1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
/// FJ-849: Verify resources match machine capabilities
pub check_resource_machine_affinity: bool,
/// FJ-853: Score drift risk per resource based on type + deps
pub check_resource_drift_risk: bool,
/// FJ-857: Verify all resources have required tags
pub check_resource_tag_coverage: bool,
/// FJ-861: Verify lifecycle hook references are valid
pub check_resource_lifecycle_hooks: bool,
/// FJ-865: Verify provider version compatibility
pub check_resource_provider_version: bool,
/// FJ-869: Enforce naming patterns across resources
pub check_resource_naming_convention: bool,
/// FJ-873: Verify resources are idempotent-safe
pub check_resource_idempotency: bool,
/// FJ-877: Verify resources have descriptions or comments
pub check_resource_documentation: bool,
/// FJ-881: Verify all resources have assigned owners
pub check_resource_ownership: bool,
/// FJ-885: Detect secrets accidentally exposed in resource content
pub check_resource_secret_exposure: bool,
/// FJ-889: Enforce tag naming standards across resources
pub check_resource_tag_standards: bool,
/// FJ-893: Detect resources that could enable privilege escalation
pub check_resource_privilege_escalation: bool,
/// FJ-897: Verify resources can be safely updated without downtime
pub check_resource_update_safety: bool,
/// FJ-901: Detect config inconsistencies across machines
pub check_resource_cross_machine_consistency: bool,
/// FJ-905: Verify resources pin explicit versions
pub check_resource_version_pinning: bool,
/// FJ-909: Verify all dependencies exist and are reachable
pub check_resource_dependency_completeness: bool,
/// FJ-913: Verify all resources declare explicit states
pub check_resource_state_coverage: bool,
/// FJ-917: Verify resources can be safely rolled back
pub check_resource_rollback_safety: bool,
/// FJ-921: Score resource configuration maturity
pub check_resource_config_maturity: bool,
/// FJ-925: Verify dependency ordering is topologically valid
pub check_resource_dependency_ordering: bool,
/// FJ-929: Ensure all resources have required tag categories
pub check_resource_tag_completeness: bool,
/// FJ-933: Enforce naming conventions via configurable regex patterns
pub check_resource_naming_standards: bool,
/// FJ-937: Detect asymmetric dependency declarations
pub check_resource_dependency_symmetry: bool,
/// FJ-941: Detect circular alias references in resource configs
pub check_resource_circular_alias: bool,
/// FJ-945: Warn when dependency chains exceed a threshold
pub check_resource_dependency_depth_limit: bool,
/// FJ-949: Detect parameters defined but never referenced in templates
pub check_resource_unused_params: bool,
/// FJ-953: Warn when machines have unbalanced resource counts
pub check_resource_machine_balance: bool,
/// FJ-957: Verify content hashes match declared checksums
pub check_resource_content_hash_consistency: bool,
/// FJ-961: Ensure all referenced dependencies exist in the resource set
pub check_resource_dependency_refs: bool,
/// FJ-965: Ensure all trigger references point to existing resources
pub check_resource_trigger_refs: bool,
/// FJ-969: Validate parameter types match expected usage patterns
pub check_resource_param_type_safety: bool,
/// FJ-973: Validate environment variable references match declared params
pub check_resource_env_consistency: bool,
/// FJ-977: Validate secret resources have rotation policies defined
pub check_resource_secret_rotation: bool,
/// FJ-981: Verify resources define all lifecycle stages
pub check_resource_lifecycle_completeness: bool,
/// FJ-985: Verify resource types are compatible with declared providers
pub check_resource_provider_compatibility: bool,
/// FJ-989: Enforce naming conventions on resource names
pub check_resource_naming_convention_strict: bool,
/// FJ-993: Warn if resources lack idempotency annotations or markers
pub check_resource_idempotency_annotations: bool,
/// FJ-997: Warn if resource content exceeds size threshold
pub check_resource_content_size_limit: bool,
/// FJ-1001: Warn if any resource exceeds max fan-in or fan-out
pub check_resource_dependency_fan_limit: bool,
/// FJ-1014: Warn if GPU resources reference mismatched backends within a stack
pub check_resource_gpu_backend_consistency: bool,
/// FJ-1018: Validate when-field expressions for syntactic correctness
pub check_resource_when_condition_syntax: bool,
/// FJ-1022: Warn if side-effect resources lack lifecycle hooks
pub check_resource_lifecycle_hook_coverage: bool,
/// FJ-1025: Warn if resources contain encrypted secrets needing rotation
pub check_resource_secret_rotation_age: bool,
/// FJ-1028: Warn if dependency chains exceed max depth limit (configurable)
pub check_resource_dependency_chain_depth: bool,
/// FJ-1030: Warn if recipe resources reference undefined inputs
pub check_recipe_input_completeness: bool,
/// FJ-1033: Warn if resources have duplicate content across different machines
pub check_resource_cross_machine_content_duplicates: bool,
/// FJ-1036: Warn if resources reference machines not defined in config
pub check_resource_machine_reference_validity: bool,
/// FJ-1038: Detect correlated failures across resources
pub check_resource_health_correlation: bool,
/// FJ-1041: Identify redundant dependency chains
pub check_dependency_optimization: bool,
/// FJ-1044: Identify resource consolidation opportunities
pub check_resource_consolidation_opportunities: bool,
/// FJ-1046: Validate resources have proper compliance tags
pub check_resource_compliance_tags: bool,
/// FJ-1049: Validate resources have rollback coverage
pub check_resource_rollback_coverage: bool,
/// FJ-1052: Validate dependency balance across resources
pub check_resource_dependency_balance: bool,
/// FJ-1054: Warn if secrets are referenced outside intended machine scope
pub check_resource_secret_scope: bool,
/// FJ-1057: Warn if deprecated resources are still depended upon
pub check_resource_deprecation_usage: bool,
/// FJ-1060: Warn if conditional resources lack when clause coverage
pub check_resource_when_condition_coverage: bool,
/// FJ-1062: Warn if bidirectional dependency patterns exist
pub check_resource_dependency_symmetry_deep: bool,
/// FJ-1065: Warn if tags don't follow namespace conventions
pub check_resource_tag_namespace: bool,
/// FJ-1068: Warn if machines have too many resources
pub check_resource_machine_capacity: bool,
/// FJ-1070: Warn if resource dependency fan-out exceeds limit
pub check_resource_dependency_fan_out_limit: bool,
/// FJ-1073: Warn if resources lack required tag keys
pub check_resource_tag_required_keys: bool,
/// FJ-1076: Score drift risk based on type, content, and dependency count
pub check_resource_content_drift_risk: bool,
/// FJ-1078: Warn if circular dependency chains exist
pub check_resource_circular_dependency_depth: bool,
/// FJ-1081: Detect orphan resources unreachable from any root
pub check_resource_orphan_detection_deep: bool,
/// FJ-1084: Warn if all resources use a single provider type
pub check_resource_provider_diversity: bool,
/// FJ-1086: Warn if resources in different stages share dependencies
pub check_resource_dependency_isolation: bool,
/// FJ-1089: Warn if tag values are inconsistent across similar resources
pub check_resource_tag_value_consistency: bool,
/// FJ-1092: Warn if resources are unevenly distributed across machines
pub check_resource_machine_distribution_balance: bool,
/// FJ-1094: Warn if version-pinned dependencies are outdated
pub check_resource_dependency_version_drift: bool,
/// FJ-1097: Warn if resource names exceed character limit
pub check_resource_naming_length_limit: bool,
/// FJ-1100: Warn if machines lack expected resource type coverage
pub check_resource_type_coverage_per_machine: bool,
/// FJ-1102: Warn if dependency chain depths vary wildly
pub check_resource_dependency_depth_variance: bool,
/// FJ-1105: Warn if tag keys don't follow naming conventions
pub check_resource_tag_key_naming: bool,
/// FJ-1108: Warn if resource content exceeds size threshold
pub check_resource_content_length_limit: bool,
/// FJ-1110: Verify all declared dependencies exist
pub check_resource_dependency_completeness_audit: bool,
/// FJ-1113: Warn if machines lack expected resource types
pub check_resource_machine_coverage_gap: bool,
/// FJ-1116: Warn if file paths exceed directory depth limit
pub check_resource_path_depth_limit: bool,
/// FJ-1118: Verify dependency ordering consistency
pub check_resource_dependency_ordering_consistency: bool,
/// FJ-1121: Validate tag value format
pub check_resource_tag_value_format: bool,
/// FJ-1124: Check resource provider version pinning
pub check_resource_provider_version_pinning: bool,
/// FJ-1306: Report per-resource purity levels
pub check_recipe_purity: bool,
/// FJ-1329: Output reproducibility score (0-100)
pub check_reproducibility_score: bool,
/// FJ-2500: Reject configs with unknown YAML fields (typo detection)
pub deny_unknown_fields: bool,