einherjar/mcp
2
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity
Files
v0.1.0
mcp/internal/rules/rules.go

287 lines
7.8 KiB
Go
Raw Permalink Normal View History

feat(mcp): initial implementation — MCP server, framework indexer, 10 tools, 8 validation rules (v0.1.0) Introduces code.nochebuena.dev/einherjar/mcp — the Einherjar Model Context Protocol server. A remote, streamable-HTTP service that teaches AI assistants about every other module of the framework: which package exposes which type, what each module guarantees through its compliance tests, the canonical wiring shape for a service, and whether a Go snippet follows the conventions. Indexes the framework on disk at build time and ships a self-contained binary via go:embed; imports nothing from other einherjar/* modules at compile time. server (cmd/server): - Streamable-HTTP MCP server built on github.com/modelcontextprotocol/go-sdk v1.0.0 - mcp.NewServer + mcp.NewStreamableHTTPHandler, served via net/http on EINHERJAR_MCP_ADDR (default :8080) and EINHERJAR_MCP_PATH (default /mcp) - /healthz liveness endpoint; structured JSON logging via log/slog - Loads the embedded data/index.json once at startup; in-memory for the process lifetime indexer (cmd/indexer): - Walks an Einherjar repository checkout (default ../), parses every sibling module's go.mod, README.md, CHANGELOG.md, docs/adr/ADR-*.md, doc.go package comments, every exported type/interface/func/method/const/var (via go/doc on go/parser ASTs), and compliance_test.go - Captures module dependency edges by regex over each go.mod's require lines (einherjar/* paths only; self-reference filtered) - Appends a synthetic "wire" module documenting canonical application wiring conventions, authored at internal/index/builtins/README.md and embedded via go:embed; participates in list_modules / get_module / get_example like a real module internal/index: - Schema einherjar.mcp/index/v1; types: Index, Module, SubPackage, Symbol, ADR, Example, Compliance, InterfaceAssert, ComplianceTest - Build(repoRoot) → *Index walks the repo; BuildBuiltins() returns the synthetic wire module from the embedded markdown - Load([]byte) → *Index validates the schema version on read - FindModule, SearchSymbols helpers used by tools internal/tools (10 tools): - list_modules — enumerate every module with purpose + sub-packages - get_module — package doc, dependencies, sub-packages, key symbols, ADRs, compliance counts; optional embedded README - search_symbols — full-text across name, doc, sub-package, module; filterable by module and kind - get_symbol — full signature, doc comment, source file:line for one symbol - list_adrs — list ADRs across the framework or within one module - get_adr — fetch one ADR's markdown body - get_example — canonical usage snippets extracted from module READMEs and from the synthetic wire conventions - get_compliance — interface assertions (var _ Iface = impl) and structural test names from a module's compliance_test.go - get_changelog — full CHANGELOG.md markdown for one module - validate_snippet — pattern-match a Go snippet against framework conventions internal/rules (8 rules, registered via init() against a single registered slice): - launcher.missing-run — launcher constructed but Run() never called - launcher.no-components — launcher.New() called without any .Append(...) - launcher.run-error-discarded — lc.Run() invoked as an ExprStmt (return ignored) - logz.direct-env-read — os.Getenv("EINHERJAR_LOG_*") bypassing logz config - web.server-not-appended — web/server constructed but not added to the launcher - wire.hook-bad-signature — with<Feature>(...) first param is not launcher.Launcher - wire.hook-outside-beforestart — repo/service/handler construction or route registration at the top level of a hook (outside lc.BeforeStart) - wire.route-specific-after-param — /users/{id} registered before a sibling /users/me of the same length and method (chi would shadow the literal route) Synthetic wire module (internal/index/builtins/README.md): - Project layout (cmd/<app>/main.go + internal/wire/*.go + per-feature domain dirs) - Canonical Run() shape: config → logger → infra (db, cache, pool, mc, srv) → cross- cutting (validator, permission provider) → launcher.New → lc.Append(infra...) → withMigrations / withSuperAdminSeed / withHealth / withFeature hooks → return lc.Run() - Canonical with<Feature> hook shape: signature (launcher.Launcher first, server.Server second, deps last), single lc.BeforeStart closure containing all construction + route registration - chi route ordering, srv.With(authz(...)) authorization, middleware helpers (authz / skipPublicPaths / skipMethodPath), tokenSignerAdapter pattern showing that the framework exposes Signer.Sign as a primitive and the application owns the access/refresh response shape Packaging: - Multi-stage Dockerfile that builds from the einherjar repository root (docker build -f mcp/Dockerfile .) so cmd/indexer can walk every sibling module at image-build time; runtime layer is gcr.io/distroless/static-debian12:nonroot - 86-byte placeholder data/index.json committed once with `git add -f`; subsequent indexer runs overwrite it locally but the file is .gitignored - .gitea/CODEOWNERS and pull_request_template.md mirror the sibling layout Design notes: - mcp depends on nothing in einherjar/* — it reads the framework via the filesystem at index time. This keeps mcp outside the framework dependency graph and lets it index any version of einherjar without versioning itself in lock-step. - All structured-output tool responses initialise empty slices ([]Type{}) rather than relying on Go's nil-marshals-to-null default, so the SDK's JSON-schema output validator never rejects a tools/call result.
2026-05-29 18:12:45 +00:00
// Package rules defines the lightweight, pattern-based conventions enforced
// by the validate_snippet MCP tool.
//
// These are not a substitute for "go vet" or running the user's tests. They
// catch wiring mistakes that an AI assistant frequently makes when first
// adopting Einherjar: forgetting to call Run(), constructing a Launcher
// without registering components, reading EINHERJAR_* env vars directly
// instead of letting the framework load them, and so on.
package rules
import (
"fmt"
"go/ast"
"go/parser"
"go/token"
"strings"
)
// Severity describes how seriously a finding should be treated.
type Severity string
const (
SeverityError Severity = "error"
SeverityWarning Severity = "warning"
SeverityInfo Severity = "info"
)
// Finding is one rule hit against a snippet.
type Finding struct {
RuleID string `json:"ruleId"`
Severity Severity `json:"severity"`
Module string `json:"module,omitempty"`
Message string `json:"message"`
Hint string `json:"hint,omitempty"`
Line int `json:"line,omitempty"`
}
// Rule is a single named convention check.
type Rule struct {
ID string
Severity Severity
Module string
Check func(ctx *Context) []Finding
}
// Context is the parsed view of a snippet provided to every rule.
type Context struct {
Fset *token.FileSet
File *ast.File
Imports map[string]string // path → local name (e.g. "code.nochebuena.dev/einherjar/core/launcher" → "launcher")
Calls []CallSite // every function call in the file
}
// CallSite is a recorded function call. Func is the textual form
// ("launcher.New", "lc.Append", "lc.Run").
type CallSite struct {
Func string
Line int
}
// Run parses the source and applies every rule, returning all findings in
// order. If the source cannot be parsed even after wrapping in a synthetic
// package, parse errors are returned as findings with rule id "parse".
func Run(src string) []Finding {
fset := token.NewFileSet()
file, err := parser.ParseFile(fset, "snippet.go", src, parser.AllErrors|parser.ParseComments)
if err != nil {
wrapped := "package _snippet\n\nfunc _main() {\n" + src + "\n}\n"
fset = token.NewFileSet()
file, err = parser.ParseFile(fset, "snippet.go", wrapped, parser.AllErrors|parser.ParseComments)
if err != nil {
return []Finding{{
RuleID: "parse",
Severity: SeverityError,
Message: "could not parse snippet: " + err.Error(),
}}
}
}
ctx := &Context{Fset: fset, File: file, Imports: map[string]string{}}
for _, imp := range file.Imports {
path := strings.Trim(imp.Path.Value, `"`)
name := guessImportName(path)
if imp.Name != nil && imp.Name.Name != "" && imp.Name.Name != "_" {
name = imp.Name.Name
}
ctx.Imports[path] = name
}
ast.Inspect(file, func(n ast.Node) bool {
call, ok := n.(*ast.CallExpr)
if !ok {
return true
}
name := exprName(call.Fun)
if name == "" {
return true
}
ctx.Calls = append(ctx.Calls, CallSite{Func: name, Line: fset.Position(call.Pos()).Line})
return true
})
var findings []Finding
for _, r := range registered {
for _, f := range r.Check(ctx) {
f.RuleID = r.ID
if f.Severity == "" {
f.Severity = r.Severity
}
if f.Module == "" {
f.Module = r.Module
}
findings = append(findings, f)
}
}
return findings
}
func guessImportName(path string) string {
i := strings.LastIndex(path, "/")
if i < 0 {
return path
}
return path[i+1:]
}
func exprName(e ast.Expr) string {
switch v := e.(type) {
case *ast.Ident:
return v.Name
case *ast.SelectorExpr:
return exprName(v.X) + "." + v.Sel.Name
}
return ""
}
// Importing reports whether the snippet imports a path with the given suffix
// (e.g. "core/launcher" matches "code.nochebuena.dev/einherjar/core/launcher").
func (c *Context) Importing(suffix string) bool {
for path := range c.Imports {
if strings.HasSuffix(path, suffix) {
return true
}
}
return false
}
// Calls reports whether any call site has a textual form ending in suffix.
// For example, suffix ".Run" matches "lc.Run" and "launcher.Run" alike.
func (c *Context) Called(suffix string) bool {
for _, cs := range c.Calls {
if strings.HasSuffix(cs.Func, suffix) {
return true
}
}
return false
}
// registered is the static rule catalog. Add new conventions here.
var registered = []Rule{
{
ID: "launcher.missing-run",
Severity: SeverityError,
Module: "core",
Check: func(c *Context) []Finding {
if !c.Importing("einherjar/core/launcher") {
return nil
}
if !c.Called("launcher.New") && !c.Called(".New") {
return nil
}
if c.Called(".Run") {
return nil
}
return []Finding{{
Message: "core/launcher constructed but Run() never called — application will never start",
Hint: "After lc := launcher.New(logger); lc.Append(...); call if err := lc.Run(); err != nil { ... }",
}}
},
},
{
ID: "launcher.no-components",
Severity: SeverityWarning,
Module: "core",
Check: func(c *Context) []Finding {
if !c.Importing("einherjar/core/launcher") {
return nil
}
if c.Called("launcher.New") && !c.Called(".Append") {
return []Finding{{
Message: "Launcher created but no components appended — Run() will start an empty application",
Hint: "Use lc.Append(db, cache, server) before lc.Run() to register lifecycle components",
}}
}
return nil
},
},
{
ID: "logz.direct-env-read",
Severity: SeverityWarning,
Module: "core",
Check: func(c *Context) []Finding {
if !c.Importing("einherjar/core/logz") {
return nil
}
var hits []Finding
ast.Inspect(c.File, func(n ast.Node) bool {
call, ok := n.(*ast.CallExpr)
if !ok {
return true
}
if exprName(call.Fun) != "os.Getenv" || len(call.Args) == 0 {
return true
}
lit, ok := call.Args[0].(*ast.BasicLit)
if !ok {
return true
}
if strings.HasPrefix(strings.Trim(lit.Value, `"`), "EINHERJAR_LOG_") {
hits = append(hits, Finding{
Message: fmt.Sprintf("reading %s directly via os.Getenv bypasses logz configuration", strings.Trim(lit.Value, `"`)),
Hint: "logz.New reads EINHERJAR_LOG_* automatically; pass logz.Config and let the framework load it",
Line: c.Fset.Position(call.Pos()).Line,
})
}
return true
})
return hits
},
},
{
ID: "launcher.run-error-discarded",
Severity: SeverityWarning,
Module: "core",
Check: func(c *Context) []Finding {
if !c.Importing("einherjar/core/launcher") || !c.Called(".Run") {
return nil
}
discarded := false
ast.Inspect(c.File, func(n ast.Node) bool {
expr, ok := n.(*ast.ExprStmt)
if !ok {
return true
}
call, ok := expr.X.(*ast.CallExpr)
if !ok {
return true
}
if strings.HasSuffix(exprName(call.Fun), ".Run") {
discarded = true
}
return true
})
if !discarded {
return nil
}
return []Finding{{
Message: "Launcher.Run() return value discarded — startup failures will go unnoticed",
Hint: "Capture the error: if err := lc.Run(); err != nil { logger.Error(...); os.Exit(1) }",
}}
},
},
{
ID: "web.server-not-appended",
Severity: SeverityWarning,
Module: "web",
Check: func(c *Context) []Finding {
if !c.Importing("einherjar/web/server") || !c.Importing("einherjar/core/launcher") {
return nil
}
if !c.Called(".Append") {
return nil
}
// Heuristic: warn if server.New is constructed but not appended via .Append.
// We can't statically prove the argument was the server, so this is informational.
if c.Called("server.New") {
return []Finding{{
Severity: SeverityInfo,
Message: "web/server is constructed — ensure it is passed to launcher.Append() so its lifecycle is managed",
Hint: "lc.Append(srv) lets the launcher start and gracefully stop the HTTP server",
}}
}
return nil
},
},
}
Reference in New Issue Copy Permalink