# Quality Rails Portable quality enforcement for TypeScript, Python, and Node.js projects. ## ๐ŸŽฏ What This Prevents Based on real-world validation of 50 issues in a production codebase: - โŒ Hardcoded passwords - โŒ SQL injection vulnerabilities - โŒ Type safety violations (`any` types) - โŒ Missing test coverage - โŒ Build failures - โŒ Dependency vulnerabilities **70% of these issues are prevented mechanically with quality-rails.** ## โšก Quick Start (Mosaic) ### New Project ```bash # Apply template from Mosaic ~/.config/mosaic/bin/mosaic-quality-apply --template typescript-node --target /path/to/project # Install dependencies cd /path/to/project npm install # Initialize git hooks npx husky install # Verify enforcement is working ~/.config/mosaic/bin/mosaic-quality-verify --target /path/to/project ``` ### Existing Project ```bash # Same as above - works for new or existing projects ~/.config/mosaic/bin/mosaic-quality-apply --template typescript-node --target /path/to/existing-project ``` ## ๐Ÿ›ก๏ธ What You Get โœ… **TypeScript strict mode** - All type checks enabled โœ… **ESLint blocking `any` types** - no-explicit-any: error โœ… **Pre-commit hooks** - Type check + lint + format before commit โœ… **Secret scanning (gitleaks)** - Block hardcoded passwords/API keys (pre-commit + CI) โœ… **CI/CD templates** - Woodpecker, GitHub Actions, GitLab โœ… **Test coverage enforcement** - 80% threshold โœ… **Security scanning** - npm audit, OWASP checks ## ๐Ÿ“ฆ Available Templates | Template | Language | Framework | Status | |----------|----------|-----------|--------| | `typescript-node` | TypeScript | Node.js | โœ… Ready | | `typescript-nextjs` | TypeScript | Next.js | โœ… Ready | | `monorepo` | TypeScript | TurboRepo + pnpm | โœ… Ready | | `python` | Python | - | ๐Ÿšง Coming Soon | ### Monorepo Template Perfect for projects combining **Next.js frontend** + **NestJS backend** in one repository. Features: - ๐ŸŽฏ **Multi-package aware** - lint-staged only checks changed packages - โšก **TurboRepo caching** - Faster builds and tests - ๐Ÿ”€ **Parallel dev servers** - Run web + API simultaneously - ๐Ÿ“ฆ **pnpm workspaces** - Efficient dependency management - ๐Ÿ›ก๏ธ **Package-specific rules** - Next.js and NestJS get appropriate ESLint configs Example structure: ``` monorepo/ โ”œโ”€โ”€ apps/ โ”‚ โ”œโ”€โ”€ web/ # Next.js frontend โ”‚ โ””โ”€โ”€ api/ # NestJS backend โ””โ”€โ”€ packages/ โ”œโ”€โ”€ shared-types/ โ”œโ”€โ”€ ui/ โ””โ”€โ”€ config/ ``` ## ๐Ÿงช How It Works ### Pre-Commit (Local Enforcement) ```bash # You try to commit code with a type error git commit -m "Add feature" # Quality rails blocks it: โŒ Type error: Type 'number' is not assignable to type 'string' โŒ ESLint: Unexpected any. Specify a different type. โœ‹ Commit blocked - fix errors and try again ``` ### CI/CD (Remote Enforcement) ```yaml # Woodpecker pipeline runs: โœ“ gitleaks (secret scanning โ€” parallel, no deps) โœ“ npm audit (dependency security) โœ“ eslint (code quality) โœ“ tsc --noEmit (type checking) โœ“ jest --coverage (tests + coverage) โœ“ npm run build (compilation โ€” gates on all above) # If any step fails, merge is blocked ``` ## ๐ŸŽ“ Philosophy **Process compliance doesn't work.** Instructing AI agents to "do code review" or "run tests" fails. They claim to follow processes but output quality doesn't match claims. **Mechanical enforcement works.** Quality rails don't ask agents to follow processes. They **block commits** that don't pass automated checks. - Type errors? โ†’ **Commit blocked** - Hardcoded secrets? โ†’ **Commit blocked** - Test failures? โ†’ **Commit blocked** - Missing coverage? โ†’ **Commit blocked** This works for **any agent runtime** (Codex, Claude, OpenCode, Gemini, etc.) because enforcement is mechanical, not instructional. [Read more: PHILOSOPHY.md](./PHILOSOPHY.md) ## ๐Ÿ“– Documentation - [TypeScript Setup Guide](./docs/TYPESCRIPT-SETUP.md) - [CI/CD Configuration](./docs/CI-SETUP.md) ## ๐Ÿ”ง Scripts | Script | Purpose | |--------|---------| | `scripts/install.sh` | Install template to project (Linux/Mac) | | `scripts/install.ps1` | Install template to project (Windows) | | `scripts/verify.sh` | Verify enforcement is working (Linux/Mac) | | `scripts/verify.ps1` | Verify enforcement is working (Windows) | ## ๐Ÿš€ Roadmap - [x] TypeScript/Node template - [x] Pre-commit enforcement (husky + lint-staged) - [x] CI/CD templates (Woodpecker, GitHub Actions) - [x] Installation scripts - [x] Verification testing - [x] Next.js template - [x] Monorepo template - [ ] Python template - [ ] Coverage visualization - [ ] IDE integration (VSCode extension) ## ๐Ÿค Contributing Quality Rails is based on lessons learned from real production codebases. Contributions welcome! ## ๐Ÿ“ License MIT License - See LICENSE file for details ## ๐Ÿ™ Credits Built to solve real problems discovered in AI-assisted development workflows. Based on validation findings from a production patch milestone.