External Dependency Contracts¶
External dependency contracts prevent selected source layers from referencing forbidden vendor or framework dependency groups.
Groups:
strict_externalaudit_external
Define dependency groups¶
external_dependencies:
unity_editor:
namespace_prefixes:
- UnityEditor
type_prefixes: []
infrastructure_sdks:
namespace_prefixes:
- Microsoft.EntityFrameworkCore
- Npgsql
type_prefixes:
- Stripe.StripeClient
Add a contract¶
contracts:
strict_external:
- id: domain-no-infrastructure-sdks
name: domain-must-not-reference-infrastructure-sdks
source: domain
forbidden: [infrastructure_sdks]
reason: Domain code must not expose infrastructure SDK types.
What is checked¶
External dependency contracts detect forbidden references through:
- Type-level metadata: base types, interfaces, fields, properties, method signatures, generic arguments.
- Method-body IL scanning: method calls, constructor calls, field/property access, and type references inside method bodies.
They do not analyze third-party package internals and should not be presented as semantic data-flow analysis. This is static reference analysis, not runtime behavior validation.