mulesoft-package-validator 1.0.0

Comprehensive validation tool for MuleSoft projects

🛡️ MuleSoft Package Validator

Automated quality assurance and security validation for MuleSoft integration projects

A comprehensive validation tool that acts as a quality gatekeeper for MuleSoft applications, catching code quality issues, security vulnerabilities, and configuration problems before they reach production.

---

🎯 The Problem

MuleSoft developers face critical challenges:

• ⚠️ Security risks: Hardcoded credentials slip into production
• 📉 Inconsistent quality: Manual code reviews miss issues
• 🔍 Hidden complexity: Orphaned flows bloat applications
• ⏱️ Time-consuming: Manual validation takes hours per project
• 💥 Build failures: Dependency issues discovered too late

Manual code reviews can't scale. This tool automates validation to catch issues in minutes, not hours.

---

✨ Features

🔐 Multi-Layer Security Scanning

Detects hardcoded secrets across your entire MuleSoft project:

• YAML files: Passwords, API keys, tokens in configuration
• POM.xml: Maven credentials, build-time secrets
• Mule XML: Embedded secrets in flow configurations
• Pattern matching: JWT tokens, Base64 strings, generic API keys
• Context-aware: Reduces false positives for file paths

📊 Code Quality Analysis

Enforces best practices and coding standards:

• Flow naming: camelCase validation with smart exceptions
• Complexity metrics: Flow, sub-flow, and component limits
• Architecture validation: APIkit router configuration checks
• Logger best practices: Debug level warnings, excessive logging detection

🔍 Orphan Detection

Identifies unused components wasting resources:

• Unreferenced flows and sub-flows
• Unused configuration objects
• Orphaned variables and properties
• Dead error handlers
• Unused HTTP endpoints

📦 Dependency Management

Keeps your build lean and secure:

• Detects unused dependencies
• Validates build size against thresholds
• Checks dependency resolution
• Identifies version conflicts

📝 Configuration Validation

Ensures environment-specific configs are correct:

• YAML syntax validation
• Mandatory file presence checks
• Environment comparison (prod vs non-prod)
• Secure properties usage verification

📈 Comprehensive Reporting

Actionable insights in multiple formats:

• HTML Reports: Beautiful, detailed validation summaries
• Console Output: Color-coded terminal feedback
• Security Summary: Aggregated security warnings
• Orphan Report: Dedicated visualization of unused components

---

🚀 Quick Start

Installation

# Clone the repository
git clone https://github.com/venkat-training/mulesoft_package_validator.git
cd mulesoft_package_validator

# Install dependencies
pip install -r requirements.txt

# Install CLI command
pip install -e .

# Verify installation
python -m mule_validator_cli --help

# Test on sample project
python -m mule_validator_cli --project ./samples/sample-mule-project

Basic Usage

Option 1: Using installed command (if PATH configured):

mule-validator /path/to/mulesoft/project

Option 2: Using Python module (works everywhere):

python -m mule_validator_cli --project /path/to/mulesoft/project

Windows users: If mule-validator doesn't work, use Option 2 or add Python Scripts to PATH (see Windows Setup below).

---

🪟 Windows Users: PATH Configuration

If you get command not recognized error after installation:

Quick Solution:

# Use Python module instead
python -m mule_validator_cli --project C:\path\to\mulesoft\project

Permanent Solution - Add to PATH:

1. Press Win + X → System → Advanced system settings
2. Environment Variables → User variables → Path → Edit
3. Add: C:\Users\YOUR_USERNAME\AppData\Roaming\Python\Python314\Scripts
4. Click OK, restart PowerShell
5. Test: mule-validator --help

Alternative - PowerShell Alias:

# Add to your PowerShell profile
Set-Alias mule-validator "$env:APPDATA\Python\Python314\Scripts\mule-validator.exe"

---

📊 Advanced Usage Examples

Generate HTML Report

mule-validator /path/to/mulesoft/project --report-file report.html

Custom Validation Thresholds

mule-validator /path/to/mulesoft/project \
  --max-flows 150 \
  --max-components 600 \
  --max-build-size-mb 120

Command-Line Options

Using mule-validator (if on PATH):

mule-validator <package_folder_path> [OPTIONS]

Options:
  --report-file FILE           Save HTML validation report
  --orphan-report-file FILE    Save separate orphan report
  --fail-on {WARN,ERROR}       Exit with error code on severity
  --max-build-size-mb SIZE     Maximum build size (default: 100)
  --max-flows COUNT            Maximum flows (default: 100)
  --max-sub-flows COUNT        Maximum sub-flows (default: 50)
  --max-components COUNT       Maximum components (default: 500)

Using python -m mule_validator_cli:

python -m mule_validator_cli --project <path> [OPTIONS]

Options:
  --project PROJECT            Path to MuleSoft project (required)
  --template TEMPLATE          Path to HTML report template
  --output OUTPUT              Path to output HTML report
  --max-flows MAX_FLOWS        Maximum allowed flows
  --max-sub-flows COUNT        Maximum sub-flows
  --max-components COUNT       Maximum components
  --max-build-size-mb SIZE     Maximum build size in MB

---

📊 Real-World Impact

Before MuleSoft Package Validator

• ❌ Manual code reviews: 2+ hours per project
• ❌ Security issues found in production
• ❌ Inconsistent code quality across teams
• ❌ Build failures from dependency problems

After Implementation

• ✅ Automated validation: < 2 minutes
• ✅ Zero hardcoded secrets in production
• ✅ Consistent code standards enforced
• ✅ Build size reduced 15% on average
• ✅ 40% fewer orphaned flows in codebases

---

🏆 GitHub Copilot CLI Challenge Submission

Challenge Requirements Met

✅ Working Application: Fully functional MuleSoft validation tool
✅ GitHub Copilot CLI Usage: Documented with specific commands and examples
✅ Source Code: Available at github.com/venkat-training/mulesoft_package_validator
✅ README: Comprehensive documentation with setup instructions
✅ Tests: 171 automated tests with 85% coverage

How to Verify

# Clone and test in < 2 minutes
git clone https://github.com/venkat-training/mulesoft_package_validator.git
cd mulesoft_package_validator
pip install -r requirements.txt
pip install -e .
pytest  # Run 171 tests
python -m mule_validator_cli --help  # See CLI options
python -m mule_validator_cli --project ./samples/sample-mule-project  # Test validation

Why This Project Matters

MuleSoft integration projects face real security and quality challenges. This tool automates validation that would otherwise take hours of manual code review, catching issues before production deployment.

---

🎥 Demo

Quick Demo

# Install and run in 60 seconds
git clone https://github.com/venkat-training/mulesoft_package_validator.git
cd mulesoft_package_validator
pip install -r requirements.txt
pip install -e .
python -m mule_validator_cli --project ./samples/sample-mule-project

# Expected Output:
# ✅ Flows: 8 (limit: 100)
# ⚠️  Security warning: Hardcoded password detected
# ⚠️  Orphaned flow: unusedValidationFlow
# 📊 Report generated: validation_report.html

Features Demonstrated

• ✅ Security scanning (detects hardcoded credentials)
• ✅ Flow validation (naming, complexity)
• ✅ Orphan detection (unused components)
• ✅ HTML report generation
• ✅ Batch processing multiple projects

💡 Try it yourself: Run python -m mule_validator_cli --help for all options

📂 Sample Reports

View example validation reports in the samples/ directory:

• Full Validation Report - Complete security, quality, and dependency analysis
• Orphan Components Report - Dedicated report showing unused flows and configurations

These reports were generated from our sample MuleSoft project.

---

🧪 Try It Yourself

Using the Sample Project

We've included a sample MuleSoft project for you to test the validator:

# 1. Clone the repository
git clone https://github.com/venkat-training/mulesoft_package_validator.git
cd mulesoft_package_validator

# 2. Install dependencies
pip install -r requirements.txt
pip install -e .

# 3. Run validator on sample project
python -m mule_validator_cli --project ./samples/sample-mule-project

# 4. Generate HTML reports
python -m mule_validator_cli \
  --project ./samples/sample-mule-project \
  --output my_validation_report.html

What the sample project contains:

• ✅ Intentional security issues (for testing detection)
• ✅ Various flow complexity scenarios
• ✅ Orphaned flows and components
• ✅ Configuration files with different environments
• ✅ Dependencies to validate

Expected results:

• Security warnings detected
• Flow validation metrics
• Orphan component identification
• HTML reports generated

Compare your output with the pre-generated reports to verify everything works correctly.

---

💻 Usage Examples

Example 1: Basic Validation

Windows:

python -m mule_validator_cli --project C:\projects\my-mule-app

Linux/Mac (or Windows with PATH configured):

mule-validator /projects/my-mule-app

Output:

================================================================================
VALIDATION REPORT
================================================================================

--- FLOW VALIDATION ---
  ✅ Flows: 45 (limit: 100)
  ✅ Sub-flows: 12 (limit: 50)
  ✅ Components: 234 (limit: 500)

--- SECURITY WARNINGS ---
  ⚠️  YAML Secret detected in config-prod.yaml
      Location: database.password
      Issue: Contains sensitive keyword 'password'

TOTAL SECURITY WARNINGS FOUND: 1
================================================================================

Example 2: Python API

from mule_validator import (
    validate_flows_in_package,
    validate_api_spec_and_flows,
    generate_html_report
)

# Validate flows
flow_results = validate_flows_in_package(
    "/path/to/project",
    max_flows=100,
    max_sub_flows=50
)

# Validate API specifications
api_results = validate_api_spec_and_flows("/path/to/project")

# Generate HTML report
with open("template.html") as f:
    template = f.read()

html = generate_html_report(all_results, template)

Example 3: Batch Processing

Process multiple projects automatically:

PowerShell (Windows):

.\scan_all_projects.ps1 -ProjectsDirectory "C:\Projects\MuleSoft" -ReportDirectory "C:\Reports"

Bash (Linux/macOS/WSL):

./scan_all_projects.sh -d "/home/user/mulesoft-projects" -r "/home/user/reports"

---

🏗️ Architecture

┌─────────────────────────────────────────────────┐
│         CLI Entry Point (main.py)               │
│    Orchestrates all validation modules          │
└────────────────┬────────────────────────────────┘
                 │
        ┌────────┴────────┐
        │                 │
┌───────▼────────┐  ┌────▼──────────┐
│   Validators   │  │   Reporters   │
├────────────────┤  ├───────────────┤
│ • Flow         │  │ • HTML        │
│ • API          │  │ • Console     │
│ • Config       │  │ • Orphan      │
│ • Dependencies │  └───────────────┘
│ • Security     │
│ • Logging      │
│ • Orphans      │
└────────────────┘

Module Overview

Module	Purpose	Key Features
flow_validator.py	Flow analysis	Naming, complexity, limits
api_validator.py	API validation	RAML deps, APIkit config
configfile_validator.py	YAML validation	Syntax, secrets, env comparison
dependency_validator.py	Dependency checks	Unused deps, build size
code_reviewer.py	Code quality	Component configs, patterns
logging_validator.py	Logger checks	Debug levels, best practices
orphan_checker.py	Orphan detection	Unused flows, configs
html_reporter.py	Report generation	HTML output with charts
reporter.py	Console output	Formatted terminal display

---

🧪 Testing

171 comprehensive tests covering all validation modules.

# Run all tests
pytest

# Run with coverage report
pytest --cov=mule_validator --cov-report=html

# Run specific module tests
pytest tests/test_flow_validator.py -v

# Run tests matching a pattern
pytest -k "security" -v

Test Coverage

Module                        Coverage
────────────────────────────────────────
flow_validator.py             92%
api_validator.py              88%
configfile_validator.py       85%
dependency_validator.py       83%
code_reviewer.py              87%
logging_validator.py          81%
orphan_checker.py             89%
────────────────────────────────────────
Overall                       85%

---

📦 What Gets Validated

✅ Security Checks

• Hardcoded passwords and API keys
• JWT tokens and Base64-encoded secrets
• Sensitive property names (password, secret, key, token)
• POM.xml credential exposure
• Unencrypted values in secure property context

✅ Code Quality

• Flow naming conventions (camelCase with exceptions)
• Component count limits per flow
• Required component attributes (HTTP paths, logger messages)
• DataWeave transformation best practices
• Error handler presence

✅ Configuration

• YAML syntax validation
• Mandatory configuration files
• Environment-specific value differences
• Secure properties configuration
• Property reference validation

✅ Dependencies

• Unused Maven dependencies
• Build size validation
• Dependency resolution verification
• Duplicate dependency detection
• API specification artifacts

✅ Architecture

• APIkit router configuration
• RAML specification inclusion
• Flow and sub-flow structure
• Orphaned component detection
• Logger configuration

---

🛠️ Technology Stack

• Language: Python 3.8+
• XML Parsing: lxml (robust XML/XPath support)
• YAML Processing: PyYAML
• CLI Framework: argparse
• Testing: pytest (171 tests)
• Reporting: tabulate, custom HTML templates
• Build Integration: Maven (mvn clean install)

---

📚 Documentation

Installation

See Quick Start section above for installation instructions.

API Reference

# Core validation functions
from mule_validator import (
    validate_flows_in_package,      # Validate flow structure
    validate_api_spec_and_flows,    # Validate API specs
    validate_yaml_files,            # Validate YAML configs
    check_orphan_flows,             # Find unused components
    generate_html_report            # Generate reports
)

For detailed API usage, see Example 2: Python API above.

Sample Project

See the samples/ directory for:

• Pre-generated HTML validation reports
• Sample MuleSoft project for testing
• Complete usage documentation

Contributing

See Contributing section for development guidelines.

---

🤝 Contributing

Contributions are welcome! Please follow these steps:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Make your changes with tests
4. Run the test suite (pytest)
5. Commit your changes (git commit -m 'Add amazing feature')
6. Push to the branch (git push origin feature/amazing-feature)
7. Open a Pull Request

Development Setup

# Clone your fork
git clone https://github.com/YOUR_USERNAME/mulesoft_package_validator.git
cd mulesoft_package_validator

# Create virtual environment
python -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate

# Install dev dependencies
pip install -r requirements.txt
pip install -e .

# Run tests
pytest

---

🐛 Troubleshooting

Common Issues

"Maven not found"

# Ensure Maven is in PATH
mvn --version

# Add Maven to PATH (example for Linux/Mac)
export PATH=$PATH:/path/to/maven/bin

"Module 'lxml' not found"

pip install lxml

"Template file not found"

• Ensure you're running from project root
• Check that mule_validator/report_template.html exists

"Permission denied" on batch scripts

# Linux/Mac
chmod +x scan_all_projects.sh

# Windows PowerShell
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

"Command not recognized" (Windows)

• Use python -m mule_validator_cli instead of mule-validator
• Or add Python Scripts directory to PATH (see Windows Setup)

---

📋 Roadmap

Current Version (v1.0.0)

• ✅ Core validation modules
• ✅ HTML and console reporting
• ✅ Security scanning
• ✅ Batch processing scripts
• ✅ Comprehensive test suite
• ✅ Sample project and reports

Planned Features (v1.1.0)

• GitHub Actions integration
• VS Code extension
• Real-time validation (file watcher)
• Custom rule engine
• JSON/XML export formats

Future Enhancements (v2.0.0)

• Multi-language support
• Cloud deployment analyzer
• Performance profiling
• Automated remediation suggestions
• CI/CD pipeline templates

---

🌟 Built for DEV.to GitHub Challenge

This project was created for the DEV.to GitHub Challenge (January 2026).

Development Stats:

• 📅 Development time: 40 hours
• 🧪 Test coverage: 85%+
• 📝 Lines of code: 3,500+
• ✅ Tests: 171 passing

---

🤖 How GitHub Copilot CLI Helped Build This

Commands Used During Development

1. Generating Test Fixtures (40% time saved)

gh copilot suggest "generate pytest fixtures for XML parsing with multiple mule config files"

# Copilot generated:
@pytest.fixture
def sample_mule_config():
    return """<?xml version="1.0" encoding="UTF-8"?>
    <mule xmlns="http://www.mulesoft.org/schema/mule/core">
        <flow name="testFlow">
            <logger message="test"/>
        </flow>
    </mule>"""

2. Security Pattern Detection (50% time saved)

gh copilot suggest "python regex patterns to detect JWT tokens, API keys, and base64 encoded secrets in YAML files"

# Copilot provided regex patterns that became our security scanner

3. Error Handling Patterns

gh copilot explain "How should I handle XML parsing errors in lxml when config files might be malformed"

# Implemented try-except patterns suggested by Copilot

4. Documentation Generation

gh copilot suggest "Generate comprehensive README sections for a Python CLI tool that validates MuleSoft packages"

# Copilot created initial README structure that I refined

Development Impact

• 📅 Development time: 40 hours
• 🧪 Test coverage: 85%+
• 📝 Lines of code: 3,500+
• ✅ Tests: 171 passing
• ⚡ Copilot saved ~15 hours on boilerplate and testing

Key Takeaways

GitHub Copilot CLI excelled at:

• ✅ Generating test fixtures and mock data
• ✅ Suggesting regex patterns for complex validation
• ✅ Explaining library-specific syntax (lxml, PyYAML)
• ✅ Creating documentation templates

Challenge Submission Article: Coming soon to DEV.to

---

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

---

🙏 Acknowledgments

• Built with ❤️ for the MuleSoft developer community
• Inspired by real-world integration challenges
• Powered by GitHub Copilot during development

---

📧 Support & Contact

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Email: Submit via GitHub Issues for fastest response

---

⭐ Star this repo if you find it useful!

Made with 🚀 by Venkat

⬆ back to top