@standards-kit/conform 0.1.0 → 0.1.3

package/dist/code/index.d.ts

@@ -0,0 +1,11 @@
+import { type Config } from "../core/index.js";
+import { type DomainResult } from "../core/index.js";
+export { BaseToolRunner, ESLintRunner, KnipRunner, NamingRunner, RuffRunner, TscRunner, TyRunner, VultureRunner, } from "./tools/index.js";
+/**
+ * Run all code checks based on configuration
+ */
+export declare function runCodeChecks(projectRoot: string, config: Config): Promise<DomainResult>;
+/**
+ * Audit code configuration (check that configs exist without running tools)
+ */
+export declare function auditCodeConfig(projectRoot: string, config: Config): Promise<DomainResult>;

package/dist/code/tools/base.d.ts

@@ -0,0 +1,51 @@
+import { type CheckResult, type IToolRunner, type Violation } from "../../core/index.js";
+/**
+ * Abstract base class for tool runners.
+ * Provides common functionality for checking configs and handling errors.
+ */
+export declare abstract class BaseToolRunner implements IToolRunner {
+    abstract readonly name: string;
+    abstract readonly rule: string;
+    abstract readonly toolId: string;
+    abstract readonly configFiles: string[];
+    /**
+     * Check if any of the config files exist
+     */
+    protected hasConfig(projectRoot: string): boolean;
+    /**
+     * Find which config file exists (if any)
+     */
+    protected findConfig(projectRoot: string): string | null;
+    /**
+     * Check if an error indicates the tool is not installed
+     */
+    protected isNotInstalledError(error: unknown): boolean;
+    /**
+     * Create a fail result for when config is missing
+     */
+    protected failNoConfig(duration: number): CheckResult;
+    /**
+     * Create a skip result for when tool is not installed
+     */
+    protected skipNotInstalled(duration: number): CheckResult;
+    /**
+     * Create a pass result
+     */
+    protected pass(duration: number): CheckResult;
+    /**
+     * Create a fail result from violations
+     */
+    protected fail(violations: Violation[], duration: number): CheckResult;
+    /**
+     * Create a result from violations (pass if empty, fail otherwise)
+     */
+    protected fromViolations(violations: Violation[], duration: number): CheckResult;
+    /**
+     * Run the tool - must be implemented by subclasses
+     */
+    abstract run(projectRoot: string): Promise<CheckResult>;
+    /**
+     * Default audit implementation - checks if config exists
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+}

package/dist/code/tools/comment-utils.d.ts

@@ -0,0 +1,17 @@
+/** File extensions with known comment syntax */
+export declare const KNOWN_EXTENSIONS: Set<string>;
+/**
+ * Find the first pattern that appears in the given text range.
+ */
+export declare function findFirstPattern(text: string, patterns: string[]): string | null;
+/**
+ * Find where a block comment ends in a line. Returns -1 if not found.
+ */
+export declare function findBlockEnd(line: string, startIndex: number): number;
+/**
+ * Find comment start in a line, respecting string boundaries.
+ */
+export declare function findCommentInLine(line: string, startPos: number, isPython: boolean): {
+    index: number;
+    isBlock: boolean;
+} | null;

package/dist/code/tools/coverage-run.d.ts

@@ -0,0 +1,37 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/** Coverage run configuration from standards.toml */
+interface CoverageRunConfig {
+    enabled?: boolean;
+    min_threshold?: number;
+    runner?: "vitest" | "jest" | "pytest" | "auto";
+    command?: string;
+}
+/**
+ * Coverage verification runner.
+ * Runs tests with coverage and verifies the result meets a minimum threshold.
+ */
+export declare class CoverageRunRunner extends BaseToolRunner {
+    readonly name = "Coverage Run";
+    readonly rule = "code.coverage";
+    readonly toolId = "coverage-run";
+    readonly configFiles: string[];
+    private config;
+    setConfig(config: CoverageRunConfig): void;
+    private detectRunner;
+    private getRunnerCommand;
+    private getTestCommand;
+    private parseCoverageReport;
+    private extractCoverageData;
+    private computeCoverageFromFinal;
+    private getOverallCoverage;
+    private executeTests;
+    private checkCoverageThreshold;
+    run(projectRoot: string): Promise<CheckResult>;
+    /** Validate test command exit code and return error result if invalid */
+    private validateExitCode;
+    private handleRunError;
+    audit(projectRoot: string): Promise<CheckResult>;
+    private createViolation;
+}
+export {};

package/dist/code/tools/disable-comments.d.ts

@@ -0,0 +1,42 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/** Configuration for disable-comments validation */
+interface DisableCommentsConfig {
+    enabled?: boolean;
+    patterns?: string[];
+    extensions?: string[];
+    exclude?: string[];
+}
+/**
+ * Disable comments runner for detecting linter/type-checker disable comments
+ */
+export declare class DisableCommentsRunner extends BaseToolRunner {
+    readonly name = "Disable Comments";
+    readonly rule = "code.quality";
+    readonly toolId = "disable-comments";
+    readonly configFiles: string[];
+    private config;
+    setConfig(config: DisableCommentsConfig): void;
+    private getPatterns;
+    private getExtensions;
+    private getExcludePatterns;
+    private buildGlobPattern;
+    run(projectRoot: string): Promise<CheckResult>;
+    private scanAllFiles;
+    private scanFile;
+    private scanContent;
+    private scanLine;
+    private scanSimpleLine;
+    private scanJsLine;
+    private processJsLineComments;
+    private handleInsideBlock;
+    private handleOutsideBlock;
+    private handleLineComment;
+    private handleBlockCommentStart;
+    /** Check if a pattern appears in a comment (not in a string) - for simple line detection */
+    private isPatternInComment;
+    private createViolation;
+    private createErrorViolation;
+    audit(_projectRoot: string): Promise<CheckResult>;
+}
+export {};

package/dist/code/tools/eslint.d.ts

@@ -0,0 +1,99 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/**
+ * ESLint rule with options in TOML-friendly object format.
+ * Example: { severity: "error", max: 10 }
+ */
+interface ESLintRuleWithOptions {
+    severity: "off" | "warn" | "error";
+    [key: string]: unknown;
+}
+/** ESLint rule value - severity string or object with options */
+type ESLintRuleValue = "off" | "warn" | "error" | ESLintRuleWithOptions;
+/** ESLint configuration options */
+interface ESLintConfig {
+    enabled?: boolean;
+    files?: string[];
+    ignore?: string[];
+    "max-warnings"?: number;
+    rules?: Record<string, ESLintRuleValue>;
+}
+/**
+ * ESLint tool runner
+ */
+export declare class ESLintRunner extends BaseToolRunner {
+    readonly name = "ESLint";
+    readonly rule = "code.linting";
+    readonly toolId = "eslint";
+    readonly configFiles: string[];
+    private config;
+    /**
+     * Set ESLint configuration options
+     */
+    setConfig(config: ESLintConfig): void;
+    run(projectRoot: string): Promise<CheckResult>;
+    /**
+     * Audit ESLint config - verify config exists and required rules are present
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+    /**
+     * Audit that required rules are present in ESLint config
+     */
+    private auditRules;
+    /**
+     * Get effective ESLint rules for a file
+     */
+    private getEffectiveRules;
+    /**
+     * Extract options from a rule value (excludes severity)
+     */
+    private extractRuleOptions;
+    /**
+     * Get effective option value, handling both object and primitive formats.
+     * ESLint normalizes some rules like max-depth from ["error", { max: 4 }] to [2, 4].
+     */
+    private getEffectiveOptionValue;
+    /**
+     * Compare rule options between required and effective config.
+     */
+    private compareRuleOptions;
+    /** Compare single-object rule options for detailed error messages */
+    private compareObjectOptions;
+    /**
+     * Deep equality check for comparing option values
+     */
+    private deepEqual;
+    /**
+     * Compare a single rule against effective config
+     */
+    private compareSingleRule;
+    /**
+     * Compare required rules against effective rules
+     */
+    private compareRules;
+    /**
+     * Create an audit violation
+     */
+    private createAuditViolation;
+    /**
+     * Find a sample source file to check ESLint config against.
+     * Requires 'files' to be configured in standards.toml.
+     */
+    private findSampleFile;
+    /**
+     * Check if a value is an ESLint rule with options object
+     */
+    private isRuleWithOptions;
+    /**
+     * Normalize rule severity to number (0, 1, 2)
+     */
+    private normalizeSeverity;
+    /**
+     * Convert severity number to string
+     */
+    private severityToString;
+    private buildArgs;
+    private parseOutput;
+    private createErrorViolation;
+}
+export {};

package/dist/code/tools/gitleaks.d.ts

@@ -0,0 +1,42 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/** Scan mode options */
+type ScanMode = "branch" | "files" | "staged" | "full";
+/** Gitleaks configuration */
+interface GitleaksConfig {
+    enabled?: boolean;
+    scan_mode?: ScanMode;
+    base_branch?: string;
+}
+/**
+ * Gitleaks tool runner for detecting hardcoded secrets
+ */
+export declare class GitleaksRunner extends BaseToolRunner {
+    readonly name = "gitleaks";
+    readonly rule = "code.security";
+    readonly toolId = "secrets";
+    readonly configFiles: string[];
+    private config;
+    setConfig(config: GitleaksConfig): void;
+    /**
+     * Find gitleaks config file if it exists
+     * Returns just the filename (relative to projectRoot) since gitleaks runs with cwd=projectRoot
+     */
+    private findGitleaksConfig;
+    /**
+     * Build gitleaks arguments based on scan mode
+     */
+    private buildArgs;
+    run(projectRoot: string): Promise<CheckResult>;
+    private isBinaryNotFound;
+    private processResult;
+    private processLeaksFound;
+    private handleRunError;
+    private parseOutput;
+    private createErrorViolation;
+    /**
+     * Audit - gitleaks doesn't require config, just check if installed
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+}
+export {};

package/dist/code/tools/index.d.ts

@@ -0,0 +1,13 @@
+export { BaseToolRunner } from "./base.js";
+export { CoverageRunRunner } from "./coverage-run.js";
+export { DisableCommentsRunner } from "./disable-comments.js";
+export { ESLintRunner } from "./eslint.js";
+export { GitleaksRunner } from "./gitleaks.js";
+export { KnipRunner } from "./knip.js";
+export { NamingRunner } from "./naming.js";
+export { PipAuditRunner } from "./pipaudit.js";
+export { PnpmAuditRunner } from "./pnpmaudit.js";
+export { RuffRunner } from "./ruff.js";
+export { TscRunner } from "./tsc.js";
+export { TyRunner } from "./ty.js";
+export { VultureRunner } from "./vulture.js";

package/dist/code/tools/knip.d.ts

@@ -0,0 +1,20 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/**
+ * Knip tool runner for detecting unused code
+ */
+export declare class KnipRunner extends BaseToolRunner {
+    readonly name = "Knip";
+    readonly rule = "code.unused";
+    readonly toolId = "knip";
+    readonly configFiles: string[];
+    run(projectRoot: string): Promise<CheckResult>;
+    private parseOutput;
+    private parseFileIssues;
+    private mapToViolations;
+    private createErrorViolation;
+    /**
+     * Audit - Knip doesn't require a config file, so just check if it can run
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+}

package/dist/code/tools/naming.d.ts

@@ -0,0 +1,64 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/** Supported case types */
+type CaseType = "kebab-case" | "snake_case" | "camelCase" | "PascalCase";
+/** Single naming rule configuration */
+interface NamingRule {
+    extensions: string[];
+    file_case: CaseType;
+    folder_case: CaseType;
+    exclude?: string[];
+    allow_dynamic_routes?: boolean;
+}
+/** Configuration for naming validation */
+interface NamingConfig {
+    enabled?: boolean;
+    rules?: NamingRule[];
+}
+/**
+ * Naming conventions runner for checking file and folder names
+ */
+export declare class NamingRunner extends BaseToolRunner {
+    readonly name = "Naming";
+    readonly rule = "code.naming";
+    readonly toolId = "naming";
+    readonly configFiles: string[];
+    private config;
+    /**
+     * Set the configuration for this runner
+     */
+    setConfig(config: NamingConfig): void;
+    run(projectRoot: string): Promise<CheckResult>;
+    /**
+     * Check a single naming rule against the project
+     */
+    private checkRule;
+    /**
+     * Check file names and collect folders containing matching files
+     */
+    private checkFiles;
+    /**
+     * Check folder names for all folders containing matching files
+     */
+    private checkFolders;
+    /**
+     * Get the name to validate from a folder segment, handling dynamic routes
+     */
+    private getNameToValidate;
+    /**
+     * Check all segments of a folder path
+     */
+    private checkFolderPath;
+    /**
+     * Build a glob pattern for the given extensions
+     */
+    private buildGlobPattern;
+    private createFileViolation;
+    private createFolderViolation;
+    private createErrorViolation;
+    /**
+     * Audit - for naming, we just verify the config is valid
+     */
+    audit(_projectRoot: string): Promise<CheckResult>;
+}
+export {};

package/dist/code/tools/pipaudit.d.ts

@@ -0,0 +1,24 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/**
+ * pip-audit tool runner for detecting Python dependency vulnerabilities
+ */
+export declare class PipAuditRunner extends BaseToolRunner {
+    readonly name = "pipaudit";
+    readonly rule = "code.security";
+    readonly toolId = "pipaudit";
+    readonly configFiles: string[];
+    run(projectRoot: string): Promise<CheckResult>;
+    private processResult;
+    private runPipAudit;
+    private parseOutput;
+    private mapSeverity;
+    private getFixInfo;
+    private projectRoot;
+    private findDependencyFile;
+    private createErrorViolation;
+    /**
+     * Audit - check if Python dependency files exist
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+}

package/dist/code/tools/pnpmaudit.d.ts

@@ -0,0 +1,36 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/** pnpm audit configuration */
+export interface PnpmAuditConfig {
+    enabled?: boolean;
+    exclude_dev?: boolean;
+}
+/**
+ * pnpm dependency audit tool runner for detecting vulnerabilities.
+ * Only checks production dependencies by default (exclude_dev: true).
+ */
+export declare class PnpmAuditRunner extends BaseToolRunner {
+    readonly name = "pnpmaudit";
+    readonly rule = "code.security";
+    readonly toolId = "pnpmaudit";
+    readonly configFiles: string[];
+    private config;
+    /**
+     * Set configuration for the runner
+     */
+    setConfig(config: PnpmAuditConfig): void;
+    /**
+     * Check if pnpm-lock.yaml exists
+     */
+    private hasLockFile;
+    run(projectRoot: string): Promise<CheckResult>;
+    private processAuditResult;
+    private handleRunError;
+    private parseOutput;
+    private mapSeverity;
+    private createErrorViolation;
+    /**
+     * Audit - check if pnpm-lock.yaml exists
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+}

package/dist/code/tools/ruff.d.ts

@@ -0,0 +1,46 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/** Ruff configuration options from standards.toml */
+interface RuffConfig {
+    enabled?: boolean;
+    format?: boolean;
+    "line-length"?: number;
+    lint?: {
+        select?: string[];
+        ignore?: string[];
+    };
+}
+/**
+ * Ruff (Python linter) tool runner
+ */
+export declare class RuffRunner extends BaseToolRunner {
+    readonly name = "Ruff";
+    readonly rule = "code.linting";
+    readonly toolId = "ruff";
+    readonly configFiles: string[];
+    private ruffConfig;
+    /**
+     * Set the Ruff configuration from standards.toml
+     */
+    setConfig(config: RuffConfig): void;
+    /**
+     * Build CLI arguments from config
+     */
+    private buildCliArgs;
+    /**
+     * Override hasConfig to also check for [tool.ruff] in pyproject.toml
+     */
+    protected hasConfig(projectRoot: string): boolean;
+    private hasPyprojectConfig;
+    private hasPythonFiles;
+    private isBinaryNotFound;
+    run(projectRoot: string): Promise<CheckResult>;
+    private skip;
+    private parseOutput;
+    private createErrorViolation;
+    /**
+     * Override audit to include pyproject.toml check
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+}
+export {};

package/dist/code/tools/tsc.d.ts

@@ -0,0 +1,57 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/** TypeScript compiler options that can be audited */
+interface TscRequiredOptions {
+    strict?: boolean;
+    noImplicitAny?: boolean;
+    strictNullChecks?: boolean;
+    noUnusedLocals?: boolean;
+    noUnusedParameters?: boolean;
+    noImplicitReturns?: boolean;
+    noFallthroughCasesInSwitch?: boolean;
+    esModuleInterop?: boolean;
+    skipLibCheck?: boolean;
+    forceConsistentCasingInFileNames?: boolean;
+}
+/**
+ * TypeScript type checker tool runner
+ */
+export declare class TscRunner extends BaseToolRunner {
+    readonly name = "TypeScript";
+    readonly rule = "code.types";
+    readonly toolId = "tsc";
+    readonly configFiles: string[];
+    private requiredOptions;
+    /**
+     * Set required compiler options for audit
+     */
+    setRequiredOptions(options: TscRequiredOptions): void;
+    /**
+     * Strip ANSI escape codes from a string
+     */
+    private stripAnsi;
+    /**
+     * Check if the output indicates tsc is not installed
+     */
+    private isTscNotFoundOutput;
+    private handleTscFailure;
+    private runTsc;
+    private processRunResult;
+    run(projectRoot: string): Promise<CheckResult>;
+    /**
+     * Parse tsc output into diagnostics
+     * Format: file(line,col): error TSxxxx: message
+     */
+    private parseOutput;
+    private parseDiagnostics;
+    private createErrorViolation;
+    /**
+     * Audit tsconfig.json - check existence and required compiler options
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+    private parseConfigFile;
+    private auditCompilerOptions;
+    private validateCompilerOptions;
+    private createAuditViolation;
+}
+export {};

package/dist/code/tools/ty.d.ts

@@ -0,0 +1,34 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/**
+ * ty Python type checker tool runner
+ * ty is Astral's extremely fast Python type checker
+ */
+export declare class TyRunner extends BaseToolRunner {
+    readonly name = "ty";
+    readonly rule = "code.types";
+    readonly toolId = "ty";
+    readonly configFiles: string[];
+    /**
+     * Override hasConfig to also check for [tool.ty] in pyproject.toml
+     */
+    protected hasConfig(projectRoot: string): boolean;
+    private hasPyprojectConfig;
+    /**
+     * Override audit to check for ty.toml or [tool.ty] in pyproject.toml
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+    run(projectRoot: string): Promise<CheckResult>;
+    private isBinaryNotFound;
+    private handleExitCode;
+    private handleTypeErrors;
+    private handleUnexpectedFailure;
+    /**
+     * Parse ty concise output into violations
+     * Format: file:line:column: severity[rule-code] message
+     * Example: test.py:4:15: error[invalid-assignment] Object of type `int` is not assignable to `str`
+     */
+    private parseOutput;
+    private parseDiagnostics;
+    private createErrorViolation;
+}

package/dist/code/tools/vulture.d.ts

@@ -0,0 +1,32 @@
+import { type CheckResult } from "../../core/index.js";
+import { BaseToolRunner } from "./base.js";
+/**
+ * Vulture tool runner for detecting dead Python code
+ */
+export declare class VultureRunner extends BaseToolRunner {
+    readonly name = "Vulture";
+    readonly rule = "code.unused";
+    readonly toolId = "vulture";
+    readonly configFiles: string[];
+    private hasPythonFiles;
+    private isBinaryNotFound;
+    run(projectRoot: string): Promise<CheckResult>;
+    private handleRunError;
+    private skip;
+    private parseOutput;
+    /**
+     * Parse a single Vulture output line
+     * Format: "path/to/file.py:10: unused function 'my_func' (60% confidence)"
+     */
+    private parseLine;
+    private static readonly CODE_PATTERNS;
+    /**
+     * Extract a code identifier from the vulture message
+     */
+    private getCodeFromMessage;
+    private createErrorViolation;
+    /**
+     * Audit - Vulture doesn't require a config file, so just check if Python files exist
+     */
+    audit(projectRoot: string): Promise<CheckResult>;
+}

package/dist/core/index.d.ts

@@ -0,0 +1,7 @@
+export type { Severity, DomainStatus, Violation, CheckResult, DomainResult, FullResult, IToolRunner, ViolationOptions, ExitCodeType, } from "./types.js";
+export { ViolationBuilder, CheckResultBuilder, DomainResultBuilder, ExitCode, } from "./types.js";
+export type { Config } from "./schema.js";
+export { configSchema, defaultConfig, DEFAULT_FORBIDDEN_FILES_IGNORE } from "./schema.js";
+export { CONFIG_FILE_NAME, ConfigError, findConfigFile, loadConfig, loadConfigAsync, loadConfigWithOverrides, getProjectRoot, } from "./loader.js";
+export type { ConfigOverride } from "./loader.js";
+export { parseRegistryUrl, fetchRegistry, loadRuleset, mergeConfigs, resolveExtends, } from "./registry.js";