@aspruyt/xfg 3.3.2 → 3.5.0

package/dist/config-normalizer.js

@@ -91,6 +91,12 @@ export function mergeSettings(root, perRepo) {
     if (deleteOrphaned !== undefined) {
         result.deleteOrphaned = deleteOrphaned;
     }
+    // Merge repo settings: per-repo overrides root (shallow merge)
+    const rootRepo = root?.repo;
+    const perRepoRepo = perRepo?.repo;
+    if (rootRepo || perRepoRepo) {
+        result.repo = { ...rootRepo, ...perRepoRepo };
+    }
     return Object.keys(result).length > 0 ? result : undefined;
 }
 /**
@@ -231,6 +237,9 @@ export function normalizeConfig(raw) {
                 normalizedRootSettings.rulesets = filteredRulesets;
             }
         }
+        if (raw.settings.repo) {
+            normalizedRootSettings.repo = raw.settings.repo;
+        }
         if (raw.settings.deleteOrphaned !== undefined) {
             normalizedRootSettings.deleteOrphaned = raw.settings.deleteOrphaned;
         }

package/dist/config-validator.js

@@ -279,6 +279,74 @@ function getGitDisplayName(git) {
     return git;
 }
 // =============================================================================
+// Repo Settings Validation
+// =============================================================================
+const VALID_VISIBILITY = ["public", "private", "internal"];
+const VALID_SQUASH_MERGE_COMMIT_TITLE = ["PR_TITLE", "COMMIT_OR_PR_TITLE"];
+const VALID_SQUASH_MERGE_COMMIT_MESSAGE = [
+    "PR_BODY",
+    "COMMIT_MESSAGES",
+    "BLANK",
+];
+const VALID_MERGE_COMMIT_TITLE = ["PR_TITLE", "MERGE_MESSAGE"];
+const VALID_MERGE_COMMIT_MESSAGE = ["PR_BODY", "PR_TITLE", "BLANK"];
+/**
+ * Validates GitHub repository settings.
+ */
+function validateRepoSettings(repo, context) {
+    if (typeof repo !== "object" || repo === null || Array.isArray(repo)) {
+        throw new Error(`${context}: repo must be an object`);
+    }
+    const r = repo;
+    // Validate boolean fields
+    const booleanFields = [
+        "hasIssues",
+        "hasProjects",
+        "hasWiki",
+        "hasDiscussions",
+        "isTemplate",
+        "allowForking",
+        "archived",
+        "allowSquashMerge",
+        "allowMergeCommit",
+        "allowRebaseMerge",
+        "allowAutoMerge",
+        "deleteBranchOnMerge",
+        "allowUpdateBranch",
+        "vulnerabilityAlerts",
+        "automatedSecurityFixes",
+        "secretScanning",
+        "secretScanningPushProtection",
+        "privateVulnerabilityReporting",
+    ];
+    for (const field of booleanFields) {
+        if (r[field] !== undefined && typeof r[field] !== "boolean") {
+            throw new Error(`${context}: ${field} must be a boolean`);
+        }
+    }
+    // Validate enum fields
+    if (r.visibility !== undefined &&
+        !VALID_VISIBILITY.includes(r.visibility)) {
+        throw new Error(`${context}: visibility must be one of: ${VALID_VISIBILITY.join(", ")}`);
+    }
+    if (r.squashMergeCommitTitle !== undefined &&
+        !VALID_SQUASH_MERGE_COMMIT_TITLE.includes(r.squashMergeCommitTitle)) {
+        throw new Error(`${context}: squashMergeCommitTitle must be one of: ${VALID_SQUASH_MERGE_COMMIT_TITLE.join(", ")}`);
+    }
+    if (r.squashMergeCommitMessage !== undefined &&
+        !VALID_SQUASH_MERGE_COMMIT_MESSAGE.includes(r.squashMergeCommitMessage)) {
+        throw new Error(`${context}: squashMergeCommitMessage must be one of: ${VALID_SQUASH_MERGE_COMMIT_MESSAGE.join(", ")}`);
+    }
+    if (r.mergeCommitTitle !== undefined &&
+        !VALID_MERGE_COMMIT_TITLE.includes(r.mergeCommitTitle)) {
+        throw new Error(`${context}: mergeCommitTitle must be one of: ${VALID_MERGE_COMMIT_TITLE.join(", ")}`);
+    }
+    if (r.mergeCommitMessage !== undefined &&
+        !VALID_MERGE_COMMIT_MESSAGE.includes(r.mergeCommitMessage)) {
+        throw new Error(`${context}: mergeCommitMessage must be one of: ${VALID_MERGE_COMMIT_MESSAGE.join(", ")}`);
+    }
+}
+// =============================================================================
 // Ruleset Validation
 // =============================================================================
 const VALID_RULESET_TARGETS = ["branch", "tag"];
@@ -515,6 +583,10 @@ export function validateSettings(settings, context, rootRulesetNames) {
     if (s.deleteOrphaned !== undefined && typeof s.deleteOrphaned !== "boolean") {
         throw new Error(`${context}: settings.deleteOrphaned must be a boolean`);
     }
+    // Validate repo settings
+    if (s.repo !== undefined) {
+        validateRepoSettings(s.repo, context);
+    }
 }
 // =============================================================================
 // Command-Specific Validators
@@ -545,8 +617,10 @@ export function hasActionableSettings(settings) {
     if (settings.rulesets && Object.keys(settings.rulesets).length > 0) {
         return true;
     }
-    // Future: check for repoConfig, creation, etc.
-    // if (settings.repoConfig) return true;
+    // Check for repo settings
+    if (settings.repo && Object.keys(settings.repo).length > 0) {
+        return true;
+    }
     return false;
 }
 /**

package/dist/config.d.ts

@@ -210,9 +210,51 @@ export interface Ruleset {
     /** Rules to enforce */
     rules?: RulesetRule[];
 }
+/** Squash merge commit title format */
+export type SquashMergeCommitTitle = "PR_TITLE" | "COMMIT_OR_PR_TITLE";
+/** Squash merge commit message format */
+export type SquashMergeCommitMessage = "PR_BODY" | "COMMIT_MESSAGES" | "BLANK";
+/** Merge commit title format */
+export type MergeCommitTitle = "PR_TITLE" | "MERGE_MESSAGE";
+/** Merge commit message format */
+export type MergeCommitMessage = "PR_BODY" | "PR_TITLE" | "BLANK";
+/** Repository visibility */
+export type RepoVisibility = "public" | "private" | "internal";
+/**
+ * GitHub repository settings configuration.
+ * All properties are optional - only specified properties are applied.
+ * @see https://docs.github.com/en/rest/repos/repos#update-a-repository
+ */
+export interface GitHubRepoSettings {
+    hasIssues?: boolean;
+    hasProjects?: boolean;
+    hasWiki?: boolean;
+    hasDiscussions?: boolean;
+    isTemplate?: boolean;
+    allowForking?: boolean;
+    visibility?: RepoVisibility;
+    archived?: boolean;
+    allowSquashMerge?: boolean;
+    allowMergeCommit?: boolean;
+    allowRebaseMerge?: boolean;
+    allowAutoMerge?: boolean;
+    deleteBranchOnMerge?: boolean;
+    allowUpdateBranch?: boolean;
+    squashMergeCommitTitle?: SquashMergeCommitTitle;
+    squashMergeCommitMessage?: SquashMergeCommitMessage;
+    mergeCommitTitle?: MergeCommitTitle;
+    mergeCommitMessage?: MergeCommitMessage;
+    vulnerabilityAlerts?: boolean;
+    automatedSecurityFixes?: boolean;
+    secretScanning?: boolean;
+    secretScanningPushProtection?: boolean;
+    privateVulnerabilityReporting?: boolean;
+}
 export interface RepoSettings {
     /** GitHub rulesets keyed by name */
     rulesets?: Record<string, Ruleset>;
+    /** GitHub repository settings */
+    repo?: GitHubRepoSettings;
     deleteOrphaned?: boolean;
 }
 export type ContentValue = Record<string, unknown> | string | string[];
@@ -242,6 +284,7 @@ export interface RawRepoSettings {
     rulesets?: Record<string, Ruleset | false> & {
         inherit?: boolean;
     };
+    repo?: GitHubRepoSettings;
     deleteOrphaned?: boolean;
 }
 export interface RawRepoConfig {

package/dist/index.d.ts

@@ -6,6 +6,7 @@ import { RepoConfig } from "./config.js";
 import { RepoInfo } from "./repo-detector.js";
 import { ProcessorOptions } from "./repository-processor.js";
 import { RulesetProcessorOptions, RulesetProcessorResult } from "./ruleset-processor.js";
+import { IRepoSettingsProcessor } from "./repo-settings-processor.js";
 /**
  * Processor interface for dependency injection in tests.
  */
@@ -38,6 +39,14 @@ export type RulesetProcessorFactory = () => IRulesetProcessor;
  * Default factory that creates a real RulesetProcessor.
  */
 export declare const defaultRulesetProcessorFactory: RulesetProcessorFactory;
+/**
+ * Repo settings processor factory function type.
+ */
+export type RepoSettingsProcessorFactory = () => IRepoSettingsProcessor;
+/**
+ * Default factory that creates a real RepoSettingsProcessor.
+ */
+export declare const defaultRepoSettingsProcessorFactory: RepoSettingsProcessorFactory;
 interface SharedOptions {
     config: string;
     dryRun?: boolean;
@@ -53,5 +62,5 @@ interface SyncOptions extends SharedOptions {
 }
 type SettingsOptions = SharedOptions;
 export declare function runSync(options: SyncOptions, processorFactory?: ProcessorFactory): Promise<void>;
-export declare function runSettings(options: SettingsOptions, processorFactory?: RulesetProcessorFactory, repoProcessorFactory?: ProcessorFactory): Promise<void>;
+export declare function runSettings(options: SettingsOptions, processorFactory?: RulesetProcessorFactory, repoProcessorFactory?: ProcessorFactory, repoSettingsProcessorFactory?: RepoSettingsProcessorFactory): Promise<void>;
 export { program };

package/dist/index.js

@@ -3,6 +3,7 @@ import { program, Command } from "commander";
 import { resolve, join, dirname } from "node:path";
 import { existsSync, readFileSync } from "node:fs";
 import { fileURLToPath } from "node:url";
+import chalk from "chalk";
 import { loadRawConfig, normalizeConfig, } from "./config.js";
 import { validateForSync, validateForSettings } from "./config-validator.js";
 // Get version from package.json
@@ -19,6 +20,7 @@ import { buildRepoResult, buildErrorResult } from "./summary-utils.js";
 import { RulesetProcessor, } from "./ruleset-processor.js";
 import { getManagedRulesets } from "./manifest.js";
 import { isGitHubRepo } from "./repo-detector.js";
+import { RepoSettingsProcessor, } from "./repo-settings-processor.js";
 /**
  * Default factory that creates a real RepositoryProcessor.
  */
@@ -27,6 +29,10 @@ export const defaultProcessorFactory = () => new RepositoryProcessor();
  * Default factory that creates a real RulesetProcessor.
  */
 export const defaultRulesetProcessorFactory = () => new RulesetProcessor();
+/**
+ * Default factory that creates a real RepoSettingsProcessor.
+ */
+export const defaultRepoSettingsProcessorFactory = () => new RepoSettingsProcessor();
 /**
  * Adds shared options to a command.
  */
@@ -181,7 +187,7 @@ export async function runSync(options, processorFactory = defaultProcessorFactor
 // =============================================================================
 // Settings Command
 // =============================================================================
-export async function runSettings(options, processorFactory = defaultRulesetProcessorFactory, repoProcessorFactory = defaultProcessorFactory) {
+export async function runSettings(options, processorFactory = defaultRulesetProcessorFactory, repoProcessorFactory = defaultProcessorFactory, repoSettingsProcessorFactory = defaultRepoSettingsProcessorFactory) {
     const configPath = resolve(options.config);
     if (!existsSync(configPath)) {
         console.error(`Config file not found: ${configPath}`);
@@ -203,18 +209,31 @@ export async function runSettings(options, processorFactory = defaultRulesetProc
     const config = normalizeConfig(rawConfig);
     // Check if any repos have rulesets configured or have managed rulesets to clean up
     const reposWithRulesets = config.repos.filter((r) => r.settings?.rulesets && Object.keys(r.settings.rulesets).length > 0);
-    if (reposWithRulesets.length === 0) {
-        console.log("No rulesets configured. Add settings.rulesets to your config to manage GitHub Rulesets.");
+    // Check if any repos have repo settings configured
+    const reposWithRepoSettings = config.repos.filter((r) => r.settings?.repo && Object.keys(r.settings.repo).length > 0);
+    if (reposWithRulesets.length === 0 && reposWithRepoSettings.length === 0) {
+        console.log("No settings configured. Add settings.rulesets or settings.repo to your config.");
         return;
     }
-    console.log(`Found ${reposWithRulesets.length} repositories with rulesets\n`);
-    logger.setTotal(reposWithRulesets.length);
+    if (reposWithRulesets.length > 0) {
+        console.log(`Found ${reposWithRulesets.length} repositories with rulesets`);
+    }
+    if (reposWithRepoSettings.length > 0) {
+        console.log(`Found ${reposWithRepoSettings.length} repositories with repo settings`);
+    }
+    console.log("");
+    logger.setTotal(reposWithRulesets.length + reposWithRepoSettings.length);
     const processor = processorFactory();
     const repoProcessor = repoProcessorFactory();
     const results = [];
     let successCount = 0;
     let failCount = 0;
     let skipCount = 0;
+    // Tracking for multi-repo summary in dry-run mode
+    let totalCreates = 0;
+    let totalUpdates = 0;
+    let totalDeletes = 0;
+    let reposWithChanges = 0;
     for (let i = 0; i < reposWithRulesets.length; i++) {
         const repoConfig = reposWithRulesets[i];
         let repoInfo;
@@ -248,6 +267,27 @@ export async function runSettings(options, processorFactory = defaultRulesetProc
                 managedRulesets,
                 noDelete: options.noDelete,
             });
+            // Display plan output for dry-run mode
+            if (options.dryRun && result.planOutput) {
+                if (result.planOutput.lines.length > 0) {
+                    logger.rulesetPlan(repoName, result.planOutput.lines, {
+                        creates: result.planOutput.creates,
+                        updates: result.planOutput.updates,
+                        deletes: result.planOutput.deletes,
+                        unchanged: result.planOutput.unchanged,
+                    });
+                }
+                // Accumulate totals for multi-repo summary
+                totalCreates += result.planOutput.creates;
+                totalUpdates += result.planOutput.updates;
+                totalDeletes += result.planOutput.deletes;
+                if (result.planOutput.creates +
+                    result.planOutput.updates +
+                    result.planOutput.deletes >
+                    0) {
+                    reposWithChanges++;
+                }
+            }
             if (result.skipped) {
                 logger.skip(i + 1, repoName, result.message);
                 skipCount++;
@@ -292,12 +332,77 @@ export async function runSettings(options, processorFactory = defaultRulesetProc
             failCount++;
         }
     }
+    // Process repo settings
+    if (reposWithRepoSettings.length > 0) {
+        const repoSettingsProcessor = repoSettingsProcessorFactory();
+        console.log(`\nProcessing repo settings for ${reposWithRepoSettings.length} repositories\n`);
+        for (let i = 0; i < reposWithRepoSettings.length; i++) {
+            const repoConfig = reposWithRepoSettings[i];
+            let repoInfo;
+            try {
+                repoInfo = parseGitUrl(repoConfig.git, {
+                    githubHosts: config.githubHosts,
+                });
+            }
+            catch (error) {
+                console.error(`Failed to parse ${repoConfig.git}: ${error}`);
+                failCount++;
+                continue;
+            }
+            const repoName = getRepoDisplayName(repoInfo);
+            try {
+                const result = await repoSettingsProcessor.process(repoConfig, repoInfo, {
+                    dryRun: options.dryRun,
+                });
+                if (result.planOutput && result.planOutput.lines.length > 0) {
+                    console.log(`\n  ${chalk.bold(repoName)}:`);
+                    console.log("  Repo Settings:");
+                    for (const line of result.planOutput.lines) {
+                        console.log(line);
+                    }
+                    if (result.warnings && result.warnings.length > 0) {
+                        for (const warning of result.warnings) {
+                            console.log(chalk.yellow(`  ⚠️  Warning: ${warning}`));
+                        }
+                    }
+                }
+                if (result.skipped) {
+                    // Silent skip for repos without repo settings
+                }
+                else if (result.success) {
+                    console.log(chalk.green(`  ✓ ${repoName}: ${result.message}`));
+                    successCount++;
+                }
+                else {
+                    console.log(chalk.red(`  ✗ ${repoName}: ${result.message}`));
+                    failCount++;
+                }
+            }
+            catch (error) {
+                console.error(`  ✗ ${repoName}: ${error}`);
+                failCount++;
+            }
+        }
+    }
+    // Multi-repo summary for dry-run mode
+    if (options.dryRun && reposWithChanges > 0) {
+        console.log("");
+        console.log(chalk.gray("─".repeat(40)));
+        const totalParts = [];
+        if (totalCreates > 0)
+            totalParts.push(chalk.green(`${totalCreates} to create`));
+        if (totalUpdates > 0)
+            totalParts.push(chalk.yellow(`${totalUpdates} to update`));
+        if (totalDeletes > 0)
+            totalParts.push(chalk.red(`${totalDeletes} to delete`));
+        console.log(chalk.bold(`Total: ${totalParts.join(", ")} across ${reposWithChanges} ${reposWithChanges === 1 ? "repository" : "repositories"}`));
+    }
     // Summary
     console.log("\n" + "=".repeat(50));
     console.log(`Completed: ${successCount} succeeded, ${skipCount} skipped, ${failCount} failed`);
     // Write GitHub Actions job summary if available
     writeSummary({
-        total: reposWithRulesets.length,
+        total: reposWithRulesets.length + reposWithRepoSettings.length,
         succeeded: successCount,
         skipped: skipCount,
         failed: failCount,

package/dist/logger.d.ts

@@ -1,8 +1,15 @@
 import { FileStatus } from "./diff-utils.js";
+export interface RulesetPlanCounts {
+    creates: number;
+    updates: number;
+    deletes: number;
+    unchanged: number;
+}
 export interface ILogger {
     info(message: string): void;
     fileDiff(fileName: string, status: FileStatus, diffLines: string[]): void;
     diffSummary(newCount: number, modifiedCount: number, unchangedCount: number, deletedCount?: number): void;
+    rulesetPlan(repoName: string, planLines: string[], counts: RulesetPlanCounts): void;
     setTotal(total: number): void;
     progress(current: number, repoName: string, message: string): void;
     success(current: number, repoName: string, message: string): void;
@@ -34,6 +41,10 @@ export declare class Logger implements ILogger {
      * Display summary statistics for dry-run diff.
      */
     diffSummary(newCount: number, modifiedCount: number, unchangedCount: number, deletedCount?: number): void;
+    /**
+     * Display ruleset plan output for dry-run mode.
+     */
+    rulesetPlan(repoName: string, planLines: string[], counts: RulesetPlanCounts): void;
     summary(): void;
     hasFailures(): boolean;
 }

package/dist/logger.js

@@ -62,6 +62,29 @@ export class Logger {
             console.log(chalk.gray(`    Summary: ${parts.join(", ")}`));
         }
     }
+    /**
+     * Display ruleset plan output for dry-run mode.
+     */
+    rulesetPlan(repoName, planLines, counts) {
+        console.log("");
+        console.log(chalk.bold(`Repository: ${repoName}`));
+        for (const line of planLines) {
+            console.log(line);
+        }
+        // Summary line
+        const parts = [];
+        if (counts.creates > 0)
+            parts.push(chalk.green(`${counts.creates} to create`));
+        if (counts.updates > 0)
+            parts.push(chalk.yellow(`${counts.updates} to update`));
+        if (counts.deletes > 0)
+            parts.push(chalk.red(`${counts.deletes} to delete`));
+        const unchangedPart = counts.unchanged > 0
+            ? chalk.gray(` (${counts.unchanged} unchanged)`)
+            : "";
+        const summaryLine = parts.length > 0 ? parts.join(", ") + unchangedPart : "No changes";
+        console.log(chalk.gray(`Plan: ${summaryLine}`));
+    }
     summary() {
         console.log("");
         console.log(chalk.bold("Summary:"));

package/dist/repo-settings-diff.d.ts

@@ -0,0 +1,18 @@
+import type { GitHubRepoSettings } from "./config.js";
+import type { CurrentRepoSettings } from "./strategies/repo-settings-strategy.js";
+export type RepoSettingsAction = "add" | "change" | "unchanged";
+export interface RepoSettingsChange {
+    property: keyof GitHubRepoSettings;
+    action: RepoSettingsAction;
+    oldValue?: unknown;
+    newValue?: unknown;
+}
+/**
+ * Compares current repository settings with desired settings.
+ * Only compares properties that are explicitly set in desired.
+ */
+export declare function diffRepoSettings(current: CurrentRepoSettings, desired: GitHubRepoSettings): RepoSettingsChange[];
+/**
+ * Checks if there are any changes to apply.
+ */
+export declare function hasChanges(changes: RepoSettingsChange[]): boolean;

package/dist/repo-settings-diff.js

@@ -0,0 +1,84 @@
+/**
+ * Maps config property names (camelCase) to GitHub API property names (snake_case).
+ */
+const PROPERTY_MAPPING = {
+    hasIssues: "has_issues",
+    hasProjects: "has_projects",
+    hasWiki: "has_wiki",
+    hasDiscussions: "has_discussions",
+    isTemplate: "is_template",
+    allowForking: "allow_forking",
+    visibility: "visibility",
+    archived: "archived",
+    allowSquashMerge: "allow_squash_merge",
+    allowMergeCommit: "allow_merge_commit",
+    allowRebaseMerge: "allow_rebase_merge",
+    allowAutoMerge: "allow_auto_merge",
+    deleteBranchOnMerge: "delete_branch_on_merge",
+    allowUpdateBranch: "allow_update_branch",
+    squashMergeCommitTitle: "squash_merge_commit_title",
+    squashMergeCommitMessage: "squash_merge_commit_message",
+    mergeCommitTitle: "merge_commit_title",
+    mergeCommitMessage: "merge_commit_message",
+    vulnerabilityAlerts: "_vulnerability_alerts",
+    automatedSecurityFixes: "_automated_security_fixes",
+    secretScanning: "_secret_scanning",
+    secretScanningPushProtection: "_secret_scanning_push_protection",
+    privateVulnerabilityReporting: "_private_vulnerability_reporting",
+};
+/**
+ * Gets the current value for a property from GitHub API response.
+ */
+function getCurrentValue(current, property) {
+    const apiKey = PROPERTY_MAPPING[property];
+    // Handle security_and_analysis nested properties
+    if (apiKey === "_secret_scanning") {
+        return current.security_and_analysis?.secret_scanning?.status === "enabled";
+    }
+    if (apiKey === "_secret_scanning_push_protection") {
+        return (current.security_and_analysis?.secret_scanning_push_protection?.status ===
+            "enabled");
+    }
+    // These require separate API calls to check, return undefined
+    if (apiKey.startsWith("_")) {
+        return undefined;
+    }
+    return current[apiKey];
+}
+/**
+ * Compares current repository settings with desired settings.
+ * Only compares properties that are explicitly set in desired.
+ */
+export function diffRepoSettings(current, desired) {
+    const changes = [];
+    for (const [key, desiredValue] of Object.entries(desired)) {
+        if (desiredValue === undefined)
+            continue;
+        const property = key;
+        const currentValue = getCurrentValue(current, property);
+        if (currentValue === undefined) {
+            // Property not currently set or unknown
+            changes.push({
+                property,
+                action: "add",
+                newValue: desiredValue,
+            });
+        }
+        else if (currentValue !== desiredValue) {
+            changes.push({
+                property,
+                action: "change",
+                oldValue: currentValue,
+                newValue: desiredValue,
+            });
+        }
+        // unchanged properties are not included
+    }
+    return changes;
+}
+/**
+ * Checks if there are any changes to apply.
+ */
+export function hasChanges(changes) {
+    return changes.some((c) => c.action !== "unchanged");
+}

package/dist/repo-settings-plan-formatter.d.ts

@@ -0,0 +1,15 @@
+import type { RepoSettingsChange } from "./repo-settings-diff.js";
+export interface RepoSettingsPlanResult {
+    lines: string[];
+    adds: number;
+    changes: number;
+    warnings: string[];
+}
+/**
+ * Formats repo settings changes as Terraform-style plan output.
+ */
+export declare function formatRepoSettingsPlan(changes: RepoSettingsChange[]): RepoSettingsPlanResult;
+/**
+ * Formats warnings for display.
+ */
+export declare function formatWarnings(warnings: string[]): string[];

package/dist/repo-settings-plan-formatter.js

@@ -0,0 +1,66 @@
+import chalk from "chalk";
+/**
+ * Format a value for display.
+ */
+function formatValue(val) {
+    if (val === null)
+        return "null";
+    if (val === undefined)
+        return "undefined";
+    if (typeof val === "string")
+        return `"${val}"`;
+    if (typeof val === "boolean")
+        return val ? "true" : "false";
+    return String(val);
+}
+/**
+ * Get warning message for a property change.
+ */
+function getWarning(change) {
+    if (change.property === "visibility") {
+        return `visibility change (${change.oldValue} → ${change.newValue}) may expose or hide repository`;
+    }
+    if (change.property === "archived" && change.newValue === true) {
+        return "archiving makes repository read-only";
+    }
+    if ((change.property === "hasIssues" ||
+        change.property === "hasWiki" ||
+        change.property === "hasProjects") &&
+        change.newValue === false) {
+        return `disabling ${change.property} may hide existing content`;
+    }
+    return undefined;
+}
+/**
+ * Formats repo settings changes as Terraform-style plan output.
+ */
+export function formatRepoSettingsPlan(changes) {
+    const lines = [];
+    const warnings = [];
+    let adds = 0;
+    let changesCount = 0;
+    if (changes.length === 0) {
+        return { lines, adds, changes: 0, warnings };
+    }
+    for (const change of changes) {
+        const warning = getWarning(change);
+        if (warning) {
+            warnings.push(warning);
+        }
+        if (change.action === "add") {
+            lines.push(chalk.green(`    + ${change.property}: ${formatValue(change.newValue)}`));
+            adds++;
+        }
+        else if (change.action === "change") {
+            lines.push(chalk.yellow(`    ~ ${change.property}: ${formatValue(change.oldValue)} → ${formatValue(change.newValue)}`));
+            changesCount++;
+        }
+    }
+    return { lines, adds, changes: changesCount, warnings };
+}
+/**
+ * Formats warnings for display.
+ */
+export function formatWarnings(warnings) {
+    return warnings.map((w) => chalk.yellow(`  ⚠️  Warning: ${w}`));
+}

package/dist/repo-settings-processor.d.ts

@@ -0,0 +1,30 @@
+import type { RepoConfig } from "./config.js";
+import type { RepoInfo } from "./repo-detector.js";
+import type { IRepoSettingsStrategy } from "./strategies/repo-settings-strategy.js";
+import { RepoSettingsPlanResult } from "./repo-settings-plan-formatter.js";
+export interface IRepoSettingsProcessor {
+    process(repoConfig: RepoConfig, repoInfo: RepoInfo, options: RepoSettingsProcessorOptions): Promise<RepoSettingsProcessorResult>;
+}
+export interface RepoSettingsProcessorOptions {
+    dryRun?: boolean;
+    token?: string;
+}
+export interface RepoSettingsProcessorResult {
+    success: boolean;
+    repoName: string;
+    message: string;
+    skipped?: boolean;
+    dryRun?: boolean;
+    changes?: {
+        adds: number;
+        changes: number;
+    };
+    warnings?: string[];
+    planOutput?: RepoSettingsPlanResult;
+}
+export declare class RepoSettingsProcessor implements IRepoSettingsProcessor {
+    private readonly strategy;
+    constructor(strategy?: IRepoSettingsStrategy);
+    process(repoConfig: RepoConfig, repoInfo: RepoInfo, options: RepoSettingsProcessorOptions): Promise<RepoSettingsProcessorResult>;
+    private applyChanges;
+}