#!/usr/bin/env nu # reflection/modules/validate.nu — ADR constraint validation + justfile convention checker. # # Interprets the typed constraint_check_type ADT exported by adrs/adr-schema.ncl. # Each constraint.check record has a `tag` discriminant; this module dispatches # execution per variant and returns a structured result. # # Commands: # validate check-constraint — run a single constraint record # validate check-adr — run all constraints for one ADR # validate check-all — run all constraints across all accepted ADRs # validate justfile — validate project justfile against convention schema # # Error handling: do { ... } | complete — never panics, always returns a result. use env.nu * use store.nu [daemon-export-safe] # ── Internal helpers ──────────────────────────────────────────────────────── def adr-root []: nothing -> string { $env.ONTOREF_PROJECT_ROOT? | default $env.ONTOREF_ROOT } def adr-files []: nothing -> list { glob ([(adr-root), "adrs", "adr-*.ncl"] | path join) } # Resolve a check path (may be file or directory) relative to project root. def resolve-path [rel: string]: nothing -> string { [(adr-root), $rel] | path join } # Run a 'Grep check: ripgrep pattern across paths; empty/non-empty assertion. def run-grep [check: record]: nothing -> record { let paths = ($check.paths | each { |p| resolve-path $p }) let valid_paths = ($paths | where { |p| $p | path exists }) if ($valid_paths | is-empty) { return { passed: false, detail: $"No paths exist: ($check.paths | str join ', ')" } } let result = do { ^rg --no-heading --count-matches $check.pattern ...$valid_paths } | complete let has_matches = ($result.exit_code == 0) if $check.must_be_empty { { passed: (not $has_matches), detail: (if $has_matches { $"Pattern found (violation): ($result.stdout | str trim)" } else { "Pattern absent — ok" }) } } else { { passed: $has_matches, detail: (if $has_matches { "Pattern present — ok" } else { "Pattern absent (required match missing)" }) } } } # Run a 'Cargo check: parse Cargo.toml, verify forbidden_deps absent from [dependencies]. def run-cargo [check: record]: nothing -> record { let cargo_path = ([(adr-root), "crates", $check.crate, "Cargo.toml"] | path join) if not ($cargo_path | path exists) { return { passed: false, detail: $"Cargo.toml not found: ($cargo_path)" } } let cargo = (open $cargo_path) let all_dep_sections = [ ($cargo.dependencies? | default {}), ($cargo."dev-dependencies"? | default {}), ($cargo."build-dependencies"? | default {}), ] let all_dep_keys = ($all_dep_sections | each { |d| $d | columns } | flatten) let found = ($check.forbidden_deps | where { |dep| $dep in $all_dep_keys }) { passed: ($found | is-empty), detail: (if ($found | is-empty) { "No forbidden deps found" } else { $"Forbidden deps present: ($found | str join ', ')" }) } } # Run a 'NuCmd check: execute cmd via nu -c, assert exit code. def run-nucmd [check: record]: nothing -> record { let result = do { nu -c $check.cmd } | complete let expected = ($check.expect_exit? | default 0) { passed: ($result.exit_code == $expected), detail: (if ($result.exit_code == $expected) { "Command exited as expected" } else { $"Exit ($result.exit_code) ≠ expected ($expected): ($result.stderr | str trim)" }) } } # Run an 'ApiCall check: GET endpoint, navigate json_path, compare to expected. def run-apicall [check: record]: nothing -> record { let result = do { ^curl -sf $check.endpoint } | complete if $result.exit_code != 0 { return { passed: false, detail: $"curl failed (exit ($result.exit_code)): ($result.stderr | str trim)" } } let value = do { $result.stdout | from json | get $check.json_path } | complete if $value.exit_code != 0 { return { passed: false, detail: $"json_path '($check.json_path)' not found in response" } } let actual = $value.stdout | str trim let expected = ($check.expected | into string) { passed: ($actual == $expected), detail: (if ($actual == $expected) { "Value matches" } else { $"Expected '($expected)', got '($actual)'" }) } } # Run a 'FileExists check: assert presence or absence of a path. def run-fileexists [check: record]: nothing -> record { let p = (resolve-path $check.path) let exists = ($p | path exists) let want = ($check.present? | default true) { passed: ($exists == $want), detail: (if ($exists == $want) { (if $want { $"File exists: ($p)" } else { $"File absent: ($p)" }) } else { (if $want { $"File missing: ($p)" } else { $"File unexpectedly present: ($p)" }) }) } } # Dispatch a single constraint.check record to the appropriate runner. def dispatch-check [check: record]: nothing -> record { match $check.tag { "Grep" => (run-grep $check), "Cargo" => (run-cargo $check), "NuCmd" => (run-nucmd $check), "ApiCall" => (run-apicall $check), "FileExists" => (run-fileexists $check), _ => { passed: false, detail: $"Unknown check tag: ($check.tag)" } } } # ── Public commands ────────────────────────────────────────────────────────── # Run a single constraint record. # Returns { constraint_id, severity, passed, detail }. export def "validate check-constraint" [ constraint: record, # Constraint record from an ADR export ]: nothing -> record { if ($constraint.check? | is-empty) { return { constraint_id: ($constraint.id? | default "unknown"), severity: ($constraint.severity? | default "Hard"), passed: false, detail: "No typed 'check' field — constraint uses deprecated check_hint only" } } let result = dispatch-check $constraint.check { constraint_id: $constraint.id, severity: $constraint.severity, passed: $result.passed, detail: $result.detail, } } # Run all constraints for a single ADR by id ("001", "adr-001", or "adr-001-slug"). # Returns a list of { constraint_id, severity, passed, detail }. export def "validate check-adr" [ id: string, # ADR id: "001", "adr-001", or full stem --fmt: string = "table", # Output: table | json | yaml ]: nothing -> any { let canonical = if ($id | str starts-with "adr-") { $id } else { $"adr-($id)" } let files = (glob ([(adr-root), "adrs", $"($canonical)-*.ncl"] | path join)) if ($files | is-empty) { error make { msg: $"ADR '($id)' not found in adrs/" } } let adr = (daemon-export-safe ($files | first)) if $adr == null { error make { msg: $"ADR '($id)' failed to export" } } let results = ($adr.constraints | each { |c| if ($c.check? | is-empty) { { constraint_id: $c.id, severity: $c.severity, passed: false, detail: "check field missing — uses deprecated check_hint" } } else { validate check-constraint $c } }) match $fmt { "json" => { $results | to json }, "yaml" => { $results | to yaml }, _ => { $results | table --expand }, } } # Run all Hard constraints across all accepted ADRs. # Returns { adr_id, constraint_id, severity, passed, detail } records. # Exit code is non-zero if any Hard constraint fails. export def "validate check-all" [ --fmt: string = "table", # Output: table | json | yaml --hard-only, # Include only Hard constraints (default: all) ]: nothing -> any { let all_results = (adr-files | each { |ncl| let adr = (daemon-export-safe $ncl) if $adr == null { return [] } if $adr.status != "Accepted" { return [] } $adr.constraints | each { |c| if $hard_only and $c.severity != "Hard" { return null } let res = if ($c.check? | is-empty) { { passed: false, detail: "check field missing — uses deprecated check_hint" } } else { dispatch-check $c.check } { adr_id: $adr.id, constraint_id: $c.id, severity: $c.severity, passed: $res.passed, detail: $res.detail, } } | compact } | flatten) let failures = ($all_results | where passed == false) let total = ($all_results | length) let n_fail = ($failures | length) let output = match $fmt { "json" => { $all_results | to json }, "yaml" => { $all_results | to yaml }, _ => { $all_results | table --expand }, } print $output if ($failures | is-not-empty) { error make { msg: $"($n_fail) of ($total) constraints failed", } } } # Show a summary of constraint validation state across all accepted ADRs. # Intended for ontoref status / describe guides. export def "validate summary" []: nothing -> record { let all_results = (adr-files | each { |ncl| let adr = (daemon-export-safe $ncl) if $adr == null { return [] } if $adr.status != "Accepted" { return [] } $adr.constraints | each { |c| let res = if ($c.check? | is-empty) { { passed: false } } else { dispatch-check $c.check } { severity: $c.severity, passed: $res.passed } } | compact } | flatten) let hard = ($all_results | where severity == "Hard") let soft = ($all_results | where severity == "Soft") { hard_total: ($hard | length), hard_passing: ($hard | where passed == true | length), soft_total: ($soft | length), soft_passing: ($soft | where passed == true | length), } } # ── Justfile convention validator ──────────────────────────────────────────── # Detect module system from root justfile content. def detect-just-module-system [justfile_path: string]: nothing -> string { if not ($justfile_path | path exists) { return "Flat" } let content = (open --raw $justfile_path) let has_import = ($content | lines | any { |l| $l =~ '^import ' }) let has_mod = ($content | lines | any { |l| $l =~ '^mod ' }) if $has_import and $has_mod { "Hybrid" } else if $has_import { "Import" } else if $has_mod { "Mod" } else { "Flat" } } # Extract recipe names from a just file (lines starting with identifier at col 0, followed by whitespace or ':'). def extract-just-recipes [file_path: string]: nothing -> list { if not ($file_path | path exists) { return [] } open --raw $file_path | lines | where { |l| not ($l | str starts-with "#") and not ($l | str starts-with " ") and not ($l | str starts-with "\t") and not ($l | str starts-with "[") and ($l =~ '^[a-z_@][a-z0-9_@-]*[\s:]') } | each { |l| $l | str replace -r '[\s:].*' '' | str replace -r '^@' '' } | where { |n| ($n | str length) > 0 } | uniq } # Extract variable names from a just file (lines with ':=' at col 0). def extract-just-variables [file_path: string]: nothing -> list { if not ($file_path | path exists) { return [] } open --raw $file_path | lines | where { |l| $l =~ ':=' and not ($l | str starts-with "#") and not ($l | str starts-with " ") and not ($l | str starts-with "\t") } | each { |l| $l | split row ':=' | first | str trim } | where { |n| ($n | str length) > 0 } | uniq } # Validate the project justfile tree against reflection/schemas/justfile-convention.ncl. # Reports missing required modules, recipes, and variables. export def "validate justfile" [ --root (-r): string = "", # Project root (default: ONTOREF_PROJECT_ROOT or ONTOREF_ROOT) --fmt (-f): string = "", # json | text (default: actor-aware) --actor (-a): string = "", ]: nothing -> nothing { let project_root = if ($root | is-not-empty) { $root } else { $env.ONTOREF_PROJECT_ROOT? | default $env.ONTOREF_ROOT } let actor = if ($actor | is-not-empty) { $actor } else { $env.ONTOREF_ACTOR? | default "developer" } let fmt = if ($fmt | is-not-empty) { $fmt } else if $actor == "agent" { "json" } else { "text" } let schema_file = ([$env.ONTOREF_ROOT, "reflection", "schemas", "justfile-convention.ncl"] | path join) if not ($schema_file | path exists) { error make { msg: $"Convention schema not found: ($schema_file)" } } let exported = (daemon-export-safe $schema_file --import-path $env.ONTOREF_ROOT) if $exported == null { error make { msg: "Failed to export justfile-convention.ncl" } } let conv = $exported.Convention # Locate root justfile let root_just = ([$project_root, "justfile"] | path join) let detected_system = (detect-just-module-system $root_just) # Collect all just files in the convention directory let just_dir = ([$project_root, $conv.directory] | path join) let all_files = ( [[$root_just]] ++ (if ($just_dir | path exists) { glob $"($just_dir)/*($conv.extension)" } else { [] }) ) | flatten | where { |f| $f | path exists } # Extract recipes and variables across all files let all_recipes = ($all_files | each { |f| extract-just-recipes $f } | flatten | uniq) let all_variables = ($all_files | each { |f| extract-just-variables $f } | flatten | uniq) # Check canonical modules: for each module, does {dir}/{name}{ext} exist? let module_results = ($conv.canonical_modules | each { |m| let mfile = ([$project_root, $conv.directory, $"($m.name)($conv.extension)"] | path join) let present = ($mfile | path exists) { name: $m.name, required: $m.required, present: $present, description: $m.description, } }) let missing_required_modules = ($module_results | where required == true and present == false | get name) let missing_optional_modules = ($module_results | where required == false and present == false | get name) # Check required recipes let missing_recipes = ($conv.required_recipes | where { |r| not ($r in $all_recipes) }) # Check required variables let missing_variables = ($conv.required_variables | where { |v| not ($v in $all_variables) }) let ok = ($missing_required_modules | is-empty) and ($missing_recipes | is-empty) and ($missing_variables | is-empty) let result = { ok: $ok, module_system_detected: $detected_system, module_system_expected: ($conv.system | into string), modules_present: ($module_results | where present == true | get name), missing_required_modules: $missing_required_modules, missing_optional_modules: $missing_optional_modules, recipes_found: ($all_recipes | length), missing_required_recipes: $missing_recipes, variables_found: ($all_variables | length), missing_required_variables: $missing_variables, } if $fmt == "json" { print ($result | to json) return } # Text output let status_line = if $ok { "✓ justfile validates against convention" } else { "✗ justfile convention violations found" } print $status_line print $" module system: detected=($detected_system) expected=($conv.system)" print $" modules present: ($result.modules_present | str join ', ')" if ($missing_required_modules | is-not-empty) { print $" MISSING required modules: ($missing_required_modules | str join ', ')" } if ($missing_optional_modules | is-not-empty) { print $" optional modules absent: ($missing_optional_modules | str join ', ')" } if ($missing_recipes | is-not-empty) { print $" MISSING required recipes: ($missing_recipes | str join ', ')" } if ($missing_variables | is-not-empty) { print $" MISSING required variables: ($missing_variables | str join ', ')" } if $ok { print $" recipes found: ($result.recipes_found) variables found: ($result.variables_found)" } }