Reposting because I deleted the earlier thread to add more details. Sorry for the noise
I've been building a tool that enforces configurable architecture boundaries in Jvm codebases (your team defines the rules in yaml) or create it from reference depending on your architecture and need.
The tool offers 2 engines:
-
PSI engine (IDE): source code analysis, inspections + guided fixes
-
ASM engine (CI): bytecode analysis + hotspots + findings + call graph analysis
-
Exportable reports (SARIF/JSON/HTML/XML)
What I mean by architectural boundaries: a set of rules your team agrees on about how the codebase is allowed to be structured (modules/roles, allowed dependencies, forbidden edges, placement rules).
Think: “Controllers can call Services, Services can call Repos, not the other way around”
You can basically define your own rules, for example:
-
Forbidden deps: ui.* must not depend on infra.*
-
Role placement: ..api.. must be “api” role; ..domain.. must be “domain”
-
Layering constraints: only service may depend on repository, not the other way around
Bytecode-level enforcement (ASM): catches violations even if source isn’t present (generated code / multi-module jars / compiled deps/ shadow usage detection).
Repo:
