x-fidelity 3.19.0 → 3.19.1

package/.xfi-config.json

@@ -33,6 +33,14 @@
         {
             "name": "sensitiveLogging-iterative",
             "path": "src/demoConfig/rules/sensitiveLogging-iterative-rule.json"
+        },
+        {
+            "name": "functionComplexity-iterative",
+            "path": "src/plugins/xfiPluginAst/sampleRules/functionComplexity-iterative-rule.json"
+        },
+        {
+            "name": "remote-rule",
+            "url": "https://example.com/rules/custom-rule.json"
         }
     ],
     "additionalFacts": ["customFact"],

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+## [3.19.1](https://github.com/zotoio/x-fidelity/compare/v3.19.0...v3.19.1) (2025-03-25)
+
+
+### Bug Fixes
+
+* add missing mock implementation for loadRepoXFIConfig in tests ([f77ef79](https://github.com/zotoio/x-fidelity/commit/f77ef79651fcbca54e4a8825dad1f0dd7f2e6a81))
+
 # [3.19.0](https://github.com/zotoio/x-fidelity/compare/v3.18.0...v3.19.0) (2025-03-25)
 
 

package/dist/core/engine/engineSetup.test.js

@@ -16,12 +16,14 @@ const facts_1 = require("../../facts");
 const telemetry_1 = require("../../utils/telemetry");
 const configManager_1 = require("../configManager");
 const logger_1 = require("../../utils/logger");
+const repoXFIConfigLoader_1 = require("../../utils/repoXFIConfigLoader");
 jest.mock('json-rules-engine');
 jest.mock('../../operators');
 jest.mock('../../facts');
 jest.mock('../../utils/telemetry');
 jest.mock('../configManager');
 jest.mock('../../utils/logger');
+jest.mock('../../utils/repoXFIConfigLoader');
 describe('setupEngine', () => {
     let engine;
     afterEach(() => {
@@ -61,6 +63,13 @@ describe('setupEngine', () => {
             ],
             cliOptions: {}
         });
+        repoXFIConfigLoader_1.loadRepoXFIConfig.mockResolvedValue({
+            additionalRules: [],
+            additionalFacts: [],
+            additionalOperators: [],
+            additionalPlugins: [],
+            sensitiveFileFalsePositives: []
+        });
         operators_1.loadOperators.mockResolvedValue([
             { name: 'operator1', fn: jest.fn() },
             { name: 'operator2', fn: jest.fn() }
@@ -159,4 +168,49 @@ describe('setupEngine', () => {
         expect(mockAddFact).toHaveBeenCalledWith('fact1', expect.any(Function), { priority: 1 });
         expect(mockAddFact).toHaveBeenCalledWith('openaiAnalysis', expect.any(Function), { priority: 1 });
     }));
+    describe('rule loading order', () => {
+        it('should load archetype rules before additional rules', () => __awaiter(void 0, void 0, void 0, function* () {
+            const mockArchetypeRule = { name: 'rule1', conditions: {}, event: {} };
+            const mockAdditionalRule = { name: 'rule2', conditions: {}, event: {} };
+            configManager_1.ConfigManager.getConfig.mockResolvedValue({
+                rules: [mockArchetypeRule],
+                exemptions: []
+            });
+            repoXFIConfigLoader_1.loadRepoXFIConfig.mockResolvedValue({
+                additionalRules: [mockAdditionalRule]
+            });
+            const mockAddRule = jest.fn();
+            json_rules_engine_1.Engine.mockImplementation(() => ({
+                addOperator: jest.fn(),
+                addRule: mockAddRule,
+                addFact: jest.fn(),
+                on: jest.fn()
+            }));
+            yield (0, engineSetup_1.setupEngine)(mockParams);
+            expect(mockAddRule).toHaveBeenNthCalledWith(1, mockArchetypeRule);
+            expect(mockAddRule).toHaveBeenNthCalledWith(2, mockAdditionalRule);
+        }));
+        it('should skip duplicate rules and keep first occurrence', () => __awaiter(void 0, void 0, void 0, function* () {
+            const duplicateRule = { name: 'duplicate', conditions: {}, event: {} };
+            const uniqueRule = { name: 'unique', conditions: {}, event: {} };
+            configManager_1.ConfigManager.getConfig.mockResolvedValue({
+                rules: [duplicateRule],
+                exemptions: []
+            });
+            repoXFIConfigLoader_1.loadRepoXFIConfig.mockResolvedValue({
+                additionalRules: [duplicateRule, uniqueRule]
+            });
+            const mockAddRule = jest.fn();
+            json_rules_engine_1.Engine.mockImplementation(() => ({
+                addOperator: jest.fn(),
+                addRule: mockAddRule,
+                addFact: jest.fn(),
+                on: jest.fn()
+            }));
+            yield (0, engineSetup_1.setupEngine)(mockParams);
+            expect(mockAddRule).toHaveBeenCalledTimes(2);
+            expect(mockAddRule).toHaveBeenNthCalledWith(1, duplicateRule);
+            expect(mockAddRule).toHaveBeenNthCalledWith(2, uniqueRule);
+        }));
+    });
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x-fidelity",
-  "version": "3.19.0",
+  "version": "3.19.1",
   "description": "cli for opinionated framework adherence checks",
   "main": "dist/index",
   "types": "dist/index.d.ts",

package/src/core/engine/engineSetup.test.ts

@@ -5,6 +5,7 @@ import { loadFacts } from '../../facts';
 import { sendTelemetry } from '../../utils/telemetry';
 import { ConfigManager } from '../configManager';
 import { logger } from '../../utils/logger';
+import { loadRepoXFIConfig } from '../../utils/repoXFIConfigLoader';
 
 jest.mock('json-rules-engine');
 jest.mock('../../operators');
@@ -12,6 +13,7 @@ jest.mock('../../facts');
 jest.mock('../../utils/telemetry');
 jest.mock('../configManager');
 jest.mock('../../utils/logger');
+jest.mock('../../utils/repoXFIConfigLoader');
 
 describe('setupEngine', () => {
     let engine: Engine & { removeAllListeners?: () => void } | undefined;
@@ -56,6 +58,13 @@ describe('setupEngine', () => {
             ],
             cliOptions: {}
         });
+        (loadRepoXFIConfig as jest.Mock).mockResolvedValue({
+            additionalRules: [],
+            additionalFacts: [],
+            additionalOperators: [],
+            additionalPlugins: [],
+            sensitiveFileFalsePositives: []
+        });
         (loadOperators as jest.Mock).mockResolvedValue([
             { name: 'operator1', fn: jest.fn() },
             { name: 'operator2', fn: jest.fn() }
@@ -179,4 +188,61 @@ describe('setupEngine', () => {
         expect(mockAddFact).toHaveBeenCalledWith('fact1', expect.any(Function), { priority: 1 });
         expect(mockAddFact).toHaveBeenCalledWith('openaiAnalysis', expect.any(Function), { priority: 1 });
     });
+
+    describe('rule loading order', () => {
+        it('should load archetype rules before additional rules', async () => {
+            const mockArchetypeRule = { name: 'rule1', conditions: {}, event: {} };
+            const mockAdditionalRule = { name: 'rule2', conditions: {}, event: {} };
+            
+            (ConfigManager.getConfig as jest.Mock).mockResolvedValue({
+                rules: [mockArchetypeRule],
+                exemptions: []
+            });
+            
+            (loadRepoXFIConfig as jest.Mock).mockResolvedValue({
+                additionalRules: [mockAdditionalRule]
+            });
+
+            const mockAddRule = jest.fn();
+            (Engine as jest.Mock).mockImplementation(() => ({
+                addOperator: jest.fn(),
+                addRule: mockAddRule,
+                addFact: jest.fn(),
+                on: jest.fn()
+            }));
+
+            await setupEngine(mockParams);
+            
+            expect(mockAddRule).toHaveBeenNthCalledWith(1, mockArchetypeRule);
+            expect(mockAddRule).toHaveBeenNthCalledWith(2, mockAdditionalRule);
+        });
+
+        it('should skip duplicate rules and keep first occurrence', async () => {
+            const duplicateRule = { name: 'duplicate', conditions: {}, event: {} };
+            const uniqueRule = { name: 'unique', conditions: {}, event: {} };
+            
+            (ConfigManager.getConfig as jest.Mock).mockResolvedValue({
+                rules: [duplicateRule],
+                exemptions: []
+            });
+            
+            (loadRepoXFIConfig as jest.Mock).mockResolvedValue({
+                additionalRules: [duplicateRule, uniqueRule]
+            });
+
+            const mockAddRule = jest.fn();
+            (Engine as jest.Mock).mockImplementation(() => ({
+                addOperator: jest.fn(),
+                addRule: mockAddRule,
+                addFact: jest.fn(),
+                on: jest.fn()
+            }));
+
+            await setupEngine(mockParams);
+            
+            expect(mockAddRule).toHaveBeenCalledTimes(2);
+            expect(mockAddRule).toHaveBeenNthCalledWith(1, duplicateRule);
+            expect(mockAddRule).toHaveBeenNthCalledWith(2, uniqueRule);
+        });
+    });
 });

package/website/docs/local-configuration.md

@@ -106,7 +106,7 @@ The `.xfi-config.json` file in your repository root allows you to customize x-fi
 An array of file paths relative to your repository root that should be excluded from sensitive data checks.
 
 #### additionalRules
-An array of custom rules to add to your configuration. Rules can be specified in three flexible ways:
+An array of custom rules to add to your configuration. Rules can be specified in multiple flexible ways:
 
 1. **Inline Rules**: Define the complete rule configuration directly in the config file:
 ```json
@@ -130,21 +130,47 @@ An array of custom rules to add to your configuration. Rules can be specified in
 }
 ```
 
-2. **Local File References**: Reference rule files relative to your repository or config paths:
+2. **Local File References**: Reference rule files using paths that can be:
+
+a) Relative to repository root:
+```json
+{
+    "name": "sensitiveLogging-iterative",
+    "path": "src/demoConfig/rules/sensitiveLogging-iterative-rule.json"
+}
+```
+
+b) Relative to local config directory (if using --localConfigPath):
 ```json
 {
     "name": "local-rule",
     "path": "rules/custom-rule.json"
 }
 ```
+
+c) Relative to plugin directory (for plugin-provided rules):
+```json
+{
+    "name": "functionComplexity-iterative",
+    "path": "src/plugins/xfiPluginAst/sampleRules/functionComplexity-iterative-rule.json"
+}
+```
+
 The `path` property supports:
-- Absolute paths (relative to repo root)
-- Relative paths (relative to config location)
-- Glob patterns (e.g. `rules/*.json`)
+- Glob patterns (e.g. `rules/*.json`, `**/*-rule.json`)
 - Multiple base directories searched in order:
-  1. Local config directory
+  1. Local config directory (if --localConfigPath is specified)
   2. Current working directory  
   3. Repository root
+  4. Plugin directories (for plugin rules)
+
+Example using glob pattern:
+```json
+{
+    "name": "all-iterative-rules",
+    "path": "**/*-iterative-rule.json"
+}
+```
 
 3. **Remote Rules**: Load rules from remote URLs:
 ```json
@@ -156,15 +182,39 @@ The `path` property supports:
 Remote rules support:
 - HTTPS URLs
 - Authentication headers
-- Automatic retries
-- Error handling
+- Automatic retries with exponential backoff
+- Error handling with detailed logging
 - Response validation
+- Caching with TTL
+
+4. **Reference Existing Rules**: Reference rules from archetypes:
+```json
+{
+    "name": "sensitiveLogging-iterative",
+    "path": "src/demoConfig/rules/sensitiveLogging-iterative-rule.json"
+}
+```
+
+5. **Plugin Rules**: Load rules provided by plugins:
+```json
+{
+    "additionalPlugins": ["xfiPluginAst"],
+    "additionalRules": [
+        {
+            "name": "functionComplexity-iterative",
+            "path": "src/plugins/xfiPluginAst/sampleRules/functionComplexity-iterative-rule.json"
+        }
+    ]
+}
+```
 
 Rules are loaded in the order specified. For each rule:
 1. The rule is validated against the schema
 2. For path/URL rules, the first valid rule found is used
 3. Invalid rules are skipped with a warning
 4. Rules can be exempted via exemptions config
+5. Duplicate rules (same name) are skipped
+6. Plugin rules are loaded after archetype rules
 
 Each rule must follow the standard rule schema with:
 - `name`: Unique identifier for the rule
@@ -173,6 +223,21 @@ Each rule must follow the standard rule schema with:
 - `errorBehavior`: Optional "swallow" or "fatal" 
 - `onError`: Optional error handling configuration
 
+Rule Loading Order:
+1. Archetype rules (from config server or local config)
+2. Plugin rules (from installed plugins)
+3. Additional rules from .xfi-config.json:
+   - Inline rules
+   - Local file rules
+   - Remote URL rules
+   - Referenced rules
+
+Duplicate Rule Handling:
+- Rules with the same name are not loaded twice
+- First rule loaded takes precedence
+- Warning logged for duplicate rule names
+- Archetype rules take precedence over additional rules
+
 #### additionalFacts
 An array of fact names to enable from installed plugins or custom implementations.