,SAAQ,WAAW;IAClE,EAAE,SAAa;IACf,IAAI,SAAoC;IACxC,WAAW,SAC+E;IAC1F,QAAQ,EAAG,SAAS,CAAU;IAC9B,QAAQ,EAAG,WAAW,CAAU;IAChC,SAAS,EAAE,SAAS,CAAS;IAE7B,4BAA4B;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAmB;IAEjD,SAAS,CAAC,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG,KAAK,EAAE;IA6D9D,OAAO,CAAC,SAAS;CAOlB"}

package/dist/src/rules/standards/MissingEnvPropertiesDeclarationRule.js ADDED Viewed

@@ -0,0 +1,111 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingEnvPropertiesDeclarationRule = void 0;
+const ProjectRule_1 = require("../base/ProjectRule");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * CFG-002: Missing Environment Properties Declaration
+ *
+ * Projects using configuration-properties with environment placeholders
+ * (e.g., ${mule.env}.yaml) should have at least dev and prod property files.
+ * Missing environment files cause deployment failures.
+ *
+ * Checks that for each pattern like `${mule.env}.yaml`, the project has
+ * at minimum: dev.yaml and prod.yaml (or the equivalent with the pattern).
+ */
+class MissingEnvPropertiesDeclarationRule extends ProjectRule_1.ProjectRule {
+    id = 'CFG-002';
+    name = 'Missing Environment Properties';
+    description = 'Projects with environment-parameterized configs must have dev and prod property files';
+    severity = 'warning';
+    category = 'standards';
+    issueType = 'bug';
+    /** Required environments */
+    REQUIRED_ENVS = ['dev', 'prod'];
+    validateProject(context) {
+        const issues = [];
+        const resourceDir = path.join(context.projectRoot, 'src', 'main', 'resources');
+        if (!fs.existsSync(resourceDir)) {
+            return issues; // Not a standard Mule project layout
+        }
+        // Look for YAML files in the resources directory
+        const files = this.listFiles(resourceDir);
+        const yamlFiles = files.filter((f) => f.endsWith('.yaml') || f.endsWith('.yml'));
+        // Check if any file looks like an env-parameterized name
+        // Common patterns: dev.yaml, prod.yaml, local.yaml, sandbox.yaml
+        const envFilePattern = /^(dev|prod|local|sandbox|qa|staging|uat|sit)\.(yaml|yml)$/;
+        const envFilesFound = yamlFiles
+            .map((f) => path.basename(f))
+            .filter((f) => envFilePattern.test(f));
+        // If there are env files, check that both dev and prod exist
+        if (envFilesFound.length > 0) {
+            for (const requiredEnv of this.REQUIRED_ENVS) {
+                const hasEnv = envFilesFound.some((f) => f.startsWith(`${requiredEnv}.`));
+                if (!hasEnv) {
+                    issues.push(this.createProjectIssue(`Missing ${requiredEnv}.yaml property file — project has environment-specific configs but no ${requiredEnv} environment`, {
+                        suggestion: `Create src/main/resources/${requiredEnv}.yaml with environment-specific properties`,
+                    }));
+                }
+            }
+        }
+        // Also check for secure property files if secure-*.yaml pattern is used
+        const secureFiles = yamlFiles
+            .map((f) => path.basename(f))
+            .filter((f) => f.startsWith('secure-'));
+        if (secureFiles.length > 0) {
+            for (const requiredEnv of this.REQUIRED_ENVS) {
+                const hasSecureEnv = secureFiles.some((f) => f === `secure-${requiredEnv}.yaml` || f === `secure-${requiredEnv}.yml`);
+                if (!hasSecureEnv) {
+                    issues.push(this.createProjectIssue(`Missing secure-${requiredEnv}.yaml — project uses secure properties but no ${requiredEnv} secure config`, {
+                        suggestion: `Create src/main/resources/secure-${requiredEnv}.yaml with encrypted secrets for the ${requiredEnv} environment`,
+                    }));
+                }
+            }
+        }
+        return issues;
+    }
+    listFiles(dir) {
+        try {
+            return fs.readdirSync(dir).map((f) => path.join(dir, f));
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.MissingEnvPropertiesDeclarationRule = MissingEnvPropertiesDeclarationRule;
+//# sourceMappingURL=MissingEnvPropertiesDeclarationRule.js.map

package/dist/src/rules/standards/MissingEnvPropertiesDeclarationRule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"MissingEnvPropertiesDeclarationRule.js","sourceRoot":"","sources":["../../../../src/rules/standards/MissingEnvPropertiesDeclarationRule.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qDAAkD;AAClD,uCAAyB;AACzB,2CAA6B;AAE7B;;;;;;;;;GASG;AACH,MAAa,mCAAoC,SAAQ,yBAAW;IAClE,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,gCAAgC,CAAC;IACxC,WAAW,GACT,uFAAuF,CAAC;IAC1F,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,WAAoB,CAAC;IAChC,SAAS,GAAc,KAAK,CAAC;IAE7B,4BAA4B;IACX,aAAa,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAEvC,eAAe,CAAC,OAA0B;QAClD,MAAM,MAAM,GAAY,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QAE/E,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,CAAC,qCAAqC;QACtD,CAAC;QAED,iDAAiD;QACjD,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjF,yDAAyD;QACzD,iEAAiE;QACjE,MAAM,cAAc,GAAG,2DAA2D,CAAC;QACnF,MAAM,aAAa,GAAG,SAAS;aAC5B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzC,6DAA6D;QAC7D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC;gBAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,kBAAkB,CACrB,WAAW,WAAW,yEAAyE,WAAW,cAAc,EACxH;wBACE,UAAU,EAAE,6BAA6B,WAAW,4CAA4C;qBACjG,CACF,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,MAAM,WAAW,GAAG,SAAS;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1C,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC7C,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,UAAU,WAAW,OAAO,IAAI,CAAC,KAAK,UAAU,WAAW,MAAM,CAC/E,CAAC;gBACF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,kBAAkB,CACrB,kBAAkB,WAAW,iDAAiD,WAAW,gBAAgB,EACzG;wBACE,UAAU,EAAE,oCAAoC,WAAW,wCAAwC,WAAW,cAAc;qBAC7H,CACF,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,SAAS,CAAC,GAAW;QAC3B,IAAI,CAAC;YACH,OAAO,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAhFD,kFAgFC"}

package/dist/src/rules/yaml/YamlRules.d.ts CHANGED Viewed

@@ -1,17 +1,21 @@
 import { ValidationContext, Issue, IssueType } from '../../types';
 import { BaseRule } from '../base/BaseRule';
+import { ProjectRule } from '../base/ProjectRule';
 /**
  * YAML-001: Environment Properties Files
  *
  * Checks that environment-specific YAML files exist.
+ *
+ * This is a ProjectRule — it runs once per scan to avoid producing
+ * N identical issues (one per XML file).
  */
-export declare class EnvironmentFilesRule extends BaseRule {
+export declare class EnvironmentFilesRule extends ProjectRule {
     id: string;
     name: string;
     description: string;
     severity: "warning";
     category: "standards";
-    validate(_doc: Document, context: ValidationContext): Issue[];
+    protected validateProject(context: ValidationContext): Issue[];
 }
 /**
  * YAML-003: Property Naming Convention