From 431d83d11f018a619fd90126af786daa2e86fd3c Mon Sep 17 00:00:00 2001 From: Lakshman Patel Date: Thu, 25 Jun 2026 10:52:49 +0530 Subject: [PATCH] fix(boundaries): add cross-engine import guard, gitignore go.work - Added go.work/go.work.sum to .gitignore - Expanded boundary guard to check for forbidden cross-engine imports - Made boundary script executable - Updated README Ecosystem Boundaries to clarify local-only types --- .gitignore | 4 ++++ README.md | 5 +++-- scripts/check-ecosystem-boundaries.sh | 25 ++++++++++++++++++++++--- 3 files changed, 29 insertions(+), 5 deletions(-) mode change 100644 => 100755 scripts/check-ecosystem-boundaries.sh diff --git a/.gitignore b/.gitignore index de5834b..e00853c 100644 --- a/.gitignore +++ b/.gitignore @@ -22,5 +22,9 @@ coverage.html /.codex/ /.gemini/ +# Go workspace (local dev only — each developer creates their own) +go.work +go.work.sum + # macOS .DS_Store diff --git a/README.md b/README.md index 8aaa74f..ce29691 100644 --- a/README.md +++ b/README.md @@ -20,9 +20,10 @@ Trace hooks into your Git workflow to capture AI agent sessions as you work. Ses Trace is a Hawk support engine. Keep the dependency edge one-way: -- depend on `hawk-core-contracts` when a stable cross-repo contract is needed +- trace uses local-only types (trace/redaction event types are trace-scoped, not shared contracts) - do not import `hawk/internal/*` -- do not import removed legacy path `hawk/shared/types`; use `hawk-core-contracts/types` +- do not import removed legacy path `hawk/shared/types` +- do not import other engines (`eyrie`, `yaad`, `tok`, `sight`, `inspect`) — engines are peers, not dependencies ### What you get diff --git a/scripts/check-ecosystem-boundaries.sh b/scripts/check-ecosystem-boundaries.sh old mode 100644 new mode 100755 index 57f81ba..3cfe72f --- a/scripts/check-ecosystem-boundaries.sh +++ b/scripts/check-ecosystem-boundaries.sh @@ -4,10 +4,17 @@ set -euo pipefail ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" cd "$ROOT_DIR" +FORBIDDEN_HAWK='github\.com/GrayCodeAI/hawk/(internal/|shared/types)' +FORBIDDEN_ENGINES='github\.com/GrayCodeAI/(eyrie|yaad|tok|sight|inspect)(/|")' + +exit_code=0 + if command -v rg >/dev/null 2>&1; then - violations="$(rg -n 'github\.com/GrayCodeAI/hawk/(internal/|shared/types)' --glob '*.go' . || true)" + violations="$(rg -n "$FORBIDDEN_HAWK" --glob '*.go' . || true)" + engine_violations="$(rg -n "$FORBIDDEN_ENGINES" --glob '*.go' . || true)" else - violations="$(grep -rn --include='*.go' -E 'github\.com/GrayCodeAI/hawk/(internal/|shared/types)' . || true)" + violations="$(grep -rn --include='*.go' -E "$FORBIDDEN_HAWK" . || true)" + engine_violations="$(grep -rn --include='*.go' -E "$FORBIDDEN_ENGINES" . || true)" fi if [[ -n "${violations}" ]]; then @@ -15,7 +22,19 @@ if [[ -n "${violations}" ]]; then echo "${violations}" echo echo "support repos must use hawk-core-contracts or local contracts, not hawk/internal or removed hawk/shared/types" - exit 1 + exit_code=1 +fi + +if [[ -n "${engine_violations}" ]]; then + echo "forbidden cross-engine imports found:" + echo "${engine_violations}" + echo + echo "support engines must not import other engines directly — they are peers, not dependencies" + exit_code=1 +fi + +if [[ $exit_code -ne 0 ]]; then + exit $exit_code fi echo "ecosystem boundary guard passed"