@vee-stack/delta-cli 2.0.4 → 2.0.5

package/dist/packages/domain/src/constitution/performance/index.js

@@ -0,0 +1,43 @@
+/**
+ * Delta Constitution - Performance Rules Index
+ * @description Performance rules for all supported languages
+ * @version 1.0.0
+ */
+// TypeScript / Node.js Rules
+export { default as ts, PerformanceRules as TSPerformanceRules } from './ts.rules';
+// Language-agnostic exports
+export const PerformanceAxis = {
+    name: 'Performance',
+    description: 'Lazy Loading, Caching, Code Splitting, Bundle Optimization',
+    weight: 20,
+    languages: ['typescript', 'javascript', 'node'],
+    principles: [
+        {
+            id: 'PERF-001',
+            name: 'Lazy Loading',
+            description: 'Each Feature must be lazy-loadable independently',
+        },
+        {
+            id: 'PERF-002',
+            name: 'Code Splitting',
+            description: 'Automatic chunking per Feature and Route',
+        },
+        {
+            id: 'PERF-003',
+            name: 'Caching Layers',
+            description: 'Multi-layer caching (L1 Memory, L2 SWR, L3 Redis)',
+        },
+        {
+            id: 'PERF-004',
+            name: 'Bundle Optimization',
+            description: 'Tree shaking, compression, size limits',
+        },
+        {
+            id: 'PERF-005',
+            name: 'Stateless Core',
+            description: 'Stateless Core for easy concurrency',
+        },
+    ],
+};
+export default PerformanceAxis;
+//# sourceMappingURL=index.js.map

package/dist/packages/domain/src/constitution/performance/ts.rules.js

@@ -0,0 +1,325 @@
+/**
+ * Delta Constitution - Performance Rules
+ * @description Performance standards and optimization guidelines
+ * @version 1.0.0
+ * @see docs/architecture/CONSTITUTION.md
+ */
+// =============================================================================
+// PERFORMANCE RULE DEFINITIONS
+// =============================================================================
+export const PerformanceRules = {
+    version: '1.0.0',
+    lastUpdated: '2026-02-10',
+    // ============================================================================
+    // 1. LAZY LOADING
+    // ============================================================================
+    lazyLoading: {
+        enabled: true,
+        required: true,
+        description: 'Each Feature must be lazy-loadable independently',
+        requirements: {
+            features: {
+                pattern: 'dynamic imports',
+                implementation: 'React.lazy() or Next.js dynamic()',
+                required: true,
+            },
+            components: {
+                pattern: 'dynamic imports for heavy components',
+                implementation: 'Component-level code splitting',
+                required: true,
+            },
+            routes: {
+                pattern: 'route-based code splitting',
+                implementation: 'Next.js automatic code splitting',
+                required: true,
+            },
+        },
+        patterns: {
+            correct: [
+                "const UploadFeature = dynamic(() => import('@/features/upload'))",
+                "const HeavyChart = lazy(() => import('./HeavyChart'))",
+            ],
+            forbidden: [
+                "import { UploadFeature } from '@/features/upload' // static import of heavy feature",
+            ],
+        },
+        check: {
+            maxInitialBundle: '500KB',
+            maxFeatureBundle: '200KB',
+        },
+    },
+    // ============================================================================
+    // 2. CODE SPLITTING
+    // ============================================================================
+    codeSplitting: {
+        enabled: true,
+        required: true,
+        description: 'Automatic chunking per Feature and Route',
+        strategies: {
+            routeBased: {
+                enabled: true,
+                description: 'Next.js automatically splits by route',
+            },
+            componentBased: {
+                enabled: true,
+                description: 'Large components loaded on demand',
+                threshold: '50KB',
+            },
+            libraryBased: {
+                enabled: true,
+                description: 'Heavy libraries (charts, editors) split separately',
+            },
+        },
+        bundleTargets: {
+            initial: '300KB',
+            async: '150KB per chunk',
+            total: '2MB max',
+        },
+    },
+    // ============================================================================
+    // 3. CACHING LAYERS
+    // ============================================================================
+    caching: {
+        enabled: true,
+        required: true,
+        description: 'Multi-layer caching strategy',
+        layers: {
+            l1_memory: {
+                name: 'L1: In-Memory Cache',
+                scope: 'process',
+                ttl: '5 minutes',
+                useCase: 'AST parsing results, computed values',
+                implementation: 'lru-cache or Map',
+            },
+            l2_swr: {
+                name: 'L2: SWR/React Query',
+                scope: 'client',
+                ttl: 'configurable',
+                useCase: 'API data, user data',
+                implementation: 'SWR or React Query',
+            },
+            l3_redis: {
+                name: 'L3: Redis Cache',
+                scope: 'server',
+                ttl: '1 hour',
+                useCase: 'Session data, rate limiting',
+                implementation: 'Redis',
+            },
+            l4_fs: {
+                name: 'L4: File System Cache',
+                scope: 'server',
+                ttl: '1 hour',
+                useCase: 'Reports, temporary files',
+                implementation: 'OS temp directory',
+            },
+        },
+        rules: [
+            {
+                id: 'PERF-CACHE-001',
+                name: 'Cache Pure Functions',
+                description: 'Core pure functions can be safely cached',
+                severity: 'recommendation',
+            },
+            {
+                id: 'PERF-CACHE-002',
+                name: 'No Cache Without TTL',
+                description: 'All caches must have expiration',
+                severity: 'warning',
+            },
+        ],
+    },
+    // ============================================================================
+    // 4. BUNDLE OPTIMIZATION
+    // ============================================================================
+    bundleOptimization: {
+        enabled: true,
+        required: true,
+        description: 'Optimized bundle size and tree shaking',
+        targets: {
+            initialLoad: '300KB',
+            timeToInteractive: '3 seconds',
+            lighthousePerformance: '90+',
+        },
+        techniques: {
+            treeShaking: {
+                enabled: true,
+                description: 'Dead code elimination',
+                requirement: 'Use ES modules (import/export)',
+            },
+            dynamicImports: {
+                enabled: true,
+                description: 'Load code on demand',
+                requirement: 'Split by feature/route',
+            },
+            dependencyOptimization: {
+                enabled: true,
+                description: 'Optimize third-party deps',
+                tools: ['webpack-bundle-analyzer', 'next-bundle-analyzer'],
+            },
+            compression: {
+                enabled: true,
+                description: 'Gzip/Brotli compression',
+                requirement: 'Enabled in production',
+            },
+        },
+        sizeLimits: {
+            totalBundle: '2MB',
+            initialBundle: '500KB',
+            asyncChunks: '200KB each',
+            images: '100KB (use WebP)',
+        },
+    },
+    // ============================================================================
+    // 5. STATELESS CORE FOR CONCURRENCY
+    // ============================================================================
+    statelessCore: {
+        enabled: true,
+        required: true,
+        description: 'Stateless Core enables easy concurrency and load distribution',
+        benefits: {
+            concurrency: 'Functions can run in parallel without conflicts',
+            caching: 'Same input = same output, highly cacheable',
+            testing: 'Easy to test without mocking state',
+            distribution: 'Can distribute load across workers',
+        },
+        rules: [
+            {
+                id: 'PERF-STATE-001',
+                name: 'Pure Functions Only',
+                description: 'Core functions must be pure',
+                pattern: 'function analyze(input): output',
+                forbidden: ['global variables', 'closures with state', 'side effects'],
+            },
+            {
+                id: 'PERF-STATE-002',
+                name: 'No Singletons in Core',
+                description: 'Core must not use singleton pattern',
+                forbidden: ['export const service = new Service()', 'global state'],
+            },
+        ],
+    },
+    // ============================================================================
+    // 6. RENDER OPTIMIZATION
+    // ============================================================================
+    renderOptimization: {
+        enabled: true,
+        required: true,
+        description: 'React rendering optimizations',
+        patterns: {
+            memoization: {
+                useMemo: 'For expensive computations',
+                useCallback: 'For function props',
+                ReactMemo: 'For component memoization',
+            },
+            virtualization: {
+                description: 'For long lists',
+                libraries: ['react-window', 'react-virtualized'],
+            },
+            suspense: {
+                description: 'For async boundaries',
+                pattern: '<Suspense fallback={<Loading />}><AsyncComponent /></Suspense>',
+            },
+        },
+        rules: [
+            {
+                id: 'PERF-RENDER-001',
+                name: 'Avoid Unnecessary Rerenders',
+                description: 'Use memoization for expensive components',
+            },
+            {
+                id: 'PERF-RENDER-002',
+                name: 'Virtualize Long Lists',
+                description: 'Lists > 100 items must be virtualized',
+            },
+        ],
+    },
+    // ============================================================================
+    // 7. API PERFORMANCE
+    // ============================================================================
+    apiPerformance: {
+        enabled: true,
+        required: true,
+        description: 'API endpoint performance targets',
+        targets: {
+            p50: '100ms',
+            p95: '300ms',
+            p99: '500ms',
+            timeout: '30 seconds',
+        },
+        optimizations: {
+            pagination: {
+                required: true,
+                description: 'All list endpoints must support pagination',
+                default: '20 items per page',
+                max: '100 items per page',
+            },
+            compression: {
+                required: true,
+                description: 'Response compression for large payloads',
+                algorithm: 'gzip or brotli',
+            },
+            caching: {
+                required: true,
+                description: 'ETag and Cache-Control headers',
+            },
+        },
+    },
+};
+// =============================================================================
+// VALIDATION HELPERS
+// =============================================================================
+export function validatePerformanceCompliance(bundleAnalysis) {
+    const violations = [];
+    let score = 100;
+    // Check bundle size
+    if (bundleAnalysis.initial > 500) {
+        violations.push(`PERF-BUNDLE-001: Initial bundle ${bundleAnalysis.initial}KB exceeds 500KB limit`);
+        score -= 20;
+    }
+    if (bundleAnalysis.total > 2048) {
+        violations.push(`PERF-BUNDLE-002: Total bundle ${bundleAnalysis.total}KB exceeds 2MB limit`);
+        score -= 15;
+    }
+    // Check async chunk size
+    if (bundleAnalysis.asyncChunk > 200) {
+        violations.push(`PERF-BUNDLE-003: Async chunk ${bundleAnalysis.asyncChunk}KB exceeds 200KB limit`);
+        score -= 10;
+    }
+    return {
+        compliant: violations.length === 0,
+        violations,
+        score: Math.max(0, score),
+    };
+}
+export function calculatePerformanceScore(metrics) {
+    const maxScore = 100;
+    let score = 0;
+    // Lazy loading (20 points)
+    if (metrics.hasLazyLoading)
+        score += 20;
+    // Code splitting (15 points)
+    if (metrics.hasCodeSplitting)
+        score += 15;
+    // Caching (20 points)
+    if (metrics.hasCaching)
+        score += 15;
+    if (metrics.hasMultiLayerCache)
+        score += 5;
+    // Bundle optimization (20 points)
+    if (metrics.bundleSize < 500)
+        score += 15;
+    if (metrics.hasTreeShaking)
+        score += 5;
+    // Stateless core (15 points)
+    if (metrics.hasPureFunctions)
+        score += 15;
+    // Render optimization (10 points)
+    if (metrics.hasMemoization)
+        score += 5;
+    if (metrics.hasVirtualization)
+        score += 5;
+    const grade = score >= 90 ? 'A' : score >= 80 ? 'B' : score >= 70 ? 'C' : score >= 60 ? 'D' : 'F';
+    return { score, maxScore, grade };
+}
+export default PerformanceRules;
+//# sourceMappingURL=ts.rules.js.map

package/dist/packages/domain/src/constitution/security/index.js

@@ -0,0 +1,50 @@
+/**
+ * Delta Constitution - Security Rules Index
+ * @description Security rules for all supported languages
+ * @version 1.0.0
+ */
+// TypeScript / Node.js Rules
+export { default as ts, SecurityRules as TSSecurityRules } from './ts.rules';
+// Future language support:
+// export { default as py } from './py.rules';
+// export { default as java } from './java.rules';
+// export { default as cs } from './cs.rules';
+// export { default as go } from './go.rules';
+// Language-agnostic exports
+export const SecurityAxis = {
+    name: 'Security',
+    description: 'Policy-driven, Fail-Closed, Audit, Rate Limiting',
+    weight: 25, // Percentage in overall score
+    // Supported languages
+    languages: ['typescript', 'javascript', 'node'],
+    // Key principles (language-agnostic)
+    principles: [
+        {
+            id: 'SEC-001',
+            name: 'Policy-Driven',
+            description: 'All constraints defined in Policies, not hardcoded',
+        },
+        {
+            id: 'SEC-002',
+            name: 'Fail-Closed',
+            description: 'Default deny - anything not explicitly allowed is forbidden',
+        },
+        {
+            id: 'SEC-003',
+            name: 'Audit Logging',
+            description: 'Complete audit trail for every operation',
+        },
+        {
+            id: 'SEC-004',
+            name: 'Rate Limiting',
+            description: 'Distributed + Centralized rate limiting',
+        },
+        {
+            id: 'SEC-005',
+            name: 'Input Validation',
+            description: 'Strict validation at every layer',
+        },
+    ],
+};
+export default SecurityAxis;
+//# sourceMappingURL=index.js.map

package/dist/packages/domain/src/constitution/security/ts.rules.js

@@ -0,0 +1,267 @@
+/**
+ * Delta Constitution - Security Rules
+ * @description Security standards and rules for Delta Architecture
+ * @version 1.0.0
+ * @see docs/architecture/CONSTITUTION.md
+ */
+// =============================================================================
+// SECURITY RULE DEFINITIONS
+// =============================================================================
+export const SecurityRules = {
+    version: '1.0.0',
+    lastUpdated: '2026-02-10',
+    // ============================================================================
+    // 1. POLICY-DRIVEN ARCHITECTURE
+    // ============================================================================
+    policyDriven: {
+        enabled: true,
+        required: true,
+        description: 'All system constraints must be defined in Policies, not hardcoded',
+        rules: [
+            {
+                id: 'SEC-POL-001',
+                name: 'No Hardcoded Limits',
+                description: 'No magic numbers or hardcoded limits in business logic',
+                severity: 'error',
+                examples: {
+                    forbidden: [
+                        'if (file.size > 52428800) throw new Error()',
+                        'if (code.includes("eval")) reportIssue()',
+                        'const MAX_SIZE = 1000000',
+                    ],
+                    correct: [
+                        'const policy = policies.get("file-size")',
+                        'if (file.size > policy.maxSize) reportIssue(policy)',
+                    ],
+                },
+            },
+            {
+                id: 'SEC-POL-002',
+                name: 'Policy Registry Required',
+                description: 'Every module must have a policies/ directory with definitions',
+                severity: 'error',
+                check: {
+                    pathPattern: 'src/modules/*/policies/',
+                    requiredFiles: ['index.ts'],
+                },
+            },
+        ],
+    },
+    // ============================================================================
+    // 2. FAIL-CLOSED PRINCIPLE
+    // ============================================================================
+    failClosed: {
+        enabled: true,
+        required: true,
+        description: 'Default deny - anything not explicitly allowed is forbidden',
+        rules: [
+            {
+                id: 'SEC-FAIL-001',
+                name: 'Default Deny Pattern',
+                description: 'All authorization checks must use default deny',
+                severity: 'critical',
+                pattern: {
+                    forbidden: 'if (isBlocked) return deny()',
+                    required: 'if (!isAllowed) return deny()',
+                },
+            },
+            {
+                id: 'SEC-FAIL-002',
+                name: 'Error Handling',
+                description: 'On error, default to denial, not allowance',
+                severity: 'critical',
+                examples: {
+                    forbidden: [
+                        'try { risky() } catch (e) { return { allowed: true } }',
+                        'catch (e) { return { allowed: true, reason: "fallback" } }',
+                    ],
+                    correct: [
+                        'try { risky() } catch (e) { return deny(e) }',
+                        'catch (e) { auditLog(e); return { allowed: false } }',
+                    ],
+                },
+            },
+        ],
+    },
+    // ============================================================================
+    // 3. AUDIT LOGGING
+    // ============================================================================
+    auditLogging: {
+        enabled: true,
+        required: true,
+        description: 'Complete audit trail for every operation across all layers',
+        requirements: {
+            coverage: '100%',
+            layers: ['features', 'modules', 'core', 'security'],
+            events: [
+                { action: 'auth:login', level: 'info', required: true },
+                { action: 'auth:logout', level: 'info', required: true },
+                { action: 'auth:failed', level: 'warning', required: true },
+                { action: 'upload:init', level: 'info', required: true },
+                { action: 'upload:complete', level: 'info', required: true },
+                { action: 'upload:failed', level: 'error', required: true },
+                { action: 'analysis:start', level: 'info', required: true },
+                { action: 'analysis:complete', level: 'info', required: true },
+                { action: 'policy:violation', level: 'warning', required: true },
+                { action: 'permission:denied', level: 'warning', required: true },
+            ],
+        },
+        schema: {
+            required: ['action', 'userId', 'timestamp', 'success'],
+            optional: ['metadata', 'severity', 'ip', 'userAgent'],
+        },
+    },
+    // ============================================================================
+    // 4. RATE LIMITING
+    // ============================================================================
+    rateLimiting: {
+        enabled: true,
+        required: true,
+        description: 'Distributed + Centralized rate limiting (Memory + Redis)',
+        strategies: {
+            memory: {
+                enabled: true,
+                useCase: 'single-instance deployments',
+                storage: 'in-memory Map',
+                ttl: 'configurable',
+            },
+            redis: {
+                enabled: true,
+                useCase: 'multi-instance deployments',
+                storage: 'redis',
+                distributed: true,
+            },
+        },
+        endpoints: [
+            { path: '/api/auth/*', limit: '5 requests per minute', burst: 10 },
+            { path: '/api/upload/*', limit: '10 requests per minute', burst: 20 },
+            { path: '/api/analysis/*', limit: '20 requests per minute', burst: 50 },
+        ],
+    },
+    // ============================================================================
+    // 5. INPUT VALIDATION
+    // ============================================================================
+    inputValidation: {
+        enabled: true,
+        required: true,
+        description: 'Strict validation at every layer using schemas',
+        layers: {
+            features: {
+                validation: 'Zod schemas',
+                location: 'hooks and services',
+                example: 'useUpload.ts validates input before service call',
+            },
+            modules: {
+                validation: 'TypeScript + runtime checks',
+                location: 'business logic entry points',
+            },
+            contracts: {
+                validation: 'Contract schema definitions',
+                location: 'contract interfaces',
+            },
+        },
+        schemas: [
+            { name: 'UploadInput', required: true, file: 'src/contracts/upload.contract.ts' },
+            { name: 'AuthInput', required: true, file: 'src/contracts/auth.contract.ts' },
+            { name: 'AnalysisInput', required: true, file: 'src/contracts/analysis.contract.ts' },
+        ],
+    },
+    // ============================================================================
+    // 6. ENVIRONMENT VALIDATION
+    // ============================================================================
+    envValidation: {
+        enabled: true,
+        required: true,
+        description: 'All environment variables validated at startup',
+        requiredVars: ['SUPABASE_URL', 'SUPABASE_ANON_KEY', 'JWT_SECRET', 'ENCRYPTION_KEY'],
+        optional: ['REDIS_URL', 'SENTRY_DSN', 'FEATURE_FLAGS_URL'],
+        validation: {
+            atStartup: true,
+            strict: true,
+            failOnMissing: true,
+        },
+    },
+    // ============================================================================
+    // 7. PERMISSION GUARDS
+    // ============================================================================
+    permissionGuards: {
+        enabled: true,
+        required: true,
+        description: 'RBAC + Policy guards at every entry point',
+        locations: [
+            'src/security/policy-enforcement/guard.ts',
+            'src/auth/guards.ts',
+            'src/features/*/hooks/usePermissions.ts',
+        ],
+        patterns: {
+            required: [
+                'requirePermission()',
+                'requireAnyPermission()',
+                'requireAllPermissions()',
+                'withPermission()',
+            ],
+            hooks: ['usePermission()', 'useAuth()'],
+        },
+    },
+};
+// =============================================================================
+// VALIDATION HELPERS
+// =============================================================================
+export function validateSecurityCompliance(projectStructure) {
+    const violations = [];
+    // Check policy-driven architecture
+    if (!projectStructure.hasPolicyRegistry) {
+        violations.push('SEC-POL-002: Missing policies/ directory in modules');
+    }
+    // Check audit logging
+    if (!projectStructure.hasAuditLogging) {
+        violations.push('SEC-AUDIT-001: Missing audit logging implementation');
+    }
+    // Check rate limiting
+    if (!projectStructure.hasRateLimiting) {
+        violations.push('SEC-RATE-001: Missing rate limiting implementation');
+    }
+    // Check fail-closed patterns
+    if (projectStructure.hasFailOpenPatterns) {
+        violations.push('SEC-FAIL-001: Found fail-open patterns in code');
+    }
+    return {
+        compliant: violations.length === 0,
+        violations,
+    };
+}
+// =============================================================================
+// SCORING
+// =============================================================================
+export function calculateSecurityScore(checks) {
+    const maxScore = 100;
+    let score = 0;
+    // Policy-driven (25 points)
+    if (checks.hasPolicyRegistry)
+        score += 15;
+    if (checks.hasNoHardcodedLimits)
+        score += 10;
+    // Fail-closed (25 points)
+    if (checks.hasDefaultDeny)
+        score += 15;
+    if (checks.hasProperErrorHandling)
+        score += 10;
+    // Audit logging (20 points)
+    if (checks.hasAuditLogging)
+        score += 20;
+    // Rate limiting (15 points)
+    if (checks.hasRateLimiting)
+        score += 15;
+    // Input validation (15 points)
+    if (checks.hasInputValidation)
+        score += 10;
+    if (checks.hasEnvValidation)
+        score += 5;
+    return {
+        score,
+        maxScore,
+        percentage: Math.round((score / maxScore) * 100),
+    };
+}
+export default SecurityRules;
+//# sourceMappingURL=ts.rules.js.map