Validators

Validators are TypeScript functions. They read repository facts and emit findings. There is no DSL.

Anatomy

service-no-db-client.ts

01import { defineValidator } from "../index.ts";
02 
03export default defineValidator({
04  id: "service-no-db-client",
05  topics: ["service", "data-access"],
06  applies: ["src/services/**/*.ts"],
07  severity: "error",
08  scope: "import-edge",
09  facts: ["imports"],
10  decisionIds: ["service-db-boundary"],
11  validate({ ctx }) {
12    return ctx.facts.imports()
13      .filter((edge) => edge.source.endsWith("/db/client"))
14      .map((edge) => ({
15        validatorId: "service-no-db-client",
16        severity: "error",
17        file: edge.from.path,
18        line: edge.line,
19        message: "Services must not import DB clients directly.",
20      }));
21  },
22});

Facts, not source

Validators receive ctx.facts. Facts are extracted by the engine binary and cached by the daemon.

Graph-aware rules

graph-validator.ts

01validate({ ctx }) {
02  return ctx.graph.callers("loadCompany").map((edge) =>
03    edge.source.file.report({
04      line: edge.source.line,
05      message: "loadCompany callers must use the new service boundary.",
06      fix: {
07        safety: "manual",
08        command: "opencanon graph callees loadCompany",
09        description: "Inspect downstream side effects before changing this call.",
10      },
11    }),
12  );
13}

Validators can use ctx.graph for symbols, references, callers, callees, and impact edges. Command fixes are advisory: OpenCanon prints them for an agent but never executes them through --fix.

Curated factories

validators/index.ts

01import { defineValidator, migrationReferences, noUnusedExports, similarFunctionNames } from "../index.ts";
02 
03export default defineValidator({
04  id: "project-validators",
05  validators: [
06    migrationReferences({
07      id: "old-api-migration",
08      topics: ["migration"],
09      severity: "error",
10      in: ["src/**/*.ts"],
11      pattern: "\\boldApi\\(",
12      replacement: "currentApi(",
13      fixSafety: "suggested",
14      message: "oldApi is replaced; use currentApi.",
15    }),
16    noUnusedExports({
17      id: "no-unused-exports",
18      topics: ["dead-code"],
19      severity: "warning",
20      in: ["src/**/*.ts"],
21      publicSurfaces: ["src/api/**"],
22      message: "Exported symbol has no known project caller.",
23    }),
24    similarFunctionNames({
25      id: "similar-functions",
26      topics: ["dry"],
27      severity: "warning",
28      in: ["src/**/*.ts"],
29      requireSharedCallees: true,
30      message: "Similar function surfaces may duplicate behavior.",
31    }),
32  ],
33});

Curated factories are opt-in. migrationReferences links old API usage to the baseline so existing matches can warn while new matches fail, and can emit structured replacement fixes when a replacement is configured. noUnusedExports uses graph callers and respects configured entrypoints and public surfaces. similarFunctionNames uses symbol and callee facts to flag likely DRY overlaps inside a scope.

Fixtures

Every validator is paired with at least one fixture under .agents/skills/opencanon/fixtures/. Fixtures pin expected output. Run opencanon validate --check-fixtures locally or in CI.

fixtures/auth-session-ttl/invalid.ts

01import { defineFixture } from "@opencanon/core/testing";
02 
03export default defineFixture({
04  directories: ["src/services", "src/db"],
05  files: ({ file }) => [
06    file.ts("src/services/company.service.ts", `
07      import { db } from "../db/client";
08 
09      export function loadCompany(id: string) {
10        return db.company.findUnique({ where: { id } });
11      }
12    `),
13    file.json("package.json", {
14      dependencies: {
15        zod: "^4.0.0"
16      }
17    }),
18  ],
19});

Fixtures are virtual projects. Put flat modules named valid.ts, invalid.ts, and optional fixed.ts under the validator fixture directory. Use file.ts, file.tsx, file.py, file.rs, file.toml, file.md, and file.json for readable test projects. Generated fixture aliases let realistic imports type-check without local as any stubs.

Typed project constants

@opencanon/project

01import { defineValidator } from "@opencanon/core";
02import { Npm, Packages, Python, Cargo } from "@opencanon/project";
03 
04export default defineValidator({
05  id: "typed-dependency-policy",
06  topics: ["dependencies"],
07  applies: ["packages/api/src/**/*.ts"],
08  severity: "error",
09  scope: "import-edge",
10  facts: ["imports"],
11  validate({ ctx }) {
12    const apiPackage = Packages.API;
13    const zodVersion = Npm.ZOD.version;
14 
15    return ctx.facts.imports()
16      .filter((edge) => edge.fromPackage === apiPackage)
17      .filter((edge) => edge.source === Npm.ZOD.name)
18      .map((edge) => edge.from.report({
19        line: edge.line,
20        message: `API imports ${Npm.ZOD.name} ${zodVersion}; Rust uses ${Cargo.SERDE.name} and Python uses ${Python.REQUESTS.name}.`,
21      }));
22  },
23});

The daemon generates @opencanon/project from the indexed repository. Validators can use typed constants for workspace packages, package roots, import specifiers, npm dependencies, Rust crates, Cargo dependencies, and Python dependencies. Generated objects include JSDoc from package metadata where available and stay intentionally lightweight: OpenCanon does not generate huge symbol, literal, caller, or callee maps by default.

Commit gates

commit-gate-validator.ts

01export default defineValidator({
02  id: "auth-session-ttl-approval",
03  topics: ["security"],
04  applies: ["src/auth/session.ts"],
05  severity: "error",
06  scope: "file",
07  facts: ["literals"],
08  validate({ ctx }) {
09    for (const file of ctx.targetFiles) {
10      if (!file.text.includes("sessionTtlDays")) continue;
11 
12      ctx.commitGate({
13        id: "auth-session-ttl-change",
14        title: "Auth session TTL changed",
15        reason: "Session duration affects security and product behavior.",
16        question: "Did the user approve this auth session TTL change?",
17        file: file.path,
18        evidence: [{ file: file.path }],
19        approvalScope: "staged-diff",
20      });
21    }
22 
23    return [];
24  },
25});

approval flow

01opencanon validate --changed
02opencanon gate pending --format json
03opencanon gate approve auth-session-ttl-change \
04  --summary "User approved changing sessionTtlDays from 365 to 730." \
05  --via agent

Commit gates are for ambiguous changes that require user intent before commit but should not become normal findings. Approvals default to the exact staged staged diff for the gate evidence; use approvalScope: "file" only when the full current file content is the intended approval boundary. Agents should inspect the staged diff and pending gate, ask for explicit Approve or Reject, then record approval only after the user approves.

Decisions

Validators reference decisions by ID. A decision explains why the rule exists and when it has exceptions.