@aspruyt/xfg 4.0.2 → 4.0.4

package/dist/sync/sync-workflow.d.ts

@@ -1,6 +1,6 @@
 import type { RepoConfig } from "../config/types.js";
 import { RepoInfo } from "../shared/repo-detector.js";
-import type { ILogger } from "../shared/logger.js";
+import type { DebugInfoLog } from "../shared/logger.js";
 import type { ISyncWorkflow, IWorkStrategy, IAuthOptionsBuilder, IRepositorySession, IBranchManager, ICommitPushManager, IPRMergeHandler, ProcessorOptions, ProcessorResult } from "./types.js";
 /**
  * Orchestrates the common sync workflow steps.
@@ -13,6 +13,6 @@ export declare class SyncWorkflow implements ISyncWorkflow {
     private readonly commitPushManager;
     private readonly prMergeHandler;
     private readonly log;
-    constructor(authOptionsBuilder: IAuthOptionsBuilder, repositorySession: IRepositorySession, branchManager: IBranchManager, commitPushManager: ICommitPushManager, prMergeHandler: IPRMergeHandler, log: ILogger);
+    constructor(authOptionsBuilder: IAuthOptionsBuilder, repositorySession: IRepositorySession, branchManager: IBranchManager, commitPushManager: ICommitPushManager, prMergeHandler: IPRMergeHandler, log: DebugInfoLog);
     execute(repoConfig: RepoConfig, repoInfo: RepoInfo, options: ProcessorOptions, workStrategy: IWorkStrategy): Promise<ProcessorResult>;
 }

package/dist/sync/sync-workflow.js

@@ -1,6 +1,5 @@
 import { getRepoDisplayName } from "../shared/repo-detector.js";
 import { safeCleanup } from "../shared/type-guards.js";
-import { defaultExecutor } from "../shared/command-executor.js";
 /**
  * Orchestrates the common sync workflow steps.
  * Used by RepositoryProcessor with different strategies for file sync vs manifest.
@@ -22,35 +21,36 @@ export class SyncWorkflow {
     }
     async execute(repoConfig, repoInfo, options, workStrategy) {
         const repoName = getRepoDisplayName(repoInfo);
-        const { branchName, workDir } = options;
-        const dryRun = options.dryRun ?? false;
-        const retries = options.retries ?? 3;
-        const executor = options.executor ?? defaultExecutor;
+        const { branchName } = options;
         const authResult = await this.authOptionsBuilder.resolve(repoInfo, repoName, options.token);
         if (!authResult.ok) {
             return authResult.skipResult;
         }
         const mergeMode = repoConfig.prOptions?.merge ?? "auto";
         const isDirectMode = mergeMode === "direct";
+        const runCtx = {
+            workDir: options.workDir,
+            dryRun: options.dryRun ?? false,
+            retries: options.retries ?? 3,
+            token: authResult.token,
+            executor: options.executor,
+        };
         let session = null;
         try {
             session = await this.repositorySession.setup(repoInfo, {
-                workDir,
-                dryRun,
-                retries,
+                workDir: runCtx.workDir,
+                dryRun: runCtx.dryRun,
+                retries: runCtx.retries,
+                executor: runCtx.executor,
                 authOptions: authResult.authOptions,
             });
             await this.branchManager.setupBranch({
+                ...runCtx,
                 repoInfo,
                 branchName,
                 baseBranch: session.baseBranch,
-                workDir,
                 isDirectMode,
-                dryRun,
-                retries,
-                token: authResult.token,
                 gitOps: session.gitOps,
-                executor,
             });
             const workResult = await workStrategy.execute(repoConfig, repoInfo, session, options);
             if (!workResult) {
@@ -63,17 +63,14 @@ export class SyncWorkflow {
             }
             const pushBranch = isDirectMode ? session.baseBranch : branchName;
             const commitResult = await this.commitPushManager.commitAndPush({
+                ...runCtx,
                 repoInfo,
                 gitOps: session.gitOps,
-                workDir,
                 fileChanges: workResult.fileChanges,
                 commitMessage: workResult.commitMessage,
                 pushBranch,
                 isDirectMode,
-                dryRun,
-                retries,
-                token: authResult.token,
-                executor,
+                hasAppCredentials: options.hasAppCredentials,
             });
             if (!commitResult.success) {
                 return commitResult.errorResult;
@@ -102,14 +99,10 @@ export class SyncWorkflow {
                 repoInfo,
                 repoConfig,
                 options: {
+                    ...runCtx,
                     branchName,
                     baseBranch: session.baseBranch,
-                    workDir,
-                    dryRun,
-                    retries,
                     prTemplate: options.prTemplate,
-                    token: authResult.token,
-                    executor,
                 },
                 changedFiles: workResult.changedFiles,
                 repoName,

package/dist/sync/types.d.ts

@@ -1,12 +1,12 @@
 import type { FileContent, RepoConfig } from "../config/types.js";
 import type { RepoInfo } from "../shared/repo-detector.js";
-import type { ILocalGitOps, IGitOps, GitAuthOptions } from "../vcs/authenticated-git-ops.js";
+import type { ILocalGitOps, IGitOps, GitAuthOptions } from "../vcs/types.js";
 import type { GitOpsOptions } from "../vcs/git-ops.js";
 import type { DiffStats } from "./diff-utils.js";
 import type { ILogger } from "../shared/logger.js";
 import type { XfgManifest } from "./manifest.js";
 import type { ICommandExecutor } from "../shared/command-executor.js";
-import type { FileAction } from "../vcs/pr-creator.js";
+import type { FileAction } from "../vcs/types.js";
 export type GitOpsFactory = (options: GitOpsOptions, auth?: GitAuthOptions, retries?: number) => IGitOps;
 export interface FileWriteResult {
     fileName: string;
@@ -21,7 +21,7 @@ export interface FileWriteContext {
     noDelete: boolean;
     configId: string;
     /** True when using GraphQL commit strategy (GitHub App) which cannot set file modes */
-    isGraphQLCommitMode?: boolean;
+    hasAppCredentials?: boolean;
 }
 export interface FileWriterDeps {
     gitOps: ILocalGitOps;
@@ -52,18 +52,21 @@ export interface IManifestManager {
     deleteOrphans(filesToDelete: string[], options: OrphanDeleteOptions, deps: OrphanDeleteDeps): Promise<void>;
     saveUpdatedManifest(workDir: string, manifest: XfgManifest, existingManifest: XfgManifest | null, dryRun: boolean, fileChanges: Map<string, FileWriteResult>): void;
 }
-export interface BranchSetupOptions {
-    repoInfo: RepoInfo;
-    branchName: string;
-    baseBranch: string;
+/** Common runtime context shared across workflow step options bags. */
+export interface RunContext {
     workDir: string;
-    isDirectMode: boolean;
     dryRun: boolean;
     retries: number;
     token?: string;
-    gitOps: IGitOps;
     executor: ICommandExecutor;
 }
+export interface BranchSetupOptions extends RunContext {
+    repoInfo: RepoInfo;
+    branchName: string;
+    baseBranch: string;
+    isDirectMode: boolean;
+    gitOps: IGitOps;
+}
 export interface IBranchManager {
     setupBranch(options: BranchSetupOptions): Promise<void>;
 }
@@ -76,12 +79,13 @@ export type AuthResult = {
     skipResult: ProcessorResult;
 };
 export interface IAuthOptionsBuilder {
-    resolve(repoInfo: RepoInfo, repoName: string, preResolvedToken?: string): Promise<AuthResult>;
+    resolve(repoInfo: RepoInfo, repoName: string, token?: string): Promise<AuthResult>;
 }
 export interface SessionOptions {
     workDir: string;
     dryRun: boolean;
     retries: number;
+    executor: ICommandExecutor;
     authOptions?: GitAuthOptions;
 }
 export interface SessionContext {
@@ -92,18 +96,14 @@ export interface SessionContext {
 export interface IRepositorySession {
     setup(repoInfo: RepoInfo, options: SessionOptions): Promise<SessionContext>;
 }
-export interface CommitPushOptions {
+export interface CommitPushOptions extends RunContext {
     repoInfo: RepoInfo;
     gitOps: IGitOps;
-    workDir: string;
     fileChanges: Map<string, FileWriteResult>;
     commitMessage: string;
     pushBranch: string;
     isDirectMode: boolean;
-    dryRun: boolean;
-    retries: number;
-    token?: string;
-    executor: ICommandExecutor;
+    hasAppCredentials?: boolean;
 }
 export type CommitPushResult = {
     success: true;
@@ -124,13 +124,13 @@ export interface ProcessorOptions {
     configId: string;
     dryRun?: boolean;
     retries?: number;
-    executor?: ICommandExecutor;
+    executor: ICommandExecutor;
     prTemplate?: string;
     noDelete?: boolean;
-    /** Pre-resolved GitHub token — avoids duplicate resolution in AuthOptionsBuilder */
+    /** GitHub token for authentication (resolved by caller) */
     token?: string;
     /** True when using GraphQL commit strategy (GitHub App) which cannot set file modes */
-    isGraphQLCommitMode?: boolean;
+    hasAppCredentials?: boolean;
 }
 export interface FileChangeDetail {
     path: string;
@@ -162,15 +162,10 @@ export interface FileSyncResult {
 export interface IFileSyncOrchestrator {
     sync(repoConfig: RepoConfig, repoInfo: RepoInfo, session: SessionContext, options: ProcessorOptions): Promise<FileSyncResult>;
 }
-export interface PRHandlerOptions {
+export interface PRHandlerOptions extends RunContext {
     branchName: string;
     baseBranch: string;
-    workDir: string;
-    dryRun: boolean;
-    retries: number;
     prTemplate?: string;
-    token?: string;
-    executor: ICommandExecutor;
 }
 export interface CreateAndMergeInput {
     repoInfo: RepoInfo;

package/dist/vcs/authenticated-git-ops.d.ts

@@ -1,6 +1,6 @@
 import type { ICommandExecutor } from "../shared/command-executor.js";
+import type { DebugLog } from "../shared/logger.js";
 import type { GitAuthOptions, ILocalGitOps, IGitOps } from "./types.js";
-export type { GitAuthOptions, ILocalGitOps, INetworkGitOps, IGitOps, } from "./types.js";
 /**
  * Adds authentication to network git operations and delegates local ops.
  *
@@ -15,9 +15,7 @@ export declare class AuthenticatedGitOps implements IGitOps {
     private readonly retries;
     private readonly auth?;
     private readonly log?;
-    constructor(localOps: ILocalGitOps, executor: ICommandExecutor, workDir: string, retries: number, auth?: GitAuthOptions | undefined, log?: {
-        debug(msg: string): void;
-    } | undefined);
+    constructor(localOps: ILocalGitOps, executor: ICommandExecutor, workDir: string, retries: number, auth?: GitAuthOptions | undefined, log?: DebugLog | undefined);
     private execWithRetry;
     /**
      * Build the authenticated remote URL.
@@ -31,6 +29,7 @@ export declare class AuthenticatedGitOps implements IGitOps {
     wouldChange(fileName: string, content: string): boolean;
     hasChanges(): Promise<boolean>;
     getChangedFiles(): Promise<string[]>;
+    stageAll(): Promise<void>;
     hasStagedChanges(): Promise<boolean>;
     fileExistsOnBranch(fileName: string, branch: string): Promise<boolean>;
     fileExists(fileName: string): boolean;

package/dist/vcs/authenticated-git-ops.js

@@ -1,6 +1,7 @@
 import { escapeShellArg } from "../shared/shell-utils.js";
 import { withRetry } from "../shared/retry-utils.js";
 import { toErrorMessage } from "../shared/type-guards.js";
+import { SyncError } from "../shared/errors.js";
 /**
  * Adds authentication to network git operations and delegates local ops.
  *
@@ -33,7 +34,7 @@ export class AuthenticatedGitOps {
      */
     getAuthenticatedUrl() {
         if (!this.auth) {
-            throw new Error("getAuthenticatedUrl() called without auth options");
+            throw new SyncError("getAuthenticatedUrl() called without auth options");
         }
         const { token, host, owner, repo } = this.auth;
         return `https://x-access-token:${token}@${host}/${owner}/${repo}`;
@@ -63,6 +64,9 @@ export class AuthenticatedGitOps {
     getChangedFiles() {
         return this.localOps.getChangedFiles();
     }
+    stageAll() {
+        return this.localOps.stageAll();
+    }
     hasStagedChanges() {
         return this.localOps.hasStagedChanges();
     }

package/dist/vcs/azure-pr-strategy.d.ts

@@ -4,9 +4,14 @@ import type { IPRStrategyLogger } from "./pr-strategy.js";
 import type { PRStrategyOptions, CloseExistingPROptions, MergeOptions, MergeResult } from "./types.js";
 import { ICommandExecutor } from "../shared/command-executor.js";
 export declare class AzurePRStrategy extends BasePRStrategy {
-    constructor(executor?: ICommandExecutor, log?: IPRStrategyLogger);
+    constructor(executor: ICommandExecutor, log?: IPRStrategyLogger);
     private getOrgUrl;
     private buildPRUrl;
+    /**
+     * Query Azure DevOps for an existing PR ID matching source/target branches.
+     * Returns the raw PR ID string, or null if none found.
+     */
+    private findExistingPRId;
     checkExistingPR(options: CloseExistingPROptions): Promise<string | null>;
     closeExistingPR(options: CloseExistingPROptions): Promise<boolean>;
     create(options: PRStrategyOptions): Promise<PRResult>;

package/dist/vcs/azure-pr-strategy.js

@@ -2,9 +2,11 @@ import { existsSync, writeFileSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
 import { escapeShellArg } from "../shared/shell-utils.js";
 import { assertAzureDevOpsRepo, } from "../shared/repo-detector.js";
+import { SyncError } from "../shared/errors.js";
 import { BasePRStrategy } from "./pr-strategy.js";
-import { withRetry } from "../shared/retry-utils.js";
+import { withRetry, isPermanentError } from "../shared/retry-utils.js";
 import { toErrorMessage, safeCleanup } from "../shared/type-guards.js";
+import { NO_OP_DEBUG_LOG } from "../shared/logger.js";
 import { sanitizeCredentials } from "../shared/sanitize-utils.js";
 import { getStderr } from "../shared/command-executor.js";
 export class AzurePRStrategy extends BasePRStrategy {
@@ -18,17 +20,21 @@ export class AzurePRStrategy extends BasePRStrategy {
     buildPRUrl(repoInfo, prId) {
         return `https://dev.azure.com/${encodeURIComponent(repoInfo.organization)}/${encodeURIComponent(repoInfo.project)}/_git/${encodeURIComponent(repoInfo.repo)}/pullrequest/${prId.trim()}`;
     }
-    async checkExistingPR(options) {
-        const { repoInfo, branchName, baseBranch, workDir, retries = 3 } = options;
-        assertAzureDevOpsRepo(repoInfo, "Azure PR strategy");
-        const azureRepoInfo = repoInfo;
+    /**
+     * Query Azure DevOps for an existing PR ID matching source/target branches.
+     * Returns the raw PR ID string, or null if none found.
+     */
+    async findExistingPRId(azureRepoInfo, branchName, baseBranch, workDir, retries) {
         const orgUrl = this.getOrgUrl(azureRepoInfo);
         const command = `az repos pr list --repository ${escapeShellArg(azureRepoInfo.repo)} --source-branch ${escapeShellArg(branchName)} --target-branch ${escapeShellArg(baseBranch)} --org ${escapeShellArg(orgUrl)} --project ${escapeShellArg(azureRepoInfo.project)} --query "[0].pullRequestId" -o tsv`;
         try {
-            const existingPRId = await withRetry(() => this.executor.exec(command, workDir), { retries });
-            return existingPRId ? this.buildPRUrl(azureRepoInfo, existingPRId) : null;
+            const existingPRId = await withRetry(() => this.executor.exec(command, workDir), { retries, log: this.log });
+            return existingPRId ? existingPRId.trim() : null;
         }
         catch (error) {
+            if (isPermanentError(error)) {
+                throw error;
+            }
             const stderr = getStderr(error);
             if (stderr && !stderr.includes("does not exist")) {
                 this.log?.debug(`Azure PR check failed - ${sanitizeCredentials(stderr).trim()}`);
@@ -36,46 +42,41 @@ export class AzurePRStrategy extends BasePRStrategy {
             return null;
         }
     }
+    async checkExistingPR(options) {
+        const { repoInfo, branchName, baseBranch, workDir, retries = 3 } = options;
+        assertAzureDevOpsRepo(repoInfo, "Azure PR strategy");
+        const azureRepoInfo = repoInfo;
+        const prId = await this.findExistingPRId(azureRepoInfo, branchName, baseBranch, workDir, retries);
+        return prId ? this.buildPRUrl(azureRepoInfo, prId) : null;
+    }
     async closeExistingPR(options) {
         const { repoInfo, branchName, baseBranch, workDir, retries = 3 } = options;
         assertAzureDevOpsRepo(repoInfo, "Azure PR strategy");
         const azureRepoInfo = repoInfo;
         const orgUrl = this.getOrgUrl(azureRepoInfo);
-        // First check if there's an existing PR
-        const existingUrl = await this.checkExistingPR({
-            repoInfo,
-            branchName,
-            baseBranch,
-            workDir,
-            retries,
-        });
-        if (!existingUrl) {
-            return false;
-        }
-        // Extract PR ID from URL
-        const prInfo = this.parsePRUrl(existingUrl);
-        if (!prInfo) {
-            this.log?.warn(`Could not parse PR URL: ${existingUrl}`);
+        const prId = await this.findExistingPRId(azureRepoInfo, branchName, baseBranch, workDir, retries);
+        if (!prId) {
             return false;
         }
         // Abandon the PR (Azure DevOps equivalent of closing)
-        const abandonCommand = `az repos pr update --id ${escapeShellArg(prInfo.prId)} --status abandoned --org ${escapeShellArg(orgUrl)}`;
+        const abandonCommand = `az repos pr update --id ${escapeShellArg(prId)} --status abandoned --org ${escapeShellArg(orgUrl)}`;
         try {
             await withRetry(() => this.executor.exec(abandonCommand, workDir), {
                 retries,
+                log: this.log,
             });
         }
         catch (error) {
             const message = toErrorMessage(error);
-            this.log?.warn(`Failed to abandon PR #${prInfo.prId}: ${message}`);
+            this.log?.warn(`Failed to abandon PR #${prId}: ${message}`);
             return false;
         }
         try {
             const getRefCommand = `az repos ref list --repository ${escapeShellArg(azureRepoInfo.repo)} --org ${escapeShellArg(orgUrl)} --project ${escapeShellArg(azureRepoInfo.project)} --filter heads/${escapeShellArg(branchName)} --query "[0].objectId" -o tsv`;
-            const objectId = await withRetry(() => this.executor.exec(getRefCommand, workDir), { retries });
+            const objectId = await withRetry(() => this.executor.exec(getRefCommand, workDir), { retries, log: this.log });
             if (objectId) {
                 const deleteBranchCommand = `az repos ref delete --name refs/heads/${escapeShellArg(branchName)} --repository ${escapeShellArg(azureRepoInfo.repo)} --org ${escapeShellArg(orgUrl)} --project ${escapeShellArg(azureRepoInfo.project)} --object-id ${escapeShellArg(objectId)}`;
-                await withRetry(() => this.executor.exec(deleteBranchCommand, workDir), { retries });
+                await withRetry(() => this.executor.exec(deleteBranchCommand, workDir), { retries, log: this.log });
             }
         }
         catch (error) {
@@ -91,12 +92,18 @@ export class AzurePRStrategy extends BasePRStrategy {
         const azureRepoInfo = repoInfo;
         const orgUrl = this.getOrgUrl(azureRepoInfo);
         const descFile = join(workDir, this.bodyFilePath);
-        writeFileSync(descFile, body, "utf-8");
+        try {
+            writeFileSync(descFile, body, "utf-8");
+        }
+        catch (err) {
+            throw new SyncError(`Failed to write PR description to ${descFile}: ${toErrorMessage(err)}`);
+        }
         // Azure CLI @file syntax: escape the full @path to handle special chars in workDir
         const command = `az repos pr create --repository ${escapeShellArg(azureRepoInfo.repo)} --source-branch ${escapeShellArg(branchName)} --target-branch ${escapeShellArg(baseBranch)} --title ${escapeShellArg(title)} --description ${escapeShellArg("@" + descFile)} --org ${escapeShellArg(orgUrl)} --project ${escapeShellArg(azureRepoInfo.project)} --query "pullRequestId" -o tsv`;
         try {
             const prId = await withRetry(() => this.executor.exec(command, workDir), {
                 retries,
+                log: this.log,
             });
             return {
                 url: this.buildPRUrl(azureRepoInfo, prId),
@@ -108,7 +115,7 @@ export class AzurePRStrategy extends BasePRStrategy {
             safeCleanup(() => {
                 if (existsSync(descFile))
                     unlinkSync(descFile);
-            }, `failed to remove ${descFile}`, this.log ?? { debug() { } });
+            }, `failed to remove ${descFile}`, this.log ?? NO_OP_DEBUG_LOG);
         }
     }
     /**
@@ -128,7 +135,6 @@ export class AzurePRStrategy extends BasePRStrategy {
     }
     async merge(options) {
         const { prUrl, config, workDir, retries = 3 } = options;
-        // Manual mode: do nothing
         if (config.mode === "manual") {
             return {
                 success: true,
@@ -136,7 +142,6 @@ export class AzurePRStrategy extends BasePRStrategy {
                 merged: false,
             };
         }
-        // Parse PR URL to extract details
         const prInfo = this.parsePRUrl(prUrl);
         if (!prInfo) {
             return {
@@ -161,6 +166,7 @@ export class AzurePRStrategy extends BasePRStrategy {
         }
         if (config.mode === "force") {
             const bypassReason = config.bypassReason ?? "Automated config sync via xfg";
+            this.log?.warn(`Bypassing policies for PR ${prInfo.prId} (reason: ${bypassReason})`);
             const forceCommand = `az repos pr update --id ${escapeShellArg(prInfo.prId)} --bypass-policy true --bypass-policy-reason ${escapeShellArg(bypassReason)} --status completed ${squashFlag} ${deleteBranchFlag} --org ${escapeShellArg(orgUrl)}`.trim();
             return this.executeMergeCommand(() => this.executor.exec(forceCommand, workDir), retries, {
                 success: true,
@@ -168,9 +174,10 @@ export class AzurePRStrategy extends BasePRStrategy {
                 merged: true,
             }, "Failed to bypass policies and complete PR");
         }
+        const _exhaustive = config.mode;
         return {
             success: false,
-            message: `Unknown merge mode: ${config.mode}`,
+            message: `Merge not applicable for mode: ${_exhaustive}`,
             merged: false,
         };
     }

package/dist/vcs/commit-strategy-selector.d.ts

@@ -2,26 +2,17 @@ import { RepoInfo } from "../shared/repo-detector.js";
 import type { ICommitStrategy } from "./types.js";
 import { GitHubAppTokenManager } from "./github-app-token-manager.js";
 import { ICommandExecutor } from "../shared/command-executor.js";
+interface GitHubAppCredentials {
+    appId: string;
+    privateKey: string;
+}
 /**
- * Checks if GitHub App credentials are configured via environment variables.
- * Both XFG_GITHUB_APP_ID and XFG_GITHUB_APP_PRIVATE_KEY must be set.
+ * Creates a GitHubAppTokenManager from credentials, or null if not provided.
  */
-export declare function hasGitHubAppCredentials(): boolean;
+export declare function createTokenManager(credentials?: GitHubAppCredentials): GitHubAppTokenManager | null;
 /**
- * Creates a GitHubAppTokenManager if credentials are configured, otherwise null.
+ * Returns GraphQLCommitStrategy for GitHub repos with App credentials (verified commits),
+ * or GitCommitStrategy for all other cases.
  */
-export declare function createTokenManager(): GitHubAppTokenManager | null;
-/**
- * Factory function to get the appropriate commit strategy for a repository.
- *
- * For GitHub repositories with GitHub App credentials (XFG_GITHUB_APP_ID and
- * XFG_GITHUB_APP_PRIVATE_KEY), returns GraphQLCommitStrategy which creates
- * verified commits via the GitHub GraphQL API.
- *
- * For all other cases (GitHub with PAT, Azure DevOps, GitLab), returns GitCommitStrategy
- * which uses standard git commands.
- *
- * @param repoInfo - Repository information
- * @param executor - Optional command executor for shell commands
- */
-export declare function getCommitStrategy(repoInfo: RepoInfo, executor?: ICommandExecutor): ICommitStrategy;
+export declare function getCommitStrategy(repoInfo: RepoInfo, executor: ICommandExecutor, hasAppCredentials?: boolean): ICommitStrategy;
+export {};

package/dist/vcs/commit-strategy-selector.js

@@ -3,36 +3,20 @@ import { GitCommitStrategy } from "./git-commit-strategy.js";
 import { GraphQLCommitStrategy } from "./graphql-commit-strategy.js";
 import { GitHubAppTokenManager } from "./github-app-token-manager.js";
 /**
- * Checks if GitHub App credentials are configured via environment variables.
- * Both XFG_GITHUB_APP_ID and XFG_GITHUB_APP_PRIVATE_KEY must be set.
+ * Creates a GitHubAppTokenManager from credentials, or null if not provided.
  */
-export function hasGitHubAppCredentials() {
-    return !!(process.env.XFG_GITHUB_APP_ID && process.env.XFG_GITHUB_APP_PRIVATE_KEY);
-}
-/**
- * Creates a GitHubAppTokenManager if credentials are configured, otherwise null.
- */
-export function createTokenManager() {
-    if (!hasGitHubAppCredentials()) {
+export function createTokenManager(credentials) {
+    if (!credentials) {
         return null;
     }
-    return new GitHubAppTokenManager(process.env.XFG_GITHUB_APP_ID, process.env.XFG_GITHUB_APP_PRIVATE_KEY);
+    return new GitHubAppTokenManager(credentials.appId, credentials.privateKey);
 }
 /**
- * Factory function to get the appropriate commit strategy for a repository.
- *
- * For GitHub repositories with GitHub App credentials (XFG_GITHUB_APP_ID and
- * XFG_GITHUB_APP_PRIVATE_KEY), returns GraphQLCommitStrategy which creates
- * verified commits via the GitHub GraphQL API.
- *
- * For all other cases (GitHub with PAT, Azure DevOps, GitLab), returns GitCommitStrategy
- * which uses standard git commands.
- *
- * @param repoInfo - Repository information
- * @param executor - Optional command executor for shell commands
+ * Returns GraphQLCommitStrategy for GitHub repos with App credentials (verified commits),
+ * or GitCommitStrategy for all other cases.
  */
-export function getCommitStrategy(repoInfo, executor) {
-    if (isGitHubRepo(repoInfo) && hasGitHubAppCredentials()) {
+export function getCommitStrategy(repoInfo, executor, hasAppCredentials) {
+    if (isGitHubRepo(repoInfo) && hasAppCredentials) {
         return new GraphQLCommitStrategy(executor);
     }
     return new GitCommitStrategy(executor);

package/dist/vcs/git-commit-strategy.d.ts

@@ -7,7 +7,7 @@ import { ICommandExecutor } from "../shared/command-executor.js";
  */
 export declare class GitCommitStrategy implements ICommitStrategy {
     private executor;
-    constructor(executor?: ICommandExecutor);
+    constructor(executor: ICommandExecutor);
     /**
      * Create a commit with the given file changes and push to remote.
      * Runs: git add -A, git commit, git push (with optional --force-with-lease)

package/dist/vcs/git-commit-strategy.js

@@ -1,4 +1,3 @@
-import { defaultExecutor, } from "../shared/command-executor.js";
 import { withRetry } from "../shared/retry-utils.js";
 import { escapeShellArg } from "../shared/shell-utils.js";
 /**
@@ -9,7 +8,7 @@ import { escapeShellArg } from "../shared/shell-utils.js";
 export class GitCommitStrategy {
     executor;
     constructor(executor) {
-        this.executor = executor ?? defaultExecutor;
+        this.executor = executor;
     }
     /**
      * Create a commit with the given file changes and push to remote.
@@ -34,7 +33,6 @@ export class GitCommitStrategy {
                 retries,
             });
         }
-        // Get the commit SHA
         const sha = await this.executor.exec("git rev-parse HEAD", workDir);
         return {
             sha: sha.trim(),

package/dist/vcs/git-ops.d.ts

@@ -1,13 +1,12 @@
 import { ICommandExecutor } from "../shared/command-executor.js";
+import type { DebugLog } from "../shared/logger.js";
 import type { ILocalGitOps } from "./types.js";
 export interface GitOpsOptions {
     workDir: string;
     dryRun?: boolean;
-    executor?: ICommandExecutor;
+    executor: ICommandExecutor;
     /** Optional logger for debug messages */
-    log?: {
-        debug(msg: string): void;
-    };
+    log?: DebugLog;
 }
 export declare class GitOps implements ILocalGitOps {
     private readonly _workDir;
@@ -54,10 +53,7 @@ export declare class GitOps implements ILocalGitOps {
      * Uses the same this.exec() pattern as other methods in this class.
      */
     getChangedFiles(): Promise<string[]>;
-    /**
-     * Check if there are staged changes ready to commit.
-     * Uses `git diff --cached --quiet` which exits with 1 if there are staged changes.
-     */
+    stageAll(): Promise<void>;
     hasStagedChanges(): Promise<boolean>;
     /**
      * Check if a file exists on a specific branch.