- FlutterGuard is an IoT/smart home Flutter project static analysis CLI plugin.
- NOT a general observability SDK, APM tool, or crash reporter.
- Output: compiled CLI binary (
dart compile exe) that scans Dart source code.
| Path | Status | Package | Notes |
|---|---|---|---|
| Path A — CLI static analysis | ACTIVE | flutterguard_cli |
All new features |
| Path B — Runtime tracing | ARCHIVED | core, dio, flutter |
In archive/ for future reference |
Do NOT modify archived packages. They are preserved as-is for reference.
- Monorepo managed by melos. New packages must register in
melos.yaml. - Active code lives in
packages/flutterguard_cli/lib/src/. - Each rule is a standalone class:
analyze(List<String> files) → List<StaticIssue>. - Configuration driven by
flutterguard.yaml(YAML schema, parsed inconfig_loader.dart). - No plugin system, no code generation, no reflection — explicit wiring in
bin/flutterguard.dart.
- Dart 3.3+,
strict-casts: true,strict-inference: true. - Prefer Dart records (
typedef) for config types. - Prefer
constconstructors andfinallocals. - Wrap per-file parsing in try/catch (one bad file must not crash the scan).
- Import style:
package:flutterguard_cli/src/...(no relative imports across packages).
- Tests live in
packages/flutterguard_cli/test/usingpackage:test. - Fixtures go in
test/fixtures/<rule_name>.dart. - Every new rule requires: spec entry → config typedef → rule class → fixture → test.
- Run tests:
melos run test:cli.
docs/FLUTTERGUARD_SPEC.mdis the single source of truth.- Spec must be updated before implementation.
- All rule IDs, risk levels, and metadata schemas must be documented in spec first.
- Do NOT create new Flutter widgets or UI components.
- Do NOT add web/cloud infrastructure or dashboard UI.
- Do NOT use third-party SaaS SDKs.
- Do NOT commit secrets, API keys, or credentials.
- Do NOT add runtime instrumentation outside archived packages.
- Do NOT introduce
package:build/ code generation dependencies.
- Branch:
developfor active work. PRs merge todevelop. - Commit messages: imperative mood, prefixed by scope (
cli:,spec:,docs:). - Before committing: run
melos run analyzeandmelos run test:cli. - Do NOT force-push to
developormain.
Managed by melos bootstrap. No path dependencies currently exist for flutterguard_cli.
Rule: Do NOT edit manually. Re-run melos bootstrap after any pubspec.yaml change.
root/analysis_options.yaml # strict-casts + strict-inference + 6 lint rules
└── packages/flutterguard_cli/... # inherits root + package:lints/recommended + excludes test/fixtures/**
Rule: Keep corporate-wide strictness at root. Per-package loosening only for legitimate reasons (fixture code, print-based demos).
root/flutterguard.yaml # development defaults (maxLines: 500/300/80)
└── <user_project>/flutterguard.yaml # per-scan override (merges over root)
└── (injected via CLI --config flag) # explicit path override
Rule: Root config serves as documented example. User projects may override all fields.