Add ForbiddenPublicSealedClass detekt rule by tonidero · Pull Request #3503 · RevenueCat/purchases-android

tonidero · 2026-05-22T16:08:24Z

Summary

Adds a new :detekt-rules Gradle module with a custom ForbiddenPublicSealedClass detekt rule
The rule flags public sealed class and public sealed interface declarations in non-example paths, unless annotated with @InternalRevenueCatAPI
Mirrors the existing ForbiddenPublicDataClass enforcement pattern from detekt-rules-libraries
Pre-existing violations (intentionally public sealed types already in the SDK) are added to the detekt baseline
The rule correctly ignores sealed classes nested inside internal classes (e.g. SubscriberAttributeKey subtypes)

Why: Adding a new subclass to a public sealed class/interface is a binary-incompatible change — any exhaustive when in consumer code breaks at runtime. Catching this at lint time prevents accidental API breakage.

Baselined pre-existing violations (to be addressed in follow-up PRs if needed):

AmazonPurchasingData, GalaxyPurchasingData, GooglePurchasingData
RedeemWebPurchaseListener.Result
PaywallResult, PaywallFont, PurchaseLogicResult
Purchases.DeepLink (custom entitlement computation variant)

Test plan

./gradlew detektAll passes with no new violations
Adding a new public sealed class without @InternalRevenueCatAPI in purchases/src/main/kotlin/ causes detektAll to fail
Adding @InternalRevenueCatAPI to that class suppresses the violation
Classes nested inside internal classes are not flagged

🤖 Generated with Claude Code

Public sealed classes and interfaces in SDK public APIs are a binary compatibility hazard: adding a new subclass breaks any exhaustive `when` in consumer code. This adds a custom `:detekt-rules` module with a `ForbiddenPublicSealedClass` rule that mirrors the existing `ForbiddenPublicDataClass` enforcement, suppressed via `@InternalRevenueCatAPI`. Pre-existing violations are baselined. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

socket-security · 2026-05-22T16:08:58Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	maven/io.gitlab.arturbosch.detekt/detekt-api@1.23.6 ⏵ 1.23.8	⁺⁶

View full report

codecov · 2026-05-22T16:29:33Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.89%. Comparing base (8d7b612) to head (add8da2).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3503   +/-   ##
=======================================
  Coverage   79.89%   79.89%           
=======================================
  Files         369      369           
  Lines       14871    14871           
  Branches     2048     2048           
=======================================
  Hits        11881    11881           
  Misses       2157     2157           
  Partials      833      833

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

tonidero added the pr:other label May 22, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ForbiddenPublicSealedClass detekt rule#3503

Add ForbiddenPublicSealedClass detekt rule#3503
tonidero wants to merge 1 commit into
mainfrom
add-forbidden-public-sealed-class-detekt-rule

tonidero commented May 22, 2026

Uh oh!

socket-security Bot commented May 22, 2026

Uh oh!

codecov Bot commented May 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

tonidero commented May 22, 2026

Summary

Test plan

Uh oh!

socket-security Bot commented May 22, 2026

Uh oh!

codecov Bot commented May 22, 2026

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant