@cakemail-org/conformance
v3.0.0
Published
Token-conformance detector + CI gate for the Cakemail design system. One detector — the hub and every product spoke run it.
Readme
@cakemail-org/conformance
The Cakemail design-system token-conformance detector, as a shareable package.
This is the single implementation of the conformance rules. The design-system
hub runs it (re-exported from tools/agents/04-conformance.js + the CI gate),
and every product spoke runs the same code via its CLI. No fork, no copies —
the same reason components ship as @cakemail-org/ui-app instead of being pasted
into each repo.
What it catches
CRITICAL (fails CI): hardcoded hex (bg-[#0abdae]), raw Tailwind palette
(text-red-500), hardcoded named colors (bg-white), inline style={{}},
arbitrary spacing (p-[13px]). HIGH/MEDIUM (advisory): shadcn aliases, unmapped
spacing/radius/shadow/type, primitive-where-semantic. Valid token classes resolve
against the installed @cakemail-org/design-tokens preset, so it stays correct
as the brand evolves. False-positive exemptions (comments, CSS keywords, brand-logo
hex) are built in.
Use in a product repo (the CI gate)
// package.json
"devDependencies": { "@cakemail-org/conformance": "^1.0.0" },
"scripts": { "conformance": "cakemail-conformance src --report" }# .github/workflows/conformance.yml — fails the PR on any CRITICAL violation
- run: npx cakemail-conformance src@cakemail-org/design-tokens must be installed (it's a peer) so token classes can
be validated. The --report flag writes .audit/conformance-report.json — the
input the fixer-product agent reads to auto-fix and route gaps.
Programmatic API
const { run } = require('@cakemail-org/conformance')
const report = run({ dirs: ['src'], cwd: process.cwd() })
// report.summary.critical, report.violations[]