Plugin Overview
x-fidelity supports plugins that allow you to extend its core functionality without modifying the main codebase. This guide explains how plugins work and how to use them.
What are Plugins?
Plugins are Node.js modules that extend X-Fidelity's capabilities:
- Add custom facts for data collection
- Add custom operators for rule evaluation
- Provide error handlers and recovery mechanisms
- Add validation logic and rule implementations
- Include sample rules and configurations
- Benefit from universal logging system with automatic fallback
- Support context-aware logging with plugin identification
Built-in Plugins
X-Fidelity comes with 10 built-in plugins that provide comprehensive code analysis capabilities with universal logging support and enhanced error handling:
Core Analysis Plugins
1. AST Analysis Plugin (xfiPluginAst
)
Advanced abstract syntax tree analysis for JavaScript/TypeScript with Tree-sitter:
- Facts:
ast
,functionComplexity
,functionCount
- Operators:
astComplexity
,functionCount
- Capabilities: Code complexity analysis, function metrics, Tree-sitter parsing with worker threads
- Performance: Enhanced with caching and optimized memory usage
2. Dependency Plugin (xfiPluginDependency
)
Package dependency version checking and analysis:
- Facts:
repoDependencyVersions
,repoDependencyFacts
- Operators:
outdatedFramework
- Capabilities: Semver validation, dependency audit, version compliance
3. Filesystem Plugin (xfiPluginFilesystem
)
File system operations and structure analysis:
- Facts:
repoFilesystemFacts
,repoFileAnalysis
- Operators:
fileContains
,fileContainsWithPosition
,nonStandardDirectoryStructure
,hasFilesWithMultiplePatterns
- Capabilities: Directory structure validation, file content analysis, pattern matching
4. Pattern Matching Plugin (xfiPluginPatterns
)
Advanced pattern matching and regex analysis:
- Facts:
globalFileAnalysis
- Operators:
regexMatch
,regexMatchWithPosition
,globalPatternCount
,globalPatternRatio
- Capabilities: Global pattern analysis, regex matching, position tracking
Specialized Plugins
5. React Patterns Plugin (xfiPluginReactPatterns
)
React-specific code pattern detection:
- Facts:
effectCleanupFact
,hookDependencyFact
- Operators: (None currently implemented)
- Capabilities: React hooks analysis, effect cleanup detection
6. Remote String Validator Plugin (xfiPluginRemoteStringValidator
)
External API validation for extracted values:
- Facts:
remoteSubstringValidation
- Operators:
invalidRemoteValidation
- Capabilities: Remote validation, HTTP integration, pattern extraction
Example usage:
{
"fact": "remoteSubstringValidation",
"params": {
"pattern": "\"systemId\":[\\s]*\"([a-z]*)\"",
"validationParams": {
"url": "http://validator.example.com/check",
"method": "POST",
"headers": {"Content-Type": "application/json"},
"body": {"value": "#MATCH#"},
"checkJsonPath": "$.valid"
},
"resultFact": "validationResult"
},
"operator": "invalidRemoteValidation",
"value": true
}
7. Required Files Plugin (xfiPluginRequiredFiles
)
Validates presence of required project files:
- Facts:
missingRequiredFiles
- Operators:
missingRequiredFiles
- Capabilities: Required file checking, project structure validation
8. OpenAI Plugin (xfiPluginOpenAI
)
AI-powered code analysis using OpenAI's language models:
- Facts:
openaiAnalysis
(when OpenAI is enabled) - Operators:
openaiAnalysisHighSeverity
- Capabilities: AI code review, pattern detection, best practice suggestions
- Note: Requires
OPENAI_API_KEY
environment variable
9. Extract Values Plugin (xfiPluginExtractValues
)
Flexible multi-strategy value extraction into runtime facts:
- Facts:
extractValues
- Operators:
matchesSatisfy
- Capabilities: JSONPath/YAML→JSONPath/XPath/AST/Regex extraction with security and limits
Development Plugins
10. Simple Example Plugin (xfiPluginSimpleExample
)
Template plugin demonstrating plugin structure:
- Facts:
customFact
- Operators:
customOperator
- Capabilities: Basic example implementation, plugin development template
Example usage:
{
"fact": "customFact",
"operator": "customOperator",
"value": "custom fact data"
}
Using Plugins
Built-in Plugin Loading
All built-in plugins are automatically available and loaded as needed based on your archetype configuration. No additional installation is required for the 9 built-in plugins. Each plugin benefits from the universal logging system with context-aware loggers and enhanced error handling.
External Plugin Loading
For custom or third-party plugins, there are three ways to load them:
1. Via CLI Option
Install plugin packages and enable them when running x-fidelity:
# Install external plugins
yarn global add xfi-custom-plugin another-plugin
# Enable plugins via CLI
xfidelity . -e xfi-custom-plugin another-plugin
2. Via Archetype Configuration
Specify plugins directly in your archetype configuration:
{
"name": "my-archetype",
"plugins": [
"xfiPluginAst",
"xfiPluginDependency",
"xfi-custom-plugin"
],
"rules": ["myRule-global"],
"config": {}
}
3. Via Project Configuration
Add plugins to your project's .xfi-config.json
file:
{
"additionalPlugins": [
"xfi-custom-plugin",
"xfiPluginOpenAI"
],
"sensitiveFileFalsePositives": [
"path/to/exclude/file.js"
]
}
Plugin Loading Order
When plugins are specified in multiple places, they are loaded in this order:
- CLI-specified plugins (
-e
flag) - Archetype-specified plugins
- Project configuration plugins (
.xfi-config.json
)
Note: Duplicate plugins are automatically deduplicated, so the same plugin won't be loaded multiple times.
Plugin Features
Facts
Plugins can add new facts that:
- Collect custom data
- Integrate with external services
- Process files differently
- Add computed values
Operators
Plugins can add new operators that:
- Implement custom logic
- Add validation rules
- Integrate with external tools
- Process fact data
Error Handlers
Plugins can provide custom error handling:
- Custom error messages
- Error severity levels
- Error actions
- Notification integration
Next Steps
- Learn how to Create Plugins
- See Plugin Examples
- Read Best Practices