@aspruyt/xfg 5.3.1 → 5.5.0

package/dist/config/validator.js

@@ -124,6 +124,8 @@ function buildRootSettingsContext(config) {
             ? Object.keys(config.settings.rulesets).filter((k) => k !== "inherit")
             : [],
         hasRepoSettings: config.settings?.repo !== undefined && config.settings.repo !== false,
+        hasCodeScanningSettings: config.settings?.codeScanning !== undefined &&
+            config.settings.codeScanning !== false,
         labelNames: config.settings?.labels
             ? Object.keys(config.settings.labels).filter((k) => k !== "inherit")
             : [],
@@ -191,6 +193,58 @@ function validateSettings(settings, context, rootCtx) {
             validateRepoSettings(settings.repo, context);
         }
     }
+    if (settings.codeScanning !== undefined) {
+        if (settings.codeScanning === false) {
+            if (!rootCtx) {
+                throw new ValidationError(`${context}: codeScanning: false is not valid at root level. Define codeScanning settings or remove the field.`);
+            }
+            // Per-repo level — check root has codeScanning settings to opt out of
+            if (!rootCtx.hasCodeScanningSettings) {
+                throw new ValidationError(`${context}: Cannot opt out of code scanning settings — not defined in root settings.codeScanning`);
+            }
+        }
+        else {
+            validateCodeScanningSettings(settings.codeScanning, `${context} codeScanning`);
+        }
+    }
+}
+const VALID_CODE_SCANNING_STATES = ["configured", "not-configured"];
+const VALID_CODE_SCANNING_QUERY_SUITES = ["default", "extended"];
+const VALID_CODE_SCANNING_LANGUAGES = [
+    "actions",
+    "c-cpp",
+    "csharp",
+    "go",
+    "java-kotlin",
+    "javascript-typescript",
+    "python",
+    "ruby",
+    "swift",
+];
+function validateCodeScanningSettings(settings, context) {
+    if (!isPlainObject(settings)) {
+        throw new ValidationError(`${context}: must be an object`);
+    }
+    if (settings.state === undefined) {
+        throw new ValidationError(`${context}: state is required`);
+    }
+    if (!VALID_CODE_SCANNING_STATES.includes(settings.state)) {
+        throw new ValidationError(`${context}: state must be one of: ${VALID_CODE_SCANNING_STATES.join(", ")}`);
+    }
+    if (settings.querySuite !== undefined &&
+        !VALID_CODE_SCANNING_QUERY_SUITES.includes(settings.querySuite)) {
+        throw new ValidationError(`${context}: querySuite must be one of: ${VALID_CODE_SCANNING_QUERY_SUITES.join(", ")}`);
+    }
+    if (settings.languages !== undefined) {
+        if (!Array.isArray(settings.languages)) {
+            throw new ValidationError(`${context}: languages must be an array`);
+        }
+        for (const lang of settings.languages) {
+            if (!VALID_CODE_SCANNING_LANGUAGES.includes(lang)) {
+                throw new ValidationError(`${context}: invalid language "${lang}". Valid languages: ${VALID_CODE_SCANNING_LANGUAGES.join(", ")}`);
+            }
+        }
+    }
 }
 function validateConfigId(config) {
     if (!config.id || typeof config.id !== "string") {
@@ -362,6 +416,24 @@ function validateGroups(config) {
     // Validate no circular extends after individual validation
     validateNoCircularExtends(config.groups);
 }
+function validateGroupRefArray(arr, fieldName, ctx, groupNames) {
+    if (!Array.isArray(arr) || arr.length === 0) {
+        throw new ValidationError(`${ctx}: '${fieldName}' must be a non-empty array of strings`);
+    }
+    const seen = new Set();
+    for (const name of arr) {
+        if (typeof name !== "string") {
+            throw new ValidationError(`${ctx}: '${fieldName}' entries must be strings`);
+        }
+        if (!groupNames.includes(name)) {
+            throw new ValidationError(`${ctx}: group '${name}' in ${fieldName} is not defined in root 'groups'`);
+        }
+        if (seen.has(name)) {
+            throw new ValidationError(`${ctx}: duplicate group '${name}' in ${fieldName}`);
+        }
+        seen.add(name);
+    }
+}
 function validateConditionalGroups(config) {
     if (config.conditionalGroups === undefined)
         return;
@@ -382,40 +454,10 @@ function validateConditionalGroups(config) {
             throw new ValidationError(`${ctx}: 'when' must have at least one of 'allOf' or 'anyOf'`);
         }
         if (allOf !== undefined) {
-            if (!Array.isArray(allOf) || allOf.length === 0) {
-                throw new ValidationError(`${ctx}: 'allOf' must be a non-empty array of strings`);
-            }
-            const seen = new Set();
-            for (const name of allOf) {
-                if (typeof name !== "string") {
-                    throw new ValidationError(`${ctx}: 'allOf' entries must be strings`);
-                }
-                if (!groupNames.includes(name)) {
-                    throw new ValidationError(`${ctx}: group '${name}' in allOf is not defined in root 'groups'`);
-                }
-                if (seen.has(name)) {
-                    throw new ValidationError(`${ctx}: duplicate group '${name}' in allOf`);
-                }
-                seen.add(name);
-            }
+            validateGroupRefArray(allOf, "allOf", ctx, groupNames);
         }
         if (anyOf !== undefined) {
-            if (!Array.isArray(anyOf) || anyOf.length === 0) {
-                throw new ValidationError(`${ctx}: 'anyOf' must be a non-empty array of strings`);
-            }
-            const seen = new Set();
-            for (const name of anyOf) {
-                if (typeof name !== "string") {
-                    throw new ValidationError(`${ctx}: 'anyOf' entries must be strings`);
-                }
-                if (!groupNames.includes(name)) {
-                    throw new ValidationError(`${ctx}: group '${name}' in anyOf is not defined in root 'groups'`);
-                }
-                if (seen.has(name)) {
-                    throw new ValidationError(`${ctx}: duplicate group '${name}' in anyOf`);
-                }
-                seen.add(name);
-            }
+            validateGroupRefArray(anyOf, "anyOf", ctx, groupNames);
         }
         // Validate files
         if (entry.files) {
@@ -565,6 +607,10 @@ function validateRepoSettingsEntry(config, repo, repoLabel) {
                 group.settings.repo !== false) {
                 rootCtx.hasRepoSettings = true;
             }
+            if (group?.settings?.codeScanning !== undefined &&
+                group.settings.codeScanning !== false) {
+                rootCtx.hasCodeScanningSettings = true;
+            }
         }
     }
     if (config.conditionalGroups) {
@@ -584,6 +630,10 @@ function validateRepoSettingsEntry(config, repo, repoLabel) {
             if (cg.settings?.repo !== undefined && cg.settings.repo !== false) {
                 rootCtx.hasRepoSettings = true;
             }
+            if (cg.settings?.codeScanning !== undefined &&
+                cg.settings.codeScanning !== false) {
+                rootCtx.hasCodeScanningSettings = true;
+            }
         }
     }
     validateSettings(repo.settings, `Repo ${repoLabel}`, rootCtx);
@@ -600,6 +650,19 @@ function hasGroupFiles(config) {
         Object.values(config.groups).some((g) => g.files &&
             Object.keys(g.files).filter((k) => k !== "inherit" && g.files[k] !== false).length > 0));
 }
+function hasConditionalGroupFiles(config) {
+    return (Array.isArray(config.conditionalGroups) &&
+        config.conditionalGroups.some((cg) => cg.files &&
+            Object.keys(cg.files).filter((k) => k !== "inherit" && cg.files[k] !== false).length > 0));
+}
+function hasConditionalGroupSettings(config, predicate) {
+    return (Array.isArray(config.conditionalGroups) &&
+        config.conditionalGroups.some((cg) => cg.settings && predicate(cg.settings)));
+}
+function hasConditionalGroupPR(config) {
+    return (Array.isArray(config.conditionalGroups) &&
+        config.conditionalGroups.some((cg) => cg.prOptions && isPlainObject(cg.prOptions)));
+}
 /**
  * Validates raw config structure before normalization.
  * @throws ValidationError if validation fails
@@ -611,13 +674,9 @@ export function validateRawConfig(config) {
     const hasGrpFiles = hasGroupFiles(config);
     const hasGrpSettings = isPlainObject(config.groups) &&
         Object.values(config.groups).some((g) => g.settings && isPlainObject(g.settings));
-    const hasCondGrpFiles = Array.isArray(config.conditionalGroups) &&
-        config.conditionalGroups.some((cg) => cg.files &&
-            Object.keys(cg.files).filter((k) => k !== "inherit" && cg.files[k] !== false).length > 0);
-    const hasCondGrpSettings = Array.isArray(config.conditionalGroups) &&
-        config.conditionalGroups.some((cg) => cg.settings && isPlainObject(cg.settings));
-    const hasCondGrpPR = Array.isArray(config.conditionalGroups) &&
-        config.conditionalGroups.some((cg) => cg.prOptions && isPlainObject(cg.prOptions));
+    const hasCondGrpFiles = hasConditionalGroupFiles(config);
+    const hasCondGrpSettings = hasConditionalGroupSettings(config, isPlainObject);
+    const hasCondGrpPR = hasConditionalGroupPR(config);
     if (!hasFiles &&
         !hasSettings &&
         !hasGrpFiles &&
@@ -659,13 +718,9 @@ export function validateForSync(config) {
     const hasRepoSettings = config.repos.some((repo) => hasActionableSettings(repo.settings));
     const hasGroupSettings = isPlainObject(config.groups) &&
         Object.values(config.groups).some((g) => g.settings && hasActionableSettings(g.settings));
-    const hasCondGrpFiles = Array.isArray(config.conditionalGroups) &&
-        config.conditionalGroups.some((cg) => cg.files &&
-            Object.keys(cg.files).filter((k) => k !== "inherit" && cg.files[k] !== false).length > 0);
-    const hasCondGrpSettings = Array.isArray(config.conditionalGroups) &&
-        config.conditionalGroups.some((cg) => cg.settings && hasActionableSettings(cg.settings));
-    const hasCondGrpPR = Array.isArray(config.conditionalGroups) &&
-        config.conditionalGroups.some((cg) => cg.prOptions && isPlainObject(cg.prOptions));
+    const hasCondGrpFiles = hasConditionalGroupFiles(config);
+    const hasCondGrpSettings = hasConditionalGroupSettings(config, hasActionableSettings);
+    const hasCondGrpPR = hasConditionalGroupPR(config);
     if (!hasRootFiles &&
         !hasGrpFiles &&
         !hasSettings &&
@@ -695,5 +750,8 @@ export function hasActionableSettings(settings) {
         Object.keys(settings.labels).filter((k) => k !== "inherit").length > 0) {
         return true;
     }
+    if (settings.codeScanning && typeof settings.codeScanning === "object") {
+        return true;
+    }
     return false;
 }

package/dist/config/validators/ruleset-validator.js

@@ -1,4 +1,5 @@
 import { ValidationError } from "../../shared/errors.js";
+import { isPlainObject } from "../../shared/type-guards.js";
 /** Compile-time validates an array matches a type union, while keeping string[] runtime type for .includes() */
 function validValues(values) {
     return values;
@@ -62,6 +63,31 @@ const VALID_RULE_TYPES = validValues([
     "max_file_path_length",
     "max_file_size",
 ]);
+// Intentionally duplicated from merge.ts — validator should not depend on merge internals
+const VALID_MERGE_STRATEGIES = ["replace", "append", "prepend"];
+/**
+ * Checks if a value is an $arrayMerge directive: { $arrayMerge: strategy, $values: [...] }
+ */
+function isArrayMergeDirective(value) {
+    if (!isPlainObject(value))
+        return false;
+    const keys = Object.keys(value);
+    return (keys.length === 2 &&
+        keys.every((k) => k === "$arrayMerge" || k === "$values") &&
+        VALID_MERGE_STRATEGIES.includes(value.$arrayMerge) &&
+        Array.isArray(value.$values));
+}
+/**
+ * Extracts the $values array from a directive, or returns the value as-is if it's already an array.
+ * Returns null if value is neither an array nor a valid directive.
+ */
+function extractArrayOrDirectiveValues(value) {
+    if (Array.isArray(value))
+        return value;
+    if (isArrayMergeDirective(value))
+        return value.$values;
+    return null;
+}
 /**
  * Validates a single ruleset rule.
  */
@@ -158,11 +184,12 @@ export function validateRuleset(ruleset, name, context) {
     }
     // Validate bypassActors
     if (rs.bypassActors !== undefined) {
-        if (!Array.isArray(rs.bypassActors)) {
-            throw new ValidationError(`${context}: ruleset '${name}' bypassActors must be an array`);
+        const actors = extractArrayOrDirectiveValues(rs.bypassActors);
+        if (actors === null) {
+            throw new ValidationError(`${context}: ruleset '${name}' bypassActors must be an array or $arrayMerge directive`);
         }
-        for (let i = 0; i < rs.bypassActors.length; i++) {
-            const actor = rs.bypassActors[i];
+        for (let i = 0; i < actors.length; i++) {
+            const actor = actors[i];
             if (typeof actor !== "object" || actor === null) {
                 throw new ValidationError(`${context}: ruleset '${name}' bypassActors[${i}] must be an object`);
             }
@@ -193,25 +220,28 @@ export function validateRuleset(ruleset, name, context) {
                 Array.isArray(refName)) {
                 throw new ValidationError(`${context}: ruleset '${name}' conditions.refName must be an object`);
             }
-            if (refName.include !== undefined &&
-                (!Array.isArray(refName.include) ||
-                    !refName.include.every((s) => typeof s === "string"))) {
-                throw new ValidationError(`${context}: ruleset '${name}' conditions.refName.include must be an array of strings`);
+            if (refName.include !== undefined) {
+                const include = extractArrayOrDirectiveValues(refName.include);
+                if (include === null || !include.every((s) => typeof s === "string")) {
+                    throw new ValidationError(`${context}: ruleset '${name}' conditions.refName.include must be an array of strings or $arrayMerge directive with string $values`);
+                }
             }
-            if (refName.exclude !== undefined &&
-                (!Array.isArray(refName.exclude) ||
-                    !refName.exclude.every((s) => typeof s === "string"))) {
-                throw new ValidationError(`${context}: ruleset '${name}' conditions.refName.exclude must be an array of strings`);
+            if (refName.exclude !== undefined) {
+                const exclude = extractArrayOrDirectiveValues(refName.exclude);
+                if (exclude === null || !exclude.every((s) => typeof s === "string")) {
+                    throw new ValidationError(`${context}: ruleset '${name}' conditions.refName.exclude must be an array of strings or $arrayMerge directive with string $values`);
+                }
             }
         }
     }
     // Validate rules array
     if (rs.rules !== undefined) {
-        if (!Array.isArray(rs.rules)) {
-            throw new ValidationError(`${context}: ruleset '${name}' rules must be an array`);
+        const rules = extractArrayOrDirectiveValues(rs.rules);
+        if (rules === null) {
+            throw new ValidationError(`${context}: ruleset '${name}' rules must be an array or $arrayMerge directive`);
         }
-        for (let i = 0; i < rs.rules.length; i++) {
-            validateRule(rs.rules[i], `${context}: ruleset '${name}' rules[${i}]`);
+        for (let i = 0; i < rules.length; i++) {
+            validateRule(rules[i], `${context}: ruleset '${name}' rules[${i}]`);
         }
     }
 }

package/dist/lifecycle/ado-migration-source.d.ts

@@ -1,4 +1,4 @@
-import { ICommandExecutor } from "../shared/command-executor.js";
+import type { ICommandExecutor } from "../shared/command-executor.js";
 import { type RepoInfo } from "../shared/repo-detector.js";
 import type { IMigrationSource, LifecyclePlatform } from "./types.js";
 /**

package/dist/lifecycle/github-lifecycle-provider.d.ts

@@ -1,4 +1,4 @@
-import { ICommandExecutor } from "../shared/command-executor.js";
+import type { ICommandExecutor } from "../shared/command-executor.js";
 import { type RepoInfo } from "../shared/repo-detector.js";
 import type { DebugWarnLog } from "../shared/logger.js";
 import type { IRepoLifecycleProvider, LifecyclePlatform, CreateRepoSettings } from "./types.js";

package/dist/lifecycle/index.d.ts

@@ -1,3 +1,3 @@
 export type { IRepoLifecycleManager } from "./types.js";
 export { RepoLifecycleManager } from "./repo-lifecycle-manager.js";
-export { runLifecycleCheck, toCreateRepoSettings, } from "./lifecycle-helpers.js";
+export { runLifecycleCheck, toCreateRepoSettings, type LifecycleCheckResult, } from "./lifecycle-helpers.js";

package/dist/lifecycle/lifecycle-helpers.d.ts

@@ -20,9 +20,10 @@ interface LifecycleCheckOptions {
  * Extracts only the fields relevant for repo creation.
  */
 export declare function toCreateRepoSettings(repo: GitHubRepoSettings | undefined): CreateRepoSettings | undefined;
-interface LifecycleCheckResult {
+export interface LifecycleCheckResult {
     lifecycleResult: LifecycleResult;
     outputLines: string[];
+    createSettings: CreateRepoSettings | undefined;
 }
 /**
  * Run lifecycle check for a single repo.

package/dist/lifecycle/lifecycle-helpers.js

@@ -45,5 +45,5 @@ export async function runLifecycleCheck(repoConfig, repoInfo, options) {
             }
             : undefined,
     });
-    return { lifecycleResult, outputLines };
+    return { lifecycleResult, outputLines, createSettings };
 }

package/dist/lifecycle/repo-lifecycle-factory.d.ts

@@ -1,4 +1,4 @@
-import { ICommandExecutor } from "../shared/command-executor.js";
+import type { ICommandExecutor } from "../shared/command-executor.js";
 import type { DebugWarnLog } from "../shared/logger.js";
 import type { IRepoLifecycleFactory, IRepoLifecycleProvider, IMigrationSource, LifecyclePlatform } from "./types.js";
 export declare class RepoLifecycleFactory implements IRepoLifecycleFactory {

package/dist/lifecycle/repo-lifecycle-manager.js

@@ -1,7 +1,7 @@
 import { join } from "node:path";
 import { rm } from "node:fs/promises";
 import { parseGitUrl } from "../shared/repo-detector.js";
-import { safeCleanup } from "../shared/type-guards.js";
+import { safeCleanup } from "../shared/cleanup-utils.js";
 import { LifecycleError } from "../shared/errors.js";
 import { NO_OP_DEBUG_LOG } from "../shared/logger.js";
 import { RepoLifecycleFactory } from "./repo-lifecycle-factory.js";

package/dist/output/types.d.ts

@@ -1,3 +1,4 @@
+import type { MergeMode } from "../config/index.js";
 import type { FileChangeDetail } from "../sync/index.js";
 export type ReportFileChange = FileChangeDetail;
 export interface SyncReport {
@@ -14,6 +15,6 @@ export interface RepoFileChanges {
     repoName: string;
     files: ReportFileChange[];
     prUrl?: string;
-    mergeOutcome?: "manual" | "auto" | "force" | "direct";
+    mergeOutcome?: MergeMode;
     error?: string;
 }

package/dist/settings/code-scanning/diff.d.ts

@@ -0,0 +1,19 @@
+import type { CodeScanningSettings } from "../../config/index.js";
+import type { CurrentCodeScanningSettings } from "./types.js";
+import type { SettingsAction } from "../base-processor.js";
+export interface CodeScanningChange {
+    property: "state" | "querySuite" | "languages";
+    action: SettingsAction;
+    oldValue?: unknown;
+    newValue?: unknown;
+}
+/**
+ * Compares current code scanning default setup with desired settings.
+ * Only compares properties that are explicitly set in desired.
+ * Languages are compared as sorted arrays (order doesn't matter).
+ */
+export declare function diffCodeScanning(current: CurrentCodeScanningSettings, desired: CodeScanningSettings): CodeScanningChange[];
+/**
+ * Checks if there are any actual changes to apply.
+ */
+export declare function hasCodeScanningChanges(changes: CodeScanningChange[]): boolean;

package/dist/settings/code-scanning/diff.js

@@ -0,0 +1,75 @@
+/**
+ * Compares current code scanning default setup with desired settings.
+ * Only compares properties that are explicitly set in desired.
+ * Languages are compared as sorted arrays (order doesn't matter).
+ */
+export function diffCodeScanning(current, desired) {
+    const changes = [];
+    // state is always compared (required field)
+    if (current.state !== desired.state) {
+        changes.push({
+            property: "state",
+            action: current.state === undefined ? "create" : "update",
+            oldValue: current.state,
+            newValue: desired.state,
+        });
+    }
+    else {
+        changes.push({
+            property: "state",
+            action: "unchanged",
+            oldValue: current.state,
+            newValue: desired.state,
+        });
+    }
+    // querySuite: only diff if specified in desired
+    if (desired.querySuite !== undefined) {
+        const currentQS = current.query_suite;
+        if (currentQS !== desired.querySuite) {
+            changes.push({
+                property: "querySuite",
+                action: currentQS === undefined ? "create" : "update",
+                oldValue: currentQS,
+                newValue: desired.querySuite,
+            });
+        }
+        else {
+            changes.push({
+                property: "querySuite",
+                action: "unchanged",
+                oldValue: currentQS,
+                newValue: desired.querySuite,
+            });
+        }
+    }
+    // languages: only diff if specified in desired (sorted comparison)
+    if (desired.languages !== undefined) {
+        const currentLangs = [...(current.languages ?? [])].sort();
+        const desiredLangs = [...desired.languages].sort();
+        const langsMatch = currentLangs.length === desiredLangs.length &&
+            currentLangs.every((lang, i) => lang === desiredLangs[i]);
+        if (!langsMatch) {
+            changes.push({
+                property: "languages",
+                action: current.languages === undefined ? "create" : "update",
+                oldValue: current.languages,
+                newValue: desired.languages,
+            });
+        }
+        else {
+            changes.push({
+                property: "languages",
+                action: "unchanged",
+                oldValue: current.languages,
+                newValue: desired.languages,
+            });
+        }
+    }
+    return changes;
+}
+/**
+ * Checks if there are any actual changes to apply.
+ */
+export function hasCodeScanningChanges(changes) {
+    return changes.some((c) => c.action !== "unchanged");
+}

package/dist/settings/code-scanning/formatter.d.ts

@@ -0,0 +1,17 @@
+import type { CodeScanningChange } from "./diff.js";
+export interface CodeScanningPlanEntry {
+    property: string;
+    action: "create" | "update";
+    oldValue?: unknown;
+    newValue?: unknown;
+}
+export interface CodeScanningPlanResult {
+    lines: string[];
+    creates: number;
+    updates: number;
+    entries: CodeScanningPlanEntry[];
+}
+/**
+ * Formats code scanning changes as Terraform-style plan output.
+ */
+export declare function formatCodeScanningPlan(changes: CodeScanningChange[]): CodeScanningPlanResult;

package/dist/settings/code-scanning/formatter.js

@@ -0,0 +1,37 @@
+import chalk from "chalk";
+import { formatScalarValue } from "../../shared/string-utils.js";
+import { countActions } from "../base-processor.js";
+function formatValue(val) {
+    if (Array.isArray(val)) {
+        return `[${val.join(", ")}]`;
+    }
+    return formatScalarValue(val) ?? String(val);
+}
+/**
+ * Formats code scanning changes as Terraform-style plan output.
+ */
+export function formatCodeScanningPlan(changes) {
+    const lines = [];
+    const entries = [];
+    const { create: creates, update: updates } = countActions(changes);
+    for (const change of changes) {
+        if (change.action === "create") {
+            lines.push(chalk.green(`    + ${change.property}: ${formatValue(change.newValue)}`));
+            entries.push({
+                property: change.property,
+                action: "create",
+                newValue: change.newValue,
+            });
+        }
+        else if (change.action === "update") {
+            lines.push(chalk.yellow(`    ~ ${change.property}: ${formatValue(change.oldValue)} → ${formatValue(change.newValue)}`));
+            entries.push({
+                property: change.property,
+                action: "update",
+                oldValue: change.oldValue,
+                newValue: change.newValue,
+            });
+        }
+    }
+    return { lines, creates, updates, entries };
+}

package/dist/settings/code-scanning/github-code-scanning-strategy.d.ts

@@ -0,0 +1,19 @@
+import type { ICommandExecutor } from "../../shared/command-executor.js";
+import { type RepoInfo } from "../../shared/repo-detector.js";
+import { type GhApiOptions } from "../../shared/gh-api-utils.js";
+import type { ICodeScanningStrategy, CurrentCodeScanningSettings } from "./types.js";
+interface GitHubCodeScanningStrategyOptions {
+    retries?: number;
+    cwd: string;
+}
+export declare class GitHubCodeScanningStrategy implements ICodeScanningStrategy {
+    private api;
+    constructor(executor: ICommandExecutor, options: GitHubCodeScanningStrategyOptions);
+    getDefaultSetup(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentCodeScanningSettings>;
+    updateDefaultSetup(repoInfo: RepoInfo, settings: {
+        state: string;
+        query_suite?: string;
+        languages?: string[];
+    }, options?: GhApiOptions): Promise<void>;
+}
+export {};

package/dist/settings/code-scanning/github-code-scanning-strategy.js

@@ -0,0 +1,20 @@
+import { assertGitHubRepo } from "../../shared/repo-detector.js";
+import { GhApiClient } from "../../shared/gh-api-utils.js";
+import { parseApiJson } from "../../shared/json-utils.js";
+export class GitHubCodeScanningStrategy {
+    api;
+    constructor(executor, options) {
+        this.api = new GhApiClient(executor, options.retries ?? 3, options.cwd);
+    }
+    async getDefaultSetup(repoInfo, options) {
+        assertGitHubRepo(repoInfo, "GitHub Code Scanning strategy");
+        const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/code-scanning/default-setup`;
+        const result = await this.api.call("GET", endpoint, { options });
+        return parseApiJson(result, "code scanning default setup response");
+    }
+    async updateDefaultSetup(repoInfo, settings, options) {
+        assertGitHubRepo(repoInfo, "GitHub Code Scanning strategy");
+        const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/code-scanning/default-setup`;
+        await this.api.call("PATCH", endpoint, { payload: settings, options });
+    }
+}

package/dist/settings/code-scanning/index.d.ts

@@ -0,0 +1,3 @@
+export { type CodeScanningPlanEntry } from "./formatter.js";
+export { CodeScanningProcessor, type ICodeScanningProcessor, } from "./processor.js";
+export { GitHubCodeScanningStrategy } from "./github-code-scanning-strategy.js";

package/dist/settings/code-scanning/index.js

@@ -0,0 +1,4 @@
+// Processor
+export { CodeScanningProcessor, } from "./processor.js";
+// Strategy
+export { GitHubCodeScanningStrategy } from "./github-code-scanning-strategy.js";

package/dist/settings/code-scanning/processor.d.ts

@@ -0,0 +1,20 @@
+import type { RepoConfig } from "../../config/index.js";
+import type { RepoInfo } from "../../shared/repo-detector.js";
+import type { ICodeScanningStrategy } from "./types.js";
+import type { IRepoMetadataProvider } from "../../shared/repo-metadata-provider.js";
+import { type CodeScanningPlanResult } from "./formatter.js";
+import { type BaseProcessorOptions, type BaseProcessorResult, type ISettingsProcessor, type ChangeCounts } from "../base-processor.js";
+export type ICodeScanningProcessor = ISettingsProcessor<CodeScanningProcessorOptions, CodeScanningProcessorResult>;
+export type CodeScanningProcessorOptions = BaseProcessorOptions;
+export interface CodeScanningProcessorResult extends BaseProcessorResult {
+    changes?: ChangeCounts;
+    planOutput?: CodeScanningPlanResult;
+}
+export declare class CodeScanningProcessor implements ICodeScanningProcessor {
+    private readonly strategy;
+    private readonly metadataProvider;
+    constructor(strategy: ICodeScanningStrategy, metadataProvider: IRepoMetadataProvider);
+    process(repoConfig: RepoConfig, repoInfo: RepoInfo, options: CodeScanningProcessorOptions): Promise<CodeScanningProcessorResult>;
+    private applySettings;
+    private validateGHAS;
+}