diff --git a/docs/RFC-LINT.md b/docs/RFC-LINT.md index 3ba84da..311e55c 100644 --- a/docs/RFC-LINT.md +++ b/docs/RFC-LINT.md @@ -77,9 +77,9 @@ The RFC commands are mounted twice: once at the root and once under `core-lint l | Full orchestration | `core-lint run [path]` | `core-lint lint run [path]` | `core-lint run --output json .` | | Go only | `core-lint go [path]` | `core-lint lint go [path]` | `core-lint go .` | | PHP only | `core-lint php [path]` | `core-lint lint php [path]` | `core-lint php .` | -| JS and TS | `core-lint js [path]` | `core-lint lint js [path]` | `core-lint js .` | +| JS group shortcut | `core-lint js [path]` | `core-lint lint js [path]` | `core-lint js .` | | Python only | `core-lint python [path]` | `core-lint lint python [path]` | `core-lint python .` | -| Security tools only | `core-lint security [path]` | `core-lint lint security [path]` | `core-lint security --ci .` | +| Security group shortcut | `core-lint security [path]` | `core-lint lint security [path]` | `core-lint security --ci .` | | Compliance tools only | `core-lint compliance [path]` | `core-lint lint compliance [path]` | `core-lint compliance --output json .` | | Language detection | `core-lint detect [path]` | `core-lint lint detect [path]` | `core-lint detect --output json .` | | Tool inventory | `core-lint tools` | `core-lint lint tools` | `core-lint tools --output json --lang go` | @@ -90,6 +90,8 @@ The RFC commands are mounted twice: once at the root and once under `core-lint l | Embedded catalog list | none | `core-lint lint catalog list` | `core-lint lint catalog list --lang go` | | Embedded catalog show | none | `core-lint lint catalog show RULE_ID` | `core-lint lint catalog show go-sec-001` | +`core-lint js` is a shortcut for `Lang=js`, not a dedicated TypeScript command. TypeScript-only runs use `core-lint run --lang ts ...` or plain `run` with auto-detection. + ## RunInput Contract All orchestration commands resolve into one DTO: @@ -121,11 +123,20 @@ type RunInput struct { 6. `Lang` overrides auto-detection 7. `Files` override directory detection for language inference +### CLI Output Resolution + +The CLI resolves output before it calls `Service.Run()`: + +1. explicit `--output` wins +2. otherwise `--ci` becomes `github` +3. otherwise the loaded config `output` value is used +4. if the config output is empty, the CLI falls back to `text` + ### Category and Language Precedence Tool group selection is intentionally simple and deterministic: -1. `Category=security` means only `lint.security` +1. `Category=security` selects the `lint.security` config group 2. `Category=compliance` means only `lint.compliance` 3. `Lang=go|php|js|ts|python|...` means only that language group 4. Plain `run` uses all detected language groups plus `infra` @@ -134,6 +145,8 @@ Tool group selection is intentionally simple and deterministic: `Lang` is stronger than `CI` and `SBOM`. If `Lang` is set, the language group wins and the extra groups are not appended. +Final adapter selection has one extra Go-specific exception: if Go is present and `Category != "compliance"`, `Service.Run()` prepends the built-in `catalog` adapter after registry filtering. That means `core-lint security` on a Go project can still emit `catalog` findings tagged `security`. + ## Config Contract Repo-local config lives at `.core/lint.yaml`. @@ -202,6 +215,7 @@ exclude: - Relative `--config` paths resolve relative to `Path` - Unknown tool names in config are inert; the adapter registry is authoritative - The current default config includes `prettier`, but the adapter registry does not yet provide a `prettier` adapter +- `LintConfig` still accepts a `schedules` map, but no current CLI command reads or executes it ## Detection Contract @@ -518,7 +532,7 @@ exec core-lint run --hook # core-lint hook end ``` -If the hook file already exists, install appends a guarded block instead of overwriting the file. +If the hook file already exists, install appends a guarded block instead of overwriting the file. In that appended case the command line becomes `core-lint run --hook || exit $?` rather than `exec core-lint run --hook`. ## Test Contract