Skip to content

Pattern Categories

Jump to bottom
geoffrey fernald edited this page Jan 28, 2026 · 2 revisions

Pattern Categories

Drift detects patterns across 15 categories covering all aspects of modern software development.

Overview

Category Description Example Patterns
api REST endpoints, GraphQL Route handlers, response format
auth Authentication/authorization Middleware, guards, RBAC
security Security patterns Validation, sanitization, CSRF
errors Error handling Try/catch, Result types
logging Observability Structured logging, correlation
data-access Database queries ORM patterns, repositories
config Configuration Environment vars, feature flags
testing Test patterns Mocks, fixtures, setup
performance Optimization Caching, memoization
components UI components React, Vue, Angular
styling CSS patterns Tailwind, CSS-in-JS
structural Code organization Modules, exports, naming
types Type definitions Interfaces, schemas
accessibility A11y patterns ARIA, semantic HTML
documentation Doc patterns JSDoc, docstrings

API Patterns

Patterns for HTTP endpoints and API design.

What's Detected

  • HTTP Methods β€” GET, POST, PUT, DELETE usage
  • Route Structure β€” Path patterns, parameters
  • Response Envelopes β€” Consistent response format
  • Pagination β€” Cursor vs offset, page size
  • Retry Patterns β€” Exponential backoff, circuit breaker
  • Error Formats β€” Error response structure
  • Client Patterns β€” Fetch, Axios, custom clients

Example

// Detected pattern: REST controller with consistent structure
@Controller('/api/v1/users')
export class UsersController {
  @Get('/:id')
  async getUser(@Param('id') id: string) {
    return { data: user, meta: { timestamp: Date.now() } };
  }
}

Violations Flagged

  • POST for read operations
  • GET for mutations
  • Inconsistent response format
  • Missing pagination on list endpoints

Auth Patterns

Patterns for authentication and authorization.

What's Detected

  • Middleware Usage β€” Auth middleware placement
  • Permission Checks β€” Role-based access control
  • Token Handling β€” JWT, session tokens
  • Audit Logging β€” Auth event tracking
  • Resource Ownership β€” User-scoped data access

Example

// Detected pattern: Auth middleware before handlers
@Controller('/api/admin')
@UseGuards(AuthGuard, RoleGuard('admin'))
export class AdminController {
  // All routes require auth + admin role
}

Violations Flagged

  • Unprotected sensitive endpoints
  • Missing role checks
  • Inconsistent auth middleware

Security Patterns

Patterns for application security.

What's Detected

  • Input Sanitization β€” XSS prevention
  • CSRF Protection β€” Token validation
  • SQL Injection Prevention β€” Parameterized queries
  • Rate Limiting β€” Request throttling
  • Secret Management β€” Environment variables
  • CSP Headers β€” Content Security Policy

Example

// Detected pattern: Input validation before processing
@Post('/users')
@UsePipes(ValidationPipe)
async createUser(@Body() dto: CreateUserDto) {
  // dto is validated and sanitized
}

Violations Flagged

  • Raw SQL with string concatenation
  • Missing input validation
  • Hardcoded secrets

Error Patterns

Patterns for error handling.

What's Detected

  • Try-Catch Placement β€” Error boundary locations
  • Error Propagation β€” How errors flow up
  • Exception Hierarchy β€” Custom error classes
  • Error Logging β€” What gets logged
  • Circuit Breaker β€” Failure isolation
  • Async Errors β€” Promise rejection handling

Example

// Detected pattern: Consistent error handling
try {
  const result = await service.process();
  return result;
} catch (error) {
  logger.error('Processing failed', { error, context });
  throw new AppError('PROCESSING_FAILED', error);
}

Violations Flagged

  • Empty catch blocks
  • Swallowed errors
  • Inconsistent error types

Logging Patterns

Patterns for observability.

What's Detected

  • Log Levels β€” DEBUG, INFO, WARN, ERROR usage
  • Structured Format β€” JSON logging
  • Correlation IDs β€” Request tracing
  • Context Fields β€” What's included in logs
  • PII Redaction β€” Sensitive data masking
  • Health Checks β€” Liveness/readiness probes
  • Metrics β€” Custom metrics collection

Example

// Detected pattern: Structured logging with context
logger.info('User created', {
  userId: user.id,
  email: '[REDACTED]',
  correlationId: req.correlationId,
});

Violations Flagged

  • Console.log in production code
  • Missing correlation IDs
  • PII in logs

Data Access Patterns

Patterns for database operations.

What's Detected

  • Repository Pattern β€” Data access abstraction
  • Query Patterns β€” ORM usage
  • N+1 Detection β€” Inefficient queries
  • DTO Patterns β€” Data transfer objects
  • Transaction Patterns β€” ACID compliance
  • Connection Pooling β€” Database connections

Supported ORMs

Language ORMs
TypeScript Prisma, TypeORM, Drizzle, Sequelize, Mongoose
Python Django ORM, SQLAlchemy, Tortoise
Java JPA, Hibernate, MyBatis
C# Entity Framework, Dapper
PHP Eloquent, Doctrine
Go GORM, sqlx, Ent
Rust SQLx, Diesel, SeaORM

Example

// Detected pattern: Repository with consistent methods
class UserRepository {
  async findById(id: string): Promise<User | null> {
    return this.prisma.user.findUnique({ where: { id } });
  }
  
  async create(data: CreateUserDto): Promise<User> {
    return this.prisma.user.create({ data });
  }
}

Violations Flagged

  • Raw SQL without parameterization
  • N+1 query patterns
  • Missing transactions for multi-step operations

Config Patterns

Patterns for configuration management.

What's Detected

  • Environment Detection β€” Dev/staging/prod
  • Feature Flags β€” Toggle functionality
  • Default Values β€” Fallback configuration
  • Required vs Optional β€” Mandatory settings
  • Validation β€” Config validation
  • Naming Conventions β€” ENV_VAR naming

Example

// Detected pattern: Validated config with defaults
const config = {
  port: parseInt(process.env.PORT ?? '3000'),
  database: {
    url: requireEnv('DATABASE_URL'),
    poolSize: parseInt(process.env.DB_POOL_SIZE ?? '10'),
  },
};

Violations Flagged

  • Missing required environment variables
  • Hardcoded configuration
  • Inconsistent naming

Testing Patterns

Patterns for test code.

What's Detected

  • File Naming β€” Test file conventions
  • Describe Naming β€” Test suite structure
  • Fixture Patterns β€” Test data setup
  • Mock Patterns β€” Mocking strategies
  • Setup/Teardown β€” Before/after hooks
  • Test Structure β€” Arrange-Act-Assert
  • Co-location β€” Tests near source

Supported Frameworks

Language Frameworks
TypeScript Jest, Vitest, Mocha
Python pytest, unittest
Java JUnit, TestNG
C# xUnit, NUnit, MSTest
PHP PHPUnit, Pest
Go testing, testify
Rust rust-test, tokio-test
C++ Google Test, Catch2

Example

// Detected pattern: Consistent test structure
describe('UserService', () => {
  let service: UserService;
  let mockRepo: MockUserRepository;

  beforeEach(() => {
    mockRepo = createMockUserRepository();
    service = new UserService(mockRepo);
  });

  it('should create user', async () => {
    const result = await service.create(userData);
    expect(result).toMatchObject(expectedUser);
  });
});

Violations Flagged

  • Tests without assertions
  • Inconsistent naming
  • Missing setup/teardown

Performance Patterns

Patterns for optimization.

What's Detected

  • Caching Patterns β€” Cache usage and invalidation
  • Code Splitting β€” Dynamic imports
  • Lazy Loading β€” Deferred loading
  • Memoization β€” Computed value caching
  • Debounce/Throttle β€” Rate limiting
  • Bundle Size β€” Import optimization

Example

// Detected pattern: Memoized expensive computation
const expensiveResult = useMemo(() => {
  return computeExpensiveValue(data);
}, [data]);

Violations Flagged

  • Missing memoization for expensive operations
  • Unnecessary re-renders
  • Large bundle imports

Component Patterns

Patterns for UI components.

What's Detected

  • Props Patterns β€” Prop types and defaults
  • State Patterns β€” State management
  • Composition β€” Component composition
  • Ref Forwarding β€” Ref handling
  • Near-Duplicates β€” Similar components
  • Modal Patterns β€” Dialog handling

Example

// Detected pattern: Consistent component structure
interface ButtonProps {
  variant: 'primary' | 'secondary';
  size?: 'sm' | 'md' | 'lg';
  children: React.ReactNode;
  onClick?: () => void;
}

export const Button: React.FC<ButtonProps> = ({
  variant,
  size = 'md',
  children,
  onClick,
}) => {
  return (
    <button className={cn(styles[variant], styles[size])} onClick={onClick}>
      {children}
    </button>
  );
};

Violations Flagged

  • Missing prop types
  • Inconsistent component structure
  • Duplicate components

Styling Patterns

Patterns for CSS and styling.

What's Detected

  • Class Naming β€” BEM, utility-first
  • Design Tokens β€” Color, spacing, typography
  • Responsive Patterns β€” Breakpoints, media queries
  • Spacing Scale β€” Consistent spacing
  • Typography β€” Font usage
  • Color Usage β€” Color palette
  • Z-Index Scale β€” Layering
  • Tailwind Patterns β€” Utility class usage

Example

// Detected pattern: Tailwind with consistent spacing
<div className="p-4 md:p-6 lg:p-8 space-y-4">
  <h1 className="text-2xl font-bold text-gray-900">Title</h1>
  <p className="text-gray-600">Description</p>
</div>

Violations Flagged

  • Hardcoded colors
  • Inconsistent spacing
  • Missing responsive styles

Structural Patterns

Patterns for code organization.

What's Detected

  • File Naming β€” Naming conventions
  • Directory Structure β€” Folder organization
  • Barrel Exports β€” Index files
  • Circular Dependencies β€” Import cycles
  • Co-location β€” Related files together
  • Import Ordering β€” Import organization
  • Module Boundaries β€” Package structure

Example

// Detected pattern: Feature-based structure
src/
β”œβ”€β”€ features/
β”‚   β”œβ”€β”€ users/
β”‚   β”‚   β”œβ”€β”€ components/
β”‚   β”‚   β”œβ”€β”€ hooks/
β”‚   β”‚   β”œβ”€β”€ services/
β”‚   β”‚   └── index.ts
β”‚   └── orders/
β”‚       β”œβ”€β”€ components/
β”‚       β”œβ”€β”€ hooks/
β”‚       β”œβ”€β”€ services/
β”‚       └── index.ts
└── shared/
    β”œβ”€β”€ components/
    └── utils/

Violations Flagged

  • Inconsistent naming
  • Circular imports
  • Deep nesting

Types Patterns

Patterns for type definitions.

What's Detected

  • Any Usage β€” Type safety violations
  • Interface vs Type β€” Declaration style
  • Generic Patterns β€” Generic usage
  • Naming Conventions β€” Type naming
  • Type Assertions β€” Cast usage
  • Utility Types β€” Built-in type usage

Example

// Detected pattern: Consistent interface naming
interface User {
  id: string;
  email: string;
  createdAt: Date;
}

interface CreateUserDto {
  email: string;
  password: string;
}

type UserWithPosts = User & { posts: Post[] };

Violations Flagged

  • any type usage
  • Inconsistent naming
  • Missing type annotations

Accessibility Patterns

Patterns for accessibility.

What's Detected

  • Alt Text β€” Image descriptions
  • ARIA Roles β€” Semantic roles
  • Keyboard Navigation β€” Focus handling
  • Focus Management β€” Focus trapping
  • Heading Hierarchy β€” H1-H6 structure
  • Semantic HTML β€” Proper elements

Example

// Detected pattern: Accessible button
<button
  aria-label="Close dialog"
  onClick={onClose}
  onKeyDown={(e) => e.key === 'Escape' && onClose()}
>
  <CloseIcon aria-hidden="true" />
</button>

Violations Flagged

  • Missing alt text
  • Incorrect heading hierarchy
  • Missing ARIA labels

Documentation Patterns

Patterns for code documentation.

What's Detected

  • JSDoc Patterns β€” Function documentation
  • README Structure β€” Project documentation
  • Deprecation β€” Deprecated code marking
  • Example Code β€” Usage examples
  • TODO Patterns β€” Task tracking

Example

// Detected pattern: Consistent JSDoc
/**
 * Creates a new user in the system.
 * 
 * @param data - User creation data
 * @returns The created user
 * @throws {ValidationError} If data is invalid
 * @example
 * const user = await createUser({ email: 'test@example.com' });
 */
async function createUser(data: CreateUserDto): Promise<User> {
  // ...
}

Violations Flagged

  • Missing documentation on public APIs
  • Outdated documentation
  • Missing examples

Confidence Scoring

Each pattern has a confidence score (0.0-1.0):

Score Level Meaning
0.9-1.0 High Strongly established, consistent
0.7-0.9 Medium Well-established, some variation
0.5-0.7 Low Emerging, review recommended
<0.5 Uncertain Insufficient data, may be noise

Confidence is calculated from:

  • Frequency β€” How often the pattern appears
  • Consistency β€” How uniform the pattern is
  • Spread β€” How many files contain it
  • Age β€” How long it's existed

Pattern Lifecycle

Discovery β†’ Discovered β†’ Approved/Ignored β†’ Enforcement
  1. Discovered β€” Auto-detected during scan
  2. Approved β€” User confirms as "how we do things"
  3. Ignored β€” User marks as not relevant
  4. Enforcement β€” Approved patterns flag violations

See Architecture for more details on the pattern system.

πŸš€ Getting Started

πŸ€– MCP Server

🧠 Cortex Memory System

πŸ“– Reference

πŸ”¬ Analysis

πŸ› οΈ AI Tools

πŸ—οΈ Advanced Features

πŸ”§ CI/CD Integration

πŸ’¬ Community

πŸ“Š Stats (v0.9.40)

  • 10 Languages
  • 21 Frameworks
  • 16 ORMs
  • 400+ Detectors
  • 50+ MCP Tools
  • 60+ CLI Commands
  • 23 Memory Types

πŸ”— Links

Clone this wiki locally