@aaronshaf/ger 1.2.11 → 2.0.1

package/.ast-grep/rules/no-as-casting.yml

@@ -0,0 +1,13 @@
+id: no-as-casting
+language: typescript
+rule:
+  any:
+    - pattern: $EXPR as $TYPE
+  not:
+    any:
+      - pattern: $EXPR as const
+      - pattern: $EXPR as unknown
+      - pattern: ($EXPR as unknown) as $TYPE2
+      - pattern: $EXPR as unknown as $TYPE2
+message: Type casting with 'as' is not allowed. Use proper typing or 'as unknown' if necessary.
+severity: error

package/.claude-plugin/plugin.json

@@ -0,0 +1,22 @@
+{
+  "name": "ger",
+  "version": "0.3.4",
+  "description": "Claude Code skill for working with Gerrit Code Review using the ger CLI tool. Provides expertise in Gerrit workflows, code review best practices, and ger command usage.",
+  "author": {
+    "name": "Aaron Shafovaloff",
+    "url": "https://github.com/aaronshaf"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/aaronshaf/ger"
+  },
+  "homepage": "https://github.com/aaronshaf/ger#readme",
+  "license": "MIT",
+  "keywords": [
+    "gerrit",
+    "code-review",
+    "cli",
+    "workflow",
+    "ai-assistant"
+  ]
+}

package/.github/workflows/ci-simple.yml

@@ -0,0 +1,53 @@
+name: CI (Simple)
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Test and Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run TypeScript check
+        run: bun run typecheck
+
+      - name: Run linting
+        run: bun run lint
+
+      - name: Run tests with coverage
+        run: bun run test:coverage
+
+      - name: Check coverage (non-blocking)
+        run: bun run test:coverage:check || echo "Coverage check completed with warnings"
+        continue-on-error: true
+
+      - name: Build check
+        run: bun run build

package/.github/workflows/ci.yml

@@ -0,0 +1,171 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # Fast checks that should run first
+  typecheck:
+    name: TypeScript Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: "1.2.17"
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: TypeScript check
+        run: bun run typecheck
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: "1.2.17"
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run oxlint
+        run: bun run lint
+
+
+  # Test jobs that depend on the fast checks passing
+  test:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    needs: [typecheck, lint]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: "1.2.17"
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run tests with coverage
+        run: bun run test:coverage
+
+      - name: Check coverage threshold
+        run: bun run test:coverage:check
+        continue-on-error: true
+
+  # Build job that runs after all checks pass
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: [test]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: "1.2.17"
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build check
+        run: bun run build
+
+  # Complete check that mirrors pre-commit hooks
+  all-checks:
+    name: All Checks (Mirror of pre-commit)
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: "1.2.17"
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run individual checks (safer than check:all)
+        run: |
+          echo "Running typecheck..."
+          bun run typecheck
+          echo "Running lint..."
+          bun run lint
+          echo "Running tests with coverage..."
+          bun run test:coverage
+          echo "All checks completed successfully!"

package/.github/workflows/claude-code-review.yml

@@ -0,0 +1,83 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review, reopened]
+    paths:
+      - "src/**/*.ts"
+      - "tests/**/*.ts"
+      - "scripts/**/*.ts"
+      - "package.json"
+      - "tsconfig.json"
+
+jobs:
+  claude-review:
+    # Skip draft PRs and PRs from bots
+    if: |
+      github.event.pull_request.draft == false &&
+      github.event.pull_request.user.login != 'dependabot[bot]'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # Enable progress tracking for sticky comments
+          track_progress: true
+
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Perform a comprehensive code review focusing on:
+
+            1. **Code Quality & Standards**
+               - Adherence to CLAUDE.md project rules
+               - TypeScript best practices with isolatedDeclarations
+               - No implicit any or as typecasting (except as const/as unknown)
+               - Functional programming patterns with Effect
+               - Files should not exceed 700 lines (block) or 500 lines (warn)
+
+            2. **Testing & Coverage**
+               - Minimum 80% code coverage requirement
+               - Both unit tests and integration tests for command changes
+               - Proper HTTP mocking with Bun's native fetch
+               - Effect Schema validation in tests
+
+            3. **Security**
+               - No sensitive data in code or error messages
+               - Effect Schema validation for all inputs
+               - SQL injection prevention
+
+            4. **Architecture & Patterns**
+               - Effect services implementation
+               - Cache-first strategy with SQLite
+               - Regional error boundaries
+               - Proper i18n with i18next
+
+            5. **Performance**
+               - Efficient caching strategies
+               - Minimized API calls
+               - Bundle size optimization
+
+            Provide detailed feedback using inline comments for specific issues.
+            Use top-level comments for general observations.
+            Reference file:line_number for all findings.
+
+          # Tools for comprehensive PR review with inline comments
+          claude_args: |
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"
+

package/.github/workflows/claude.yml

@@ -0,0 +1,50 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.anthropic.com/en/docs/claude-code/sdk#command-line for available options
+          # claude_args: '--model claude-opus-4-1-20250805 --allowed-tools Bash(gh pr:*)'
+

package/.github/workflows/dependency-update.yml

@@ -0,0 +1,84 @@
+name: Dependency Updates
+
+on:
+  schedule:
+    # Run weekly on Mondays at 9 AM UTC
+    - cron: '0 9 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-dependencies:
+    name: Update Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Update dependencies
+        run: |
+          # Update all dependencies
+          bun update
+          
+          # Check if there are any changes
+          if git diff --quiet bun.lockb package.json; then
+            echo "No dependency updates available"
+            echo "has_updates=false" >> $GITHUB_ENV
+          else
+            echo "Dependencies have been updated"
+            echo "has_updates=true" >> $GITHUB_ENV
+          fi
+
+      - name: Run tests after update
+        if: env.has_updates == 'true'
+        run: |
+          bun install --frozen-lockfile
+          bun run check:all
+
+      - name: Create Pull Request
+        if: env.has_updates == 'true'
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore: update dependencies'
+          title: 'chore: automated dependency updates'
+          body: |
+            ## Automated Dependency Updates
+            
+            This PR contains automated dependency updates.
+            
+            ### Changes
+            - Updated dependencies to their latest versions
+            - All tests and checks are passing
+            
+            ### Review Checklist
+            - [ ] Check for any breaking changes in the updated dependencies
+            - [ ] Verify that all tests are still passing
+            - [ ] Review any new security advisories
+            
+            🤖 This PR was created automatically by GitHub Actions.
+          branch: chore/update-dependencies
+          delete-branch: true
+          labels: |
+            dependencies
+            automated

package/.github/workflows/release.yml

@@ -0,0 +1,166 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (e.g., v1.0.0)'
+        required: true
+        type: string
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  # Run the same checks as CI before release
+  pre-release-checks:
+    name: Pre-release Checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run all checks
+        run: bun run check:all
+
+  # Build for multiple platforms
+  build-release:
+    name: Build Release
+    runs-on: ${{ matrix.os }}
+    needs: [pre-release-checks]
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        include:
+          - os: ubuntu-latest
+            target: linux
+          - os: macos-latest
+            target: darwin
+          - os: windows-latest
+            target: windows
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build for ${{ matrix.target }}
+        run: bun run build
+
+      - name: Create release archive (Unix)
+        if: matrix.os != 'windows-latest'
+        run: |
+          tar -czf gi-${{ matrix.target }}.tar.gz -C dist .
+
+      - name: Create release archive (Windows)
+        if: matrix.os == 'windows-latest'
+        run: |
+          Compress-Archive -Path dist\* -DestinationPath gi-${{ matrix.target }}.zip
+
+      - name: Upload release artifacts (Unix)
+        if: matrix.os != 'windows-latest'
+        uses: actions/upload-artifact@v4
+        with:
+          name: gi-${{ matrix.target }}
+          path: gi-${{ matrix.target }}.tar.gz
+          retention-days: 30
+
+      - name: Upload release artifacts (Windows)
+        if: matrix.os == 'windows-latest'
+        uses: actions/upload-artifact@v4
+        with:
+          name: gi-${{ matrix.target }}
+          path: gi-${{ matrix.target }}.zip
+          retention-days: 30
+
+  # Create GitHub release
+  create-release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    needs: [build-release]
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+
+      - name: Generate release notes
+        id: release-notes
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            VERSION="${{ github.event.inputs.version }}"
+          else
+            VERSION="${GITHUB_REF#refs/tags/}"
+          fi
+          
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          
+          # Generate changelog since last tag
+          LAST_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
+          if [[ -n "$LAST_TAG" ]]; then
+            echo "## Changes since $LAST_TAG" > release_notes.md
+            git log --pretty=format:"- %s (%an)" "$LAST_TAG"..HEAD >> release_notes.md
+          else
+            echo "## Initial Release" > release_notes.md
+            echo "First release of the Gerrit CLI tool with comprehensive security improvements." >> release_notes.md
+          fi
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ steps.release-notes.outputs.version }}
+          name: Release ${{ steps.release-notes.outputs.version }}
+          body_path: release_notes.md
+          files: |
+            artifacts/gi-linux/gi-linux.tar.gz
+            artifacts/gi-darwin/gi-darwin.tar.gz
+            artifacts/gi-windows/gi-windows.zip
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}