1  #!/usr/bin/env bash
 2  # Architectural boundary guard: detects violations in auths-sdk source.
 3  # Excludes test directories, comment lines, and doc strings to prevent false positives.
 4  # Run in CI before cargo test.
 5  set -e
 6  
 7  SDK_SRC="crates/auths-sdk/src"
 8  VIOLATIONS=0
 9  
10  # Filter from grep -rn "filepath:linenum:content" output:
11  #   - lines where content part starts with // or /// (comments)
12  #   - lines where content part starts with whitespace then // (indented comments)
13  not_comment() {
14      grep -Ev ':[0-9]+:[[:space:]]*//'
15  }
16  
17  check_pattern() {
18      local pattern=$1
19      local msg=$2
20      local matches
21      matches=$(grep -r --include="*.rs" \
22          --exclude-dir=tests \
23          -n \
24          "$pattern" $SDK_SRC 2>/dev/null \
25          | not_comment || true)
26      if [ -n "$matches" ]; then
27          echo "ARCHITECTURE VIOLATION: $msg"
28          echo "$matches"
29          VIOLATIONS=$((VIOLATIONS + 1))
30      fi
31  }
32  
33  check_pattern "Utc::now()" "Use injected ClockProvider instead of Utc::now()"
34  check_pattern "std::fs::" "Filesystem I/O in SDK layer — use storage port traits"
35  check_pattern "git2::" "git2 in auths-sdk — inject RegistryBackend instead"
36  check_pattern "GitRegistryBackend\|RegistryIdentityStorage" "Concrete storage types in auths-sdk — inject abstractions"
37  
38  if [ "$VIOLATIONS" -gt 0 ]; then
39      echo ""
40      echo "$VIOLATIONS architecture violation(s) found in $SDK_SRC."
41      exit "$VIOLATIONS"
42  fi
43  
44  echo "Architecture boundary check passed."