crosscheck

package

v0.1.9 Latest Latest Go to latest Published: Apr 13, 2026 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/park-jun-woo/fullend

Links

Open Source Insights

Documentation ¶

Index ¶

func ParseSensitive(dbDir string) (sensitive, nosensitive map[string]map[string]bool, err error)
type ArchivedInfo
- func ParseArchived(dbDir string) (*ArchivedInfo, error)
type CrossError
type CrossValidateInput
type Rule
- func Rules() []Rule

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseSensitive ¶

func ParseSensitive(dbDir string) (sensitive, nosensitive map[string]map[string]bool, err error)

ParseSensitive parses DDL .sql files in dbDir for @sensitive and @nosensitive tags.

Types ¶

type ArchivedInfo ¶

type ArchivedInfo struct {
	Tables  map[string]bool            // "legacy_notifications" → true
	Columns map[string]map[string]bool // "courses" → {"old_category": true}
}

ArchivedInfo holds @archived tags parsed from DDL files.

func ParseArchived ¶

func ParseArchived(dbDir string) (*ArchivedInfo, error)

ParseArchived parses DDL .sql files in dbDir for @archived tags.

type CrossError ¶

type CrossError struct {
	Rule       string // e.g. "x-sort ↔ DDL", "SSaC @result ↔ DDL"
	Context    string // e.g. operationId or funcName
	Message    string
	Level      string // "ERROR" or "WARNING" (empty = ERROR)
	Suggestion string // fix suggestion (empty if none)
}

CrossError represents a cross-validation error between two SSOT layers.

func CheckAuthz ¶

func CheckAuthz(funcs []ssacparser.ServiceFunc, authzPackage string) []CrossError

CheckAuthz validates @auth inputs against the authz CheckRequest fields.

func CheckClaims ¶

func CheckClaims(serviceFuncs []ssacparser.ServiceFunc, claims map[string]projectconfig.ClaimDef) []CrossError

CheckClaims validates that all currentUser field references in SSaC specs are defined in fullend.yaml backend.auth.claims.

func CheckClaimsRego ¶

func CheckClaimsRego(policies []*policy.Policy, claims map[string]projectconfig.ClaimDef) []CrossError

CheckClaimsRego validates that Rego input.claims.xxx references match fullend.yaml claims values.

func CheckDDLCoverage ¶

func CheckDDLCoverage(
	st *ssacvalidator.SymbolTable,
	funcs []ssacparser.ServiceFunc,
	archived *ArchivedInfo,
) []CrossError

CheckDDLCoverage validates that DDL tables and columns are referenced by SSaC/OpenAPI.

func CheckFuncCoverage ¶

func CheckFuncCoverage(
	funcs []ssacparser.ServiceFunc,
	projectFuncSpecs []funcspec.FuncSpec,
) []CrossError

CheckFuncCoverage warns about project func specs not referenced by any SSaC @call.

func CheckFuncs ¶

func CheckFuncs(
	serviceFuncs []ssacparser.ServiceFunc,
	fullendPkgSpecs, projectFuncSpecs []funcspec.FuncSpec,
	symbolTable *ssacvalidator.SymbolTable,
	openAPIDoc *openapi3.T,
) []CrossError

CheckFuncs validates SSaC @func references against parsed func specs.

func CheckHurlFiles ¶

func CheckHurlFiles(hurlFiles []string, doc *openapi3.T) []CrossError

CheckHurlFiles validates that .hurl scenario files reference valid OpenAPI paths.

func CheckInputKeyCase ¶

func CheckInputKeyCase(funcs []ssacparser.ServiceFunc, st *ssacvalidator.SymbolTable) []CrossError

CheckInputKeyCase validates that SSaC input keys exactly match sqlc method parameter names (case-sensitive).

func CheckJWTBuiltinInputs ¶

func CheckJWTBuiltinInputs(serviceFuncs []ssacparser.ServiceFunc, claims map[string]projectconfig.ClaimDef) []CrossError

CheckJWTBuiltinInputs validates that @call inputs for jwt builtin functions use keys that match claims field names.

func CheckMiddleware ¶

func CheckMiddleware(middleware []string, doc *openapi3.T) []CrossError

CheckMiddleware validates that fullend.yaml middleware matches OpenAPI securitySchemes.

func CheckOpenAPIConstraints ¶

func CheckOpenAPIConstraints(input *CrossValidateInput) []CrossError

func CheckOpenAPIDDL ¶

func CheckOpenAPIDDL(doc *openapi3.T, st *ssacvalidator.SymbolTable, funcs []ssacparser.ServiceFunc, sensitiveCols map[string]map[string]bool) []CrossError

CheckOpenAPIDDL validates x-sort, x-filter, x-include against DDL tables.

func CheckPolicy ¶

func CheckPolicy(policies []*policy.Policy, funcs []ssacparser.ServiceFunc, st *ssacvalidator.SymbolTable, diagrams []*statemachine.StateDiagram) []CrossError

CheckPolicy validates policy against SSaC, DDL, and States.

func CheckQueue ¶

func CheckQueue(funcs []ssacparser.ServiceFunc, queueBackend string) []CrossError

CheckQueue validates publish ↔ subscribe cross-references.

func CheckRegoRoleDDL ¶

func CheckRegoRoleDDL(policies []*policy.Policy, st *ssacvalidator.SymbolTable) []CrossError

CheckRegoRoleDDL validates that Rego input.claims.role values exist in DDL CHECK constraints.

func CheckRoles ¶

func CheckRoles(policies []*policy.Policy, roles []string) []CrossError

CheckRoles validates that OPA Rego input.role values match fullend.yaml auth.roles.

func CheckSSaCDDL ¶

func CheckSSaCDDL(funcs []ssacparser.ServiceFunc, st *ssacvalidator.SymbolTable, dtoTypes map[string]bool) []CrossError

CheckSSaCDDL validates SSaC @result types and @param types against DDL.

func CheckSSaCOpenAPI ¶

func CheckSSaCOpenAPI(funcs []ssacparser.ServiceFunc, st *ssacvalidator.SymbolTable, doc *openapi3.T, funcSpecs []funcspec.FuncSpec) []CrossError

CheckSSaCOpenAPI validates SSaC function names match OpenAPI operationIds and vice versa, and SSaC @response fields match OpenAPI response schema properties.

func CheckSensitiveColumns ¶

func CheckSensitiveColumns(st *ssacvalidator.SymbolTable, sensitiveCols, noSensitiveCols map[string]map[string]bool) []CrossError

CheckSensitiveColumns warns when DDL column names match sensitive patterns but lack an @sensitive annotation.

func CheckStates ¶

func CheckStates(diagrams []*statemachine.StateDiagram, funcs []ssacparser.ServiceFunc, st *ssacvalidator.SymbolTable, doc *openapi3.T) []CrossError

CheckStates validates state diagrams against SSaC, DDL, and OpenAPI.

func Run ¶

func Run(input *CrossValidateInput) []CrossError

Run executes all cross-validation rules and returns collected errors.

func RunRules ¶

func RunRules(input *CrossValidateInput, skipRules map[string]bool) []CrossError

RunRules executes rules, skipping names in skipRules.

type CrossValidateInput ¶

type CrossValidateInput struct {
	*genapi.ParsedSSOTs
	DTOTypes        map[string]bool                   // model types marked with @dto (skip DDL matching)
	Middleware      []string                          // from fullend.yaml backend.middleware
	Archived        *ArchivedInfo                     // @archived tables/columns from DDL
	Claims          map[string]projectconfig.ClaimDef // from fullend.yaml backend.auth.claims
	QueueBackend    string                            // from fullend.yaml queue.backend ("postgres", "memory", "")
	AuthzPackage    string                            // from fullend.yaml authz.package ("" = default pkg/authz)
	SensitiveCols   map[string]map[string]bool        // @sensitive columns per table (table → column → true)
	NoSensitiveCols map[string]map[string]bool        // @nosensitive columns per table (suppress WARNING)
	Roles           []string                          // from fullend.yaml auth.roles
}

CrossValidateInput holds the pre-loaded data from individual validations.

type Rule ¶

type Rule struct {
	Name     string // e.g. "OpenAPI ↔ DDL", "SSaC → OpenAPI"
	Source   string // "OpenAPI", "SSaC", "Policy", "States", "Config", "DDL"
	Target   string // "DDL", "OpenAPI", ... ("" = standalone)
	Requires func(*CrossValidateInput) bool
	Check    func(*CrossValidateInput) []CrossError
}

Rule represents a single cross-validation rule with metadata.

func Rules ¶

func Rules() []Rule

Rules returns the registered rule list (for status/reporting).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL