internal/rules/rules.go

// Package rules defines the lightweight, pattern-based conventions enforced
// by the validate_snippet MCP tool.
//
// These are not a substitute for "go vet" or running the user's tests. They
// catch wiring mistakes that an AI assistant frequently makes when first
// adopting Einherjar: forgetting to call Run(), constructing a Launcher
// without registering components, reading EINHERJAR_* env vars directly
// instead of letting the framework load them, and so on.
package rules

import (
	"fmt"
	"go/ast"
	"go/parser"
	"go/token"
	"strings"
)

// Severity describes how seriously a finding should be treated.
type Severity string

const (
	SeverityError   Severity = "error"
	SeverityWarning Severity = "warning"
	SeverityInfo    Severity = "info"
)

// Finding is one rule hit against a snippet.
type Finding struct {
	RuleID   string   `json:"ruleId"`
	Severity Severity `json:"severity"`
	Module   string   `json:"module,omitempty"`
	Message  string   `json:"message"`
	Hint     string   `json:"hint,omitempty"`
	Line     int      `json:"line,omitempty"`
}

// Rule is a single named convention check.
type Rule struct {
	ID       string
	Severity Severity
	Module   string
	Check    func(ctx *Context) []Finding
}

// Context is the parsed view of a snippet provided to every rule.
type Context struct {
	Fset    *token.FileSet
	File    *ast.File
	Imports map[string]string   // path → local name (e.g. "code.nochebuena.dev/einherjar/core/launcher" → "launcher")
	Calls   []CallSite          // every function call in the file
}

// CallSite is a recorded function call. Func is the textual form
// ("launcher.New", "lc.Append", "lc.Run").
type CallSite struct {
	Func string
	Line int
}

// Run parses the source and applies every rule, returning all findings in
// order. If the source cannot be parsed even after wrapping in a synthetic
// package, parse errors are returned as findings with rule id "parse".
func Run(src string) []Finding {
	fset := token.NewFileSet()
	file, err := parser.ParseFile(fset, "snippet.go", src, parser.AllErrors|parser.ParseComments)
	if err != nil {
		wrapped := "package _snippet\n\nfunc _main() {\n" + src + "\n}\n"
		fset = token.NewFileSet()
		file, err = parser.ParseFile(fset, "snippet.go", wrapped, parser.AllErrors|parser.ParseComments)
		if err != nil {
			return []Finding{{
				RuleID:   "parse",
				Severity: SeverityError,
				Message:  "could not parse snippet: " + err.Error(),
			}}
		}
	}

	ctx := &Context{Fset: fset, File: file, Imports: map[string]string{}}
	for _, imp := range file.Imports {
		path := strings.Trim(imp.Path.Value, `"`)
		name := guessImportName(path)
		if imp.Name != nil && imp.Name.Name != "" && imp.Name.Name != "_" {
			name = imp.Name.Name
		}
		ctx.Imports[path] = name
	}

	ast.Inspect(file, func(n ast.Node) bool {
		call, ok := n.(*ast.CallExpr)
		if !ok {
			return true
		}
		name := exprName(call.Fun)
		if name == "" {
			return true
		}
		ctx.Calls = append(ctx.Calls, CallSite{Func: name, Line: fset.Position(call.Pos()).Line})
		return true
	})

	var findings []Finding
	for _, r := range registered {
		for _, f := range r.Check(ctx) {
			f.RuleID = r.ID
			if f.Severity == "" {
				f.Severity = r.Severity
			}
			if f.Module == "" {
				f.Module = r.Module
			}
			findings = append(findings, f)
		}
	}
	return findings
}

func guessImportName(path string) string {
	i := strings.LastIndex(path, "/")
	if i < 0 {
		return path
	}
	return path[i+1:]
}

func exprName(e ast.Expr) string {
	switch v := e.(type) {
	case *ast.Ident:
		return v.Name
	case *ast.SelectorExpr:
		return exprName(v.X) + "." + v.Sel.Name
	}
	return ""
}

// Importing reports whether the snippet imports a path with the given suffix
// (e.g. "core/launcher" matches "code.nochebuena.dev/einherjar/core/launcher").
func (c *Context) Importing(suffix string) bool {
	for path := range c.Imports {
		if strings.HasSuffix(path, suffix) {
			return true
		}
	}
	return false
}

// Calls reports whether any call site has a textual form ending in suffix.
// For example, suffix ".Run" matches "lc.Run" and "launcher.Run" alike.
func (c *Context) Called(suffix string) bool {
	for _, cs := range c.Calls {
		if strings.HasSuffix(cs.Func, suffix) {
			return true
		}
	}
	return false
}

// registered is the static rule catalog. Add new conventions here.
var registered = []Rule{
	{
		ID:       "launcher.missing-run",
		Severity: SeverityError,
		Module:   "core",
		Check: func(c *Context) []Finding {
			if !c.Importing("einherjar/core/launcher") {
				return nil
			}
			if !c.Called("launcher.New") && !c.Called(".New") {
				return nil
			}
			if c.Called(".Run") {
				return nil
			}
			return []Finding{{
				Message: "core/launcher constructed but Run() never called — application will never start",
				Hint:    "After lc := launcher.New(logger); lc.Append(...); call if err := lc.Run(); err != nil { ... }",
			}}
		},
	},
	{
		ID:       "launcher.no-components",
		Severity: SeverityWarning,
		Module:   "core",
		Check: func(c *Context) []Finding {
			if !c.Importing("einherjar/core/launcher") {
				return nil
			}
			if c.Called("launcher.New") && !c.Called(".Append") {
				return []Finding{{
					Message: "Launcher created but no components appended — Run() will start an empty application",
					Hint:    "Use lc.Append(db, cache, server) before lc.Run() to register lifecycle components",
				}}
			}
			return nil
		},
	},
	{
		ID:       "logz.direct-env-read",
		Severity: SeverityWarning,
		Module:   "core",
		Check: func(c *Context) []Finding {
			if !c.Importing("einherjar/core/logz") {
				return nil
			}
			var hits []Finding
			ast.Inspect(c.File, func(n ast.Node) bool {
				call, ok := n.(*ast.CallExpr)
				if !ok {
					return true
				}
				if exprName(call.Fun) != "os.Getenv" || len(call.Args) == 0 {
					return true
				}
				lit, ok := call.Args[0].(*ast.BasicLit)
				if !ok {
					return true
				}
				if strings.HasPrefix(strings.Trim(lit.Value, `"`), "EINHERJAR_LOG_") {
					hits = append(hits, Finding{
						Message: fmt.Sprintf("reading %s directly via os.Getenv bypasses logz configuration", strings.Trim(lit.Value, `"`)),
						Hint:    "logz.New reads EINHERJAR_LOG_* automatically; pass logz.Config and let the framework load it",
						Line:    c.Fset.Position(call.Pos()).Line,
					})
				}
				return true
			})
			return hits
		},
	},
	{
		ID:       "launcher.run-error-discarded",
		Severity: SeverityWarning,
		Module:   "core",
		Check: func(c *Context) []Finding {
			if !c.Importing("einherjar/core/launcher") || !c.Called(".Run") {
				return nil
			}
			discarded := false
			ast.Inspect(c.File, func(n ast.Node) bool {
				expr, ok := n.(*ast.ExprStmt)
				if !ok {
					return true
				}
				call, ok := expr.X.(*ast.CallExpr)
				if !ok {
					return true
				}
				if strings.HasSuffix(exprName(call.Fun), ".Run") {
					discarded = true
				}
				return true
			})
			if !discarded {
				return nil
			}
			return []Finding{{
				Message: "Launcher.Run() return value discarded — startup failures will go unnoticed",
				Hint:    "Capture the error: if err := lc.Run(); err != nil { logger.Error(...); os.Exit(1) }",
			}}
		},
	},
	{
		ID:       "web.server-not-appended",
		Severity: SeverityWarning,
		Module:   "web",
		Check: func(c *Context) []Finding {
			if !c.Importing("einherjar/web/server") || !c.Importing("einherjar/core/launcher") {
				return nil
			}
			if !c.Called(".Append") {
				return nil
			}
			// Heuristic: warn if server.New is constructed but not appended via .Append.
			// We can't statically prove the argument was the server, so this is informational.
			if c.Called("server.New") {
				return []Finding{{
					Severity: SeverityInfo,
					Message:  "web/server is constructed — ensure it is passed to launcher.Append() so its lifecycle is managed",
					Hint:     "lc.Append(srv) lets the launcher start and gracefully stop the HTTP server",
				}}
			}
			return nil
		},
	},
}
feat(mcp): initial implementation — MCP server, framework indexer, 10 tools, 8 validation rules (v0.1.0) Introduces code.nochebuena.dev/einherjar/mcp — the Einherjar Model Context Protocol server. A remote, streamable-HTTP service that teaches AI assistants about every other module of the framework: which package exposes which type, what each module guarantees through its compliance tests, the canonical wiring shape for a service, and whether a Go snippet follows the conventions. Indexes the framework on disk at build time and ships a self-contained binary via go:embed; imports nothing from other einherjar/* modules at compile time. server (cmd/server): - Streamable-HTTP MCP server built on github.com/modelcontextprotocol/go-sdk v1.0.0 - mcp.NewServer + mcp.NewStreamableHTTPHandler, served via net/http on EINHERJAR_MCP_ADDR (default :8080) and EINHERJAR_MCP_PATH (default /mcp) - /healthz liveness endpoint; structured JSON logging via log/slog - Loads the embedded data/index.json once at startup; in-memory for the process lifetime indexer (cmd/indexer): - Walks an Einherjar repository checkout (default ../), parses every sibling module's go.mod, README.md, CHANGELOG.md, docs/adr/ADR-.md, doc.go package comments, every exported type/interface/func/method/const/var (via go/doc on go/parser ASTs), and compliance_test.go - Captures module dependency edges by regex over each go.mod's require lines (einherjar/ paths only; self-reference filtered) - Appends a synthetic "wire" module documenting canonical application wiring conventions, authored at internal/index/builtins/README.md and embedded via go:embed; participates in list_modules / get_module / get_example like a real module internal/index: - Schema einherjar.mcp/index/v1; types: Index, Module, SubPackage, Symbol, ADR, Example, Compliance, InterfaceAssert, ComplianceTest - Build(repoRoot) → Index walks the repo; BuildBuiltins() returns the synthetic wire module from the embedded markdown - Load([]byte) → Index validates the schema version on read - FindModule, SearchSymbols helpers used by tools internal/tools (10 tools): - list_modules — enumerate every module with purpose + sub-packages - get_module — package doc, dependencies, sub-packages, key symbols, ADRs, compliance counts; optional embedded README - search_symbols — full-text across name, doc, sub-package, module; filterable by module and kind - get_symbol — full signature, doc comment, source file:line for one symbol - list_adrs — list ADRs across the framework or within one module - get_adr — fetch one ADR's markdown body - get_example — canonical usage snippets extracted from module READMEs and from the synthetic wire conventions - get_compliance — interface assertions (var _ Iface = impl) and structural test names from a module's compliance_test.go - get_changelog — full CHANGELOG.md markdown for one module - validate_snippet — pattern-match a Go snippet against framework conventions internal/rules (8 rules, registered via init() against a single registered slice): - launcher.missing-run — launcher constructed but Run() never called - launcher.no-components — launcher.New() called without any .Append(...) - launcher.run-error-discarded — lc.Run() invoked as an ExprStmt (return ignored) - logz.direct-env-read — os.Getenv("EINHERJAR_LOG_") bypassing logz config - web.server-not-appended — web/server constructed but not added to the launcher - wire.hook-bad-signature — with<Feature>(...) first param is not launcher.Launcher - wire.hook-outside-beforestart — repo/service/handler construction or route registration at the top level of a hook (outside lc.BeforeStart) - wire.route-specific-after-param — /users/{id} registered before a sibling /users/me of the same length and method (chi would shadow the literal route) Synthetic wire module (internal/index/builtins/README.md): - Project layout (cmd/<app>/main.go + internal/wire/.go + per-feature domain dirs) - Canonical Run() shape: config → logger → infra (db, cache, pool, mc, srv) → cross- cutting (validator, permission provider) → launcher.New → lc.Append(infra...) → withMigrations / withSuperAdminSeed / withHealth / withFeature hooks → return lc.Run() - Canonical with<Feature> hook shape: signature (launcher.Launcher first, server.Server second, deps last), single lc.BeforeStart closure containing all construction + route registration - chi route ordering, srv.With(authz(...)) authorization, middleware helpers (authz / skipPublicPaths / skipMethodPath), tokenSignerAdapter pattern showing that the framework exposes Signer.Sign as a primitive and the application owns the access/refresh response shape Packaging: - Multi-stage Dockerfile that builds from the einherjar repository root (docker build -f mcp/Dockerfile .) so cmd/indexer can walk every sibling module at image-build time; runtime layer is gcr.io/distroless/static-debian12:nonroot - 86-byte placeholder data/index.json committed once with `git add -f`; subsequent indexer runs overwrite it locally but the file is .gitignored - .gitea/CODEOWNERS and pull_request_template.md mirror the sibling layout Design notes: - mcp depends on nothing in einherjar/* — it reads the framework via the filesystem at index time. This keeps mcp outside the framework dependency graph and lets it index any version of einherjar without versioning itself in lock-step. - All structured-output tool responses initialise empty slices ([]Type{}) rather than relying on Go's nil-marshals-to-null default, so the SDK's JSON-schema output validator never rejects a tools/call result. 2026-05-29 18:12:45 +00:00			`// Package rules defines the lightweight, pattern-based conventions enforced`
			`// by the validate_snippet MCP tool.`
			`//`
			`// These are not a substitute for "go vet" or running the user's tests. They`
			`// catch wiring mistakes that an AI assistant frequently makes when first`
			`// adopting Einherjar: forgetting to call Run(), constructing a Launcher`
			`// without registering components, reading EINHERJAR_* env vars directly`
			`// instead of letting the framework load them, and so on.`
			`package rules`

			`import (`
			`"fmt"`
			`"go/ast"`
			`"go/parser"`
			`"go/token"`
			`"strings"`
			`)`

			`// Severity describes how seriously a finding should be treated.`
			`type Severity string`

			`const (`
			`SeverityError Severity = "error"`
			`SeverityWarning Severity = "warning"`
			`SeverityInfo Severity = "info"`
			`)`

			`// Finding is one rule hit against a snippet.`
			`type Finding struct {`
			RuleID string `json:"ruleId"`
			Severity Severity `json:"severity"`
			Module string `json:"module,omitempty"`
			Message string `json:"message"`
			Hint string `json:"hint,omitempty"`
			Line int `json:"line,omitempty"`
			`}`

			`// Rule is a single named convention check.`
			`type Rule struct {`
			`ID string`
			`Severity Severity`
			`Module string`
			`Check func(ctx *Context) []Finding`
			`}`

			`// Context is the parsed view of a snippet provided to every rule.`
			`type Context struct {`
			`Fset *token.FileSet`
			`File *ast.File`
			`Imports map[string]string // path → local name (e.g. "code.nochebuena.dev/einherjar/core/launcher" → "launcher")`
			`Calls []CallSite // every function call in the file`
			`}`

			`// CallSite is a recorded function call. Func is the textual form`
			`// ("launcher.New", "lc.Append", "lc.Run").`
			`type CallSite struct {`
			`Func string`
			`Line int`
			`}`

			`// Run parses the source and applies every rule, returning all findings in`
			`// order. If the source cannot be parsed even after wrapping in a synthetic`
			`// package, parse errors are returned as findings with rule id "parse".`
			`func Run(src string) []Finding {`
			`fset := token.NewFileSet()`
			`file, err := parser.ParseFile(fset, "snippet.go", src, parser.AllErrors\|parser.ParseComments)`
			`if err != nil {`
			`wrapped := "package _snippet\n\nfunc _main() {\n" + src + "\n}\n"`
			`fset = token.NewFileSet()`
			`file, err = parser.ParseFile(fset, "snippet.go", wrapped, parser.AllErrors\|parser.ParseComments)`
			`if err != nil {`
			`return []Finding{{`
			`RuleID: "parse",`
			`Severity: SeverityError,`
			`Message: "could not parse snippet: " + err.Error(),`
			`}}`
			`}`
			`}`

			`ctx := &Context{Fset: fset, File: file, Imports: map[string]string{}}`
			`for _, imp := range file.Imports {`
			path := strings.Trim(imp.Path.Value, `"`)
			`name := guessImportName(path)`
			`if imp.Name != nil && imp.Name.Name != "" && imp.Name.Name != "_" {`
			`name = imp.Name.Name`
			`}`
			`ctx.Imports[path] = name`
			`}`

			`ast.Inspect(file, func(n ast.Node) bool {`
			`call, ok := n.(*ast.CallExpr)`
			`if !ok {`
			`return true`
			`}`
			`name := exprName(call.Fun)`
			`if name == "" {`
			`return true`
			`}`
			`ctx.Calls = append(ctx.Calls, CallSite{Func: name, Line: fset.Position(call.Pos()).Line})`
			`return true`
			`})`

			`var findings []Finding`
			`for _, r := range registered {`
			`for _, f := range r.Check(ctx) {`
			`f.RuleID = r.ID`
			`if f.Severity == "" {`
			`f.Severity = r.Severity`
			`}`
			`if f.Module == "" {`
			`f.Module = r.Module`
			`}`
			`findings = append(findings, f)`
			`}`
			`}`
			`return findings`
			`}`

			`func guessImportName(path string) string {`
			`i := strings.LastIndex(path, "/")`
			`if i < 0 {`
			`return path`
			`}`
			`return path[i+1:]`
			`}`

			`func exprName(e ast.Expr) string {`
			`switch v := e.(type) {`
			`case *ast.Ident:`
			`return v.Name`
			`case *ast.SelectorExpr:`
			`return exprName(v.X) + "." + v.Sel.Name`
			`}`
			`return ""`
			`}`

			`// Importing reports whether the snippet imports a path with the given suffix`
			`// (e.g. "core/launcher" matches "code.nochebuena.dev/einherjar/core/launcher").`
			`func (c *Context) Importing(suffix string) bool {`
			`for path := range c.Imports {`
			`if strings.HasSuffix(path, suffix) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

			`// Calls reports whether any call site has a textual form ending in suffix.`
			`// For example, suffix ".Run" matches "lc.Run" and "launcher.Run" alike.`
			`func (c *Context) Called(suffix string) bool {`
			`for _, cs := range c.Calls {`
			`if strings.HasSuffix(cs.Func, suffix) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

			`// registered is the static rule catalog. Add new conventions here.`
			`var registered = []Rule{`
			`{`
			`ID: "launcher.missing-run",`
			`Severity: SeverityError,`
			`Module: "core",`
			`Check: func(c *Context) []Finding {`
			`if !c.Importing("einherjar/core/launcher") {`
			`return nil`
			`}`
			`if !c.Called("launcher.New") && !c.Called(".New") {`
			`return nil`
			`}`
			`if c.Called(".Run") {`
			`return nil`
			`}`
			`return []Finding{{`
			`Message: "core/launcher constructed but Run() never called — application will never start",`
			`Hint: "After lc := launcher.New(logger); lc.Append(...); call if err := lc.Run(); err != nil { ... }",`
			`}}`
			`},`
			`},`
			`{`
			`ID: "launcher.no-components",`
			`Severity: SeverityWarning,`
			`Module: "core",`
			`Check: func(c *Context) []Finding {`
			`if !c.Importing("einherjar/core/launcher") {`
			`return nil`
			`}`
			`if c.Called("launcher.New") && !c.Called(".Append") {`
			`return []Finding{{`
			`Message: "Launcher created but no components appended — Run() will start an empty application",`
			`Hint: "Use lc.Append(db, cache, server) before lc.Run() to register lifecycle components",`
			`}}`
			`}`
			`return nil`
			`},`
			`},`
			`{`
			`ID: "logz.direct-env-read",`
			`Severity: SeverityWarning,`
			`Module: "core",`
			`Check: func(c *Context) []Finding {`
			`if !c.Importing("einherjar/core/logz") {`
			`return nil`
			`}`
			`var hits []Finding`
			`ast.Inspect(c.File, func(n ast.Node) bool {`
			`call, ok := n.(*ast.CallExpr)`
			`if !ok {`
			`return true`
			`}`
			`if exprName(call.Fun) != "os.Getenv" \|\| len(call.Args) == 0 {`
			`return true`
			`}`
			`lit, ok := call.Args[0].(*ast.BasicLit)`
			`if !ok {`
			`return true`
			`}`
			if strings.HasPrefix(strings.Trim(lit.Value, `"`), "EINHERJAR_LOG_") {
			`hits = append(hits, Finding{`
			Message: fmt.Sprintf("reading %s directly via os.Getenv bypasses logz configuration", strings.Trim(lit.Value, `"`)),
			`Hint: "logz.New reads EINHERJAR_LOG_* automatically; pass logz.Config and let the framework load it",`
			`Line: c.Fset.Position(call.Pos()).Line,`
			`})`
			`}`
			`return true`
			`})`
			`return hits`
			`},`
			`},`
			`{`
			`ID: "launcher.run-error-discarded",`
			`Severity: SeverityWarning,`
			`Module: "core",`
			`Check: func(c *Context) []Finding {`
			`if !c.Importing("einherjar/core/launcher") \|\| !c.Called(".Run") {`
			`return nil`
			`}`
			`discarded := false`
			`ast.Inspect(c.File, func(n ast.Node) bool {`
			`expr, ok := n.(*ast.ExprStmt)`
			`if !ok {`
			`return true`
			`}`
			`call, ok := expr.X.(*ast.CallExpr)`
			`if !ok {`
			`return true`
			`}`
			`if strings.HasSuffix(exprName(call.Fun), ".Run") {`
			`discarded = true`
			`}`
			`return true`
			`})`
			`if !discarded {`
			`return nil`
			`}`
			`return []Finding{{`
			`Message: "Launcher.Run() return value discarded — startup failures will go unnoticed",`
			`Hint: "Capture the error: if err := lc.Run(); err != nil { logger.Error(...); os.Exit(1) }",`
			`}}`
			`},`
			`},`
			`{`
			`ID: "web.server-not-appended",`
			`Severity: SeverityWarning,`
			`Module: "web",`
			`Check: func(c *Context) []Finding {`
			`if !c.Importing("einherjar/web/server") \|\| !c.Importing("einherjar/core/launcher") {`
			`return nil`
			`}`
			`if !c.Called(".Append") {`
			`return nil`
			`}`
			`// Heuristic: warn if server.New is constructed but not appended via .Append.`
			`// We can't statically prove the argument was the server, so this is informational.`
			`if c.Called("server.New") {`
			`return []Finding{{`
			`Severity: SeverityInfo,`
			`Message: "web/server is constructed — ensure it is passed to launcher.Append() so its lifecycle is managed",`
			`Hint: "lc.Append(srv) lets the launcher start and gracefully stop the HTTP server",`
			`}}`
			`}`
			`return nil`
			`},`
			`},`
			`}`