fetch_ml

jfraeysd/fetch_ml

Fork 0

Commit graph

Author	SHA1	Message	Date
Jeremie Fraeys	a49e8f593c	chore(tools): update fetchml-vet analyzers Analyzer improvements: - hipaacomplete.go: refined HIPAA compliance checks - manifestenv.go: environment variable validation in manifests - nobaredetector.go: detection of bare credential exposures - noinlinecredentials.go: inline credential scanning improvements	2026-03-12 12:09:34 -04:00
Jeremie Fraeys	90ae9edfff	feat(verification): Custom linting tool (fetchml-vet) for structural invariants Add golang.org/x/tools/go/analysis based linting tool: - fetchml-vet: Custom go vet tool for security invariants Add analyzers for critical security patterns: - noBareDetector: Ensures CreateDetector always captures DetectionInfo (prevents silent metadata loss in GPU detection) - manifestEnv: Validates functions returning Artifacts populate Environment (ensures reproducibility metadata capture) - noInlineCredentials: Detects inline credential patterns in config structs (enforces environment variable references) - hipaaComplete: Validates HIPAA mode configs have all required fields (structural check for compliance completeness) Integration with make lint-custom: - Builds bin/fetchml-vet from tools/fetchml-vet/cmd/fetchml-vet/ - Runs with: go vet -vettool=bin/fetchml-vet ./internal/... Part of: V.4 custom linting from security plan	2026-02-23 19:44:00 -05:00

Author

SHA1

Message

Date

Jeremie Fraeys

a49e8f593c

chore(tools): update fetchml-vet analyzers

Analyzer improvements:
- hipaacomplete.go: refined HIPAA compliance checks
- manifestenv.go: environment variable validation in manifests
- nobaredetector.go: detection of bare credential exposures
- noinlinecredentials.go: inline credential scanning improvements

2026-03-12 12:09:34 -04:00

Jeremie Fraeys

90ae9edfff

feat(verification): Custom linting tool (fetchml-vet) for structural invariants

Add golang.org/x/tools/go/analysis based linting tool:
- fetchml-vet: Custom go vet tool for security invariants

Add analyzers for critical security patterns:
- noBareDetector: Ensures CreateDetector always captures DetectionInfo
  (prevents silent metadata loss in GPU detection)
- manifestEnv: Validates functions returning Artifacts populate Environment
  (ensures reproducibility metadata capture)
- noInlineCredentials: Detects inline credential patterns in config structs
  (enforces environment variable references)
- hipaaComplete: Validates HIPAA mode configs have all required fields
  (structural check for compliance completeness)

Integration with make lint-custom:
- Builds bin/fetchml-vet from tools/fetchml-vet/cmd/fetchml-vet/
- Runs with: go vet -vettool=bin/fetchml-vet ./internal/...

Part of: V.4 custom linting from security plan

2026-02-23 19:44:00 -05:00

2 commits