Yes, definitely there should be tests to enforce this, but you need to specify what the contract is somewhere, so that when someone comes along to write the code, they understand the requirements.
Ok, well we can add extra rules to this module:
* no non-optional dependencies on other jars (must be self contained)
* bean validation must have no deps outside BV api
I think it would be sensible to add a short contract.txt to each module to include these requirements. Shane, could you add these?
Technically that is the purpose of the maven enforcer plugin. With patience, it can be configured to fail the build when certain dependencies show up (or are outside of a pattern list).
You need more than that - you need to execute an test for each piece of functionality that has such a contract and ensure it runs with only it's deps in the classpath. The enforcer plugin is more about enforcing a rule on a dependency management, not on how people write code AFAIK.
True, I was thinking more in terms of an alternative to contract.txt, which just makes me cringe. We should enforce the requirement declaratively (and tie it into the build), then write tests if necessary that validate it further.
So we'll take both approaches and we'll have all the bases covered ;)