@aspruyt/xfg 6.1.0 → 6.2.0

package/dist/output/sync-report.d.ts

@@ -1,6 +1,28 @@
-import type { SyncReport, RepoFileChanges, ReportFileChange } from "./types.js";
-export type { SyncReport, RepoFileChanges, ReportFileChange };
+import type { MergeMode } from "../config/index.js";
+import type { ActiveAction } from "../settings/index.js";
+export interface ReportFileChange {
+    path: string;
+    action: ActiveAction;
+    diffLines?: string[];
+}
+export interface SyncReport {
+    repos: RepoFileChanges[];
+    totals: {
+        files: {
+            create: number;
+            update: number;
+            delete: number;
+        };
+    };
+}
+export interface RepoFileChanges {
+    repoName: string;
+    files: ReportFileChange[];
+    prUrl?: string;
+    mergeOutcome?: MergeMode;
+    error?: string;
+}
 export declare function formatSyncReportCLI(report: SyncReport): string[];
 export declare function formatSyncReportMarkdown(report: SyncReport, dryRun: boolean): string;
-export declare function renderSyncLines(syncRepo: RepoFileChanges, diffLines: string[]): void;
+export declare function renderSyncLines(syncRepo: RepoFileChanges): string[];
 export declare function writeSyncReportSummary(report: SyncReport, dryRun: boolean, summaryPath: string | undefined): void;

package/dist/output/sync-report.js

@@ -1,7 +1,7 @@
 import chalk from "chalk";
 import { writeGitHubStepSummary } from "./github-summary.js";
 import { formatCountEntry } from "./settings-report.js";
-import { formatDiffLine } from "../sync/index.js";
+import { formatDiffLine } from "../shared/diff-format.js";
 function formatSyncSummary(totals) {
     const entry = formatCountEntry("file", "files", [
         { label: "to create", value: totals.files.create },
@@ -65,8 +65,7 @@ export function formatSyncReportMarkdown(report, dryRun) {
         }
         lines.push(`### ${repo.repoName}`);
         lines.push("");
-        const diffLines = [];
-        renderSyncLines(repo, diffLines);
+        const diffLines = renderSyncLines(repo);
         if (diffLines.length > 0) {
             lines.push("```diff");
             lines.push(...diffLines);
@@ -78,28 +77,29 @@ export function formatSyncReportMarkdown(report, dryRun) {
     lines.push(`**${formatSyncSummary(report.totals)}**`);
     return lines.join("\n");
 }
-export function renderSyncLines(syncRepo, diffLines) {
+export function renderSyncLines(syncRepo) {
+    const lines = [];
     for (let i = 0; i < syncRepo.files.length; i++) {
         const file = syncRepo.files[i];
-        // Blank line between files for readability
         if (i > 0)
-            diffLines.push("");
+            lines.push("");
         if (file.action === "create") {
-            diffLines.push(`+ ${file.path}`);
+            lines.push(`+ ${file.path}`);
         }
         else if (file.action === "update") {
-            diffLines.push(`! ${file.path}`);
+            lines.push(`! ${file.path}`);
         }
         else if (file.action === "delete") {
-            diffLines.push(`- ${file.path}`);
+            lines.push(`- ${file.path}`);
         }
         if (file.diffLines) {
-            diffLines.push(...file.diffLines);
+            lines.push(...file.diffLines);
         }
     }
     if (syncRepo.error) {
-        diffLines.push(`- Error: ${syncRepo.error}`);
+        lines.push(`- Error: ${syncRepo.error}`);
     }
+    return lines;
 }
 export function writeSyncReportSummary(report, dryRun, summaryPath) {
     const markdown = formatSyncReportMarkdown(report, dryRun);

package/dist/settings/base-processor.d.ts

@@ -33,11 +33,8 @@ interface SettingsGuards<TOptions extends BaseProcessorOptions, TResult extends
  * empty settings check, token resolution, and error wrapping.
  */
 export declare function withGitHubGuards<TOptions extends BaseProcessorOptions, TResult extends BaseProcessorResult>(repoConfig: RepoConfig, repoInfo: RepoInfo, options: TOptions, guards: SettingsGuards<TOptions, TResult>): Promise<TResult>;
-/** Common action literals shared by all settings processors. */
 export type SettingsAction = "create" | "update" | "delete" | "unchanged";
-/** Actions that represent an actual change (excludes "unchanged"). */
 export type ActiveAction = Exclude<SettingsAction, "unchanged">;
-/** Type predicate that narrows entries with an active (non-"unchanged") action. */
 export declare function isActiveAction<T extends {
     action: SettingsAction;
 }>(entry: T): entry is T & {
@@ -49,14 +46,28 @@ export interface ChangeCounts {
     delete: number;
     unchanged: number;
 }
-/**
- * Count actions from a diff result array.
- * Works with any change type that has an `action` field.
- */
 export declare function countActions(changes: ReadonlyArray<{
     action: SettingsAction;
 }>): ChangeCounts;
 export declare function formatChangeSummary(counts: ChangeCounts): string;
+export interface PlanEntry {
+    property: string;
+    action: "create" | "update";
+    oldValue?: unknown;
+    newValue?: unknown;
+}
+export interface FormatChangeResult {
+    lines: string[];
+    entries: PlanEntry[];
+    creates: number;
+    updates: number;
+}
+export declare function formatChangeLines(changes: ReadonlyArray<{
+    property: string;
+    action: SettingsAction;
+    oldValue?: unknown;
+    newValue?: unknown;
+}>, formatValue: (val: unknown) => string): FormatChangeResult;
 /**
  * Build a standardized dry-run result for settings processors.
  * Returns an intersection of BaseProcessorResult with the extra fields,

package/dist/settings/base-processor.js

@@ -1,3 +1,4 @@
+import chalk from "chalk";
 import { isGitHubRepo, getRepoDisplayName } from "../repo/index.js";
 import { toErrorMessage } from "../shared/type-guards.js";
 /**
@@ -43,14 +44,9 @@ export async function withGitHubGuards(repoConfig, repoInfo, options, guards) {
         });
     }
 }
-/** Type predicate that narrows entries with an active (non-"unchanged") action. */
 export function isActiveAction(entry) {
     return entry.action !== "unchanged";
 }
-/**
- * Count actions from a diff result array.
- * Works with any change type that has an `action` field.
- */
 export function countActions(changes) {
     const counts = {
         create: 0,
@@ -75,6 +71,31 @@ export function formatChangeSummary(counts) {
         parts.push(`${counts.unchanged} unchanged`);
     return parts.length > 0 ? parts.join(", ") : "no changes";
 }
+export function formatChangeLines(changes, formatValue) {
+    const lines = [];
+    const entries = [];
+    const { create: creates, update: updates } = countActions(changes);
+    for (const change of changes) {
+        if (change.action === "create") {
+            lines.push(chalk.green(`    + ${change.property}: ${formatValue(change.newValue)}`));
+            entries.push({
+                property: change.property,
+                action: "create",
+                newValue: change.newValue,
+            });
+        }
+        else if (change.action === "update") {
+            lines.push(chalk.yellow(`    ~ ${change.property}: ${formatValue(change.oldValue)} → ${formatValue(change.newValue)}`));
+            entries.push({
+                property: change.property,
+                action: "update",
+                oldValue: change.oldValue,
+                newValue: change.newValue,
+            });
+        }
+    }
+    return { lines, entries, creates, updates };
+}
 /**
  * Build a standardized dry-run result for settings processors.
  * Returns an intersection of BaseProcessorResult with the extra fields,

package/dist/settings/code-scanning/diff.js

@@ -44,8 +44,8 @@ export function diffCodeScanning(current, desired) {
     }
     // languages: only diff if specified in desired (sorted comparison)
     if (desired.languages !== undefined) {
-        const currentLangs = [...(current.languages ?? [])].sort();
-        const desiredLangs = [...desired.languages].sort();
+        const currentLangs = [...(current.languages ?? [])].sort((a, b) => a.localeCompare(b));
+        const desiredLangs = [...desired.languages].sort((a, b) => a.localeCompare(b));
         const langsMatch = currentLangs.length === desiredLangs.length &&
             currentLangs.every((lang, i) => lang === desiredLangs[i]);
         if (!langsMatch) {

package/dist/settings/code-scanning/formatter.d.ts

@@ -1,10 +1,6 @@
 import type { CodeScanningChange } from "./diff.js";
-export interface CodeScanningPlanEntry {
-    property: string;
-    action: "create" | "update";
-    oldValue?: unknown;
-    newValue?: unknown;
-}
+import { type PlanEntry } from "../base-processor.js";
+export type CodeScanningPlanEntry = PlanEntry;
 export interface CodeScanningPlanResult {
     lines: string[];
     creates: number;

package/dist/settings/code-scanning/formatter.js

@@ -1,6 +1,5 @@
-import chalk from "chalk";
 import { formatScalarValue } from "../../shared/string-utils.js";
-import { countActions } from "../base-processor.js";
+import { formatChangeLines } from "../base-processor.js";
 function formatValue(val) {
     if (Array.isArray(val)) {
         return `[${val.join(", ")}]`;
@@ -11,27 +10,5 @@ function formatValue(val) {
  * Formats code scanning changes as Terraform-style plan output.
  */
 export function formatCodeScanningPlan(changes) {
-    const lines = [];
-    const entries = [];
-    const { create: creates, update: updates } = countActions(changes);
-    for (const change of changes) {
-        if (change.action === "create") {
-            lines.push(chalk.green(`    + ${change.property}: ${formatValue(change.newValue)}`));
-            entries.push({
-                property: change.property,
-                action: "create",
-                newValue: change.newValue,
-            });
-        }
-        else if (change.action === "update") {
-            lines.push(chalk.yellow(`    ~ ${change.property}: ${formatValue(change.oldValue)} → ${formatValue(change.newValue)}`));
-            entries.push({
-                property: change.property,
-                action: "update",
-                oldValue: change.oldValue,
-                newValue: change.newValue,
-            });
-        }
-    }
-    return { lines, creates, updates, entries };
+    return formatChangeLines(changes, formatValue);
 }

package/dist/settings/code-scanning/github-code-scanning-strategy.d.ts

@@ -1,7 +1,7 @@
 import type { ICommandExecutor } from "../../shared/command-executor.js";
 import { type RepoInfo } from "../../repo/index.js";
 import { type GhApiOptions } from "../../shared/gh-api-utils.js";
-import type { ICodeScanningStrategy, CurrentCodeScanningSettings } from "./types.js";
+import type { ICodeScanningStrategy, CurrentCodeScanningSettings, CodeScanningUpdateParams } from "./types.js";
 interface GitHubCodeScanningStrategyOptions {
     retries?: number;
     cwd: string;
@@ -9,11 +9,7 @@ interface GitHubCodeScanningStrategyOptions {
 export declare class GitHubCodeScanningStrategy implements ICodeScanningStrategy {
     private api;
     constructor(executor: ICommandExecutor, options: GitHubCodeScanningStrategyOptions);
-    getDefaultSetup(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentCodeScanningSettings>;
-    updateDefaultSetup(repoInfo: RepoInfo, settings: {
-        state: string;
-        query_suite?: string;
-        languages?: string[];
-    }, options?: GhApiOptions): Promise<void>;
+    get(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentCodeScanningSettings>;
+    update(repoInfo: RepoInfo, settings: CodeScanningUpdateParams, options?: GhApiOptions): Promise<void>;
 }
 export {};

package/dist/settings/code-scanning/github-code-scanning-strategy.js

@@ -6,13 +6,13 @@ export class GitHubCodeScanningStrategy {
     constructor(executor, options) {
         this.api = new GhApiClient(executor, options.retries ?? 3, options.cwd);
     }
-    async getDefaultSetup(repoInfo, options) {
+    async get(repoInfo, options) {
         assertGitHubRepo(repoInfo, "GitHub Code Scanning strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/code-scanning/default-setup`;
         const result = await this.api.call("GET", endpoint, { options });
         return parseApiJson(result, "code scanning default setup response");
     }
-    async updateDefaultSetup(repoInfo, settings, options) {
+    async update(repoInfo, settings, options) {
         assertGitHubRepo(repoInfo, "GitHub Code Scanning strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/code-scanning/default-setup`;
         await this.api.call("PATCH", endpoint, { payload: settings, options });

package/dist/settings/code-scanning/processor.js

@@ -20,8 +20,10 @@ export class CodeScanningProcessor {
     }
     async applySettings(githubRepo, repoConfig, options, effectiveToken, repoName) {
         const { dryRun } = options;
-        const desiredSettings = repoConfig.settings
-            .codeScanning;
+        const desiredSettings = repoConfig.settings?.codeScanning;
+        if (!desiredSettings || typeof desiredSettings !== "object") {
+            throw new Error("applySettings called without codeScanning settings");
+        }
         const strategyOptions = { token: effectiveToken, host: githubRepo.host };
         // Validate GHAS availability for private repos
         const metadata = await this.metadataProvider.getMetadata(githubRepo, strategyOptions);
@@ -34,7 +36,7 @@ export class CodeScanningProcessor {
             };
         }
         // Fetch current settings
-        const currentSettings = await this.strategy.getDefaultSetup(githubRepo, strategyOptions);
+        const currentSettings = await this.strategy.get(githubRepo, strategyOptions);
         // Compute diff
         const changes = diffCodeScanning(currentSettings, desiredSettings);
         const changeCounts = countActions(changes);
@@ -61,7 +63,7 @@ export class CodeScanningProcessor {
         if (desiredSettings.languages !== undefined) {
             payload.languages = desiredSettings.languages;
         }
-        await this.strategy.updateDefaultSetup(githubRepo, payload, strategyOptions);
+        await this.strategy.update(githubRepo, payload, strategyOptions);
         const appliedCount = changes.filter((c) => c.action !== "unchanged").length;
         return buildApplyResult(repoName, changeCounts, appliedCount, {
             planOutput,

package/dist/settings/code-scanning/types.d.ts

@@ -1,11 +1,17 @@
 import type { RepoInfo } from "../../repo/index.js";
 import type { GhApiOptions } from "../../shared/gh-api-utils.js";
+import type { CodeScanningState, CodeScanningQuerySuite } from "../../config/types.js";
 /**
  * Current code scanning default setup state from GitHub API.
  */
 export interface CurrentCodeScanningSettings {
-    state: "configured" | "not-configured";
-    query_suite?: "default" | "extended";
+    state: CodeScanningState;
+    query_suite?: CodeScanningQuerySuite;
+    languages?: string[];
+}
+export interface CodeScanningUpdateParams {
+    state: string;
+    query_suite?: string;
     languages?: string[];
 }
 /**
@@ -13,10 +19,6 @@ export interface CurrentCodeScanningSettings {
  * Abstracts the GitHub API calls for testability.
  */
 export interface ICodeScanningStrategy {
-    getDefaultSetup(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentCodeScanningSettings>;
-    updateDefaultSetup(repoInfo: RepoInfo, settings: {
-        state: string;
-        query_suite?: string;
-        languages?: string[];
-    }, options?: GhApiOptions): Promise<void>;
+    get(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentCodeScanningSettings>;
+    update(repoInfo: RepoInfo, settings: CodeScanningUpdateParams, options?: GhApiOptions): Promise<void>;
 }

package/dist/settings/labels/github-labels-strategy.d.ts

@@ -1,7 +1,7 @@
 import type { ICommandExecutor } from "../../shared/command-executor.js";
 import { type RepoInfo } from "../../repo/index.js";
 import { type GhApiOptions } from "../../shared/gh-api-utils.js";
-import type { ILabelsStrategy, GitHubLabel } from "./types.js";
+import type { ILabelsStrategy, GitHubLabel, LabelCreateParams, LabelUpdateParams } from "./types.js";
 interface GitHubLabelsStrategyOptions {
     retries?: number;
     cwd: string;
@@ -10,16 +10,8 @@ export declare class GitHubLabelsStrategy implements ILabelsStrategy {
     private api;
     constructor(executor: ICommandExecutor, options: GitHubLabelsStrategyOptions);
     list(repoInfo: RepoInfo, options?: GhApiOptions): Promise<GitHubLabel[]>;
-    create(repoInfo: RepoInfo, label: {
-        name: string;
-        color: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
-    update(repoInfo: RepoInfo, currentName: string, label: {
-        new_name?: string;
-        color?: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
+    create(repoInfo: RepoInfo, label: LabelCreateParams, options?: GhApiOptions): Promise<void>;
+    update(repoInfo: RepoInfo, currentName: string, label: LabelUpdateParams, options?: GhApiOptions): Promise<void>;
     delete(repoInfo: RepoInfo, name: string, options?: GhApiOptions): Promise<void>;
 }
 export {};

package/dist/settings/labels/types.d.ts

@@ -11,17 +11,19 @@ export interface GitHubLabel {
  * Strategy interface for label operations.
  * Abstracts platform-specific API calls.
  */
+export interface LabelCreateParams {
+    name: string;
+    color: string;
+    description?: string;
+}
+export interface LabelUpdateParams {
+    new_name?: string;
+    color?: string;
+    description?: string;
+}
 export interface ILabelsStrategy {
     list(repoInfo: RepoInfo, options?: GhApiOptions): Promise<GitHubLabel[]>;
-    create(repoInfo: RepoInfo, label: {
-        name: string;
-        color: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
-    update(repoInfo: RepoInfo, currentName: string, label: {
-        new_name?: string;
-        color?: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
+    create(repoInfo: RepoInfo, label: LabelCreateParams, options?: GhApiOptions): Promise<void>;
+    update(repoInfo: RepoInfo, currentName: string, label: LabelUpdateParams, options?: GhApiOptions): Promise<void>;
     delete(repoInfo: RepoInfo, name: string, options?: GhApiOptions): Promise<void>;
 }

package/dist/settings/repo-settings/diff.d.ts

@@ -1,7 +1,7 @@
 import type { GitHubRepoSettings } from "../../config/index.js";
 import type { SettingsAction } from "../base-processor.js";
 import type { CurrentRepoSettings } from "./types.js";
-export type RepoSettingsAction = Exclude<SettingsAction, "delete">;
+export type RepoSettingsAction = Exclude<SettingsAction, "delete" | "unchanged">;
 export interface RepoSettingsChange {
     property: keyof GitHubRepoSettings;
     action: RepoSettingsAction;

package/dist/settings/repo-settings/diff.js

@@ -83,5 +83,5 @@ export function diffRepoSettings(current, desired) {
  * Checks if there are any changes to apply.
  */
 export function hasRepoSettingsChanges(changes) {
-    return changes.some((c) => c.action !== "unchanged");
+    return changes.length > 0;
 }

package/dist/settings/repo-settings/formatter.d.ts

@@ -1,10 +1,6 @@
+import { type PlanEntry } from "../base-processor.js";
 import type { RepoSettingsChange } from "./diff.js";
-export interface RepoSettingsPlanEntry {
-    property: string;
-    action: "create" | "update";
-    oldValue?: unknown;
-    newValue?: unknown;
-}
+export type RepoSettingsPlanEntry = PlanEntry;
 export interface RepoSettingsPlanResult {
     lines: string[];
     creates: number;

package/dist/settings/repo-settings/formatter.js

@@ -1,6 +1,6 @@
 import chalk from "chalk";
 import { formatScalarValue } from "../../shared/string-utils.js";
-import { countActions } from "../base-processor.js";
+import { formatChangeLines } from "../base-processor.js";
 /**
  * Format a value for display.
  */
@@ -32,37 +32,18 @@ function getWarning(change) {
  * Formats repo settings changes as Terraform-style plan output.
  */
 export function formatRepoSettingsPlan(changes) {
-    const lines = [];
     const warnings = [];
-    const { create: creates, update: updates } = countActions(changes);
-    const entries = [];
     if (changes.length === 0) {
-        return { lines, creates, updates, warnings, entries };
+        return { lines: [], creates: 0, updates: 0, warnings, entries: [] };
     }
     for (const change of changes) {
         const warning = getWarning(change);
         if (warning) {
             warnings.push(warning);
         }
-        if (change.action === "create") {
-            lines.push(chalk.green(`    + ${change.property}: ${formatValue(change.newValue)}`));
-            entries.push({
-                property: change.property,
-                action: "create",
-                newValue: change.newValue,
-            });
-        }
-        else if (change.action === "update") {
-            lines.push(chalk.yellow(`    ~ ${change.property}: ${formatValue(change.oldValue)} → ${formatValue(change.newValue)}`));
-            entries.push({
-                property: change.property,
-                action: "update",
-                oldValue: change.oldValue,
-                newValue: change.newValue,
-            });
-        }
     }
-    return { lines, creates, updates, warnings, entries };
+    const result = formatChangeLines(changes, formatValue);
+    return { ...result, warnings };
 }
 /**
  * Formats warnings for display.

package/dist/settings/repo-settings/github-repo-settings-strategy.d.ts

@@ -13,8 +13,8 @@ export declare class GitHubRepoSettingsStrategy implements IRepoSettingsStrategy
     get(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentRepoSettings>;
     update(repoInfo: RepoInfo, settings: GitHubRepoSettings, options?: GhApiOptions): Promise<void>;
     updateVulnerabilityAlerts(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
-    setAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
-    setPrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updateAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updatePrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
     branchExists(repoInfo: RepoInfo, branch: string, options?: GhApiOptions): Promise<boolean>;
     private getVulnerabilityAlerts;
     private getAutomatedSecurityFixes;

package/dist/settings/repo-settings/github-repo-settings-strategy.js

@@ -1,5 +1,6 @@
 import { assertGitHubRepo, } from "../../repo/index.js";
-import { GhApiClient, isHttp404Error, } from "../../shared/gh-api-utils.js";
+import { GhApiClient } from "../../shared/gh-api-utils.js";
+import { isHttp404Error } from "../../shared/gh-token-utils.js";
 import { parseApiJson } from "../../shared/json-utils.js";
 import { camelToSnake } from "../../shared/string-utils.js";
 /**
@@ -71,7 +72,7 @@ export class GitHubRepoSettingsStrategy {
         settings.owner_type = parsed.owner?.type;
         settings.vulnerability_alerts = await this.getVulnerabilityAlerts(repoInfo, options);
         // Pass vulnerability_alerts state - automated security fixes requires it enabled
-        settings.automated_security_fixes = await this.getAutomatedSecurityFixes(repoInfo, options, settings.vulnerability_alerts);
+        settings.automated_security_fixes = await this.getAutomatedSecurityFixes(repoInfo, options);
         settings.private_vulnerability_reporting =
             await this.getPrivateVulnerabilityReporting(repoInfo, options);
         return settings;
@@ -92,13 +93,13 @@ export class GitHubRepoSettingsStrategy {
         const method = enable ? "PUT" : "DELETE";
         await this.api.call(method, endpoint, { options });
     }
-    async setAutomatedSecurityFixes(repoInfo, enable, options) {
+    async updateAutomatedSecurityFixes(repoInfo, enable, options) {
         assertGitHubRepo(repoInfo, "GitHub Repo Settings strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/automated-security-fixes`;
         const method = enable ? "PUT" : "DELETE";
         await this.api.call(method, endpoint, { options });
     }
-    async setPrivateVulnerabilityReporting(repoInfo, enable, options) {
+    async updatePrivateVulnerabilityReporting(repoInfo, enable, options) {
         assertGitHubRepo(repoInfo, "GitHub Repo Settings strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/private-vulnerability-reporting`;
         const method = enable ? "PUT" : "DELETE";
@@ -128,10 +129,10 @@ export class GitHubRepoSettingsStrategy {
             if (isHttp404Error(error)) {
                 return false; // 404 = disabled
             }
-            throw error; // Re-throw other errors
+            throw error;
         }
     }
-    async getAutomatedSecurityFixes(github, options, _vulnerabilityAlertsEnabled) {
+    async getAutomatedSecurityFixes(github, options) {
         // Note: GitHub returns JSON with {enabled: boolean} for this endpoint
         const endpoint = `/repos/${github.owner}/${github.repo}/automated-security-fixes`;
         try {
@@ -162,7 +163,7 @@ export class GitHubRepoSettingsStrategy {
             if (isHttp404Error(error)) {
                 return false; // 404 = not available (e.g. private repos)
             }
-            throw error; // Re-throw other errors
+            throw error;
         }
     }
 }

package/dist/settings/repo-settings/processor.js

@@ -20,7 +20,10 @@ export class RepoSettingsProcessor {
     }
     async applySettings(githubRepo, repoConfig, options, effectiveToken, repoName) {
         const { dryRun } = options;
-        const desiredSettings = repoConfig.settings.repo;
+        const desiredSettings = repoConfig.settings?.repo;
+        if (!desiredSettings || typeof desiredSettings !== "object") {
+            throw new Error("applySettings called without repo settings");
+        }
         const strategyOptions = { token: effectiveToken, host: githubRepo.host };
         // Fetch current settings and metadata in parallel
         const [currentSettings, metadata] = await Promise.all([
@@ -39,16 +42,15 @@ export class RepoSettingsProcessor {
         // Compute diff
         const changes = diffRepoSettings(currentSettings, desiredSettings);
         if (!hasRepoSettingsChanges(changes)) {
-            const unchangedCount = changes.filter((c) => c.action === "unchanged").length;
             return {
                 success: true,
                 repoName,
                 message: "No changes needed",
-                changes: { create: 0, update: 0, delete: 0, unchanged: unchangedCount },
+                changes: { create: 0, update: 0, delete: 0, unchanged: 0 },
             };
         }
         // Validate defaultBranch target exists before attempting to apply
-        const defaultBranchChange = changes.find((c) => c.property === "defaultBranch" && c.action !== "unchanged");
+        const defaultBranchChange = changes.find((c) => c.property === "defaultBranch");
         if (defaultBranchChange) {
             const targetBranch = String(defaultBranchChange.newValue);
             const exists = await this.strategy.branchExists(githubRepo, targetBranch, strategyOptions);
@@ -69,7 +71,7 @@ export class RepoSettingsProcessor {
             create: planOutput.creates,
             update: planOutput.updates,
             delete: 0,
-            unchanged: changes.filter((c) => c.action === "unchanged").length,
+            unchanged: 0,
         };
         if (dryRun) {
             return buildDryRunResult(repoName, changeCounts, {
@@ -80,10 +82,8 @@ export class RepoSettingsProcessor {
         // Apply changes - only send settings that actually changed
         const changedSettings = {};
         for (const change of changes) {
-            if (change.action !== "unchanged") {
-                changedSettings[change.property] =
-                    change.newValue;
-            }
+            changedSettings[change.property] =
+                change.newValue;
         }
         await this.applyChanges(githubRepo, changedSettings, strategyOptions);
         const appliedCount = Object.keys(changedSettings).length;
@@ -106,12 +106,12 @@ export class RepoSettingsProcessor {
         }
         // Handle private vulnerability reporting (separate endpoint)
         if (privateVulnerabilityReporting !== undefined) {
-            await this.strategy.setPrivateVulnerabilityReporting(repoInfo, privateVulnerabilityReporting, options);
+            await this.strategy.updatePrivateVulnerabilityReporting(repoInfo, privateVulnerabilityReporting, options);
         }
         // Handle automated security fixes (separate endpoint)
         // Done last to ensure vulnerability alerts have been fully processed
         if (automatedSecurityFixes !== undefined) {
-            await this.strategy.setAutomatedSecurityFixes(repoInfo, automatedSecurityFixes, options);
+            await this.strategy.updateAutomatedSecurityFixes(repoInfo, automatedSecurityFixes, options);
         }
     }
     validateSecuritySettings(desiredSettings, metadata) {

package/dist/settings/repo-settings/types.d.ts

@@ -58,11 +58,11 @@ export interface IRepoSettingsStrategy {
     /**
      * Enables or disables automated security fixes.
      */
-    setAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updateAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
     /**
      * Enables or disables private vulnerability reporting.
      */
-    setPrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updatePrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
     /**
      * Checks whether a branch exists in the repository.
      */