diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f6f74ad..8f63292 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,6 +58,8 @@ jobs: fi - name: go vet run: go vet ./... + - name: consumer boundary guard + run: bash ./scripts/check-consumer-boundaries.sh # ------------------------------------------------------------------------- # Lint — golangci-lint covers most static checks. diff --git a/Makefile b/Makefile index 3983bf9..8df768b 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ GOVULNCHECK := $(GOBIN_DIR)/govulncheck # --------------------------------------------------------------------------- # Phony declarations (alphabetical). # --------------------------------------------------------------------------- -.PHONY: all bench build ci clean cover fmt help lint lint-fix \ +.PHONY: all bench boundary-guard build ci clean cover fmt help lint lint-fix \ security test test-10x test-race tidy version vet # --------------------------------------------------------------------------- @@ -74,6 +74,9 @@ fmt: ## Format source files (gofumpt + goimports). vet: ## Run go vet. go vet ./... +boundary-guard: ## Fail if the SDK imports support engines or Hawk private packages. + bash ./scripts/check-consumer-boundaries.sh + lint: ## Run golangci-lint. @command -v $(GOLANGCI) >/dev/null 2>&1 || (echo "install: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest" && exit 1) $(GOLANGCI) run ./... --timeout=5m @@ -93,7 +96,7 @@ tidy: ## Tidy go.mod / go.sum. # --------------------------------------------------------------------------- # Composite gate used by CI and pre-push. # --------------------------------------------------------------------------- -ci: tidy fmt vet lint test-race security ## Run everything CI runs. +ci: tidy fmt vet boundary-guard lint test-race security ## Run everything CI runs. @echo "All CI checks passed." # --------------------------------------------------------------------------- diff --git a/README.md b/README.md index a4fa09c..9479fb5 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,13 @@ fmt.Println(resp.Response) See the [examples/](examples/) directory for complete runnable examples. +## Ecosystem Boundaries + +- `hawk-sdk-go` is a consumer of Hawk public APIs and contracts. +- Do not import support engine repos such as `eyrie`, `yaad`, `tok`, `trace`, `sight`, or `inspect`. +- Do not import `hawk/internal/*` or removed legacy path `hawk/shared/types`. +- Cross-repo shared vocabulary should come from Hawk public surfaces or `hawk-core-contracts`, not engine internals. + ## API Reference ### Client Methods diff --git a/lefthook.yml b/lefthook.yml index ba5700d..7d5bdaf 100644 --- a/lefthook.yml +++ b/lefthook.yml @@ -110,3 +110,18 @@ commit-msg: echo " full guide: https://www.conventionalcommits.org/" exit 1 fi + + strip-co-authored-by: + run: | + # Strip Co-authored-by: trailers that AI tools (Claude, Cursor, etc.) add. + # This enforces the rule that commits list only the human author. + sed '/^[Cc]o-[Aa]uthored-[Bb]y:/d' "{1}" > "{1}.tmp" && mv "{1}.tmp" "{1}" + +# --------------------------------------------------------------------------- +# prepare-commit-msg — strip AI co-author trailers after tools inject them. +# --------------------------------------------------------------------------- +prepare-commit-msg: + commands: + strip-co-authored-by: + run: | + sed '/^[Cc]o-[Aa]uthored-[Bb]y:/d' "{1}" > "{1}.tmp" && mv "{1}.tmp" "{1}" diff --git a/scripts/check-consumer-boundaries.sh b/scripts/check-consumer-boundaries.sh new file mode 100644 index 0000000..6bcb872 --- /dev/null +++ b/scripts/check-consumer-boundaries.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +cd "$ROOT_DIR" + +violations="$( + grep -RInE --include='*.go' \ + 'github\.com/GrayCodeAI/(eyrie|inspect|sight|tok|trace|yaad)(/|")|github\.com/GrayCodeAI/hawk/(internal/|shared/types)' \ + . || true +)" + +if [[ -n "${violations}" ]]; then + echo "forbidden Hawk consumer imports found:" + echo "${violations}" + echo + echo "hawk-sdk-go must depend on Hawk public APIs/contracts only; do not import support engines, hawk/internal, or removed hawk/shared/types" + exit 1 +fi + +echo "consumer boundary guard passed"