feat: move reading and writing to io package, implement basic validation and add logging

Author: wiebe-vandendriessche

cmd/completeness.go

@@ -7,6 +7,7 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/idlab-discover/AIBoMGen-cli/internal/completeness"
+	bomio "github.com/idlab-discover/AIBoMGen-cli/internal/io"
 	"github.com/idlab-discover/AIBoMGen-cli/internal/metadata"
 )
 
@@ -37,7 +38,7 @@ var completenessCmd = &cobra.Command{
 			}
 		}
 
-		bom, err := completeness.ReadBOM(inPath, inFormat)
+		bom, err := bomio.ReadBOM(inPath, inFormat)
 		if err != nil {
 			return err
 		}

cmd/validate.go

@@ -2,20 +2,86 @@ package cmd
 
 import (
 	"fmt"
+	"strings"
 
+	"github.com/idlab-discover/AIBoMGen-cli/internal/completeness"
+	bomio "github.com/idlab-discover/AIBoMGen-cli/internal/io"
+	"github.com/idlab-discover/AIBoMGen-cli/internal/metadata"
+	"github.com/idlab-discover/AIBoMGen-cli/internal/validator"
 	"github.com/spf13/cobra"
 )
 
-// validateCmd represents the validate command
+var (
+	validateInput          string
+	validateFormat         string
+	validateStrict         bool
+	validateMinScore       float64
+	validateCheckModelCard bool
+	validateLogLevel       string
+)
+
 var validateCmd = &cobra.Command{
 	Use:   "validate",
 	Short: "Validate an existing AIBOM file",
 	Long:  "Validates that a CycloneDX AIBOM JSON is well-formed and optionally checks for required model card fields in strict mode.",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		fmt.Println("Not implemented")
+		if validateInput == "" {
+			return fmt.Errorf("--input is required")
+		}
+
+		// Resolve effective log level.
+		level := strings.ToLower(strings.TrimSpace(validateLogLevel))
+		if level == "" {
+			level = "standard"
+		}
+		switch level {
+		case "quiet", "standard", "debug":
+			// ok
+		default:
+			return fmt.Errorf("invalid --log-level %q (expected quiet|standard|debug)", validateLogLevel)
+		}
+
+		// Wire internal package logging based on log level.
+		if level != "quiet" {
+			lw := cmd.ErrOrStderr()
+			validator.SetLogger(lw)
+			if level == "debug" {
+				metadata.SetLogger(lw)
+				completeness.SetLogger(lw)
+			}
+		}
+
+		// Read BOM
+		bom, err := bomio.ReadBOM(validateInput, validateFormat)
+		if err != nil {
+			return fmt.Errorf("failed to read BOM: %w", err)
+		}
+
+		// Validate
+		opts := validator.ValidationOptions{
+			StrictMode:           validateStrict,
+			MinCompletenessScore: validateMinScore,
+			CheckModelCard:       validateCheckModelCard,
+		}
+
+		result := validator.Validate(bom, opts)
+		validator.PrintReport(result)
+
+		if !result.Valid {
+			return fmt.Errorf("validation failed")
+		}
+
 		return nil
 	},
 }
 
 func init() {
+	validateCmd.Flags().StringVarP(&validateInput, "input", "i", "", "Path to AIBOM file (required)")
+	validateCmd.Flags().StringVarP(&validateFormat, "format", "f", "auto", "Input format: json|xml|auto")
+	validateCmd.Flags().BoolVar(&validateStrict, "strict", false, "Strict mode: fail on missing required fields")
+	validateCmd.Flags().Float64Var(&validateMinScore, "min-score", 0.0, "Minimum completeness score (0.0-1.0)")
+	validateCmd.Flags().BoolVar(&validateCheckModelCard, "check-model-card", true, "Validate model card fields")
+	validateCmd.Flags().StringVar(&validateLogLevel, "log-level", "standard", "Log level: quiet|standard|debug (default: standard)")
+
+	validateCmd.MarkFlagRequired("input")
 }

internal/completeness/completeness.go

@@ -1,10 +1,6 @@
 package completeness
 
 import (
-	"os"
-	"path/filepath"
-	"strings"
-
 	"github.com/idlab-discover/AIBoMGen-cli/internal/metadata"
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
@@ -67,33 +63,3 @@ func Check(bom *cdx.BOM) Report {
 		MissingOptional: missingOpt,
 	}
 }
-
-func ReadBOM(path string, format string) (*cdx.BOM, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	actual := strings.ToLower(strings.TrimSpace(format))
-	if actual == "" || actual == "auto" {
-		if strings.EqualFold(filepath.Ext(path), ".xml") {
-			actual = "xml"
-		} else {
-			actual = "json"
-		}
-	}
-
-	fileFmt := cdx.BOMFileFormatJSON
-	if actual == "xml" {
-		fileFmt = cdx.BOMFileFormatXML
-	}
-
-	bom := new(cdx.BOM)
-	dec := cdx.NewBOMDecoder(f, fileFmt)
-	if err := dec.Decode(bom); err != nil {
-		return nil, err
-	}
-
-	return bom, nil
-}

internal/completeness/completeness_test.go

@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/idlab-discover/AIBoMGen-cli/internal/fetcher"
+	bomio "github.com/idlab-discover/AIBoMGen-cli/internal/io"
 	"github.com/idlab-discover/AIBoMGen-cli/internal/metadata"
 	"github.com/idlab-discover/AIBoMGen-cli/internal/scanner"
 
@@ -170,7 +171,7 @@ func TestReadBOM_JSON_ExplicitFormat(t *testing.T) {
 	p := filepath.Join(dir, "bom.json")
 	writeBOMFile(t, p, cdx.BOMFileFormatJSON)
 
-	b, err := ReadBOM(p, "json")
+	b, err := bomio.ReadBOM(p, "json")
 	if err != nil {
 		t.Fatalf("ReadBOM err = %v", err)
 	}
@@ -183,7 +184,7 @@ func TestReadBOM_XML_ExplicitFormat(t *testing.T) {
 	p := filepath.Join(dir, "bom.xml")
 	writeBOMFile(t, p, cdx.BOMFileFormatXML)
 
-	b, err := ReadBOM(p, "xml")
+	b, err := bomio.ReadBOM(p, "xml")
 	if err != nil {
 		t.Fatalf("ReadBOM err = %v", err)
 	}
@@ -196,20 +197,20 @@ func TestReadBOM_AutoDetectsByExtension(t *testing.T) {
 
 	pJSON := filepath.Join(dir, "bom.json")
 	writeBOMFile(t, pJSON, cdx.BOMFileFormatJSON)
-	if _, err := ReadBOM(pJSON, "auto"); err != nil {
+	if _, err := bomio.ReadBOM(pJSON, "auto"); err != nil {
 		t.Fatalf("ReadBOM(json, auto) err = %v", err)
 	}
 
 	pXML := filepath.Join(dir, "bom.xml")
 	writeBOMFile(t, pXML, cdx.BOMFileFormatXML)
-	if _, err := ReadBOM(pXML, ""); err != nil { // empty behaves like auto
+	if _, err := bomio.ReadBOM(pXML, ""); err != nil { // empty behaves like auto
 		t.Fatalf("ReadBOM(xml, empty) err = %v", err)
 	}
 }
 
 // Test ReadBOM function error cases
 func TestReadBOM_InvalidPath_ReturnsError(t *testing.T) {
-	if _, err := ReadBOM("/definitely/does/not/exist/lol.json", "json"); err == nil {
+	if _, err := bomio.ReadBOM("/definitely/does/not/exist/lol.json", "json"); err == nil {
 		t.Fatalf("expected error for missing file")
 	}
 }
@@ -222,7 +223,7 @@ func TestReadBOM_InvalidContent_ReturnsDecodeError(t *testing.T) {
 		t.Fatalf("write file: %v", err)
 	}
 
-	if _, err := ReadBOM(p, "json"); err == nil {
+	if _, err := bomio.ReadBOM(p, "json"); err == nil {
 		t.Fatalf("expected decode error")
 	}
 }
@@ -232,7 +233,7 @@ func TestReadBOM_FormatMismatch_ReturnsDecodeError(t *testing.T) {
 	p := filepath.Join(dir, "bom.json")
 	writeBOMFile(t, p, cdx.BOMFileFormatJSON)
 
-	if _, err := ReadBOM(p, "xml"); err == nil {
+	if _, err := bomio.ReadBOM(p, "xml"); err == nil {
 		t.Fatalf("expected decode error when decoding json as xml")
 	}
 }

internal/generator/generator.go

@@ -2,8 +2,6 @@ package generator
 
 import (
 	"context"
-	"fmt"
-	"io"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -12,6 +10,7 @@ import (
 
 	"github.com/idlab-discover/AIBoMGen-cli/internal/builder"
 	"github.com/idlab-discover/AIBoMGen-cli/internal/fetcher"
+	bomio "github.com/idlab-discover/AIBoMGen-cli/internal/io"
 	"github.com/idlab-discover/AIBoMGen-cli/internal/scanner"
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
@@ -22,8 +21,6 @@ type DiscoveredBOM struct {
 	BOM       *cdx.BOM
 }
 
-var logOut io.Writer
-
 // BuildPerDiscovery orchestrates: fetch HF API (optional) → build BOM per model via registry-driven builder.
 func BuildPerDiscovery(discoveries []scanner.Discovery, hfToken string, timeout time.Duration) ([]DiscoveredBOM, error) {
 	results := make([]DiscoveredBOM, 0, len(discoveries))
@@ -93,74 +90,11 @@ func WriteWithFormatAndSpec(outputPath string, bom *cdx.BOM, format string, spec
 	if err := os.MkdirAll(filepath.Dir(outputPath), 0o755); err != nil {
 		return err
 	}
-
-	actual := format
-	if actual == "auto" || actual == "" {
-		ext := strings.ToLower(filepath.Ext(outputPath))
-		if ext == ".xml" {
-			actual = "xml"
-		} else {
-			actual = "json"
-		}
-	}
-
-	// Enforce extension/format consistency when extension present and format explicitly set
-	ext := strings.ToLower(filepath.Ext(outputPath))
-	if actual != "auto" && ext != "" {
-		switch actual {
-		case "xml":
-			if ext != ".xml" {
-				return fmt.Errorf("output path extension %q does not match format %q", ext, actual)
-			}
-		case "json":
-			if ext != ".json" {
-				return fmt.Errorf("output path extension %q does not match format %q", ext, actual)
-			}
-		}
-	}
-
-	fileFmt := cdx.BOMFileFormatJSON
-	if actual == "xml" {
-		fileFmt = cdx.BOMFileFormatXML
-	}
-
-	f, err := os.Create(outputPath)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	encoder := cdx.NewBOMEncoder(f, fileFmt)
-	encoder.SetPretty(true)
-
-	if spec == "" {
-		return encoder.Encode(bom)
-	}
-
-	sv, ok := ParseSpecVersion(spec)
-	if !ok {
-		return fmt.Errorf("unsupported CycloneDX spec version: %q", spec)
-	}
-	return encoder.EncodeVersion(bom, sv)
+	return bomio.WriteBOM(bom, outputPath, format, spec)
 }
 
+// ParseSpecVersion parses a spec version string.
+// Deprecated: Use bomio.ParseSpecVersion instead.
 func ParseSpecVersion(s string) (cdx.SpecVersion, bool) {
-	switch s {
-	case "1.0":
-		return cdx.SpecVersion1_0, true
-	case "1.1":
-		return cdx.SpecVersion1_1, true
-	case "1.2":
-		return cdx.SpecVersion1_2, true
-	case "1.3":
-		return cdx.SpecVersion1_3, true
-	case "1.4":
-		return cdx.SpecVersion1_4, true
-	case "1.5":
-		return cdx.SpecVersion1_5, true
-	case "1.6":
-		return cdx.SpecVersion1_6, true
-	default:
-		return 0, false
-	}
+	return bomio.ParseSpecVersion(s)
 }