@aspruyt/xfg 6.0.0 → 6.0.1

package/dist/vcs/git-ops.js

@@ -4,18 +4,18 @@ import { escapeShellArg } from "../shared/shell-utils.js";
 import { toErrorMessage } from "../shared/type-guards.js";
 import { ValidationError, SyncError } from "../shared/errors.js";
 export class GitOps {
-    _workDir;
+    workDir;
     dryRun;
-    _executor;
+    executor;
     log;
     constructor(options) {
-        this._workDir = options.workDir;
+        this.workDir = options.workDir;
         this.dryRun = options.dryRun ?? false;
-        this._executor = options.executor;
+        this.executor = options.executor;
         this.log = options.log;
     }
     exec(command, cwd) {
-        return this._executor.exec(command, cwd ?? this._workDir);
+        return this.executor.exec(command, cwd ?? this.workDir);
     }
     /**
      * Validates that a file path doesn't escape the workspace directory.
@@ -23,9 +23,9 @@ export class GitOps {
      * @throws ValidationError if path traversal is detected
      */
     validatePath(fileName) {
-        const filePath = join(this._workDir, fileName);
+        const filePath = join(this.workDir, fileName);
         const resolvedPath = resolve(filePath);
-        const resolvedWorkDir = resolve(this._workDir);
+        const resolvedWorkDir = resolve(this.workDir);
         const relativePath = relative(resolvedWorkDir, resolvedPath);
         if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
             throw new ValidationError(`Path traversal detected: ${fileName}`);
@@ -34,13 +34,13 @@ export class GitOps {
     }
     cleanWorkspace() {
         try {
-            if (existsSync(this._workDir)) {
-                rmSync(this._workDir, { recursive: true, force: true });
+            if (existsSync(this.workDir)) {
+                rmSync(this.workDir, { recursive: true, force: true });
             }
-            mkdirSync(this._workDir, { recursive: true });
+            mkdirSync(this.workDir, { recursive: true });
         }
         catch (error) {
-            throw new SyncError(`Failed to clean workspace '${this._workDir}': ${toErrorMessage(error)}`);
+            throw new SyncError(`Failed to clean workspace '${this.workDir}': ${toErrorMessage(error)}`);
         }
     }
     /**
@@ -50,7 +50,7 @@ export class GitOps {
      */
     async createBranch(branchName) {
         try {
-            await this.exec(`git checkout -b ${escapeShellArg(branchName)}`, this._workDir);
+            await this.exec(`git checkout -b ${escapeShellArg(branchName)}`, this.workDir);
         }
         catch (error) {
             const message = toErrorMessage(error);
@@ -89,8 +89,41 @@ export class GitOps {
             throw new SyncError(`Failed to set executable permissions on '${fileName}': ${toErrorMessage(error)}`);
         }
         // Also update git's index so the executable bit is committed
-        const relativePath = relative(this._workDir, filePath);
-        await this.exec(`git update-index --add --chmod=+x ${escapeShellArg(relativePath)}`, this._workDir);
+        const relativePath = relative(this.workDir, filePath);
+        await this.exec(`git update-index --add --chmod=+x ${escapeShellArg(relativePath)}`, this.workDir);
+    }
+    /**
+     * Clears the executable bit on a file both on the filesystem and in git's index.
+     * Symmetric inverse of setExecutable.
+     * @param fileName - The file path relative to the work directory
+     */
+    async clearExecutable(fileName) {
+        if (this.dryRun)
+            return;
+        const filePath = this.validatePath(fileName);
+        try {
+            chmodSync(filePath, 0o644);
+        }
+        catch (error) {
+            throw new SyncError(`Failed to clear executable permissions on '${fileName}': ${toErrorMessage(error)}`);
+        }
+        await this.exec(`git update-index --chmod=-x -- ${escapeShellArg(fileName)}`, this.workDir);
+    }
+    /**
+     * Returns the git index mode for a tracked file ("100755" or "100644"),
+     * or null if the file is not tracked.
+     * @param fileName - The file path relative to the work directory
+     */
+    async getFileMode(fileName) {
+        this.validatePath(fileName);
+        const output = await this.exec(`git ls-files -s -- ${escapeShellArg(fileName)}`, this.workDir);
+        const line = output.trim();
+        if (!line)
+            return null;
+        const mode = line.split(/\s+/, 1)[0];
+        if (mode === "100755" || mode === "100644")
+            return mode;
+        return null;
     }
     /**
      * Get the content of a file in the workspace.
@@ -138,7 +171,7 @@ export class GitOps {
         }
     }
     async hasChanges() {
-        const status = await this.exec("git status --porcelain", this._workDir);
+        const status = await this.exec("git status --porcelain", this.workDir);
         return status.length > 0;
     }
     /**
@@ -146,7 +179,7 @@ export class GitOps {
      * Returns relative file paths for files that are modified, added, or untracked.
      */
     async getChangedFiles() {
-        const status = await this.exec("git status --porcelain", this._workDir);
+        const status = await this.exec("git status --porcelain", this.workDir);
         if (!status)
             return [];
         return status
@@ -155,10 +188,10 @@ export class GitOps {
             .map((line) => line.slice(3)); // Remove status prefix (e.g., " M ", "?? ", "A  ")
     }
     async stageAll() {
-        await this.exec("git add -A", this._workDir);
+        await this.exec("git add -A", this.workDir);
     }
     async hasStagedChanges() {
-        const diff = await this.exec("git diff --cached --name-only", this._workDir);
+        const diff = await this.exec("git diff --cached --name-only", this.workDir);
         return diff.length > 0;
     }
     /**
@@ -167,7 +200,7 @@ export class GitOps {
      */
     async fileExistsOnBranch(fileName, branch) {
         try {
-            await this.exec(`git show ${escapeShellArg(branch)}:${escapeShellArg(fileName)}`, this._workDir);
+            await this.exec(`git show ${escapeShellArg(branch)}:${escapeShellArg(fileName)}`, this.workDir);
             return true;
         }
         catch (error) {
@@ -209,19 +242,19 @@ export class GitOps {
     /**
      * Stage all changes and commit with the given message.
      * Uses --no-verify to skip pre-commit hooks (config sync should always succeed).
-     * @returns true if a commit was made (or would be made in dry-run mode), false if there were no staged changes
+     * @returns true if a commit was made, or false if there were no staged changes. In dry-run mode, always returns true without inspecting the working tree.
      */
     async commit(message) {
         if (this.dryRun) {
             return true;
         }
-        await this.exec("git add -A", this._workDir);
+        await this.exec("git add -A", this.workDir);
         // Check if there are actually staged changes after git add
         if (!(await this.hasStagedChanges())) {
             return false; // No changes to commit
         }
         // Use --no-verify to skip pre-commit hooks
-        await this.exec(`git commit --no-verify -m ${escapeShellArg(message)}`, this._workDir);
+        await this.exec(`git commit --no-verify -m ${escapeShellArg(message)}`, this.workDir);
         return true;
     }
     /**
@@ -230,7 +263,7 @@ export class GitOps {
      */
     async getDefaultBranchLocal() {
         try {
-            await this.exec("git rev-parse --verify origin/main", this._workDir);
+            await this.exec("git rev-parse --verify origin/main", this.workDir);
             return { branch: "main", method: "origin/main exists" };
         }
         catch (error) {
@@ -238,7 +271,7 @@ export class GitOps {
             this.log?.debug(`origin/main check failed - ${msg}`);
         }
         try {
-            await this.exec("git rev-parse --verify origin/master", this._workDir);
+            await this.exec("git rev-parse --verify origin/master", this.workDir);
             return { branch: "master", method: "origin/master exists" };
         }
         catch (error) {

package/dist/vcs/github-app-token-manager.d.ts

@@ -1,4 +1,4 @@
-import type { GitHubRepoInfo } from "../shared/repo-detector.js";
+import type { GitHubRepoInfo } from "../repo/index.js";
 /**
  * Manages GitHub App authentication tokens for multiple organizations.
  * Handles JWT generation, installation discovery, and token caching.

package/dist/vcs/github-pr-strategy.d.ts

@@ -2,7 +2,7 @@ import type { PRResult } from "./types.js";
 import { BasePRStrategy } from "./pr-strategy.js";
 import type { PRStrategyOptions, CloseExistingPROptions, MergeOptions, MergeResult } from "./types.js";
 export declare class GitHubPRStrategy extends BasePRStrategy {
-    checkExistingPR(options: CloseExistingPROptions): Promise<string | null>;
+    findExistingPRUrl(options: CloseExistingPROptions): Promise<string | null>;
     closeExistingPR(options: CloseExistingPROptions): Promise<boolean>;
     create(options: PRStrategyOptions): Promise<PRResult>;
     /**

package/dist/vcs/github-pr-strategy.js

@@ -1,10 +1,10 @@
 import { existsSync, writeFileSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
 import { escapeShellArg, escapeRegExp } from "../shared/shell-utils.js";
-import { assertGitHubRepo, } from "../shared/repo-detector.js";
+import { assertGitHubRepo } from "../repo/index.js";
 import { BasePRStrategy } from "./pr-strategy.js";
 import { withRetry, isPermanentError } from "../shared/retry-utils.js";
-import { sanitizeCredentials } from "../shared/sanitize-utils.js";
+import { sanitizeCredentials } from "./sanitize-utils.js";
 import { toErrorMessage } from "../shared/type-guards.js";
 import { safeCleanup } from "../shared/cleanup-utils.js";
 import { NO_OP_DEBUG_LOG } from "../shared/logger.js";
@@ -26,7 +26,7 @@ function buildPRUrlRegex(host) {
     return new RegExp(`https://${escapedHost}/[\\w-]+/[\\w.-]+/pull/\\d+`);
 }
 export class GitHubPRStrategy extends BasePRStrategy {
-    async checkExistingPR(options) {
+    async findExistingPRUrl(options) {
         const { repoInfo, branchName, workDir, retries = 3, token } = options;
         assertGitHubRepo(repoInfo, "GitHub PR strategy");
         const repoFlag = getRepoFlag(repoInfo);
@@ -51,7 +51,7 @@ export class GitHubPRStrategy extends BasePRStrategy {
         const { repoInfo, branchName, baseBranch, workDir, retries = 3, token, } = options;
         assertGitHubRepo(repoInfo, "GitHub PR strategy");
         // First check if there's an existing PR (pass token through)
-        const existingUrl = await this.checkExistingPR({
+        const existingUrl = await this.findExistingPRUrl({
             repoInfo,
             branchName,
             baseBranch,

package/dist/vcs/gitlab-pr-strategy.d.ts

@@ -22,7 +22,7 @@ export declare class GitLabPRStrategy extends BasePRStrategy {
      * Build merge strategy flags for glab mr merge command.
      */
     private getMergeStrategyFlag;
-    checkExistingPR(options: CloseExistingPROptions): Promise<string | null>;
+    findExistingPRUrl(options: CloseExistingPROptions): Promise<string | null>;
     closeExistingPR(options: CloseExistingPROptions): Promise<boolean>;
     create(options: PRStrategyOptions): Promise<PRResult>;
     merge(options: MergeOptions): Promise<MergeResult>;

package/dist/vcs/gitlab-pr-strategy.js

@@ -1,12 +1,12 @@
 import { existsSync, writeFileSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
 import { escapeShellArg } from "../shared/shell-utils.js";
-import { assertGitLabRepo, } from "../shared/repo-detector.js";
+import { assertGitLabRepo } from "../repo/index.js";
 import { BasePRStrategy } from "./pr-strategy.js";
 import { withRetry, isPermanentError } from "../shared/retry-utils.js";
 import { getStderr, } from "../shared/command-executor.js";
 import { parseApiJson } from "../shared/json-utils.js";
-import { sanitizeCredentials } from "../shared/sanitize-utils.js";
+import { sanitizeCredentials } from "./sanitize-utils.js";
 import { toErrorMessage } from "../shared/type-guards.js";
 import { safeCleanup } from "../shared/cleanup-utils.js";
 import { NO_OP_DEBUG_LOG } from "../shared/logger.js";
@@ -65,7 +65,7 @@ export class GitLabPRStrategy extends BasePRStrategy {
                 return "";
         }
     }
-    async checkExistingPR(options) {
+    async findExistingPRUrl(options) {
         const { repoInfo, branchName, workDir, retries = 3 } = options;
         assertGitLabRepo(repoInfo, "GitLab PR strategy");
         const repoFlag = this.getRepoFlag(repoInfo);
@@ -98,7 +98,7 @@ export class GitLabPRStrategy extends BasePRStrategy {
         const { repoInfo, branchName, baseBranch, workDir, retries = 3 } = options;
         assertGitLabRepo(repoInfo, "GitLab PR strategy");
         // First check if there's an existing MR
-        const existingUrl = await this.checkExistingPR({
+        const existingUrl = await this.findExistingPRUrl({
             repoInfo,
             branchName,
             baseBranch,

package/dist/vcs/graphql-commit-strategy.js

@@ -1,4 +1,4 @@
-import { isGitHubRepo } from "../shared/repo-detector.js";
+import { isGitHubRepo } from "../repo/index.js";
 import { escapeShellArg } from "../shared/shell-utils.js";
 import { withRetry, CORE_PERMANENT_ERROR_PATTERNS, DEFAULT_PERMANENT_ERROR_PATTERNS, } from "../shared/retry-utils.js";
 import { toErrorMessage } from "../shared/type-guards.js";
@@ -79,8 +79,13 @@ export class GraphQLCommitStrategy {
             throw new ValidationError(`GraphQL commit strategy requires GitHub repositories. Got: ${repoInfo.type}`);
         }
         validateSafeBranchName(branchName);
-        const additions = fileChanges.filter((fc) => fc.content !== null);
-        const deletions = fileChanges.filter((fc) => fc.content === null);
+        const contentFileChanges = fileChanges.filter((fc) => !fc.modeOnly);
+        const additions = contentFileChanges.filter((fc) => fc.content !== null);
+        const deletions = contentFileChanges.filter((fc) => fc.content === null);
+        if (additions.length === 0 && deletions.length === 0) {
+            throw new GraphQLApiError("GraphQLCommitStrategy: no content changes to commit. " +
+                "This strategy should not be invoked when all file changes are modeOnly.");
+        }
         // Base64 encoding adds ~33% overhead to raw content size
         const totalSize = additions.reduce((sum, fc) => {
             const base64Size = Math.ceil((fc.content.length * 4) / 3);

package/dist/vcs/index.d.ts

@@ -1,4 +1,4 @@
-export type { PRMergeConfig, FileChange, FileAction, IGitOps, ILocalGitOps, IPRStrategy, GitAuthOptions, PRResult, ICommitStrategy, } from "./types.js";
+export type { PRMergeConfig, FileChange, FileAction, FileActionKind, IGitOps, ILocalGitOps, IPRStrategy, GitAuthOptions, PRResult, ICommitStrategy, } from "./types.js";
 export type { GitOpsOptions } from "./git-ops.js";
 export { createCommitStrategy, createTokenManager, } from "./commit-strategy-selector.js";
 export { FileModeFixupCommitStrategy } from "./file-mode-fixup-commit-strategy.js";

package/dist/vcs/pr-creator.d.ts

@@ -1,4 +1,4 @@
-import type { RepoInfo } from "../shared/repo-detector.js";
+import type { RepoInfo } from "../repo/index.js";
 import type { IPRStrategyLogger } from "./pr-strategy.js";
 import type { FileAction, IPRStrategy, MergeResult, PRMergeConfig, PRResult } from "./types.js";
 import type { ICommandExecutor } from "../shared/command-executor.js";

package/dist/vcs/pr-strategy-factory.d.ts

@@ -1,4 +1,4 @@
-import { type RepoInfo } from "../shared/repo-detector.js";
+import { type RepoInfo } from "../repo/index.js";
 import type { IPRStrategy } from "./types.js";
 import type { ICommandExecutor } from "../shared/command-executor.js";
 import type { IPRStrategyLogger } from "./pr-strategy.js";

package/dist/vcs/pr-strategy-factory.js

@@ -1,14 +1,14 @@
-import { isGitHubRepo, isAzureDevOpsRepo, isGitLabRepo, } from "../shared/repo-detector.js";
+import { isGitHubRepo, isAzureDevOpsRepo, isGitLabRepo, } from "../repo/index.js";
 import { SyncError } from "../shared/errors.js";
 import { GitHubPRStrategy } from "./github-pr-strategy.js";
-import { AzurePRStrategy } from "./azure-pr-strategy.js";
+import { AdoPRStrategy } from "./ado-pr-strategy.js";
 import { GitLabPRStrategy } from "./gitlab-pr-strategy.js";
 export function createPRStrategy(repoInfo, executor, log) {
     if (isGitHubRepo(repoInfo)) {
         return new GitHubPRStrategy(executor, log);
     }
     if (isAzureDevOpsRepo(repoInfo)) {
-        return new AzurePRStrategy(executor, log);
+        return new AdoPRStrategy(executor, log);
     }
     if (isGitLabRepo(repoInfo)) {
         return new GitLabPRStrategy(executor, log);

package/dist/vcs/pr-strategy.d.ts

@@ -12,7 +12,7 @@ export declare abstract class BasePRStrategy implements IPRStrategy {
     protected executor: ICommandExecutor;
     protected log?: IPRStrategyLogger;
     constructor(executor: ICommandExecutor, log?: IPRStrategyLogger);
-    abstract checkExistingPR(options: CloseExistingPROptions): Promise<string | null>;
+    abstract findExistingPRUrl(options: CloseExistingPROptions): Promise<string | null>;
     abstract closeExistingPR(options: CloseExistingPROptions): Promise<boolean>;
     abstract create(options: PRStrategyOptions): Promise<PRResult>;
     abstract merge(options: MergeOptions): Promise<MergeResult>;

package/dist/vcs/pr-strategy.js

@@ -30,7 +30,7 @@ export class PRWorkflowExecutor {
     }
     async execute(options) {
         try {
-            const existingUrl = await this.strategy.checkExistingPR(options);
+            const existingUrl = await this.strategy.findExistingPRUrl(options);
             if (existingUrl) {
                 return {
                     url: existingUrl,

package/dist/vcs/types.d.ts

@@ -1,4 +1,4 @@
-import type { RepoInfo } from "../shared/repo-detector.js";
+import type { RepoInfo } from "../repo/index.js";
 import type { MergeMode, MergeStrategy } from "../config/index.js";
 export interface GitAuthOptions {
     token: string;
@@ -16,6 +16,8 @@ export interface ILocalGitOps {
     createBranch(branchName: string): Promise<void>;
     writeFile(fileName: string, content: string): void;
     setExecutable(fileName: string): Promise<void>;
+    clearExecutable(fileName: string): Promise<void>;
+    getFileMode(fileName: string): Promise<"100755" | "100644" | null>;
     getFileContent(fileName: string): string | null;
     wouldChange(fileName: string, content: string): boolean;
     hasChanges(): Promise<boolean>;
@@ -109,7 +111,7 @@ export interface CloseExistingPROptions {
 }
 /**
  * Interface for PR creation strategies (platform-specific implementations).
- * Strategies focus on platform-specific logic (checkExistingPR, create, merge).
+ * Strategies focus on platform-specific logic (findExistingPRUrl, create, merge).
  * Use PRWorkflowExecutor for full workflow orchestration with error handling.
  *
  * Error contract: create() and merge() may throw on infrastructure failures
@@ -122,7 +124,7 @@ export interface IPRStrategy {
      * Check if a PR already exists for the given branch.
      * @returns PR URL if exists, null if not found or on error
      */
-    checkExistingPR(options: CloseExistingPROptions): Promise<string | null>;
+    findExistingPRUrl(options: CloseExistingPROptions): Promise<string | null>;
     /**
      * Close an existing PR and delete its branch.
      * @returns true if PR was closed, false if no PR existed
@@ -143,16 +145,21 @@ export interface FileAction {
     fileName: string;
     action: "create" | "update" | "skip" | "delete";
 }
+export type FileActionKind = FileAction["action"];
 export interface FileChange {
     path: string;
     content: string | null;
     /** Git file mode. Only set for executable files ("100755"). "100644" is included
      *  in the union for type completeness — non-executable files omit this field. */
     mode?: "100755" | "100644";
+    /** True when this entry represents a mode change only (no content diff).
+     *  GraphQL strategies should skip these; FileModeFixupCommitStrategy handles them. */
+    modeOnly?: true;
 }
 export interface CommitOptions {
     repoInfo: RepoInfo;
     branchName: string;
+    baseBranch?: string;
     message: string;
     fileChanges: FileChange[];
     workDir: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aspruyt/xfg",
-  "version": "6.0.0",
+  "version": "6.0.1",
   "description": "Manage files, settings, and repositories across GitHub, Azure DevOps, and GitLab — declaratively, from a single YAML config",
   "type": "module",
   "main": "dist/index.js",
@@ -29,7 +29,7 @@
     "url": "https://github.com/anthony-spruyt/xfg/issues"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=20"
   },
   "scripts": {
     "build": "tsc",