@aspruyt/xfg 6.1.0 → 6.3.0

package/dist/settings/code-scanning/processor.js

@@ -20,8 +20,10 @@ export class CodeScanningProcessor {
     }
     async applySettings(githubRepo, repoConfig, options, effectiveToken, repoName) {
         const { dryRun } = options;
-        const desiredSettings = repoConfig.settings
-            .codeScanning;
+        const desiredSettings = repoConfig.settings?.codeScanning;
+        if (!desiredSettings || typeof desiredSettings !== "object") {
+            throw new Error("applySettings called without codeScanning settings");
+        }
         const strategyOptions = { token: effectiveToken, host: githubRepo.host };
         // Validate GHAS availability for private repos
         const metadata = await this.metadataProvider.getMetadata(githubRepo, strategyOptions);
@@ -34,7 +36,7 @@ export class CodeScanningProcessor {
             };
         }
         // Fetch current settings
-        const currentSettings = await this.strategy.getDefaultSetup(githubRepo, strategyOptions);
+        const currentSettings = await this.strategy.get(githubRepo, strategyOptions);
         // Compute diff
         const changes = diffCodeScanning(currentSettings, desiredSettings);
         const changeCounts = countActions(changes);
@@ -61,7 +63,7 @@ export class CodeScanningProcessor {
         if (desiredSettings.languages !== undefined) {
             payload.languages = desiredSettings.languages;
         }
-        await this.strategy.updateDefaultSetup(githubRepo, payload, strategyOptions);
+        await this.strategy.update(githubRepo, payload, strategyOptions);
         const appliedCount = changes.filter((c) => c.action !== "unchanged").length;
         return buildApplyResult(repoName, changeCounts, appliedCount, {
             planOutput,

package/dist/settings/code-scanning/types.d.ts

@@ -1,11 +1,17 @@
 import type { RepoInfo } from "../../repo/index.js";
 import type { GhApiOptions } from "../../shared/gh-api-utils.js";
+import type { CodeScanningState, CodeScanningQuerySuite } from "../../config/types.js";
 /**
  * Current code scanning default setup state from GitHub API.
  */
 export interface CurrentCodeScanningSettings {
-    state: "configured" | "not-configured";
-    query_suite?: "default" | "extended";
+    state: CodeScanningState;
+    query_suite?: CodeScanningQuerySuite;
+    languages?: string[];
+}
+export interface CodeScanningUpdateParams {
+    state: string;
+    query_suite?: string;
     languages?: string[];
 }
 /**
@@ -13,10 +19,6 @@ export interface CurrentCodeScanningSettings {
  * Abstracts the GitHub API calls for testability.
  */
 export interface ICodeScanningStrategy {
-    getDefaultSetup(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentCodeScanningSettings>;
-    updateDefaultSetup(repoInfo: RepoInfo, settings: {
-        state: string;
-        query_suite?: string;
-        languages?: string[];
-    }, options?: GhApiOptions): Promise<void>;
+    get(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentCodeScanningSettings>;
+    update(repoInfo: RepoInfo, settings: CodeScanningUpdateParams, options?: GhApiOptions): Promise<void>;
 }

package/dist/settings/index.d.ts

@@ -3,3 +3,4 @@ export { type PropertyDiff, type RulesetPlanEntry, RulesetProcessor, type IRules
 export { RepoSettingsProcessor, type IRepoSettingsProcessor, type RepoSettingsPlanEntry, GitHubRepoSettingsStrategy, } from "./repo-settings/index.js";
 export { type LabelsPlanEntry, LabelsProcessor, type ILabelsProcessor, GitHubLabelsStrategy, } from "./labels/index.js";
 export { type CodeScanningPlanEntry, CodeScanningProcessor, type ICodeScanningProcessor, GitHubCodeScanningStrategy, } from "./code-scanning/index.js";
+export { type VariablesPlanEntry, VariablesProcessor, type IVariablesProcessor, GitHubVariablesStrategy, } from "./variables/index.js";

package/dist/settings/index.js

@@ -8,3 +8,5 @@ export { RepoSettingsProcessor, GitHubRepoSettingsStrategy, } from "./repo-setti
 export { LabelsProcessor, GitHubLabelsStrategy, } from "./labels/index.js";
 // Code scanning
 export { CodeScanningProcessor, GitHubCodeScanningStrategy, } from "./code-scanning/index.js";
+// Variables
+export { VariablesProcessor, GitHubVariablesStrategy, } from "./variables/index.js";

package/dist/settings/labels/github-labels-strategy.d.ts

@@ -1,7 +1,7 @@
 import type { ICommandExecutor } from "../../shared/command-executor.js";
 import { type RepoInfo } from "../../repo/index.js";
 import { type GhApiOptions } from "../../shared/gh-api-utils.js";
-import type { ILabelsStrategy, GitHubLabel } from "./types.js";
+import type { ILabelsStrategy, GitHubLabel, LabelCreateParams, LabelUpdateParams } from "./types.js";
 interface GitHubLabelsStrategyOptions {
     retries?: number;
     cwd: string;
@@ -10,16 +10,8 @@ export declare class GitHubLabelsStrategy implements ILabelsStrategy {
     private api;
     constructor(executor: ICommandExecutor, options: GitHubLabelsStrategyOptions);
     list(repoInfo: RepoInfo, options?: GhApiOptions): Promise<GitHubLabel[]>;
-    create(repoInfo: RepoInfo, label: {
-        name: string;
-        color: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
-    update(repoInfo: RepoInfo, currentName: string, label: {
-        new_name?: string;
-        color?: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
+    create(repoInfo: RepoInfo, label: LabelCreateParams, options?: GhApiOptions): Promise<void>;
+    update(repoInfo: RepoInfo, currentName: string, label: LabelUpdateParams, options?: GhApiOptions): Promise<void>;
     delete(repoInfo: RepoInfo, name: string, options?: GhApiOptions): Promise<void>;
 }
 export {};

package/dist/settings/labels/types.d.ts

@@ -11,17 +11,19 @@ export interface GitHubLabel {
  * Strategy interface for label operations.
  * Abstracts platform-specific API calls.
  */
+export interface LabelCreateParams {
+    name: string;
+    color: string;
+    description?: string;
+}
+export interface LabelUpdateParams {
+    new_name?: string;
+    color?: string;
+    description?: string;
+}
 export interface ILabelsStrategy {
     list(repoInfo: RepoInfo, options?: GhApiOptions): Promise<GitHubLabel[]>;
-    create(repoInfo: RepoInfo, label: {
-        name: string;
-        color: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
-    update(repoInfo: RepoInfo, currentName: string, label: {
-        new_name?: string;
-        color?: string;
-        description?: string;
-    }, options?: GhApiOptions): Promise<void>;
+    create(repoInfo: RepoInfo, label: LabelCreateParams, options?: GhApiOptions): Promise<void>;
+    update(repoInfo: RepoInfo, currentName: string, label: LabelUpdateParams, options?: GhApiOptions): Promise<void>;
     delete(repoInfo: RepoInfo, name: string, options?: GhApiOptions): Promise<void>;
 }

package/dist/settings/repo-settings/diff.d.ts

@@ -1,7 +1,7 @@
 import type { GitHubRepoSettings } from "../../config/index.js";
 import type { SettingsAction } from "../base-processor.js";
 import type { CurrentRepoSettings } from "./types.js";
-export type RepoSettingsAction = Exclude<SettingsAction, "delete">;
+export type RepoSettingsAction = Exclude<SettingsAction, "delete" | "unchanged">;
 export interface RepoSettingsChange {
     property: keyof GitHubRepoSettings;
     action: RepoSettingsAction;

package/dist/settings/repo-settings/diff.js

@@ -83,5 +83,5 @@ export function diffRepoSettings(current, desired) {
  * Checks if there are any changes to apply.
  */
 export function hasRepoSettingsChanges(changes) {
-    return changes.some((c) => c.action !== "unchanged");
+    return changes.length > 0;
 }

package/dist/settings/repo-settings/formatter.d.ts

@@ -1,10 +1,6 @@
+import { type PlanEntry } from "../base-processor.js";
 import type { RepoSettingsChange } from "./diff.js";
-export interface RepoSettingsPlanEntry {
-    property: string;
-    action: "create" | "update";
-    oldValue?: unknown;
-    newValue?: unknown;
-}
+export type RepoSettingsPlanEntry = PlanEntry;
 export interface RepoSettingsPlanResult {
     lines: string[];
     creates: number;

package/dist/settings/repo-settings/formatter.js

@@ -1,6 +1,6 @@
 import chalk from "chalk";
 import { formatScalarValue } from "../../shared/string-utils.js";
-import { countActions } from "../base-processor.js";
+import { formatChangeLines } from "../base-processor.js";
 /**
  * Format a value for display.
  */
@@ -32,37 +32,18 @@ function getWarning(change) {
  * Formats repo settings changes as Terraform-style plan output.
  */
 export function formatRepoSettingsPlan(changes) {
-    const lines = [];
     const warnings = [];
-    const { create: creates, update: updates } = countActions(changes);
-    const entries = [];
     if (changes.length === 0) {
-        return { lines, creates, updates, warnings, entries };
+        return { lines: [], creates: 0, updates: 0, warnings, entries: [] };
     }
     for (const change of changes) {
         const warning = getWarning(change);
         if (warning) {
             warnings.push(warning);
         }
-        if (change.action === "create") {
-            lines.push(chalk.green(`    + ${change.property}: ${formatValue(change.newValue)}`));
-            entries.push({
-                property: change.property,
-                action: "create",
-                newValue: change.newValue,
-            });
-        }
-        else if (change.action === "update") {
-            lines.push(chalk.yellow(`    ~ ${change.property}: ${formatValue(change.oldValue)} → ${formatValue(change.newValue)}`));
-            entries.push({
-                property: change.property,
-                action: "update",
-                oldValue: change.oldValue,
-                newValue: change.newValue,
-            });
-        }
     }
-    return { lines, creates, updates, warnings, entries };
+    const result = formatChangeLines(changes, formatValue);
+    return { ...result, warnings };
 }
 /**
  * Formats warnings for display.

package/dist/settings/repo-settings/github-repo-settings-strategy.d.ts

@@ -13,8 +13,8 @@ export declare class GitHubRepoSettingsStrategy implements IRepoSettingsStrategy
     get(repoInfo: RepoInfo, options?: GhApiOptions): Promise<CurrentRepoSettings>;
     update(repoInfo: RepoInfo, settings: GitHubRepoSettings, options?: GhApiOptions): Promise<void>;
     updateVulnerabilityAlerts(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
-    setAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
-    setPrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updateAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updatePrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
     branchExists(repoInfo: RepoInfo, branch: string, options?: GhApiOptions): Promise<boolean>;
     private getVulnerabilityAlerts;
     private getAutomatedSecurityFixes;

package/dist/settings/repo-settings/github-repo-settings-strategy.js

@@ -1,5 +1,6 @@
 import { assertGitHubRepo, } from "../../repo/index.js";
-import { GhApiClient, isHttp404Error, } from "../../shared/gh-api-utils.js";
+import { GhApiClient } from "../../shared/gh-api-utils.js";
+import { isHttp404Error } from "../../shared/gh-token-utils.js";
 import { parseApiJson } from "../../shared/json-utils.js";
 import { camelToSnake } from "../../shared/string-utils.js";
 /**
@@ -71,7 +72,7 @@ export class GitHubRepoSettingsStrategy {
         settings.owner_type = parsed.owner?.type;
         settings.vulnerability_alerts = await this.getVulnerabilityAlerts(repoInfo, options);
         // Pass vulnerability_alerts state - automated security fixes requires it enabled
-        settings.automated_security_fixes = await this.getAutomatedSecurityFixes(repoInfo, options, settings.vulnerability_alerts);
+        settings.automated_security_fixes = await this.getAutomatedSecurityFixes(repoInfo, options);
         settings.private_vulnerability_reporting =
             await this.getPrivateVulnerabilityReporting(repoInfo, options);
         return settings;
@@ -92,13 +93,13 @@ export class GitHubRepoSettingsStrategy {
         const method = enable ? "PUT" : "DELETE";
         await this.api.call(method, endpoint, { options });
     }
-    async setAutomatedSecurityFixes(repoInfo, enable, options) {
+    async updateAutomatedSecurityFixes(repoInfo, enable, options) {
         assertGitHubRepo(repoInfo, "GitHub Repo Settings strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/automated-security-fixes`;
         const method = enable ? "PUT" : "DELETE";
         await this.api.call(method, endpoint, { options });
     }
-    async setPrivateVulnerabilityReporting(repoInfo, enable, options) {
+    async updatePrivateVulnerabilityReporting(repoInfo, enable, options) {
         assertGitHubRepo(repoInfo, "GitHub Repo Settings strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/private-vulnerability-reporting`;
         const method = enable ? "PUT" : "DELETE";
@@ -128,10 +129,10 @@ export class GitHubRepoSettingsStrategy {
             if (isHttp404Error(error)) {
                 return false; // 404 = disabled
             }
-            throw error; // Re-throw other errors
+            throw error;
         }
     }
-    async getAutomatedSecurityFixes(github, options, _vulnerabilityAlertsEnabled) {
+    async getAutomatedSecurityFixes(github, options) {
         // Note: GitHub returns JSON with {enabled: boolean} for this endpoint
         const endpoint = `/repos/${github.owner}/${github.repo}/automated-security-fixes`;
         try {
@@ -162,7 +163,7 @@ export class GitHubRepoSettingsStrategy {
             if (isHttp404Error(error)) {
                 return false; // 404 = not available (e.g. private repos)
             }
-            throw error; // Re-throw other errors
+            throw error;
         }
     }
 }

package/dist/settings/repo-settings/processor.js

@@ -20,7 +20,10 @@ export class RepoSettingsProcessor {
     }
     async applySettings(githubRepo, repoConfig, options, effectiveToken, repoName) {
         const { dryRun } = options;
-        const desiredSettings = repoConfig.settings.repo;
+        const desiredSettings = repoConfig.settings?.repo;
+        if (!desiredSettings || typeof desiredSettings !== "object") {
+            throw new Error("applySettings called without repo settings");
+        }
         const strategyOptions = { token: effectiveToken, host: githubRepo.host };
         // Fetch current settings and metadata in parallel
         const [currentSettings, metadata] = await Promise.all([
@@ -39,16 +42,15 @@ export class RepoSettingsProcessor {
         // Compute diff
         const changes = diffRepoSettings(currentSettings, desiredSettings);
         if (!hasRepoSettingsChanges(changes)) {
-            const unchangedCount = changes.filter((c) => c.action === "unchanged").length;
             return {
                 success: true,
                 repoName,
                 message: "No changes needed",
-                changes: { create: 0, update: 0, delete: 0, unchanged: unchangedCount },
+                changes: { create: 0, update: 0, delete: 0, unchanged: 0 },
             };
         }
         // Validate defaultBranch target exists before attempting to apply
-        const defaultBranchChange = changes.find((c) => c.property === "defaultBranch" && c.action !== "unchanged");
+        const defaultBranchChange = changes.find((c) => c.property === "defaultBranch");
         if (defaultBranchChange) {
             const targetBranch = String(defaultBranchChange.newValue);
             const exists = await this.strategy.branchExists(githubRepo, targetBranch, strategyOptions);
@@ -69,7 +71,7 @@ export class RepoSettingsProcessor {
             create: planOutput.creates,
             update: planOutput.updates,
             delete: 0,
-            unchanged: changes.filter((c) => c.action === "unchanged").length,
+            unchanged: 0,
         };
         if (dryRun) {
             return buildDryRunResult(repoName, changeCounts, {
@@ -80,10 +82,8 @@ export class RepoSettingsProcessor {
         // Apply changes - only send settings that actually changed
         const changedSettings = {};
         for (const change of changes) {
-            if (change.action !== "unchanged") {
-                changedSettings[change.property] =
-                    change.newValue;
-            }
+            changedSettings[change.property] =
+                change.newValue;
         }
         await this.applyChanges(githubRepo, changedSettings, strategyOptions);
         const appliedCount = Object.keys(changedSettings).length;
@@ -106,12 +106,12 @@ export class RepoSettingsProcessor {
         }
         // Handle private vulnerability reporting (separate endpoint)
         if (privateVulnerabilityReporting !== undefined) {
-            await this.strategy.setPrivateVulnerabilityReporting(repoInfo, privateVulnerabilityReporting, options);
+            await this.strategy.updatePrivateVulnerabilityReporting(repoInfo, privateVulnerabilityReporting, options);
         }
         // Handle automated security fixes (separate endpoint)
         // Done last to ensure vulnerability alerts have been fully processed
         if (automatedSecurityFixes !== undefined) {
-            await this.strategy.setAutomatedSecurityFixes(repoInfo, automatedSecurityFixes, options);
+            await this.strategy.updateAutomatedSecurityFixes(repoInfo, automatedSecurityFixes, options);
         }
     }
     validateSecuritySettings(desiredSettings, metadata) {

package/dist/settings/repo-settings/types.d.ts

@@ -58,11 +58,11 @@ export interface IRepoSettingsStrategy {
     /**
      * Enables or disables automated security fixes.
      */
-    setAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updateAutomatedSecurityFixes(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
     /**
      * Enables or disables private vulnerability reporting.
      */
-    setPrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
+    updatePrivateVulnerabilityReporting(repoInfo: RepoInfo, enable: boolean, options?: GhApiOptions): Promise<void>;
     /**
      * Checks whether a branch exists in the repository.
      */

package/dist/settings/rulesets/diff-algorithm.js

@@ -78,14 +78,16 @@ function diffObjectArrays(currentArr, desiredArr, parentPath) {
         const currentByType = new Map();
         for (let i = 0; i < currentArr.length; i++) {
             const item = currentArr[i];
-            const type = item.type;
+            const type = typeof item.type === "string" ? item.type : String(item.type ?? "");
             if (type)
                 currentByType.set(type, { item, index: i });
         }
         const matchedTypes = new Set();
         for (let i = 0; i < desiredArr.length; i++) {
             const desiredItem = desiredArr[i];
-            const type = desiredItem.type;
+            const type = typeof desiredItem.type === "string"
+                ? desiredItem.type
+                : String(desiredItem.type ?? "");
             const label = `[${i}] (${type})`;
             const currentEntry = currentByType.get(type);
             if (currentEntry) {

package/dist/settings/rulesets/diff.js

@@ -1,7 +1,9 @@
 import { RULESET_COMPARABLE_FIELDS } from "../../config/index.js";
+import { findMatchKey } from "../../config/merge.js";
 import { isPlainObject } from "../../shared/type-guards.js";
 import { camelToSnake } from "../../shared/string-utils.js";
 import { countActions } from "../base-processor.js";
+import { deepEqual } from "./diff-algorithm.js";
 /**
  * Normalizes a value recursively, converting keys to a consistent format (snake_case).
  * This allows comparing GitHub API responses (snake_case) with config (camelCase).
@@ -54,37 +56,6 @@ function normalizeConfigRuleset(ruleset) {
     };
     return normalizeRuleset(withDefaults);
 }
-/**
- * Performs deep equality comparison of two normalized values.
- */
-function deepEqual(a, b) {
-    if (a === b) {
-        return true;
-    }
-    if (a === null || b === null || a === undefined || b === undefined) {
-        return a === b;
-    }
-    if (typeof a !== typeof b) {
-        return false;
-    }
-    if (Array.isArray(a) && Array.isArray(b)) {
-        if (a.length !== b.length) {
-            return false;
-        }
-        return a.every((val, i) => deepEqual(val, b[i]));
-    }
-    if (typeof a === "object" && typeof b === "object") {
-        const objA = a;
-        const objB = b;
-        const keysA = Object.keys(objA);
-        const keysB = Object.keys(objB);
-        if (keysA.length !== keysB.length) {
-            return false;
-        }
-        return keysA.every((key) => deepEqual(objA[key], objB[key]));
-    }
-    return false;
-}
 /**
  * Projects `current` onto the shape of `desired`.
  * Only keeps keys/structure present in `desired`, filtering out API noise.
@@ -129,26 +100,6 @@ function projectObjects(current, desired) {
     }
     return result;
 }
-/**
- * Candidate keys for matching array items by identity rather than index.
- * Order matters — first key found across all items wins.
- */
-const MATCH_KEY_CANDIDATES = ["type", "actor_id"];
-/**
- * Finds a key that uniquely identifies items in both arrays.
- * Returns the first candidate key present in every item of both arrays, or undefined.
- */
-function findMatchKey(current, desired) {
-    const allItems = [...current, ...desired];
-    if (allItems.length === 0)
-        return undefined;
-    for (const candidate of MATCH_KEY_CANDIDATES) {
-        const everyItemHasKey = allItems.every((item) => isPlainObject(item) && candidate in item);
-        if (everyItemHasKey)
-            return candidate;
-    }
-    return undefined;
-}
 function projectArrays(current, desired) {
     // Primitive arrays — return current as-is
     if (desired.length === 0 || !isPlainObject(desired[0])) {

package/dist/settings/rulesets/formatter.js

@@ -114,6 +114,10 @@ function getActionStyle(action) {
             return { symbol: "-", color: chalk.red };
         case "change":
             return { symbol: "~", color: chalk.yellow };
+        default: {
+            const _ = action;
+            throw new Error(`Unknown DiffAction: ${String(_)}`);
+        }
     }
 }
 function hasComplexValue(value) {

package/dist/settings/rulesets/github-ruleset-strategy.d.ts

@@ -2,7 +2,7 @@ import type { ICommandExecutor } from "../../shared/command-executor.js";
 import { type RepoInfo } from "../../repo/index.js";
 import { type GhApiOptions } from "../../shared/gh-api-utils.js";
 import type { Ruleset } from "../../config/index.js";
-import type { IRulesetStrategy, GitHubRuleset, GitHubBypassActor, GitHubRulesetConditions, GitHubRule, RulesetUpdateParams } from "./types.js";
+import type { IRulesetStrategy, GitHubRuleset, GitHubBypassActor, GitHubRulesetConditions, GitHubRule, RulesetCreateParams, RulesetUpdateParams } from "./types.js";
 /**
  * Converts camelCase config ruleset to snake_case GitHub API format.
  */
@@ -24,8 +24,8 @@ export declare class GitHubRulesetStrategy implements IRulesetStrategy {
     constructor(executor: ICommandExecutor, options: GitHubRulesetStrategyOptions);
     list(repoInfo: RepoInfo, options?: GhApiOptions): Promise<GitHubRuleset[]>;
     get(repoInfo: RepoInfo, rulesetId: number, options?: GhApiOptions): Promise<GitHubRuleset>;
-    create(repoInfo: RepoInfo, name: string, ruleset: Ruleset, options?: GhApiOptions): Promise<GitHubRuleset>;
-    update(repoInfo: RepoInfo, params: RulesetUpdateParams, options?: GhApiOptions): Promise<GitHubRuleset>;
+    create(repoInfo: RepoInfo, params: RulesetCreateParams, options?: GhApiOptions): Promise<void>;
+    update(repoInfo: RepoInfo, params: RulesetUpdateParams, options?: GhApiOptions): Promise<void>;
     delete(repoInfo: RepoInfo, rulesetId: number, options?: GhApiOptions): Promise<void>;
 }
 export {};

package/dist/settings/rulesets/github-ruleset-strategy.js

@@ -111,22 +111,20 @@ export class GitHubRulesetStrategy {
         const result = await this.api.call("GET", endpoint, { options });
         return parseApiJson(result, "ruleset response");
     }
-    async create(repoInfo, name, ruleset, options) {
+    async create(repoInfo, params, options) {
         assertGitHubRepo(repoInfo, "GitHub Ruleset strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`;
-        const payload = configToGitHub(name, ruleset);
-        const result = await this.api.call("POST", endpoint, { payload, options });
-        return parseApiJson(result, "ruleset response");
+        const payload = configToGitHub(params.name, params.ruleset);
+        await this.api.call("POST", endpoint, { payload, options });
     }
     async update(repoInfo, params, options) {
         assertGitHubRepo(repoInfo, "GitHub Ruleset strategy");
         const endpoint = `/repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${params.rulesetId}`;
         const payload = configToGitHub(params.name, params.ruleset);
-        const result = await this.api.call("PUT", endpoint, {
+        await this.api.call("PUT", endpoint, {
             payload,
             options,
         });
-        return parseApiJson(result, "ruleset response");
     }
     async delete(repoInfo, rulesetId, options) {
         assertGitHubRepo(repoInfo, "GitHub Ruleset strategy");

package/dist/settings/rulesets/index.d.ts

@@ -1,4 +1,4 @@
-export { computePropertyDiffs, deepEqual, isArrayOfObjects, type PropertyDiff, } from "./diff-algorithm.js";
+export { type PropertyDiff } from "./diff-algorithm.js";
 export { type RulesetPlanEntry } from "./formatter.js";
 export { RulesetProcessor, type IRulesetProcessor } from "./processor.js";
 export { GitHubRulesetStrategy } from "./github-ruleset-strategy.js";

package/dist/settings/rulesets/index.js

@@ -1,5 +1,3 @@
-// Diff algorithm - property-level diffing for ruleset comparisons
-export { computePropertyDiffs, deepEqual, isArrayOfObjects, } from "./diff-algorithm.js";
 // Processor
 export { RulesetProcessor } from "./processor.js";
 // Strategy

package/dist/settings/rulesets/processor.js

@@ -50,7 +50,7 @@ export class RulesetProcessor {
             switch (change.action) {
                 case "create":
                     if (change.desired) {
-                        await this.strategy.create(githubRepo, change.name, change.desired, strategyOptions);
+                        await this.strategy.create(githubRepo, { name: change.name, ruleset: change.desired }, strategyOptions);
                         appliedCount++;
                     }
                     break;

package/dist/settings/rulesets/types.d.ts

@@ -30,6 +30,10 @@ export interface GitHubRule {
     type: string;
     parameters?: Record<string, unknown>;
 }
+export interface RulesetCreateParams {
+    name: string;
+    ruleset: Ruleset;
+}
 export interface RulesetUpdateParams {
     rulesetId: number;
     name: string;
@@ -38,7 +42,7 @@ export interface RulesetUpdateParams {
 export interface IRulesetStrategy {
     list(repoInfo: RepoInfo, options?: GhApiOptions): Promise<GitHubRuleset[]>;
     get(repoInfo: RepoInfo, rulesetId: number, options?: GhApiOptions): Promise<GitHubRuleset>;
-    create(repoInfo: RepoInfo, name: string, ruleset: Ruleset, options?: GhApiOptions): Promise<GitHubRuleset>;
-    update(repoInfo: RepoInfo, params: RulesetUpdateParams, options?: GhApiOptions): Promise<GitHubRuleset>;
+    create(repoInfo: RepoInfo, params: RulesetCreateParams, options?: GhApiOptions): Promise<void>;
+    update(repoInfo: RepoInfo, params: RulesetUpdateParams, options?: GhApiOptions): Promise<void>;
     delete(repoInfo: RepoInfo, rulesetId: number, options?: GhApiOptions): Promise<void>;
 }

package/dist/settings/variables/diff.d.ts

@@ -0,0 +1,10 @@
+import type { GitHubVariable } from "./types.js";
+import type { SettingsAction } from "../base-processor.js";
+export type VariableAction = SettingsAction;
+export interface VariableChange {
+    action: VariableAction;
+    name: string;
+    oldValue?: string;
+    newValue?: string;
+}
+export declare function diffVariables(current: GitHubVariable[], desired: Record<string, string>, deleteOrphaned: boolean): VariableChange[];

package/dist/settings/variables/diff.js

@@ -0,0 +1,39 @@
+export function diffVariables(current, desired, deleteOrphaned) {
+    const changes = [];
+    const currentByName = new Map();
+    for (const v of current) {
+        currentByName.set(v.name.toUpperCase(), v);
+    }
+    const desiredUpper = new Set(Object.keys(desired).map((n) => n.toUpperCase()));
+    for (const [name, desiredValue] of Object.entries(desired)) {
+        const currentVar = currentByName.get(name.toUpperCase());
+        if (!currentVar) {
+            changes.push({ action: "create", name, newValue: desiredValue });
+        }
+        else if (currentVar.value !== desiredValue) {
+            changes.push({
+                action: "update",
+                name: currentVar.name,
+                oldValue: currentVar.value,
+                newValue: desiredValue,
+            });
+        }
+        else {
+            changes.push({ action: "unchanged", name: currentVar.name });
+        }
+    }
+    if (deleteOrphaned) {
+        for (const [nameUpper, currentVar] of currentByName) {
+            if (!desiredUpper.has(nameUpper)) {
+                changes.push({ action: "delete", name: currentVar.name });
+            }
+        }
+    }
+    const actionOrder = {
+        delete: 0,
+        update: 1,
+        create: 2,
+        unchanged: 3,
+    };
+    return changes.sort((a, b) => actionOrder[a.action] - actionOrder[b.action]);
+}

package/dist/settings/variables/formatter.d.ts

@@ -0,0 +1,16 @@
+import type { VariableChange, VariableAction } from "./diff.js";
+export interface VariablesPlanEntry {
+    name: string;
+    action: VariableAction;
+    oldValue?: string;
+    newValue?: string;
+}
+export interface VariablesPlanResult {
+    lines: string[];
+    creates: number;
+    updates: number;
+    deletes: number;
+    unchanged: number;
+    entries: VariablesPlanEntry[];
+}
+export declare function formatVariablesPlan(changes: VariableChange[]): VariablesPlanResult;