( config: Config, repoPath: string, logger: ActivityLogger, )
| 165 | } |
| 166 | |
| 167 | async function validateCodePathsExist( |
| 168 | config: Config, |
| 169 | repoPath: string, |
| 170 | logger: ActivityLogger, |
| 171 | ): Promise<Result<void, PentestError>> { |
| 172 | const tagged: Array<{ kind: RuleKind; rule: Rule }> = [ |
| 173 | ...(config.rules?.avoid ?? []).map((rule) => ({ kind: 'avoid' as const, rule })), |
| 174 | ...(config.rules?.focus ?? []).map((rule) => ({ kind: 'focus' as const, rule })), |
| 175 | ].filter(({ rule }) => rule.type === 'code_path'); |
| 176 | |
| 177 | if (tagged.length === 0) { |
| 178 | return ok(undefined); |
| 179 | } |
| 180 | |
| 181 | logger.info(`Validating ${tagged.length} code_path rule(s) against repo...`); |
| 182 | |
| 183 | // ≥1 match is the only property enforced — malformed globs simply match nothing. |
| 184 | const missing: MissingCodePath[] = []; |
| 185 | for (const { kind, rule } of tagged) { |
| 186 | if (!(await patternMatchesAny(repoPath, rule.value))) { |
| 187 | missing.push({ kind, value: rule.value, description: rule.description }); |
| 188 | } |
| 189 | } |
| 190 | |
| 191 | if (missing.length > 0) { |
| 192 | const lines = missing.map((m) => `[${m.kind}] '${m.value}' — ${m.description}`); |
| 193 | return err( |
| 194 | new PentestError( |
| 195 | `code_path rules don't match any file or directory in the repo:\n - ${lines.join('\n - ')}\n` + |
| 196 | `Fix the patterns or remove the rules.`, |
| 197 | 'config', |
| 198 | false, |
| 199 | { missing }, |
| 200 | ErrorCode.CONFIG_VALIDATION_FAILED, |
| 201 | ), |
| 202 | ); |
| 203 | } |
| 204 | |
| 205 | logger.info('All code_path rules matched'); |
| 206 | return ok(undefined); |
| 207 | } |
| 208 | |
| 209 | // === Credential Validation === |
| 210 |
no test coverage detected