x-fidelity 3.7.0 → 3.8.0

package/.github/dependabot.yml

@@ -9,3 +9,27 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+    groups:
+      # Specify a name for the group, which will be used in pull request titles
+      # and branch names
+      xfi-app:
+        applies-to: version-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/website" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    groups:
+      # Specify a name for the group, which will be used in pull request titles
+      # and branch names
+      xfi-web:
+        applies-to: version-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"

package/.github/workflows/codeql.yml

@@ -0,0 +1,98 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '36 11 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: javascript-typescript
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Add any setup steps before running the `github/codeql-action/init` action.
+    # This includes steps like installing compilers or runtimes (`actions/setup-node`
+    # or others). This is typically only required for manual builds.
+    # - name: Setup runtime (example)
+    #   uses: actions/setup-example@v1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

package/.yarnrc

@@ -0,0 +1,2 @@
+--install.ignore-engines true
+

package/CHANGELOG.md

@@ -1,3 +1,22 @@
+# [3.8.0](https://github.com/zotoio/x-fidelity/compare/v3.7.1...v3.8.0) (2025-03-02)
+
+
+### Features
+
+* enhance error logging with file context and flush logs before exit ([ebdffb4](https://github.com/zotoio/x-fidelity/commit/ebdffb475b6529355660949092bb9e045ad359a3))
+
+
+### Performance Improvements
+
+* **analysis:** fix performance issue for very large codebases ([067ab7e](https://github.com/zotoio/x-fidelity/commit/067ab7e5d10fc1c45d44bb936f808e477ed85303))
+
+## [3.7.1](https://github.com/zotoio/x-fidelity/compare/v3.7.0...v3.7.1) (2025-03-01)
+
+
+### Bug Fixes
+
+* package.json & yarn.lock to reduce vulnerabilities ([b21eab3](https://github.com/zotoio/x-fidelity/commit/b21eab312ec803f4a9f9fb078ece0a21a5b6b610))
+
 # [3.7.0](https://github.com/zotoio/x-fidelity/compare/v3.6.0...v3.7.0) (2025-02-27)
 
 

package/dist/core/engine/engineRunner.js

@@ -83,13 +83,15 @@ function runEngineOnFiles(params) {
                     errorLevel = (rule === null || rule === void 0 ? void 0 : rule.errorBehavior) === 'fatal' || ((_f = rule === null || rule === void 0 ? void 0 : rule.event) === null || _f === void 0 ? void 0 : _f.type) === 'fatality' ? 'fatality' : 'error';
                 }
                 logger_1.logger.error({
+                    index: i,
+                    file: file.filePath,
                     err: handledError || error,
                     rule: failedRuleName,
                     source: errorSource,
                     type: errorLevel,
-                    file: file.filePath,
+                    stack: (handledError || error).stack,
                     details: ((_g = error === null || error === void 0 ? void 0 : error.pluginError) === null || _g === void 0 ? void 0 : _g.details) || error.message
-                }, 'Execution error occurred');
+                }, `Execution error occurred at file ${file.filePath} (${i + 1} of ${fileCount})`);
                 // Execute error action if specified
                 if ((_h = rule === null || rule === void 0 ? void 0 : rule.onError) === null || _h === void 0 ? void 0 : _h.action) {
                     try {

package/dist/demoConfig/node-fullstack.json

@@ -10,7 +10,7 @@
         "invalidSystemIdConfigured-iterative",
         "missingRequiredFiles-global",
         "factDoesNotAddResultToAlmanac-iterative",
-        "apiUsageConsistency-global"
+        "newSdkFeatureNotAdoped-global"
     ],
     "operators": [
         "fileContains",

package/dist/demoConfig/rules/{apiUsageConsistency-global-rule.json → newSdkFeatureNotAdoped-global-rule.json}

@@ -1,5 +1,5 @@
 {
-    "name": "apiUsageConsistency-global",
+    "name": "newSdkFeatureNotAdoped-global",
     "conditions": {
         "all": [
             {
@@ -18,7 +18,7 @@
                         "logger\\.debug\\("
                     ],
                     "fileFilter": ".*\\.(ts|js)$",
-                    "resultFact": "apiUsageAnalysis"
+                    "resultFact": "sdkUsageAnalysis"
                 },
                 "operator": "globalPatternRatio",
                 "value": 0.6
@@ -28,9 +28,9 @@
     "event": {
         "type": "warning",
         "params": {
-            "message": "The codebase is not consistently using the new API methods. At least 80% of API calls should use the new methods.",
+            "message": "The codebase does not appear to be using some important new SDK features.",
             "details": {
-                "fact": "apiUsageAnalysis"
+                "fact": "sdkUsageAnalysis"
             }
         }
     }

package/dist/facts/globalFileAnalysisFacts.test.js

@@ -44,13 +44,13 @@ describe('globalFileAnalysis', () => {
         const params = {
             patterns: ['newApiMethod\\(', 'legacyApiMethod\\('],
             fileFilter: '\\.ts$',
-            resultFact: 'apiUsageAnalysis'
+            resultFact: 'sdkUsageAnalysis'
         };
         const result = yield globalFileAnalysisFacts_1.globalFileAnalysis.fn(params, mockAlmanac);
         expect(result.summary.totalFiles).toBe(2);
         expect(result.matchCounts['newApiMethod\\(']).toBe(3);
         expect(result.matchCounts['legacyApiMethod\\(']).toBe(1);
-        expect(mockAlmanac.addRuntimeFact).toHaveBeenCalledWith('apiUsageAnalysis', expect.any(Object));
+        expect(mockAlmanac.addRuntimeFact).toHaveBeenCalledWith('sdkUsageAnalysis', expect.any(Object));
     }));
     it('should handle errors gracefully', () => __awaiter(void 0, void 0, void 0, function* () {
         const mockAlmanac = {
@@ -60,7 +60,7 @@ describe('globalFileAnalysis', () => {
         const params = {
             patterns: ['newApiMethod\\('],
             fileFilter: '\\.ts$',
-            resultFact: 'apiUsageAnalysis'
+            resultFact: 'sdkUsageAnalysis'
         };
         const result = yield globalFileAnalysisFacts_1.globalFileAnalysis.fn(params, mockAlmanac);
         expect(result.result).toEqual([]);

package/dist/facts/repoFilesystemFacts.js

@@ -124,11 +124,11 @@ function repoFileAnalysis(params, almanac) {
             return result;
         }
         //if there is already a resultFact for this file, we need to append
-        const existingResult = almanac.factValue(params.resultFact);
-        if (Object.keys(existingResult).includes('result')) {
-            logger_1.logger.error(JSON.stringify(existingResult));
-            result.result = existingResult.result;
-        }
+        // const existingResult = almanac.factValue(params.resultFact);
+        // if (Object.keys(existingResult).includes('result')) {
+        //     logger.error(JSON.stringify(existingResult));
+        //     result.result = existingResult.result;
+        // }
         const analysis = [];
         const lines = fileContent.split('\n');
         logger_1.logger.debug({ lineCount: lines.length }, 'Processing file lines');
@@ -179,11 +179,17 @@ function repoFileAnalysis(params, almanac) {
                 }
             }
         }
-        if (analysis.length > 0) {
+        const resultLength = result.result.length;
+        const analysisLength = analysis.length;
+        if (analysisLength > 0) {
             logger_1.logger.warn({ filePath, analysis }, 'Found issues in file analysis');
+            //preallocate the array to the correct length
+            result.result.length = resultLength + analysisLength;
+            for (let i = 0; i < analysisLength; i++) {
+                const fileAnalysis = analysis[i];
+                result.result[resultLength + i] = fileAnalysis[i];
+            }
         }
-        //merge the results
-        result.result = result.result.concat(analysis);
         //result.result. = analysis;
         almanac.addRuntimeFact(params.resultFact, result);
         return result;

package/dist/index.js

@@ -135,15 +135,10 @@ function main() {
             }
         }
         catch (e) {
-            logger_1.logger.error(e, `Error during execution ${JSON.stringify(e.message)} \n ${e.stack}`);
-            yield handleError(e).then(() => {
-                // give some time async ops to finish if not handled directly
-                if (process.env.NODE_ENV !== 'test') {
-                    setTimeout(() => {
-                        process.exit(1);
-                    }, 3000);
-                }
-            });
+            yield handleError(e);
+            if (process.env.NODE_ENV !== 'test') {
+                setTimeout(() => process.exit(1), 3000);
+            }
         }
     });
 }

package/dist/utils/exemptionUtils.js

@@ -23,6 +23,7 @@ const telemetry_1 = require("./telemetry");
 const path_1 = __importDefault(require("path"));
 const fs_1 = __importDefault(require("fs"));
 const pathUtils_1 = require("./pathUtils");
+const sanitize_filename_1 = __importDefault(require("sanitize-filename"));
 const XFI_SHARED_SECRET = process.env.XFI_SHARED_SECRET;
 function loadExemptions(params) {
     return __awaiter(this, void 0, void 0, function* () {
@@ -71,12 +72,13 @@ function loadRemoteExemptions(params) {
 function loadLocalExemptions(params) {
     return __awaiter(this, void 0, void 0, function* () {
         const { localConfigPath, archetype } = params;
+        const sanitizedArchetype = (0, sanitize_filename_1.default)(archetype);
         const exemptions = [];
-        const expectedSuffix = `-${archetype}-exemptions.json`;
+        const expectedSuffix = `-${sanitizedArchetype}-exemptions.json`;
         try {
             // Load from legacy file
             const baseConfigPath = path_1.default.resolve(localConfigPath);
-            const legacyExemptionsPath = path_1.default.resolve(baseConfigPath, `${archetype}-exemptions.json`);
+            const legacyExemptionsPath = path_1.default.resolve(baseConfigPath, `${sanitizedArchetype}-exemptions.json`);
             if (fs_1.default.existsSync(legacyExemptionsPath)) {
                 const legacyExemptionsData = yield fs_1.default.promises.readFile(legacyExemptionsPath, 'utf-8');
                 const legacyExemptions = JSON.parse(legacyExemptionsData);
@@ -86,7 +88,7 @@ function loadLocalExemptions(params) {
                 }
             }
             // Load from exemptions directory
-            const exemptionsDirPath = path_1.default.resolve(baseConfigPath, `${archetype}-exemptions`);
+            const exemptionsDirPath = path_1.default.resolve(baseConfigPath, `${sanitizedArchetype}-exemptions`);
             if (fs_1.default.existsSync(exemptionsDirPath)) {
                 const files = yield fs_1.default.promises.readdir(exemptionsDirPath);
                 for (const file of files) {
@@ -117,9 +119,9 @@ function loadLocalExemptions(params) {
                 }
             }
             if (!fs_1.default.existsSync(legacyExemptionsPath) && !fs_1.default.existsSync(exemptionsDirPath)) {
-                logger_1.logger.warn(`No exemption files found for archetype ${archetype}`);
+                logger_1.logger.warn(`No exemption files found for archetype ${sanitizedArchetype}`);
             }
-            logger_1.logger.info(`Loaded ${exemptions.length} total exemptions for archetype ${archetype}`);
+            logger_1.logger.info(`Loaded ${exemptions.length} total exemptions for archetype ${sanitizedArchetype}`);
             return exemptions;
         }
         catch (error) {

package/dist/xfidelity

@@ -135,15 +135,10 @@ function main() {
             }
         }
         catch (e) {
-            logger_1.logger.error(e, `Error during execution ${JSON.stringify(e.message)} \n ${e.stack}`);
-            yield handleError(e).then(() => {
-                // give some time async ops to finish if not handled directly
-                if (process.env.NODE_ENV !== 'test') {
-                    setTimeout(() => {
-                        process.exit(1);
-                    }, 3000);
-                }
-            });
+            yield handleError(e);
+            if (process.env.NODE_ENV !== 'test') {
+                setTimeout(() => process.exit(1), 3000);
+            }
         }
     });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x-fidelity",
-  "version": "3.7.0",
+  "version": "3.8.0",
   "description": "cli for opinionated framework adherence checks",
   "main": "dist/index",
   "types": "dist/index.d.ts",
@@ -46,64 +46,65 @@
   "devDependencies": {
     "@jest/globals": "^29.7.0",
     "@semantic-release/changelog": "^6.0.3",
-    "@semantic-release/commit-analyzer": "^13.0.0",
+    "@semantic-release/commit-analyzer": "^13.0.1",
     "@semantic-release/git": "^10.0.1",
-    "@semantic-release/github": "^11.0.0",
+    "@semantic-release/github": "^11.0.1",
     "@semantic-release/npm": "^12.0.1",
-    "@semantic-release/release-notes-generator": "^14.0.0",
+    "@semantic-release/release-notes-generator": "^14.0.3",
     "@types/esprima": "^4.0.6",
     "@types/express": "^4.17.21",
-    "@types/jest": "^29.5.12",
-    "@types/lodash": "^4.17.4",
-    "@types/node": "^22.1.0",
-    "@types/ora": "^3.2.0",
-    "@types/parse-json": "^4.0.2",
+    "@types/jest": "^29.5.14",
+    "@types/lodash": "^4.17.16",
+    "@types/node": "^22.13.8",
     "@types/prettyjson": "^0.0.33",
     "@types/semver": "^7.5.8",
     "@types/supertest": "^6.0.2",
-    "@types/winston": "^2.4.4",
-    "@typescript-eslint/eslint-plugin": "^8.23.0",
-    "@typescript-eslint/parser": "^8.23.0",
-    "commitizen": "^4.3.0",
+    "@typescript-eslint/eslint-plugin": "^8.25.0",
+    "@typescript-eslint/parser": "^8.25.0",
+    "commitizen": "^4.3.1",
     "conventional-changelog-cli": "^5.0.0",
-    "conventional-recommended-bump": "^10.0.0",
+    "conventional-recommended-bump": "^11.0.0",
     "cz-conventional-changelog": "^3.3.0",
-    "eslint": "^9.15.0",
+    "eslint": "^9.21.0",
     "jest": "^29.7.0",
     "rimraf": "^6.0.1",
-    "semantic-release": "^24.0.0",
+    "semantic-release": "^24.2.3",
     "supertest": "^7.0.0",
-    "ts-jest": "^29.1.4",
-    "ts-node": "^10.4.0",
-    "typescript": "^5.6.3"
+    "ts-jest": "^29.2.6",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.8.2"
   },
   "dependencies": {
     "@types/body-parser": "^1.19.5",
     "@yarnpkg/lockfile": "^1.1.0",
     "ajv": "^8.17.1",
-    "axios": "^1.7.8",
+    "axios": "^1.8.1",
     "body-parser": "^1.20.3",
     "commander": "^13.1.0",
-    "dotenv": "^16.4.5",
+    "dotenv": "^16.4.7",
     "esprima": "^4.0.1",
     "express": "^4.21.2",
-    "express-rate-limit": "^7.4.0",
+    "express-rate-limit": "^7.5.0",
     "helmet": "^8.0.0",
-    "json-rules-engine": "^7.2.1",
+    "json-rules-engine": "^7.3.1",
     "jsonpath-plus": "^10.3.0",
     "kill-port": "^2.0.1",
     "lodash": "^4.17.21",
-    "nodemon": "^3.0.2",
-    "openai": "^4.19.0",
-    "ora": "^8.0.1",
+    "nodemon": "^3.1.9",
+    "openai": "^4.86.1",
+    "ora": "^8.2.0",
     "pino": "^9.6.0",
     "pino-pretty": "^13.0.0",
     "prettyjson": "^1.2.5",
-    "semver": "^7.6.2",
-    "yarn": "^1.22.21"
+    "semver": "^7.7.1",
+    "yarn": "^1.22.22",
+    "sanitize-filename": "^1.6.3"
   },
   "peerDependencies": {
-    "artillery": "^2.0.15"
+    "artillery": "^2.0.22"
+  },
+  "resolutions": {
+    "glob": "^10.0.0"
   },
   "config": {
     "commitizen": {

package/src/IDEAS.md

@@ -0,0 +1,84 @@
+# Innovative Check Types for Codebase Standardization
+
+## aider.chat Claude 3.7 Sonnet Prompt
+
+```bash
+/architect what are some other unusual check types we could add that are not 
+covered by linting, security, sonarqube or similar tools. Remember the goal 
+is to encourage teams to follow patterns that simplify codebases from internal 
+company SDKs frameworks, with important rules enforced. Have a think about 
+50 examples that are both simple to understand, and help improve productivity. 
+Use an innovative mindset and consider react microfrontends using GraphQL 
+as well as microservices using GraphQL and others using standard REST.
+```
+
+## Response: 50 Innovative Check Types
+
+These innovative check types could be added to the X-Fidelity tool to encourage teams to follow patterns that simplify codebases and improve productivity. These go beyond what typical linting, security, or SonarQube tools cover.
+
+### Frontend Architecture Patterns
+
+1. **Component Reuse Ratio** - Measure the reuse of React components across the codebase to encourage shared component libraries.
+2. **Microfrontend Boundary Violations** - Detect when one microfrontend directly imports from another instead of using defined contracts.
+3. **GraphQL Fragment Consistency** - Ensure GraphQL fragments follow naming conventions and are reused appropriately.
+4. **Component Prop Explosion** - Flag React components with too many props that should be refactored into smaller components.
+5. **State Management Consistency** - Ensure consistent state management patterns (Redux, Context API, etc.) within a microfrontend.
+6. **CSS-in-JS Pattern Adherence** - Verify that styling follows the team's chosen CSS-in-JS approach consistently.
+7. **Component Documentation Coverage** - Check that all shared components have proper documentation and examples.
+8. **Microfrontend Shell Integration** - Verify that microfrontends properly register with the application shell.
+9. **Feature Flag Implementation** - Ensure feature flags follow the company's standard implementation pattern.
+10. **A11y Pattern Compliance** - Check that custom UI components implement the team's accessibility patterns correctly.
+
+### Backend Architecture Patterns
+
+11. **Microservice Boundary Enforcement** - Detect when services directly access another service's database instead of using APIs.
+12. **API Version Consistency** - Ensure all endpoints follow the company's versioning strategy.
+13. **GraphQL Resolver Structure** - Verify GraphQL resolvers follow the team's architectural patterns.
+14. **Circuit Breaker Implementation** - Check that external service calls implement circuit breakers according to standards.
+15. **Idempotency Pattern Usage** - Ensure critical endpoints implement proper idempotency patterns.
+16. **Pagination Standard Adherence** - Verify that list endpoints follow the company's pagination standards.
+17. **Error Response Format Consistency** - Check that error responses follow the company's standardized format.
+18. **Service Discovery Registration** - Ensure services properly register with the service discovery mechanism.
+19. **Database Transaction Pattern** - Verify that database transactions follow the team's patterns for consistency.
+20. **Async Processing Pattern** - Check that async operations follow the company's queue/event processing patterns.
+
+### Cross-Cutting Concerns
+
+21. **Logging Context Propagation** - Ensure request context is properly propagated in logs across service boundaries.
+22. **Distributed Tracing Integration** - Verify that services properly integrate with the distributed tracing system.
+23. **Metric Naming Convention** - Check that metrics follow the company's naming conventions for easier dashboarding.
+24. **Health Check Implementation** - Ensure services implement standardized health check endpoints.
+25. **Configuration Management** - Verify services use the company's standard configuration management approach.
+26. **Graceful Shutdown Implementation** - Check that services implement proper graceful shutdown procedures.
+27. **Retry Policy Consistency** - Ensure retry policies follow company standards for external service calls.
+28. **Cache Usage Patterns** - Verify that caching follows the team's established patterns.
+29. **Dependency Injection Pattern** - Check that services follow the company's dependency injection approach.
+30. **Feature Toggle Framework Usage** - Ensure the standard feature toggle framework is used consistently.
+
+### Development Workflow
+
+31. **Branch Naming Convention** - Verify branch names follow the team's convention for easier automation.
+32. **Commit Message Format** - Check that commit messages follow the company's format for better release notes.
+33. **PR Size Limits** - Flag PRs that exceed the team's guidelines for reviewable code size.
+34. **Test Coverage Distribution** - Ensure test coverage is distributed appropriately (not just in easy-to-test areas).
+35. **Test Fixture Standardization** - Verify test fixtures follow the team's patterns for consistency.
+36. **API Contract Test Coverage** - Check that all API contracts have corresponding contract tests.
+37. **Documentation Update Verification** - Ensure code changes that affect public APIs also update documentation.
+38. **Breaking Change Detection** - Flag changes that would break existing clients according to team standards.
+39. **Dependency Update Frequency** - Check that dependencies are updated according to the team's schedule.
+40. **Code Ownership Adherence** - Verify that changes respect the team's code ownership boundaries.
+
+### Company-Specific SDK Usage
+
+41. **Internal SDK Version Compliance** - Ensure teams use the approved versions of internal SDKs.
+42. **SDK Feature Adoption** - Check that teams are using new SDK features rather than maintaining legacy implementations.
+43. **SDK Configuration Standardization** - Verify that SDK configuration follows company standards.
+44. **SDK Extension Pattern** - Ensure extensions to SDKs follow the approved patterns.
+45. **SDK Authentication Pattern** - Check that authentication with internal services uses the company's SDK patterns.
+46. **SDK Initialization Order** - Verify that SDKs are initialized in the correct order according to dependencies.
+47. **SDK Event Handling Pattern** - Ensure event handling with SDKs follows the company's patterns.
+48. **SDK Logging Integration** - Check that SDK logging is properly integrated with the application's logging.
+49. **SDK Error Handling Pattern** - Verify that SDK errors are handled according to company standards.
+50. **SDK Resource Cleanup** - Ensure resources from SDKs are properly cleaned up when no longer needed.
+
+> Each of these checks could be implemented as a rule in the X-Fidelity tool to encourage teams to follow patterns that simplify codebases and improve productivity. The focus is on architectural patterns and company-specific standards rather than general code quality issues that would be caught by traditional tools.

package/src/core/engine/engineRunner.ts

@@ -76,13 +76,15 @@ export async function runEngineOnFiles(params: RunEngineOnFilesParams): Promise<
             }
 
             logger.error({ 
+                index: i,
+                file: file.filePath,
                 err: handledError || error,
                 rule: failedRuleName,
                 source: errorSource,
                 type: errorLevel,
-                file: file.filePath,
+                stack: (handledError || error).stack,
                 details: (error as any)?.pluginError?.details || error.message
-            }, 'Execution error occurred');
+            }, `Execution error occurred at file ${file.filePath} (${i + 1} of ${fileCount})`);
 
             // Execute error action if specified
             if (rule?.onError?.action) {

package/src/demoConfig/node-fullstack.json

@@ -10,7 +10,7 @@
         "invalidSystemIdConfigured-iterative",
         "missingRequiredFiles-global",
         "factDoesNotAddResultToAlmanac-iterative",
-        "apiUsageConsistency-global"
+        "newSdkFeatureNotAdoped-global"
     ],
     "operators": [
         "fileContains",

package/src/demoConfig/rules/{apiUsageConsistency-global-rule.json → newSdkFeatureNotAdoped-global-rule.json}

@@ -1,5 +1,5 @@
 {
-    "name": "apiUsageConsistency-global",
+    "name": "newSdkFeatureNotAdoped-global",
     "conditions": {
         "all": [
             {
@@ -18,7 +18,7 @@
                         "logger\\.debug\\("
                     ],
                     "fileFilter": ".*\\.(ts|js)$",
-                    "resultFact": "apiUsageAnalysis"
+                    "resultFact": "sdkUsageAnalysis"
                 },
                 "operator": "globalPatternRatio",
                 "value": 0.6
@@ -28,9 +28,9 @@
     "event": {
         "type": "warning",
         "params": {
-            "message": "The codebase is not consistently using the new API methods. At least 80% of API calls should use the new methods.",
+            "message": "The codebase does not appear to be using some important new SDK features.",
             "details": {
-                "fact": "apiUsageAnalysis"
+                "fact": "sdkUsageAnalysis"
             }
         }
     }

package/src/facts/globalFileAnalysisFacts.test.ts

@@ -36,7 +36,7 @@ describe('globalFileAnalysis', () => {
         const params = {
             patterns: ['newApiMethod\\(', 'legacyApiMethod\\('],
             fileFilter: '\\.ts$',
-            resultFact: 'apiUsageAnalysis'
+            resultFact: 'sdkUsageAnalysis'
         };
 
         const result = await globalFileAnalysis.fn(params, mockAlmanac);
@@ -44,7 +44,7 @@ describe('globalFileAnalysis', () => {
         expect(result.summary.totalFiles).toBe(2);
         expect(result.matchCounts['newApiMethod\\(']).toBe(3);
         expect(result.matchCounts['legacyApiMethod\\(']).toBe(1);
-        expect(mockAlmanac.addRuntimeFact).toHaveBeenCalledWith('apiUsageAnalysis', expect.any(Object));
+        expect(mockAlmanac.addRuntimeFact).toHaveBeenCalledWith('sdkUsageAnalysis', expect.any(Object));
     });
 
     it('should handle errors gracefully', async () => {
@@ -56,7 +56,7 @@ describe('globalFileAnalysis', () => {
         const params = {
             patterns: ['newApiMethod\\('],
             fileFilter: '\\.ts$',
-            resultFact: 'apiUsageAnalysis'
+            resultFact: 'sdkUsageAnalysis'
         };
 
         const result = await globalFileAnalysis.fn(params, mockAlmanac);

package/src/facts/repoFilesystemFacts.ts

@@ -114,11 +114,11 @@ async function repoFileAnalysis(params: any, almanac: any) {
     }
 
     //if there is already a resultFact for this file, we need to append
-    const existingResult = almanac.factValue(params.resultFact);
-    if (Object.keys(existingResult).includes('result')) {
-        logger.error(JSON.stringify(existingResult));
-        result.result = existingResult.result;
-    }
+    // const existingResult = almanac.factValue(params.resultFact);
+    // if (Object.keys(existingResult).includes('result')) {
+    //     logger.error(JSON.stringify(existingResult));
+    //     result.result = existingResult.result;
+    // }
 
     const analysis: any = [];
     const lines = fileContent.split('\n');
@@ -172,13 +172,18 @@ async function repoFileAnalysis(params: any, almanac: any) {
         }
     }
 
-    if (analysis.length > 0) {
+    const resultLength = result.result.length;
+    const analysisLength = analysis.length;
+    if (analysisLength > 0) {
         logger.warn({ filePath, analysis }, 'Found issues in file analysis');
-        
-    }
 
-    //merge the results
-    result.result = result.result.concat(analysis);
+        //preallocate the array to the correct length
+        result.result.length = resultLength + analysisLength;
+        for (let i = 0; i < analysisLength; i++) {
+            const fileAnalysis = analysis[i];
+            result.result[resultLength + i] = fileAnalysis[i];
+        }  
+    }
 
     //result.result. = analysis;
 

package/src/index.ts

@@ -88,15 +88,11 @@ export async function main() {
             }
         }    
     } catch (e: any) {
-        logger.error(e, `Error during execution ${JSON.stringify(e.message)} \n ${e.stack}`);
-        await handleError(e).then(() => {
-            // give some time async ops to finish if not handled directly
-            if (process.env.NODE_ENV !== 'test') {
-                setTimeout(() => { //todo fix this
-                    process.exit(1);
-                },  3000);
-            }
-        });    
+        
+        await handleError(e);
+        if (process.env.NODE_ENV !== 'test') {
+            setTimeout(() => process.exit(1), 3000);
+        }
     }
 }
 

package/src/utils/exemptionUtils.ts

@@ -5,6 +5,7 @@ import { sendTelemetry } from "./telemetry";
 import path from "path";
 import fs from "fs";
 import { isPathInside } from "./pathUtils";
+import sanitize from "sanitize-filename";
 
 const XFI_SHARED_SECRET = process.env.XFI_SHARED_SECRET;
 
@@ -51,13 +52,14 @@ export async function loadRemoteExemptions(params: LoadExemptionsParams): Promis
 
 export async function loadLocalExemptions(params: LoadExemptionsParams): Promise<Exemption[]> {
     const { localConfigPath, archetype } = params;
+    const sanitizedArchetype = sanitize(archetype);
     const exemptions: Exemption[] = [];
-    const expectedSuffix = `-${archetype}-exemptions.json`;
+    const expectedSuffix = `-${sanitizedArchetype}-exemptions.json`;
 
     try {
         // Load from legacy file
         const baseConfigPath = path.resolve(localConfigPath);
-        const legacyExemptionsPath = path.resolve(baseConfigPath, `${archetype}-exemptions.json`);
+        const legacyExemptionsPath = path.resolve(baseConfigPath, `${sanitizedArchetype}-exemptions.json`);
         if (fs.existsSync(legacyExemptionsPath)) {
             const legacyExemptionsData = await fs.promises.readFile(legacyExemptionsPath, 'utf-8');
             const legacyExemptions = JSON.parse(legacyExemptionsData);
@@ -68,7 +70,7 @@ export async function loadLocalExemptions(params: LoadExemptionsParams): Promise
         }
 
         // Load from exemptions directory
-        const exemptionsDirPath = path.resolve(baseConfigPath, `${archetype}-exemptions`);
+        const exemptionsDirPath = path.resolve(baseConfigPath, `${sanitizedArchetype}-exemptions`);
         if (fs.existsSync(exemptionsDirPath)) {
             const files = await fs.promises.readdir(exemptionsDirPath);
             for (const file of files) {
@@ -101,10 +103,10 @@ export async function loadLocalExemptions(params: LoadExemptionsParams): Promise
         }
 
         if (!fs.existsSync(legacyExemptionsPath) && !fs.existsSync(exemptionsDirPath)) {
-            logger.warn(`No exemption files found for archetype ${archetype}`);
+            logger.warn(`No exemption files found for archetype ${sanitizedArchetype}`);
         }
 
-        logger.info(`Loaded ${exemptions.length} total exemptions for archetype ${archetype}`);
+        logger.info(`Loaded ${exemptions.length} total exemptions for archetype ${sanitizedArchetype}`);
         return exemptions;
     } catch (error) {
         logger.warn(`Failed to load exemptions: ${error}`);

package/website/package.json

@@ -29,7 +29,7 @@
     "@docusaurus/module-type-aliases": "3.7.0",
     "@docusaurus/tsconfig": "3.7.0",
     "@docusaurus/types": "3.7.0",
-    "typescript": "~5.7.3"
+    "typescript": "~5.8.2"
   },
   "browserslist": {
     "production": [

package/website/yarn.lock

@@ -9396,10 +9396,10 @@ typedarray-to-buffer@^3.1.5:
   dependencies:
     is-typedarray "^1.0.0"
 
-typescript@~5.7.3:
-  version "5.7.3"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.7.3.tgz#919b44a7dbb8583a9b856d162be24a54bf80073e"
-  integrity sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw==
+typescript@~5.8.2:
+  version "5.8.2"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.8.2.tgz#8170b3702f74b79db2e5a96207c15e65807999e4"
+  integrity sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==
 
 ufo@^1.5.4:
   version "1.5.4"