aact 2.0.2 → 2.1.0

package/dist/cli/index.mjs

@@ -1,16 +1,20 @@
 #!/usr/bin/env node
 import { defineCommand, runMain } from 'citty';
 import consola from 'consola';
-import { A as AactConfigSchema, m as loadStructurizrElements, l as loadPlantumlElements, o as mapContainersFromPlantumlElements, a as analyzeArchitecture, c as checkAcl, b as checkAcyclic, d as checkApiGateway, f as checkCrud, g as checkDbPerService, e as checkCohesion, h as checkStableDependencies, j as generateKubernetes, k as generatePlantumlFromModel } from '../shared/aact.Dqryafrg.mjs';
+import { A as AactConfigSchema, H as loadStructurizrElements, G as loadPlantumlElements, J as mapContainersFromPlantumlElements, q as analyzeArchitecture, E as EXTERNAL_SYSTEM_TYPE, b as CONTAINER_DB_TYPE, r as checkAcl, s as checkAcyclic, t as checkApiGateway, w as checkCrud, x as checkDbPerService, u as checkCohesion, y as checkStableDependencies, v as checkCommonReuse, L as structurizrDslSyntax, D as generateKubernetes, F as generatePlantumlFromModel } from '../shared/aact.mCX-x14V.mjs';
 import { loadConfig } from 'c12';
 import * as v from 'valibot';
 import path from 'node:path';
 import fs, { readFile, writeFile } from 'node:fs/promises';
+import pc from 'picocolors';
 import 'yaml';
 import 'plantuml-parser';
 
-const loadAndValidateConfig = async () => {
-  const { config } = await loadConfig({ name: "aact" });
+const loadAndValidateConfig = async (configPath) => {
+  const { config } = await loadConfig({
+    name: "aact",
+    ...configPath ? { configFile: configPath } : {}
+  });
   if (!config) {
     throw new Error("No source configured. Create an aact.config.ts file.");
   }
@@ -37,13 +41,17 @@ const loadModel = async (config) => {
 const analyze = defineCommand({
   meta: { description: "Analyze architecture metrics" },
   args: {
+    config: {
+      type: "string",
+      description: "Path to aact config file"
+    },
     format: {
       type: "string",
       description: "Output format: text, json"
     }
   },
   async run({ args }) {
-    const config = await loadAndValidateConfig();
+    const config = await loadAndValidateConfig(args.config);
     const model = await loadModel(config);
     const { report } = analyzeArchitecture(model);
     if (args.format === "json") {
@@ -70,7 +78,7 @@ const analyze = defineCommand({
 });
 
 const plantumlSyntax = {
-  containerPattern: (name) => `Container(${name},`,
+  containerPattern: (name) => `(${name},`,
   containerDecl: (name, label, tags) => {
     const tagsPart = tags ? `, "", "", $tags="${tags}"` : "";
     return `Container(${name}, "${label}"${tagsPart})`;
@@ -82,26 +90,35 @@ const plantumlSyntax = {
   }
 };
 
+const applyIndent = (content, indent) => content.split("\n").map((line) => line.trim() ? indent + line : line).join("\n");
 const applyEdits = (source, edits) => {
-  let lines = source.split("\n");
+  const lines = source.split("\n");
   for (const edit of edits) {
     const idx = lines.findIndex((line) => line.includes(edit.search));
-    if (idx === -1) continue;
+    if (idx === -1) {
+      consola.warn(`fix: pattern not found in source \u2014 "${edit.search}"`);
+      continue;
+    }
+    const matchCount = lines.filter(
+      (line) => line.includes(edit.search)
+    ).length;
+    if (matchCount > 1) {
+      consola.warn(
+        `fix: ambiguous pattern "${edit.search}" matches ${matchCount} lines, using first`
+      );
+    }
+    const indent = /^(\s*)/.exec(lines[idx])?.[1] ?? "";
     switch (edit.type) {
       case "remove": {
         lines.splice(idx, 1);
         break;
       }
       case "replace": {
-        lines[idx] = edit.content ?? "";
+        lines[idx] = applyIndent(edit.content ?? "", indent);
         break;
       }
       case "add": {
-        lines = [
-          ...lines.slice(0, idx + 1),
-          edit.content ?? "",
-          ...lines.slice(idx + 1)
-        ];
+        lines.splice(idx + 1, 0, applyIndent(edit.content ?? "", indent));
         break;
       }
     }
@@ -109,9 +126,34 @@ const applyEdits = (source, edits) => {
   return lines.join("\n");
 };
 
+const detectNamingConvention = (model) => {
+  const names = model.allContainers.map((c) => c.name);
+  if (names.length === 0) return "snake";
+  const withUnderscore = names.filter((n) => n.includes("_")).length;
+  const withHyphen = names.filter((n) => n.includes("-")).length;
+  const withCamel = names.filter((n) => /[a-z][A-Z]/.test(n)).length;
+  if (withHyphen > withUnderscore && withHyphen > withCamel) return "kebab";
+  if (withCamel > withUnderscore) return "camel";
+  return "snake";
+};
+const joinName = (base, word, convention) => {
+  switch (convention) {
+    case "camel": {
+      return base + word.charAt(0).toUpperCase() + word.slice(1);
+    }
+    case "kebab": {
+      return `${base}-${word}`;
+    }
+    default: {
+      return `${base}_${word}`;
+    }
+  }
+};
+
 const fixAcl = (model, violations, syntax, options) => {
   const tag = options?.tag ?? "acl";
-  const externalType = options?.externalType ?? "System_Ext";
+  const convention = detectNamingConvention(model);
+  const externalType = options?.externalType ?? EXTERNAL_SYSTEM_TYPE;
   const results = [];
   for (const violation of violations) {
     const container = model.allContainers.find(
@@ -122,39 +164,262 @@ const fixAcl = (model, violations, syntax, options) => {
       (r) => r.to.type === externalType
     );
     if (externalRels.length === 0) continue;
-    const aclName = `${container.name}_acl`;
+    const aclName = joinName(container.name, "acl", convention);
+    if (model.allContainers.some((c) => c.name === aclName)) {
+      consola.warn(
+        `fix acl: skipping ${container.name} \u2014 ${aclName} already exists`
+      );
+      continue;
+    }
     const fix = {
       rule: "acl",
       description: `Add ACL layer for ${container.name}`,
       edits: []
     };
-    fix.edits.push({
-      type: "add",
-      search: syntax.containerPattern(container.name),
-      content: syntax.containerDecl(aclName, `${container.label} ACL`, tag)
-    });
-    for (const rel of externalRels) {
-      const tech = rel.technology ?? "";
-      fix.edits.push(
+    fix.edits.push(
+      // 1. Add ACL container after the violating container
+      {
+        type: "add",
+        search: syntax.containerPattern(container.name),
+        content: syntax.containerDecl(aclName, `${container.label} ACL`, tag)
+      },
+      // 2. Add single Rel(svc, acl) after the ACL container declaration
+      {
+        type: "add",
+        search: syntax.containerPattern(aclName),
+        content: syntax.relationDecl(container.name, aclName)
+      },
+      ...externalRels.map((rel) => ({
+        type: "replace",
+        search: syntax.relationPattern(container.name, rel.to.name),
+        content: syntax.relationDecl(aclName, rel.to.name, rel.technology)
+      }))
+    );
+    results.push(fix);
+  }
+  return results;
+};
+
+const buildContainerBoundaryMap = (model) => {
+  const map = /* @__PURE__ */ new Map();
+  for (const boundary of model.boundaries) {
+    for (const container of boundary.containers) {
+      map.set(container.name, boundary);
+    }
+  }
+  return map;
+};
+const findPublicApiCandidate = (targetBoundary, dbType, ownerTags, model, containerBoundaryMap) => {
+  const candidates = targetBoundary.containers.filter(
+    (c) => c.type !== dbType && !ownerTags.some((t) => c.tags?.includes(t))
+  );
+  if (candidates.length === 0) return void 0;
+  if (candidates.length === 1) return candidates[0];
+  const candidateNames = new Set(candidates.map((c) => c.name));
+  const inDegree = new Map(candidates.map((c) => [c.name, 0]));
+  for (const container of model.allContainers) {
+    if (containerBoundaryMap.get(container.name) === targetBoundary) continue;
+    for (const rel of container.relations) {
+      if (candidateNames.has(rel.to.name)) {
+        inDegree.set(rel.to.name, (inDegree.get(rel.to.name) ?? 0) + 1);
+      }
+    }
+  }
+  return candidates.toSorted(
+    (a, b) => (inDegree.get(b.name) ?? 0) - (inDegree.get(a.name) ?? 0)
+  )[0];
+};
+const resolveRedirectTarget = (accessor, db, owner, dbType, ownerTags, model, containerBoundaryMap, ruleName) => {
+  const accessorBoundary = containerBoundaryMap.get(accessor.name);
+  const dbBoundary = containerBoundaryMap.get(db.name);
+  const isCrossBoundary = accessorBoundary !== void 0 && dbBoundary !== void 0 && accessorBoundary !== dbBoundary;
+  if (!isCrossBoundary) return owner;
+  const publicApi = findPublicApiCandidate(
+    dbBoundary,
+    dbType,
+    ownerTags,
+    model,
+    containerBoundaryMap
+  );
+  if (!publicApi) {
+    consola.warn(
+      `fix ${ruleName}: boundary "${dbBoundary.name}" has no public API \u2014 cannot auto-redirect "${accessor.name}" away from "${db.name}", fix manually`
+    );
+    return void 0;
+  }
+  if (publicApi === owner) {
+    consola.warn(
+      `fix ${ruleName}: the only public API candidate in "${dbBoundary.name}" is the repo owner \u2014 cross-boundary access from "${accessor.name}" requires manual review`
+    );
+    return void 0;
+  }
+  return publicApi;
+};
+
+const stripDbWord = (name) => {
+  const lower = name.toLowerCase();
+  for (const suffix of [
+    "_database",
+    "-database",
+    "database",
+    "_db",
+    "-db",
+    "db"
+  ]) {
+    if (lower.endsWith(suffix)) {
+      return name.slice(0, -suffix.length);
+    }
+  }
+  return name;
+};
+const deriveRepoName = (dbName, convention) => {
+  const base = stripDbWord(dbName);
+  return joinName(base || dbName, "repo", convention);
+};
+const deriveRepoLabel = (dbName) => {
+  const base = stripDbWord(dbName);
+  const word = base || dbName;
+  return word.charAt(0).toUpperCase() + word.slice(1).replaceAll("_", " ") + " Repo";
+};
+const fixNonRepoAccessesDb = (accessor, model, syntax, dbType, ownerTags, convention) => {
+  const dbRels = accessor.relations.filter((r) => r.to.type === dbType);
+  if (dbRels.length === 0) return void 0;
+  const containerBoundaryMap = buildContainerBoundaryMap(model);
+  const edits = dbRels.flatMap((rel) => {
+    const db = rel.to;
+    const existingRepo = model.allContainers.find(
+      (c) => c !== accessor && c.relations.some((r) => r.to.name === db.name) && ownerTags.some((t) => c.tags?.includes(t))
+    );
+    if (existingRepo) {
+      const redirectTarget = resolveRedirectTarget(
+        accessor,
+        db,
+        existingRepo,
+        dbType,
+        ownerTags,
+        model,
+        containerBoundaryMap,
+        "crud"
+      );
+      if (!redirectTarget) return [];
+      return [
         {
           type: "replace",
-          search: syntax.relationPattern(container.name, rel.to.name),
-          content: syntax.relationDecl(container.name, aclName, tech)
-        },
-        {
-          type: "add",
-          search: syntax.relationPattern(container.name, aclName),
-          content: syntax.relationDecl(aclName, rel.to.name, tech)
+          search: syntax.relationPattern(accessor.name, db.name),
+          content: syntax.relationDecl(
+            accessor.name,
+            redirectTarget.name,
+            rel.technology
+          )
         }
+      ];
+    }
+    const accessorBoundary = containerBoundaryMap.get(accessor.name);
+    const dbBoundary = containerBoundaryMap.get(db.name);
+    if (accessorBoundary !== void 0 && dbBoundary !== void 0 && accessorBoundary !== dbBoundary) {
+      consola.warn(
+        `fix crud: "${accessor.name}" accesses "${db.name}" cross-boundary with no existing repo \u2014 fix manually`
       );
+      return [];
+    }
+    const repoName = deriveRepoName(db.name, convention);
+    if (model.allContainers.some((c) => c.name === repoName)) {
+      consola.warn(
+        `fix crud: cannot create repo for "${db.name}" \u2014 "${repoName}" already exists`
+      );
+      return [];
+    }
+    return [
+      {
+        type: "add",
+        search: syntax.containerPattern(db.name),
+        content: syntax.containerDecl(
+          repoName,
+          deriveRepoLabel(db.name),
+          ownerTags[0] ?? "repo"
+        )
+      },
+      {
+        type: "add",
+        search: syntax.containerPattern(repoName),
+        content: syntax.relationDecl(repoName, db.name, rel.technology)
+      },
+      {
+        type: "replace",
+        search: syntax.relationPattern(accessor.name, db.name),
+        content: syntax.relationDecl(accessor.name, repoName, rel.technology)
+      }
+    ];
+  });
+  if (edits.length === 0) return void 0;
+  return {
+    rule: "crud",
+    description: `Add repo intermediary for ${accessor.name} \u2192 ${dbRels.map((r) => r.to.name).join(", ")}`,
+    edits
+  };
+};
+const fixRepoWithNonDbDeps = (repo, syntax, dbType) => {
+  const nonDbRels = repo.relations.filter((r) => r.to.type !== dbType);
+  if (nonDbRels.length === 0) return void 0;
+  return {
+    rule: "crud",
+    description: `Remove non-database dependencies from repo ${repo.name}`,
+    edits: nonDbRels.map((rel) => ({
+      type: "remove",
+      search: syntax.relationPattern(repo.name, rel.to.name)
+    }))
+  };
+};
+const fixCrud = (model, violations, syntax, options) => {
+  const dbType = options?.dbType ?? CONTAINER_DB_TYPE;
+  const ownerTags = options?.repoTags ?? ["repo", "relay"];
+  const convention = detectNamingConvention(model);
+  const results = [];
+  for (const violation of violations) {
+    const container = model.allContainers.find(
+      (c) => c.name === violation.container
+    );
+    if (!container) continue;
+    const isRepo = ownerTags.some((t) => container.tags?.includes(t));
+    if (isRepo) {
+      const fix = fixRepoWithNonDbDeps(container, syntax, dbType);
+      if (fix) results.push(fix);
+    } else {
+      const fix = fixNonRepoAccessesDb(
+        container,
+        model,
+        syntax,
+        dbType,
+        ownerTags,
+        convention
+      );
+      if (fix) results.push(fix);
     }
-    results.push(fix);
   }
   return results;
 };
 
+const resolveOwner = (dbName, accessors, ownerTags) => {
+  const tagged = accessors.filter(
+    (c) => c.tags?.some((t) => ownerTags.includes(t))
+  );
+  if (tagged.length === 0) {
+    consola.warn(
+      `Cannot determine owner of ${dbName}: no ${ownerTags.join("/")} tagged accessor found, using ${accessors[0].name}`
+    );
+    return accessors[0];
+  }
+  if (tagged.length > 1) {
+    consola.warn(
+      `Cannot determine owner of ${dbName}: multiple tagged accessors (${tagged.map((c) => c.name).join(", ")}), using ${tagged[0].name}`
+    );
+  }
+  return tagged[0];
+};
 const fixDbPerService = (model, violations, syntax, options) => {
-  const dbType = options?.dbType ?? "ContainerDb";
+  const dbType = options?.dbType ?? CONTAINER_DB_TYPE;
+  const ownerTags = options?.ownerTags ?? ["repo", "relay"];
+  const containerBoundaryMap = buildContainerBoundaryMap(model);
   const results = [];
   for (const violation of violations) {
     const db = model.allContainers.find(
@@ -165,26 +430,46 @@ const fixDbPerService = (model, violations, syntax, options) => {
       (c) => c.relations.some((r) => r.to.name === db.name)
     );
     if (accessors.length <= 1) continue;
-    const owner = accessors[0];
-    const fix = {
-      rule: "dbPerService",
-      description: `Redirect access to ${db.name} through ${owner.name}`,
-      edits: []
-    };
-    for (const accessor of accessors.slice(1)) {
+    const owner = resolveOwner(db.name, accessors, ownerTags);
+    const edits = accessors.filter((c) => c !== owner).flatMap((accessor) => {
       const rel = accessor.relations.find((r) => r.to.name === db.name);
-      if (!rel) continue;
-      const tags = rel.tags && rel.tags.length > 0 ? rel.tags.join("+") : void 0;
-      const oldRel = syntax.relationPattern(accessor.name, db.name);
-      const newRel = syntax.relationDecl(
-        accessor.name,
-        owner.name,
-        rel.technology ?? "",
-        tags
+      if (!rel) {
+        consola.warn(
+          `fix dbPerService: relation from ${accessor.name} to ${db.name} not found, skipping`
+        );
+        return [];
+      }
+      const redirectTarget = resolveRedirectTarget(
+        accessor,
+        db,
+        owner,
+        dbType,
+        ownerTags,
+        model,
+        containerBoundaryMap,
+        "dbPerService"
       );
-      fix.edits.push({ type: "replace", search: oldRel, content: newRel });
-    }
-    results.push(fix);
+      if (!redirectTarget) return [];
+      const tags = rel.tags && rel.tags.length > 0 ? rel.tags.join("+") : void 0;
+      return [
+        {
+          type: "replace",
+          search: syntax.relationPattern(accessor.name, db.name),
+          content: syntax.relationDecl(
+            accessor.name,
+            redirectTarget.name,
+            rel.technology ?? "",
+            tags
+          )
+        }
+      ];
+    });
+    if (edits.length === 0) continue;
+    results.push({
+      rule: "dbPerService",
+      description: `Redirect access to ${db.name} through ${owner.name}`,
+      edits
+    });
   }
   return results;
 };
@@ -203,7 +488,8 @@ const ruleRegistry = [
   }),
   defineRule({
     name: "crud",
-    check: (m, o) => checkCrud(m.allContainers, o)
+    check: (m, o) => checkCrud(m.allContainers, o),
+    fix: fixCrud
   }),
   defineRule({
     name: "dbPerService",
@@ -217,9 +503,15 @@ const ruleRegistry = [
   defineRule({
     name: "stableDependencies",
     check: (m, o) => checkStableDependencies(m.allContainers, o)
+  }),
+  defineRule({
+    name: "commonReuse",
+    check: (m) => checkCommonReuse(m)
   })
 ];
 
+const ruleMap = new Map(ruleRegistry.map((r) => [r.name, r]));
+const exitWithViolations = () => process.exit(1);
 const runRules = (model, rules) => {
   const results = [];
   for (const rule of ruleRegistry) {
@@ -230,17 +522,26 @@ const runRules = (model, rules) => {
   }
   return results;
 };
-const getSyntax = (sourceType) => {
-  if (sourceType === "plantuml") {
+const getSyntax = (config) => {
+  if (config.source.type === "plantuml") {
     return plantumlSyntax;
   }
-  throw new Error(`Write-back not supported for ${sourceType}`);
+  if (config.source.type === "structurizr") {
+    if (!config.source.writePath) {
+      consola.warn(
+        "To use --fix with structurizr, add source.writePath pointing to your workspace.dsl"
+      );
+      return null;
+    }
+    return structurizrDslSyntax;
+  }
+  return null;
 };
 const generateFixes = (model, results, rules, syntax) => {
   const fixes = [];
   for (const result of results) {
     if (result.violations.length === 0) continue;
-    const ruleDef = ruleRegistry.find((r) => r.name === result.name);
+    const ruleDef = ruleMap.get(result.name);
     if (!ruleDef?.fix) continue;
     const configValue = rules?.[ruleDef.name];
     const options = typeof configValue === "object" ? configValue : void 0;
@@ -249,17 +550,37 @@ const generateFixes = (model, results, rules, syntax) => {
   return fixes;
 };
 const formatText = (results) => {
-  for (const result of results) {
-    if (result.violations.length === 0) {
-      consola.success(`${result.name} \u2014 passed`);
-    } else {
-      consola.error(
-        `${result.name} \u2014 ${result.violations.length} violation(s)`
-      );
-      for (const v of result.violations) {
-        consola.log(`  ${v.container}: ${v.message}`);
-      }
+  const failed = results.filter((r) => r.violations.length > 0);
+  const passed = results.filter((r) => r.violations.length === 0);
+  for (const result of failed) {
+    const count = result.violations.length;
+    const label = count === 1 ? "violation" : "violations";
+    const countLabel = pc.red(`${count} ${label}`);
+    console.log(`${pc.bold(pc.red(result.name))}  ${countLabel}`);
+    const maxLen = Math.max(
+      ...result.violations.map((v) => v.container.length)
+    );
+    for (const v of result.violations) {
+      console.log(`  ${pc.bold(v.container.padEnd(maxLen))}  ${v.message}`);
     }
+    console.log();
+  }
+  if (passed.length > 0) {
+    console.log(
+      `${pc.dim("Passed")}  ${passed.map((r) => pc.green(r.name)).join(pc.dim(" \xB7 "))}`
+    );
+    console.log();
+  }
+  const total = failed.reduce((n, r) => n + r.violations.length, 0);
+  if (total === 0) {
+    console.log(pc.green("No violations found."));
+  } else {
+    const rulesLabel = failed.length === 1 ? "rule" : "rules";
+    console.log(
+      pc.red(
+        `Found ${total} ${total === 1 ? "violation" : "violations"} in ${failed.length} ${rulesLabel}`
+      ) + pc.dim("  \u2014  run with --fix to apply suggested fixes")
+    );
   }
 };
 const formatJson = (results) => {
@@ -279,27 +600,34 @@ const formatGithub = (results) => {
     }
   }
 };
+const prefixContent = (content, first, rest) => content.split("\n").map((line, i) => i === 0 ? first + line : rest + line).join("\n");
 const formatFixes = (fixes) => {
   for (const fix of fixes) {
-    consola.info(`[${fix.rule}] ${fix.description}`);
+    const ruleTag = pc.bold(`[${fix.rule}]`);
+    console.log(`  ${ruleTag}  ${fix.description}`);
     for (const edit of fix.edits) {
       switch (edit.type) {
         case "remove": {
-          consola.log(`  - ${edit.search}`);
+          console.log(pc.red(prefixContent(edit.search, "    - ", "      ")));
           break;
         }
         case "replace": {
-          consola.log(`  - ${edit.search}`);
-          consola.log(`  + ${edit.content}`);
+          console.log(pc.red(prefixContent(edit.search, "    - ", "      ")));
+          console.log(
+            pc.green(prefixContent(edit.content ?? "", "    + ", "      "))
+          );
           break;
         }
         case "add": {
-          consola.log(`  (after "${edit.search}")`);
-          consola.log(`  + ${edit.content}`);
+          console.log(pc.dim(`    (after "${edit.search}")`));
+          console.log(
+            pc.green(prefixContent(edit.content ?? "", "    + ", "      "))
+          );
           break;
         }
       }
     }
+    console.log();
   }
 };
 const detectFormat = (format) => {
@@ -307,9 +635,78 @@ const detectFormat = (format) => {
   if (process.env.GITHUB_ACTIONS) return "github";
   return "text";
 };
+const formatResults = (results, format) => {
+  switch (format) {
+    case "json": {
+      formatJson(results);
+      break;
+    }
+    case "github": {
+      formatGithub(results);
+      break;
+    }
+    default: {
+      formatText(results);
+    }
+  }
+};
+const writeFixes = async (config, fixes) => {
+  const writePath = path.resolve(config.source.writePath ?? config.source.path);
+  let source = await readFile(writePath, "utf8");
+  for (const fix of fixes) {
+    source = applyEdits(source, fix.edits);
+  }
+  await writeFile(writePath, source, "utf8");
+  const isDslFix = config.source.writePath && config.source.writePath !== config.source.path;
+  if (isDslFix) {
+    consola.success(`Applied ${fixes.length} fix(es), wrote ${writePath}`);
+    consola.warn(
+      "DSL updated \u2014 regenerate workspace.json from workspace.dsl before re-checking"
+    );
+  } else {
+    const reModel = await loadModel(config);
+    const reResults = runRules(reModel, config.rules);
+    const remaining = reResults.reduce((n, r) => n + r.violations.length, 0);
+    consola.success(
+      `Applied ${fixes.length} fix(es), wrote ${writePath}` + (remaining > 0 ? ` (${remaining} violation(s) remain)` : "")
+    );
+  }
+};
+const handleFixMode = async (model, results, config, dryRun) => {
+  const hasViolations = results.some((r) => r.violations.length > 0);
+  if (!hasViolations) {
+    consola.success("No violations to fix");
+    return;
+  }
+  const syntax = getSyntax(config);
+  if (!syntax) return exitWithViolations();
+  const fixes = generateFixes(model, results, config.rules, syntax);
+  if (fixes.length === 0) {
+    consola.info("No auto-fixes available for these violations");
+    exitWithViolations();
+  }
+  formatFixes(fixes);
+  if (!dryRun) {
+    await writeFixes(config, fixes);
+  }
+};
+const suggestFixes = (model, results, config) => {
+  const syntax = getSyntax(config);
+  if (!syntax) return;
+  const fixes = generateFixes(model, results, config.rules, syntax);
+  if (fixes.length > 0) {
+    console.log(pc.bold("Suggested fixes:"));
+    console.log();
+    formatFixes(fixes);
+  }
+};
 const check = defineCommand({
   meta: { description: "Check architecture rules" },
   args: {
+    config: {
+      type: "string",
+      description: "Path to aact config file"
+    },
     format: {
       type: "string",
       description: "Output format: text, json, github"
@@ -323,75 +720,24 @@ const check = defineCommand({
       description: "Show fixes without applying them"
     }
   },
-  // eslint-disable-next-line sonarjs/cognitive-complexity
   async run({ args }) {
-    const config = await loadAndValidateConfig();
+    const config = await loadAndValidateConfig(args.config);
     const model = await loadModel(config);
     const results = runRules(model, config.rules);
-    const format = detectFormat(args.format);
-    switch (format) {
-      case "json": {
-        formatJson(results);
-        break;
-      }
-      case "github": {
-        formatGithub(results);
-        break;
-      }
-      default: {
-        formatText(results);
-      }
-    }
+    formatResults(results, detectFormat(args.format));
     const hasViolations = results.some((r) => r.violations.length > 0);
     if (args.fix || args["dry-run"]) {
-      if (!hasViolations) {
-        consola.success("No violations to fix");
-        return;
-      }
-      const syntax = getSyntax(config.source.type);
-      const fixes = generateFixes(model, results, config.rules, syntax);
-      if (fixes.length === 0) {
-        consola.info("No auto-fixes available for these violations");
-        if (hasViolations) {
-          throw new Error("Architecture rule violations found");
-        }
-        return;
-      }
-      formatFixes(fixes);
-      if (args["dry-run"]) {
-        return;
-      }
-      const sourcePath = path.resolve(config.source.path);
-      let source = await readFile(sourcePath, "utf8");
-      for (const fix of fixes) {
-        source = applyEdits(source, fix.edits);
-      }
-      await writeFile(sourcePath, source, "utf8");
-      const reModel = await loadModel(config);
-      const reResults = runRules(reModel, config.rules);
-      const remaining = reResults.reduce((n, r) => n + r.violations.length, 0);
-      consola.success(
-        `Applied ${fixes.length} fix(es), wrote ${sourcePath}` + (remaining > 0 ? ` (${remaining} violation(s) remain)` : "")
-      );
+      await handleFixMode(model, results, config, args["dry-run"] ?? false);
       return;
     }
     if (hasViolations) {
-      try {
-        const syntax = getSyntax(config.source.type);
-        const fixes = generateFixes(model, results, config.rules, syntax);
-        if (fixes.length > 0) {
-          consola.info("Suggested fixes (run with --fix to apply):");
-          formatFixes(fixes);
-        }
-      } catch {
-      }
-      throw new Error("Architecture rule violations found");
+      suggestFixes(model, results, config);
+      exitWithViolations();
     }
   }
 });
 
-const runPlantuml = async (config, outputPath) => {
-  const model = await loadModel(config);
+const runPlantuml = async (model, config, outputPath) => {
   const puml = generatePlantumlFromModel(model, {
     boundaryLabel: config.generate?.boundaryLabel
   });
@@ -402,20 +748,24 @@ const runPlantuml = async (config, outputPath) => {
     console.log(puml);
   }
 };
-const runKubernetes = async (config, outputDir) => {
-  const model = await loadModel(config);
+const runKubernetes = async (model, config, outputDir) => {
   const outputs = generateKubernetes(model);
   const targetDir = outputDir ?? config.generate?.kubernetes?.path ?? "resources/kubernetes/microservices";
   await fs.mkdir(targetDir, { recursive: true });
-  for (const output of outputs) {
-    const filePath = path.join(targetDir, output.fileName);
-    await fs.writeFile(filePath, output.content);
-  }
+  await Promise.all(
+    outputs.map(
+      (output) => fs.writeFile(path.join(targetDir, output.fileName), output.content)
+    )
+  );
   consola.success(`Generated ${outputs.length} file(s) in ${targetDir}`);
 };
 const generate = defineCommand({
   meta: { description: "Generate architecture artifacts" },
   args: {
+    config: {
+      type: "string",
+      description: "Path to aact config file"
+    },
     output: {
       type: "string",
       description: "Output path (file for plantuml, directory for kubernetes)"
@@ -426,15 +776,16 @@ const generate = defineCommand({
     }
   },
   async run({ args }) {
-    const config = await loadAndValidateConfig();
+    const config = await loadAndValidateConfig(args.config);
+    const model = await loadModel(config);
     const format = args.format ?? "plantuml";
     switch (format) {
       case "plantuml": {
-        await runPlantuml(config, args.output);
+        await runPlantuml(model, config, args.output);
         break;
       }
       case "kubernetes": {
-        await runKubernetes(config, args.output);
+        await runKubernetes(model, config, args.output);
         break;
       }
       default: {