fraiseql-confiture 0.3.7__cp311-cp311-macosx_11_0_arm64.whl

confiture/core/linting/__init__.py

@@ -0,0 +1,70 @@
+"""Rule Library System.
+
+Provides:
+- Rule versioning with deprecation paths
+- Conflict detection and resolution
+- Compliance libraries (HIPAA, SOX, GDPR, PCI-DSS, General)
+- Transparent audit trails
+"""
+
+from __future__ import annotations
+
+from .composer import (
+    ComposedRuleSet,
+    ConflictResolution,
+    ConflictType,
+    RuleConflict,
+    RuleConflictError,
+    RuleLibrary,
+    RuleLibraryComposer,
+)
+from .libraries import (
+    GDPRLibrary,
+    GeneralLibrary,
+    HIPAALibrary,
+    PCI_DSSLibrary,
+    SOXLibrary,
+)
+from .schema_linter import (
+    LintConfig,
+    LintReport,
+    LintViolation,
+    RuleSeverity,
+    SchemaLinter,
+)
+from .versioning import (
+    LintSeverity,
+    Rule,
+    RuleRemovedError,
+    RuleVersion,
+    RuleVersionManager,
+)
+
+__all__ = [
+    # Versioning
+    "RuleVersion",
+    "Rule",
+    "LintSeverity",
+    "RuleVersionManager",
+    "RuleRemovedError",
+    # Composition
+    "RuleLibrary",
+    "RuleLibraryComposer",
+    "ComposedRuleSet",
+    "RuleConflict",
+    "RuleConflictError",
+    "ConflictResolution",
+    "ConflictType",
+    # Libraries
+    "GeneralLibrary",
+    "HIPAALibrary",
+    "SOXLibrary",
+    "GDPRLibrary",
+    "PCI_DSSLibrary",
+    # Schema Linter
+    "SchemaLinter",
+    "LintConfig",
+    "LintReport",
+    "LintViolation",
+    "RuleSeverity",
+]

confiture/core/linting/composer.py

@@ -0,0 +1,192 @@
+"""Rule library composition with explicit conflict handling."""
+
+from __future__ import annotations
+
+import logging
+from dataclasses import dataclass, field
+from enum import Enum
+
+from .versioning import LintSeverity, Rule, RuleVersion
+
+logger = logging.getLogger(__name__)
+
+
+class ConflictResolution(Enum):
+    """How to handle rule conflicts."""
+
+    ERROR = "error"  # Raise exception
+    WARN = "warn"  # Log warning, continue
+    PREFER_FIRST = "prefer_first"  # Use first added library's rule
+    PREFER_LAST = "prefer_last"  # Use last added library's rule
+
+
+class ConflictType(Enum):
+    """Type of conflict between rules."""
+
+    DUPLICATE = "duplicate"  # Same rule ID
+    INCOMPATIBLE = "incompatible"  # Conflicting requirements
+    OVERLAPPING = "overlapping"  # Similar functionality
+
+
+@dataclass
+class RuleConflict:
+    """Represents a conflict between rules."""
+
+    rule_id: str
+    library_a: str
+    library_b: str
+    conflict_type: ConflictType
+    severity: LintSeverity
+    description: str
+    suggested_resolution: str
+
+
+class RuleConflictError(Exception):
+    """Exception raised when rule conflicts are detected."""
+
+    pass
+
+
+class RuleLibrary:
+    """Collection of related rules."""
+
+    def __init__(
+        self,
+        name: str,
+        version: RuleVersion,
+        rules: list[Rule],
+        tags: list[str] | None = None,
+    ):
+        self.name = name
+        self.version = version
+        self.rules = {r.rule_id: r for r in rules}
+        self.tags = tags or []
+
+    def get_rules(self) -> list[Rule]:
+        """Get all rules in this library."""
+        return list(self.rules.values())
+
+
+class RuleLibraryComposer:
+    """Compose multiple libraries with explicit conflict handling."""
+
+    def __init__(self):
+        self.libraries: list[RuleLibrary] = []
+        self.overrides: dict[str, Rule] = {}
+        self.disabled_rules: set[str] = set()
+        self.conflict_log: list[RuleConflict] = []
+
+    def add_library(
+        self,
+        library: RuleLibrary,
+        on_conflict: ConflictResolution = ConflictResolution.ERROR,
+    ) -> RuleLibraryComposer:
+        """Add library with conflict handling."""
+        conflicts = self._detect_conflicts(library)
+
+        if conflicts:
+            self.conflict_log.extend(conflicts)
+
+            if on_conflict == ConflictResolution.ERROR:
+                raise RuleConflictError(f"Found {len(conflicts)} rule conflicts in {library.name}")
+            elif on_conflict == ConflictResolution.WARN:
+                for conflict in conflicts:
+                    logger.warning(
+                        f"Rule conflict: {conflict.rule_id} in {conflict.library_a} "
+                        f"vs {conflict.library_b}. {conflict.suggested_resolution}"
+                    )
+
+        self.libraries.append(library)
+        return self
+
+    def override_rule(self, rule_id: str, new_rule: Rule) -> RuleLibraryComposer:
+        """Override a specific rule."""
+        self.overrides[rule_id] = new_rule
+        logger.info(f"Overridden rule {rule_id}")
+        return self
+
+    def disable_rule(self, rule_id: str) -> RuleLibraryComposer:
+        """Disable a rule from any library."""
+        self.disabled_rules.add(rule_id)
+        logger.info(f"Disabled rule {rule_id}")
+        return self
+
+    def build(self) -> ComposedRuleSet:
+        """Build final rule set with conflicts resolved."""
+        all_rules = {}
+
+        for library in self.libraries:
+            for rule_id, rule in library.rules.items():
+                if rule_id in self.disabled_rules:
+                    continue
+                all_rules[rule_id] = rule
+
+        # Apply overrides
+        all_rules.update(self.overrides)
+
+        # Create audit trail
+        return ComposedRuleSet(
+            rules=list(all_rules.values()),
+            libraries=[lib.name for lib in self.libraries],
+            disabled_rules=list(self.disabled_rules),
+            overridden_rules=list(self.overrides.keys()),
+            conflicts=self.conflict_log,
+        )
+
+    def _detect_conflicts(self, new_library: RuleLibrary) -> list[RuleConflict]:
+        """Detect conflicts with existing libraries."""
+        conflicts = []
+        new_rule_ids = set(new_library.rules.keys())
+
+        for existing_library in self.libraries:
+            for existing_rule_id in existing_library.rules:
+                if existing_rule_id in new_rule_ids:
+                    conflicts.append(
+                        RuleConflict(
+                            rule_id=existing_rule_id,
+                            library_a=existing_library.name,
+                            library_b=new_library.name,
+                            conflict_type=ConflictType.DUPLICATE,
+                            severity=LintSeverity.WARNING,
+                            description=f"Rule {existing_rule_id} exists in both libraries",
+                            suggested_resolution=(
+                                "Use override_rule() to select preferred version"
+                            ),
+                        )
+                    )
+
+        return conflicts
+
+
+@dataclass
+class ComposedRuleSet:
+    """Result of composing multiple rule libraries."""
+
+    rules: list[Rule]
+    libraries: list[str]  # Which libraries were composed
+    disabled_rules: list[str] = field(default_factory=list)  # Which rules were disabled
+    overridden_rules: list[str] = field(default_factory=list)  # Which rules were overridden
+    conflicts: list[RuleConflict] = field(default_factory=list)
+
+    def get_audit_trail(self) -> str:
+        """Get human-readable audit trail."""
+        lines = [
+            f"Libraries: {', '.join(self.libraries)}",
+            f"Total rules: {len(self.rules)}",
+            f"Disabled: {len(self.disabled_rules)} ({', '.join(self.disabled_rules)})",
+            f"Overridden: {len(self.overridden_rules)}",
+            f"Conflicts: {len(self.conflicts)}",
+        ]
+        return "\n".join(lines)
+
+    def get_rules_by_severity(self, severity: LintSeverity) -> list[Rule]:
+        """Get all rules of a specific severity."""
+        return [r for r in self.rules if r.severity == severity]
+
+    def get_enabled_rules(self) -> list[Rule]:
+        """Get all enabled rules."""
+        return [r for r in self.rules if r.enabled_by_default]
+
+    def get_disabled_rules_info(self) -> list[str]:
+        """Get info about disabled rules."""
+        return self.disabled_rules

confiture/core/linting/libraries/__init__.py

@@ -0,0 +1,17 @@
+"""Compliance and best-practices rule libraries."""
+
+from __future__ import annotations
+
+from .gdpr import GDPRLibrary
+from .general import GeneralLibrary
+from .hipaa import HIPAALibrary
+from .pci_dss import PCI_DSSLibrary
+from .sox import SOXLibrary
+
+__all__ = [
+    "GeneralLibrary",
+    "HIPAALibrary",
+    "SOXLibrary",
+    "GDPRLibrary",
+    "PCI_DSSLibrary",
+]

confiture/core/linting/libraries/gdpr.py

@@ -0,0 +1,168 @@
+"""GDPR compliance rule library."""
+
+from __future__ import annotations
+
+from ..composer import RuleLibrary
+from ..versioning import LintSeverity, Rule, RuleVersion
+
+
+class GDPRLibrary(RuleLibrary):
+    """GDPR compliance rule library (18 rules)."""
+
+    def __init__(self):
+        rules = [
+            Rule(
+                rule_id="gdpr_001",
+                name="personal_data_encryption",
+                description="Personal data must be encrypted at rest and in transit",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_002",
+                name="consent_tracking",
+                description="Track consent for each piece of personal data",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_003",
+                name="data_minimization",
+                description="Only collect necessary personal data",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_004",
+                name="purpose_limitation",
+                description="Data use must be limited to stated purposes",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_005",
+                name="right_to_deletion",
+                description="Implement right to be forgotten capability",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_006",
+                name="data_portability",
+                description="Enable data portability (export in machine-readable format)",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_007",
+                name="access_request_tracking",
+                description="Track and respond to data access requests",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_008",
+                name="breach_notification",
+                description="Implement breach notification within 72 hours",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_009",
+                name="dpa_impact_assessment",
+                description="Conduct data protection impact assessment",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_010",
+                name="dpo_designation",
+                description="Data Protection Officer must be designated",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_011",
+                name="data_processing_agreement",
+                description="Document data processing agreements",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_012",
+                name="third_party_transfer",
+                description="Document third-party data transfers",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_013",
+                name="international_transfer",
+                description="Manage international data transfers properly",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_014",
+                name="consent_withdrawal",
+                description="Allow easy consent withdrawal",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_015",
+                name="legitimate_interest",
+                description="Document legitimate interests assessment",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_016",
+                name="child_protection",
+                description="Implement special protection for children's data",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_017",
+                name="audit_logging",
+                description="Maintain audit logs of all data access",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="gdpr_018",
+                name="privacy_by_design",
+                description="Privacy must be built into system design",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+        ]
+
+        # Verify rule count matches docstring
+        assert len(rules) == 18, f"Expected 18 rules in GDPRLibrary, got {len(rules)}"
+
+        super().__init__(
+            name="GDPR",
+            version=RuleVersion(major=1, minor=0, patch=0),
+            rules=rules,
+            tags=["privacy", "compliance", "gdpr", "eu"],
+        )

confiture/core/linting/libraries/general.py

@@ -0,0 +1,184 @@
+"""General best practices rule library."""
+
+from __future__ import annotations
+
+from ..composer import RuleLibrary
+from ..versioning import LintSeverity, Rule, RuleVersion
+
+
+class GeneralLibrary(RuleLibrary):
+    """General best practices rule library (20 rules)."""
+
+    def __init__(self):
+        rules = [
+            Rule(
+                rule_id="general_001",
+                name="no_implicit_casts",
+                description="Avoid implicit type casts in migrations",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_002",
+                name="explicit_column_types",
+                description="All columns must have explicit types",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_003",
+                name="no_null_without_default",
+                description="NULLABLE columns should have explicit default",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=False,
+            ),
+            Rule(
+                rule_id="general_004",
+                name="index_naming_convention",
+                description="Indexes must follow naming convention",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_005",
+                name="constraint_naming_convention",
+                description="Constraints must follow naming convention",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_006",
+                name="table_naming_convention",
+                description="Tables must follow naming convention",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_007",
+                name="column_naming_convention",
+                description="Columns must follow naming convention",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_008",
+                name="primary_key_required",
+                description="All tables should have a primary key",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_009",
+                name="no_reserved_keywords",
+                description="Identifiers must not use reserved keywords",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_010",
+                name="charset_specified",
+                description="Character set must be explicitly specified",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=False,
+            ),
+            Rule(
+                rule_id="general_011",
+                name="no_large_transactions",
+                description="Avoid migrations that take >30 seconds",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_012",
+                name="no_concurrent_index_creation",
+                description="Avoid creating indexes during peak hours",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_013",
+                name="foreign_key_naming",
+                description="Foreign keys must follow naming convention",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_014",
+                name="no_duplicate_indexes",
+                description="Avoid creating duplicate indexes",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_015",
+                name="data_type_precision",
+                description="Numeric types should specify precision",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_016",
+                name="no_text_in_indexes",
+                description="Avoid indexing TEXT columns directly",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_017",
+                name="rollback_strategy_defined",
+                description="Rollback strategy should be documented",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_018",
+                name="no_data_loss_without_warning",
+                description="Destructive operations must be explicit",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_019",
+                name="constraint_validation",
+                description="All constraints should be validated",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="general_020",
+                name="migration_reversibility",
+                description="Migrations should be reversible when possible",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+        ]
+
+        # Verify rule count matches docstring
+        assert len(rules) == 20, f"Expected 20 rules in GeneralLibrary, got {len(rules)}"
+
+        super().__init__(
+            name="General",
+            version=RuleVersion(major=1, minor=0, patch=0),
+            rules=rules,
+            tags=["general", "best-practices", "performance", "naming"],
+        )