Add comprehensive data validation to Foundation types

Implements validation for DataSourceMetadata, RestoreImageRecord, and ReviewEngagementThreshold to prevent runtime errors from invalid data. CloudKit record names are validated for ASCII compliance and length constraints, restore image hashes are validated for proper format, and environment configuration uses a type-safe wrapper with appropriate defaults.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: leogdion

Sources/BushelFoundation/DataSourceMetadata.swift

@@ -70,6 +70,30 @@ public struct DataSourceMetadata: Codable, Sendable {
     fetchDurationSeconds: Double = 0,
     lastError: String? = nil
   ) {
+    // Validation using precondition (fail-fast approach)
+    precondition(!sourceName.isEmpty, "sourceName cannot be empty")
+    precondition(!recordTypeName.isEmpty, "recordTypeName cannot be empty")
+    precondition(
+      sourceName.unicodeScalars.allSatisfy { $0.isASCII },
+      "sourceName must contain only ASCII characters: \(sourceName)"
+    )
+    precondition(
+      recordTypeName.unicodeScalars.allSatisfy { $0.isASCII },
+      "recordTypeName must contain only ASCII characters: \(recordTypeName)"
+    )
+
+    let recordName = "metadata-\(sourceName)-\(recordTypeName)"
+    precondition(
+      recordName.count <= 255,
+      "CloudKit record name exceeds 255 characters: \(recordName.count)"
+    )
+
+    precondition(recordCount >= 0, "recordCount cannot be negative: \(recordCount)")
+    precondition(
+      fetchDurationSeconds >= 0,
+      "fetchDurationSeconds cannot be negative: \(fetchDurationSeconds)"
+    )
+
     self.sourceName = sourceName
     self.recordTypeName = recordTypeName
     self.lastFetchedAt = lastFetchedAt
@@ -78,4 +102,54 @@ public struct DataSourceMetadata: Codable, Sendable {
     self.fetchDurationSeconds = fetchDurationSeconds
     self.lastError = lastError
   }
+
+  /// Validates DataSourceMetadata parameters without creating an instance.
+  ///
+  /// - Parameters:
+  ///   - sourceName: The data source name
+  ///   - recordTypeName: The record type name
+  ///   - recordCount: Number of records
+  ///   - fetchDurationSeconds: Fetch duration in seconds
+  /// - Throws: `DataSourceMetadataValidationError` if validation fails
+  public static func validate(
+    sourceName: String,
+    recordTypeName: String,
+    recordCount: Int,
+    fetchDurationSeconds: Double
+  ) throws {
+    try validateNames(sourceName: sourceName, recordTypeName: recordTypeName)
+    try validateNumericFields(recordCount: recordCount, fetchDurationSeconds: fetchDurationSeconds)
+  }
+
+  private static func validateNames(sourceName: String, recordTypeName: String) throws {
+    if sourceName.isEmpty {
+      throw DataSourceMetadataValidationError(details: .emptySourceName)
+    }
+    if recordTypeName.isEmpty {
+      throw DataSourceMetadataValidationError(details: .emptyRecordTypeName)
+    }
+    if !sourceName.unicodeScalars.allSatisfy({ $0.isASCII }) {
+      throw DataSourceMetadataValidationError(details: .nonASCIISourceName(sourceName))
+    }
+    if !recordTypeName.unicodeScalars.allSatisfy({ $0.isASCII }) {
+      throw DataSourceMetadataValidationError(details: .nonASCIIRecordTypeName(recordTypeName))
+    }
+
+    let recordName = "metadata-\(sourceName)-\(recordTypeName)"
+    if recordName.count > 255 {
+      throw DataSourceMetadataValidationError(details: .recordNameTooLong(recordName.count))
+    }
+  }
+
+  private static func validateNumericFields(
+    recordCount: Int,
+    fetchDurationSeconds: Double
+  ) throws {
+    if recordCount < 0 {
+      throw DataSourceMetadataValidationError(details: .negativeRecordCount(recordCount))
+    }
+    if fetchDurationSeconds < 0 {
+      throw DataSourceMetadataValidationError(details: .negativeFetchDuration(fetchDurationSeconds))
+    }
+  }
 }

Sources/BushelFoundation/DataSourceMetadataValidationError.swift

@@ -0,0 +1,58 @@
+//
+//  DataSourceMetadataValidationError.swift
+//  BushelKit
+//
+//  Created by Leo Dion.
+//  Copyright © 2025 BrightDigit.
+//
+//  Permission is hereby granted, free of charge, to any person
+//  obtaining a copy of this software and associated documentation
+//  files (the “Software”), to deal in the Software without
+//  restriction, including without limitation the rights to use,
+//  copy, modify, merge, publish, distribute, sublicense, and/or
+//  sell copies of the Software, and to permit persons to whom the
+//  Software is furnished to do so, subject to the following
+//  conditions:
+//
+//  The above copyright notice and this permission notice shall be
+//  included in all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+//  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+//  OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+//  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+//  HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+//  WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+//  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+//  OTHER DEALINGS IN THE SOFTWARE.
+//
+
+/// Validation errors for DataSourceMetadata.
+public struct DataSourceMetadataValidationError: Error, Sendable {
+  /// Specific validation error details.
+  public enum Details: Equatable, Sendable {
+    /// The source name is empty.
+    case emptySourceName
+    /// The record type name is empty.
+    case emptyRecordTypeName
+    /// The source name contains non-ASCII characters.
+    case nonASCIISourceName(String)
+    /// The record type name contains non-ASCII characters.
+    case nonASCIIRecordTypeName(String)
+    /// The generated CloudKit record name exceeds 255 characters.
+    case recordNameTooLong(Int)
+    /// The record count is negative.
+    case negativeRecordCount(Int)
+    /// The fetch duration is negative.
+    case negativeFetchDuration(Double)
+  }
+
+  /// The specific validation error.
+  public let details: Details
+
+  /// Creates a new validation error.
+  /// - Parameter details: The specific validation error details.
+  public init(details: Details) {
+    self.details = details
+  }
+}

Sources/BushelFoundation/EnvironmentConfiguration.swift

@@ -74,7 +74,7 @@ public struct EnvironmentConfiguration: CustomReflectable, Sendable {
 
   /// The threshold of user engagement to trigger a review request.
   @EnvironmentProperty(Key.reviewEngagementThreshold)
-  public var reviewEngagementThreshold: Int
+  public var reviewEngagementThreshold: ReviewEngagementThreshold
 
   /// Provides a custom mirror for the `EnvironmentConfiguration` instance.
   public var customMirror: Mirror {
@@ -86,7 +86,7 @@ public struct EnvironmentConfiguration: CustomReflectable, Sendable {
         "onboardingOveride": self.onboardingOveride,
         "resetApplication": self.resetApplication,
         "releaseVersion": self.releaseVersion,
-        "reviewEngagementThreshold": self.reviewEngagementThreshold,
+        "reviewEngagementThreshold": self.reviewEngagementThreshold.rawValue,
       ]
     )
   }

Sources/BushelFoundation/RestoreImageRecord.swift

@@ -105,4 +105,60 @@ public struct RestoreImageRecord: Codable, Sendable {
     self.notes = notes
     self.sourceUpdatedAt = sourceUpdatedAt
   }
+
+  /// Validates all fields of the restore image record.
+  ///
+  /// - Throws: `RestoreImageRecordValidationError` if any field is invalid.
+  public func validate() throws {
+    try Self.validateSHA256Hash(sha256Hash)
+    try Self.validateSHA1Hash(sha1Hash)
+    try Self.validateFileSize(fileSize)
+    try Self.validateDownloadURL(downloadURL)
+  }
+
+  /// Returns true if all fields pass validation.
+  public var isValid: Bool {
+    do {
+      try validate()
+      return true
+    } catch {
+      return false
+    }
+  }
+}
+
+extension RestoreImageRecord {
+  fileprivate static func isValidHexadecimal(_ string: String) -> Bool {
+    string.allSatisfy { $0.isHexDigit }
+  }
+
+  fileprivate static func validateSHA256Hash(_ hash: String) throws {
+    guard hash.count == 64 else {
+      throw RestoreImageRecordValidationError.invalidSHA256Hash(hash, expectedLength: 64)
+    }
+    guard isValidHexadecimal(hash) else {
+      throw RestoreImageRecordValidationError.nonHexadecimalSHA256(hash)
+    }
+  }
+
+  fileprivate static func validateSHA1Hash(_ hash: String) throws {
+    guard hash.count == 40 else {
+      throw RestoreImageRecordValidationError.invalidSHA1Hash(hash, expectedLength: 40)
+    }
+    guard isValidHexadecimal(hash) else {
+      throw RestoreImageRecordValidationError.nonHexadecimalSHA1(hash)
+    }
+  }
+
+  fileprivate static func validateFileSize(_ size: Int) throws {
+    guard size > 0 else {
+      throw RestoreImageRecordValidationError.nonPositiveFileSize(size)
+    }
+  }
+
+  fileprivate static func validateDownloadURL(_ url: URL) throws {
+    guard url.scheme?.lowercased() == "https" else {
+      throw RestoreImageRecordValidationError.insecureDownloadURL(url)
+    }
+  }
 }

Sources/BushelFoundation/RestoreImageRecordValidationError.swift

@@ -0,0 +1,46 @@
+//
+//  RestoreImageRecordValidationError.swift
+//  BushelKit
+//
+//  Created by Leo Dion.
+//  Copyright © 2025 BrightDigit.
+//
+//  Permission is hereby granted, free of charge, to any person
+//  obtaining a copy of this software and associated documentation
+//  files (the “Software”), to deal in the Software without
+//  restriction, including without limitation the rights to use,
+//  copy, modify, merge, publish, distribute, sublicense, and/or
+//  sell copies of the Software, and to permit persons to whom the
+//  Software is furnished to do so, subject to the following
+//  conditions:
+//
+//  The above copyright notice and this permission notice shall be
+//  included in all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+//  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+//  OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+//  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+//  HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+//  WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+//  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+//  OTHER DEALINGS IN THE SOFTWARE.
+//
+
+public import Foundation
+
+/// Validation errors for RestoreImageRecord.
+public enum RestoreImageRecordValidationError: Error, Sendable, Equatable {
+  /// SHA-256 hash has invalid length.
+  case invalidSHA256Hash(String, expectedLength: Int)
+  /// SHA-1 hash has invalid length.
+  case invalidSHA1Hash(String, expectedLength: Int)
+  /// SHA-256 hash contains non-hexadecimal characters.
+  case nonHexadecimalSHA256(String)
+  /// SHA-1 hash contains non-hexadecimal characters.
+  case nonHexadecimalSHA1(String)
+  /// File size is not positive.
+  case nonPositiveFileSize(Int)
+  /// Download URL does not use HTTPS.
+  case insecureDownloadURL(URL)
+}

Sources/BushelFoundation/ReviewEngagementThreshold.swift

@@ -0,0 +1,76 @@
+//
+//  ReviewEngagementThreshold.swift
+//  BushelKit
+//
+//  Created by Leo Dion.
+//  Copyright © 2025 BrightDigit.
+//
+//  Permission is hereby granted, free of charge, to any person
+//  obtaining a copy of this software and associated documentation
+//  files (the “Software”), to deal in the Software without
+//  restriction, including without limitation the rights to use,
+//  copy, modify, merge, publish, distribute, sublicense, and/or
+//  sell copies of the Software, and to permit persons to whom the
+//  Software is furnished to do so, subject to the following
+//  conditions:
+//
+//  The above copyright notice and this permission notice shall be
+//  included in all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+//  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+//  OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+//  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+//  HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+//  WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+//  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+//  OTHER DEALINGS IN THE SOFTWARE.
+//
+
+public import BushelUtilities
+public import Foundation
+
+/// The threshold of user engagement actions required before requesting an app review.
+public struct ReviewEngagementThreshold:
+  RawRepresentable,
+  EnvironmentValue,
+  ExpressibleByIntegerLiteral,
+  Sendable,
+  Codable,
+  Equatable
+{
+  public typealias RawValue = Int
+
+  /// The default threshold value (10 interactions).
+  public static let `default`: ReviewEngagementThreshold = 10
+
+  /// The underlying integer value.
+  public let rawValue: Int
+
+  /// Returns the string representation for environment variable storage.
+  public var environmentStringValue: String {
+    "\(rawValue)"
+  }
+
+  /// Creates a threshold from a raw integer value.
+  /// - Parameter rawValue: The threshold count.
+  public init(rawValue: Int) {
+    self.rawValue = rawValue
+  }
+
+  /// Creates a threshold from an environment variable string.
+  /// - Parameter environmentStringValue: The string value from the environment.
+  /// - Returns: A threshold instance, or nil if the string is not a valid integer.
+  public init?(environmentStringValue: String) {
+    guard let value = Int(environmentStringValue) else {
+      return nil
+    }
+    self.rawValue = value
+  }
+
+  /// Creates a threshold from an integer literal.
+  /// - Parameter value: The literal integer value.
+  public init(integerLiteral value: IntegerLiteralType) {
+    self.rawValue = value
+  }
+}