@contractspec/action.validation 1.60.0

package/AGENTS.md

@@ -0,0 +1,47 @@
+# AI Agent Guide — `@contractspec/action.validation`
+
+Scope: `packages/apps/action-validation/*`
+
+This is the ContractSpec GitHub Action for CI/CD integration.
+
+## Structure
+
+- `action.yml` - GitHub Action definition (composite action)
+- `README.md` - Usage documentation
+- `package.json` - Package metadata (private, not published to npm)
+
+## How It Works
+
+This is a **composite action** that:
+
+1. Sets up Bun
+2. Installs dependencies
+3. Runs `contractspec ci` with the specified options
+4. Uploads SARIF to GitHub Code Scanning (optional)
+5. Uploads results as artifacts
+
+## Modifying the Action
+
+When making changes:
+
+1. Update `action.yml` for input/output changes
+2. Update `README.md` for documentation
+3. Test locally using `act` or by referencing the local action:
+
+```yaml
+- uses: ./packages/apps/action-validation
+```
+
+## Inputs/Outputs
+
+All inputs and outputs are defined in `action.yml`. The action wraps the `contractspec ci` CLI command.
+
+## Publishing
+
+The action is published as part of the monorepo. Users reference it as:
+
+```yaml
+- uses: lssm/contractspec-action@v1
+```
+
+The action is versioned with tags on the repository.

package/CHANGELOG.md

@@ -0,0 +1,279 @@
+# @contractspec/action.validation
+
+## 1.60.0
+
+### Minor Changes
+
+- fix: publish with bun
+
+## 1.59.0
+
+### Minor Changes
+
+- 1a0cf44: fix: publishConfig not supported by bun
+
+## 1.58.0
+
+### Minor Changes
+
+- d1f0fd0: chore: Migrate non-app package builds from tsdown to shared Bun tooling, add `@contractspec/tool.bun`, and standardize `prebuild`/`build`/`typecheck` with platform-aware exports and `tsc` declaration emission into `dist`.
+
+## 1.57.0
+
+### Minor Changes
+
+- 11a5a05: feat: improve product intent
+
+## 1.56.1
+
+### Patch Changes
+
+- fix: improve publish config
+
+## 1.56.0
+
+### Minor Changes
+
+- fix: release
+
+## 1.55.0
+
+### Minor Changes
+
+- fix: unpublished packages
+
+## 1.54.0
+
+### Minor Changes
+
+- ec5e95c: chore: upgrade dependencies
+
+## 1.53.0
+
+### Minor Changes
+
+- f4180d4: fix: performance improvement
+
+### Patch Changes
+
+- 1484fa6: Add reusable ContractSpec workflows with shared reporting and document the new automation guidance.
+
+## 1.52.0
+
+### Minor Changes
+
+- d93e6a9: fix: improve website
+
+## 1.51.0
+
+### Minor Changes
+
+- e6faefb: feat: add guide to import existing codebase
+
+## 1.50.0
+
+### Minor Changes
+
+- 5325d6b: feat: improve seo
+
+## 1.49.0
+
+### Minor Changes
+
+- cafd041: fix: impact report comments within github action
+
+## 1.48.0
+
+### Minor Changes
+
+- b0444a4: feat: reduce adoption's friction by allowing generation of contracts from an analyse of the codebase
+
+## 1.47.0
+
+### Minor Changes
+
+- caf8701: feat: add cli vibe command to run workflow
+- c69b849: feat: add api web services (mcp & website)
+- 42b8d78: feat: add cli `contractspec vibe` workflow to simplify usage
+- fd38e85: feat: auto-fix contractspec issues
+
+### Patch Changes
+
+- e7ded36: feat: improve stability (adding ts-morph)
+- c231a8b: test: improve workspace stability
+
+## 1.46.2
+
+### Patch Changes
+
+- 7e21625: feat: library services (landing page & api)
+
+## 1.46.1
+
+### Patch Changes
+
+- 2d8a72b: fix: mcp for presentation
+
+## 1.46.0
+
+### Minor Changes
+
+- 07cb19b: feat: feat: cleaude code & opencode integrations
+
+## 1.45.6
+
+### Patch Changes
+
+- a913074: feat: improve ai agents rules management"
+
+## 1.45.5
+
+### Patch Changes
+
+- 9ddd7fa: feat: improve versioning
+
+## 1.45.4
+
+### Patch Changes
+
+- fix: github action
+
+## 1.45.3
+
+### Patch Changes
+
+- e74ea9e: feat: version management
+
+## 1.45.2
+
+### Patch Changes
+
+- 39ca241: code cleaning
+
+## 1.45.1
+
+### Patch Changes
+
+- feat: improve app config and examples contracts
+
+## 1.45.0
+
+### Minor Changes
+
+- e73ca1d: feat: improve app config and examples contracts
+  feat: Contract layers support (features, examples, app-configs)
+
+  ### New CLI Commands
+  - `contractspec list layers` - List all contract layers with filtering
+
+  ### Enhanced Commands
+  - `contractspec ci` - New `layers` check category validates features/examples/config
+  - `contractspec doctor` - New `layers` health checks
+  - `contractspec integrity` - Now shows layer statistics
+
+  ### New APIs
+  - `discoverLayers()` - Scan workspace for all layer files
+  - `scanExampleSource()` - Parse ExampleSpec from source code
+  - `isExampleFile()` - Check if file is an example spec
+
+## 1.44.1
+
+### Patch Changes
+
+- 3c594fb: fix
+
+## 1.44.0
+
+### Minor Changes
+
+- 5f3a868: chore: isolate branding to contractspec.io
+
+## 1.43.3
+
+### Patch Changes
+
+- 9216062: fix: cross-platform compatibility
+
+## 1.43.2
+
+### Patch Changes
+
+- 24d9759: improve documentation
+
+## 1.43.1
+
+### Patch Changes
+
+- e147271: fix: improve stability
+
+## 1.43.0
+
+### Minor Changes
+
+- 042d072: feat: schema declaration using json schema, including zod
+
+## 1.42.10
+
+### Patch Changes
+
+- 1e6a0f1: fix: mcp server
+
+## 1.42.9
+
+### Patch Changes
+
+- 9281db7: fix ModelRegistry
+
+## 1.42.8
+
+### Patch Changes
+
+- e07b5ac: fix
+
+## 1.42.7
+
+### Patch Changes
+
+- e9b575d: fix release
+
+## 1.42.6
+
+### Patch Changes
+
+- 1500242: fix tooling
+
+## 1.42.5
+
+### Patch Changes
+
+- 1299719: fix vscode
+
+## 1.42.4
+
+### Patch Changes
+
+- ac28b99: fix: generate from openapi
+
+## 1.42.3
+
+### Patch Changes
+
+- 3f5d015: fix(tooling): cicd
+
+## 1.42.2
+
+### Patch Changes
+
+- 1f9ac4c: fix
+
+## 1.42.1
+
+### Patch Changes
+
+- f043995: Fix release
+
+## 1.42.0
+
+### Minor Changes
+
+- 8eefd9c: initial release

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Chaman Ventures, SASU
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,286 @@
+# ContractSpec CI GitHub Action
+
+> Note: This action is now an internal helper. Prefer `packages/apps/action-pr` and `packages/apps/action-drift`.
+
+Website: https://contractspec.io/
+
+Run ContractSpec validation checks in your CI/CD pipeline with automatic SARIF upload to GitHub Code Scanning.
+
+## Usage
+
+### Basic Usage
+
+```yaml
+name: ContractSpec CI
+
+on: [push, pull_request]
+
+jobs:
+  contractspec:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run ContractSpec CI
+        uses: lssm/contractspec-action@v1
+```
+
+### Full Configuration
+
+```yaml
+name: ContractSpec CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  contractspec:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write # Required for SARIF upload
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run ContractSpec CI
+        id: contractspec
+        uses: lssm/contractspec-action@v1
+        with:
+          # Run specific checks (default: all)
+          checks: 'structure,integrity,deps'
+
+          # Skip specific checks
+          skip: 'doctor'
+
+          # Glob pattern for spec discovery
+          pattern: 'src/**/*.contracts.ts'
+
+          # Fail on warnings (default: false)
+          fail-on-warnings: false
+
+          # Include handler checks (default: false)
+          check-handlers: true
+
+          # Include test checks (default: false)
+          check-tests: true
+
+          # Upload SARIF to GitHub Code Scanning (default: true)
+          upload-sarif: true
+
+          # Working directory (default: .)
+          working-directory: '.'
+
+          # Bun version (default: latest)
+          bun-version: 'latest'
+
+      - name: Check results
+        if: always()
+        run: |
+          echo "Success: ${{ steps.contractspec.outputs.success }}"
+          echo "Errors: ${{ steps.contractspec.outputs.errors }}"
+          echo "Warnings: ${{ steps.contractspec.outputs.warnings }}"
+```
+
+## Inputs
+
+### Validation Mode Inputs
+
+| Input               | Description                              | Required | Default    |
+| ------------------- | ---------------------------------------- | -------- | ---------- |
+| `mode`              | Action mode: `validate` or `impact`      | No       | `validate` |
+| `checks`            | Checks to run (comma-separated) or "all" | No       | `all`      |
+| `skip`              | Checks to skip (comma-separated)         | No       | `''`       |
+| `pattern`           | Glob pattern for spec discovery          | No       | `''`       |
+| `fail-on-warnings`  | Fail the action on warnings              | No       | `false`    |
+| `check-handlers`    | Include handler implementation checks    | No       | `false`    |
+| `check-tests`       | Include test coverage checks             | No       | `false`    |
+| `upload-sarif`      | Upload SARIF to GitHub Code Scanning     | No       | `true`     |
+| `working-directory` | Working directory for running checks     | No       | `.`        |
+| `bun-version`       | Bun version to use                       | No       | `latest`   |
+
+### Impact Detection Inputs
+
+| Input              | Description                                        | Required | Default               |
+| ------------------ | -------------------------------------------------- | -------- | --------------------- |
+| `mode`             | Set to `impact` for breaking change detection      | No       | `validate`            |
+| `baseline`         | Git ref to compare against (auto-detected from PR) | No       | `''`                  |
+| `pr-comment`       | Post impact results as PR comment                  | No       | `true`                |
+| `fail-on-breaking` | Fail action if breaking changes detected           | No       | `true`                |
+| `github-token`     | GitHub token for PR comments and check runs        | No       | `${{ github.token }}` |
+
+### Available Checks
+
+- `structure` - Validate spec structure (meta, io, policy fields)
+- `integrity` - Find orphaned specs and broken references
+- `deps` - Detect circular dependencies and missing refs
+- `doctor` - Check installation health
+- `handlers` - Verify handler implementations exist
+- `tests` - Verify test files exist
+
+## Outputs
+
+### Validation Mode Outputs
+
+| Output       | Description                                |
+| ------------ | ------------------------------------------ |
+| `success`    | Whether all checks passed (`true`/`false`) |
+| `errors`     | Number of errors found                     |
+| `warnings`   | Number of warnings found                   |
+| `sarif-file` | Path to SARIF output file                  |
+| `json-file`  | Path to JSON output file                   |
+
+### Impact Detection Outputs
+
+| Output               | Description                                               |
+| -------------------- | --------------------------------------------------------- |
+| `impact-status`      | Impact status: `no-impact`, `non-breaking`, or `breaking` |
+| `breaking-count`     | Number of breaking changes detected                       |
+| `non-breaking-count` | Number of non-breaking changes detected                   |
+
+## Impact Detection
+
+The action can detect breaking and non-breaking contract changes on PRs, providing:
+
+- **✅ No contract impact** - No changes to contracts
+- **⚠️ Contract changed (non-breaking)** - Safe additions or optional field changes
+- **❌ Breaking change detected** - Removals, type changes, or required field additions
+
+### PR Comment Output
+
+When `pr-comment: true`, the action posts a comment like:
+
+```markdown
+## 📋 ContractSpec Impact Analysis
+
+❌ **Breaking changes detected**
+
+### Summary
+
+| Type            | Count |
+| --------------- | ----- |
+| 🔴 Breaking     | 2     |
+| 🟡 Non-breaking | 3     |
+
+### 🔴 Breaking Changes
+
+- **orders.create**: Required field 'userId' was removed
+- **orders.get**: Response type changed from 'object' to 'array'
+```
+
+## GitHub Code Scanning Integration
+
+When `upload-sarif: true` (default), the action uploads SARIF results to GitHub Code Scanning. This provides:
+
+- **Inline annotations** on pull requests showing issues at the exact location
+- **Security tab integration** for tracking issues over time
+- **Code scanning alerts** for new issues
+
+To enable this feature, ensure your workflow has the `security-events: write` permission:
+
+```yaml
+permissions:
+  contents: read
+  security-events: write
+```
+
+## Exit Codes
+
+| Code | Description                                                      |
+| ---- | ---------------------------------------------------------------- |
+| `0`  | All checks passed                                                |
+| `1`  | Errors found (or breaking changes with `fail-on-breaking: true`) |
+| `2`  | Warnings found (with `fail-on-warnings: true`)                   |
+
+## Examples
+
+### Validate on Push and PR
+
+```yaml
+name: Validate Contracts
+
+on: [push, pull_request]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: lssm-tech/contractspec@action-v1
+```
+
+### Impact Detection on PRs
+
+```yaml
+name: Contract Impact
+
+on: pull_request
+
+jobs:
+  impact:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for git history comparison
+
+      - uses: lssm-tech/contractspec@action-v1
+        with:
+          mode: impact
+          pr-comment: 'true'
+          fail-on-breaking: 'true'
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+### Strict Mode (Fail on Warnings)
+
+```yaml
+- uses: lssm/contractspec-action@v1
+  with:
+    fail-on-warnings: true
+```
+
+### Skip Doctor Checks in CI
+
+```yaml
+- uses: lssm/contractspec-action@v1
+  with:
+    skip: 'doctor'
+```
+
+### Monorepo with Multiple Packages
+
+```yaml
+jobs:
+  contractspec:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        package: [api, web, shared]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: lssm/contractspec-action@v1
+        with:
+          working-directory: packages/${{ matrix.package }}
+```
+
+## Using Without the Action
+
+If you prefer to run ContractSpec directly without the action:
+
+```yaml
+- uses: oven-sh/setup-bun@v2
+- run: bun install
+- run: bunx contractspec ci --format sarif --output results.sarif
+- uses: github/codeql-action/upload-sarif@v4
+  with:
+    sarif_file: results.sarif
+```
+
+## License
+
+MIT

package/action.yml

@@ -0,0 +1,456 @@
+name: 'ContractSpec CI'
+description: 'Run ContractSpec validation checks in your CI/CD pipeline'
+author: 'LSSM'
+branding:
+  icon: 'check-circle'
+  color: 'blue'
+
+inputs:
+  checks:
+    description: 'Checks to run (comma-separated: structure,integrity,deps,doctor,handlers,tests) or "all"'
+    required: false
+    default: 'all'
+  skip:
+    description: 'Checks to skip (comma-separated)'
+    required: false
+    default: ''
+  pattern:
+    description: 'Glob pattern for spec discovery'
+    required: false
+    default: ''
+  fail-on-warnings:
+    description: 'Fail the action on warnings (not just errors)'
+    required: false
+    default: 'false'
+  check-handlers:
+    description: 'Include handler implementation checks'
+    required: false
+    default: 'false'
+  check-tests:
+    description: 'Include test coverage checks'
+    required: false
+    default: 'false'
+  upload-sarif:
+    description: 'Upload SARIF results to GitHub Code Scanning'
+    required: false
+    default: 'true'
+  working-directory:
+    description: 'Working directory for running checks'
+    required: false
+    default: '.'
+  bun-version:
+    description: 'Bun version to use'
+    required: false
+    default: 'latest'
+  
+  # Impact detection inputs
+  mode:
+    description: 'Action mode: "validate" (run checks) or "impact" (detect breaking changes)'
+    required: false
+    default: 'validate'
+  baseline:
+    description: 'Git ref to compare against for impact detection (default: base branch from PR context)'
+    required: false
+    default: ''
+  pr-comment:
+    description: 'Post impact results as PR comment'
+    required: false
+    default: 'true'
+  fail-on-breaking:
+    description: 'Fail the action if breaking changes are detected'
+    required: false
+    default: 'true'
+  github-token:
+    description: 'GitHub token for PR comments and check runs'
+    required: false
+    default: '${{ github.token }}'
+
+outputs:
+  success:
+    description: 'Whether all checks passed'
+  errors:
+    description: 'Number of errors found'
+  warnings:
+    description: 'Number of warnings found'
+  sarif-file:
+    description: 'Path to SARIF output file (if uploaded)'
+  json-file:
+    description: 'Path to JSON output file'
+  
+  # Impact detection outputs
+  impact-status:
+    description: 'Impact status: "no-impact" | "non-breaking" | "breaking"'
+  breaking-count:
+    description: 'Number of breaking changes detected'
+  non-breaking-count:
+    description: 'Number of non-breaking changes detected'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Bun
+      uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: ${{ inputs.bun-version }}
+
+    - name: Install dependencies
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: |
+        if [ -f "bun.lock" ] || [ -f "bun.lockb" ]; then
+          bun install --frozen-lockfile
+        elif [ -f "package-lock.json" ]; then
+          npm ci
+        elif [ -f "pnpm-lock.yaml" ]; then
+          corepack enable
+          pnpm install --frozen-lockfile
+        elif [ -f "yarn.lock" ]; then
+          corepack enable
+          yarn install --frozen-lockfile
+        else
+          bun install
+        fi
+
+    - name: Build ContractSpec CLI (if local)
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: |
+        # Check if this is the ContractSpec monorepo itself
+        if [ -f "packages/apps/cli-contractspec/package.json" ]; then
+          echo "Building ContractSpec CLI from source..."
+          bun run build --filter=@contractspec/app.cli-contractspec
+        fi
+
+    - name: Run ContractSpec CI checks
+      id: ci-checks
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      env:
+        CHECKS: ${{ inputs.checks }}
+        SKIP: ${{ inputs.skip }}
+        PATTERN: ${{ inputs.pattern }}
+        FAIL_ON_WARNINGS: ${{ inputs.fail-on-warnings }}
+        CHECK_HANDLERS: ${{ inputs.check-handlers }}
+        CHECK_TESTS: ${{ inputs.check-tests }}
+      run: |
+        # Build command arguments
+        ARGS=""
+
+        if [ "$CHECKS" != "all" ] && [ -n "$CHECKS" ]; then
+          ARGS="$ARGS --checks $CHECKS"
+        fi
+
+        if [ -n "$SKIP" ]; then
+          ARGS="$ARGS --skip $SKIP"
+        fi
+
+        if [ -n "$PATTERN" ]; then
+          ARGS="$ARGS --pattern '$PATTERN'"
+        fi
+
+        if [ "$FAIL_ON_WARNINGS" = "true" ]; then
+          ARGS="$ARGS --fail-on-warnings"
+        fi
+
+        if [ "$CHECK_HANDLERS" = "true" ]; then
+          ARGS="$ARGS --check-handlers"
+        fi
+
+        if [ "$CHECK_TESTS" = "true" ]; then
+          ARGS="$ARGS --check-tests"
+        fi
+
+        # Create output directory
+        mkdir -p .contractspec-ci
+
+        # Run checks and capture JSON output
+        echo "Running: contractspec ci --format - json $ARGS"
+        set +e
+        bunx contractspec ci --format json $ARGS > .contractspec-ci/results.json
+        EXIT_CODE=$?
+        set -e
+
+        # Parse results for outputs
+        if [ -f ".contractspec-ci/results.json" ]; then
+          SUCCESS=$(jq -r '.success' .contractspec-ci/results.json 2>/dev/null || echo "false")
+          ERRORS=$(jq -r '.summary.totalErrors // .errors // 0' .contractspec-ci/results.json 2>/dev/null || echo "0")
+          WARNINGS=$(jq -r '.summary.totalWarnings // .warnings // 0' .contractspec-ci/results.json 2>/dev/null || echo "0")
+
+          echo "success=$SUCCESS" >> $GITHUB_OUTPUT
+          echo "errors=$ERRORS" >> $GITHUB_OUTPUT
+          echo "warnings=$WARNINGS" >> $GITHUB_OUTPUT
+          echo "json-file=.contractspec-ci/results.json" >> $GITHUB_OUTPUT
+        else
+          echo "success=false" >> $GITHUB_OUTPUT
+          echo "errors=1" >> $GITHUB_OUTPUT
+          echo "warnings=0" >> $GITHUB_OUTPUT
+        fi
+
+
+        # Generate SARIF for upload (capture stderr to see any errors)
+        if [ "${{ inputs.upload-sarif }}" = "true" ]; then
+          echo "Generating SARIF output..."
+          set +e
+          bunx contractspec ci --format sarif $ARGS > .contractspec-ci/results.sarif
+          SARIF_EXIT_CODE=$?
+          set -e
+          
+          # Validate SARIF is valid JSON
+          if [ -f ".contractspec-ci/results.sarif" ] && jq empty .contractspec-ci/results.sarif 2>/dev/null; then
+            echo "sarif-file=.contractspec-ci/results.sarif" >> $GITHUB_OUTPUT
+            echo "sarif-valid=true" >> $GITHUB_OUTPUT
+          else
+            echo "Warning: SARIF output is not valid JSON, skipping upload"
+            echo "sarif-valid=false" >> $GITHUB_OUTPUT
+            # If file exists but is invalid, show its contents for debugging
+            if [ -f ".contractspec-ci/results.sarif" ]; then
+              echo "SARIF file contents (first 50 lines):"
+              head -n 50 .contractspec-ci/results.sarif || true
+            fi
+          fi
+        fi
+
+        # Print text summary
+        echo ""
+        echo "=== ContractSpec CI Results ==="
+        bunx contractspec ci --format text $ARGS 2>/dev/null || true
+
+        exit $EXIT_CODE
+
+    - name: Upload SARIF to GitHub Code Scanning
+      if: inputs.upload-sarif == 'true' && steps.ci-checks.outputs.sarif-valid == 'true' && always()
+      uses: github/codeql-action/upload-sarif@v4
+      with:
+        sarif_file: ${{ inputs.working-directory }}/.contractspec-ci/results.sarif
+        category: contractspec
+      continue-on-error: true
+
+    - name: Upload results as artifact
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: contractspec-ci-results
+        path: |
+          ${{ inputs.working-directory }}/.contractspec-ci/results.json
+          ${{ inputs.working-directory }}/.contractspec-ci/results.sarif
+          ${{ inputs.working-directory }}/.contractspec-ci/impact.json
+        retention-days: 30
+      continue-on-error: true
+
+    # Impact detection mode
+    - name: Run ContractSpec impact detection
+      id: impact-detection
+      if: inputs.mode == 'impact'
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: |
+        # Determine baseline
+        BASELINE="${{ inputs.baseline }}"
+        if [ -z "$BASELINE" ] && [ -n "${{ github.base_ref }}" ]; then
+          BASELINE="origin/${{ github.base_ref }}"
+          # Fetch the base branch
+          git fetch origin "${{ github.base_ref }}" --depth=1 || true
+        fi
+        
+        if [ -z "$BASELINE" ]; then
+          echo "No baseline specified and not in PR context. Comparing against HEAD~1"
+          BASELINE="HEAD~1"
+        fi
+        
+        echo "Comparing against baseline: $BASELINE"
+        
+        # Create output directory
+        mkdir -p .contractspec-ci
+        
+        # Run impact detection
+        set +e
+        bunx contractspec impact --baseline "$BASELINE" --format json > .contractspec-ci/impact.json
+        EXIT_CODE=$?
+        set -e
+        
+        if [ -f ".contractspec-ci/impact.json" ]; then
+          STATUS=$(jq -r '.status // "no-impact"' .contractspec-ci/impact.json 2>/dev/null || echo "no-impact")
+          BREAKING=$(jq -r '.summary.breaking // 0' .contractspec-ci/impact.json 2>/dev/null || echo "0")
+          NON_BREAKING=$(jq -r '.summary.nonBreaking // 0' .contractspec-ci/impact.json 2>/dev/null || echo "0")
+          
+          echo "impact-status=$STATUS" >> $GITHUB_OUTPUT
+          echo "breaking-count=$BREAKING" >> $GITHUB_OUTPUT
+          echo "non-breaking-count=$NON_BREAKING" >> $GITHUB_OUTPUT
+          
+          # Print summary
+          echo ""
+          echo "=== ContractSpec Impact Analysis ==="
+          if [ "$STATUS" == "breaking" ]; then
+            echo "❌ Breaking changes detected ($BREAKING breaking, $NON_BREAKING non-breaking)"
+          elif [ "$STATUS" == "non-breaking" ]; then
+            echo "⚠️ Contract changed ($NON_BREAKING non-breaking changes)"
+          else
+            echo "✅ No contract impact"
+          fi
+        else
+          echo "impact-status=no-impact" >> $GITHUB_OUTPUT
+          echo "breaking-count=0" >> $GITHUB_OUTPUT
+          echo "non-breaking-count=0" >> $GITHUB_OUTPUT
+        fi
+        
+        # Fail if breaking changes and fail-on-breaking is true
+        if [ "${{ inputs.fail-on-breaking }}" == "true" ] && [ "$STATUS" == "breaking" ]; then
+          echo "::error::Breaking changes detected. Set fail-on-breaking to false to allow."
+          exit 1
+        fi
+
+    - name: Post PR comment with validation results
+      if: inputs.mode == 'validate' && inputs.pr-comment == 'true' && github.event_name == 'pull_request' && failure() && always()
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{ inputs.github-token }}
+        script: |
+          const fs = require('fs');
+          const resultsFile = '.contractspec-ci/results.json';
+          
+          let body = '## ❌ ContractSpec Validation Failed\n\n';
+          
+          try {
+            if (fs.existsSync(resultsFile)) {
+              const results = JSON.parse(fs.readFileSync(resultsFile, 'utf8'));
+              
+              const errors = results.issues?.filter(i => i.severity === 'error') || [];
+              const warnings = results.issues?.filter(i => i.severity === 'warning') || [];
+              
+              body += `Found **${errors.length} errors** and **${warnings.length} warnings**.\n\n`;
+              
+              if (errors.length > 0) {
+                body += '### 🔴 Errors\n\n';
+                for (const issue of errors.slice(0, 10)) {
+                  body += `- **${issue.type}**: ${issue.message} in \`${issue.file}\`\n`;
+                  if (issue.fixLinks && issue.fixLinks.cli) {
+                     body += `  > 🔧 **Fix:** \`${issue.fixLinks.cli}\`\n`;
+                  }
+                }
+                if (errors.length > 10) {
+                  body += `\n_...and ${errors.length - 10} more_\n`;
+                }
+                body += '\n';
+              }
+            } else {
+              body += '⚠️ Validation results not found.\n';
+            }
+          } catch (e) {
+            body += `⚠️ Error reading results: ${e.message}\n`;
+          }
+          
+          body += '\n---\n*Generated by ContractSpec CI*';
+          
+          // Find existing comment
+          const { data: comments } = await github.rest.issues.listComments({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            issue_number: context.issue.number,
+          });
+          
+          const botComment = comments.find(c => 
+            c.body?.includes('ContractSpec Validation Failed') && 
+            c.user?.type === 'Bot'
+          );
+          
+          if (botComment) {
+            await github.rest.issues.updateComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: botComment.id,
+              body
+            });
+          } else {
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body
+            });
+          }
+      continue-on-error: true
+
+    - name: Post PR comment with impact results
+      if: inputs.mode == 'impact' && inputs.pr-comment == 'true' && github.event_name == 'pull_request' && always()
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{ inputs.github-token }}
+        script: |
+          const fs = require('fs');
+          const impactFile = '.contractspec-ci/impact.json';
+          
+          let body = '## 📋 ContractSpec Impact Analysis\n\n';
+          
+          try {
+            if (fs.existsSync(impactFile)) {
+              const impact = JSON.parse(fs.readFileSync(impactFile, 'utf8'));
+              
+              if (impact.hasBreaking) {
+                body += '❌ **Breaking changes detected**\n\n';
+              } else if (impact.hasNonBreaking) {
+                body += '⚠️ **Contract changed (non-breaking)**\n\n';
+              } else {
+                body += '✅ **No contract impact**\n\n';
+              }
+              
+              // Summary table
+              if (impact.summary.breaking > 0 || impact.summary.nonBreaking > 0) {
+                body += '### Summary\n\n';
+                body += '| Type | Count |\n';
+                body += '|------|-------|\n';
+                if (impact.summary.breaking > 0) body += `| 🔴 Breaking | ${impact.summary.breaking} |\n`;
+                if (impact.summary.nonBreaking > 0) body += `| 🟡 Non-breaking | ${impact.summary.nonBreaking} |\n`;
+                if (impact.summary.added > 0) body += `| ➕ Added | ${impact.summary.added} |\n`;
+                if (impact.summary.removed > 0) body += `| ➖ Removed | ${impact.summary.removed} |\n`;
+                body += '\n';
+              }
+              
+              // Breaking changes details
+              const breaking = impact.deltas?.filter(d => d.severity === 'breaking') || [];
+              if (breaking.length > 0) {
+                body += '### 🔴 Breaking Changes\n\n';
+                for (const delta of breaking.slice(0, 10)) {
+                  body += `- **${delta.specName}**: ${delta.description}\n`;
+                }
+                if (breaking.length > 10) {
+                  body += `\n_...and ${breaking.length - 10} more_\n`;
+                }
+                body += '\n';
+              }
+            } else {
+              body += '⚠️ Impact analysis results not found.\n';
+            }
+          } catch (e) {
+            body += `⚠️ Error reading impact results: ${e.message}\n`;
+          }
+          
+          body += '\n---\n*Generated by ContractSpec CI*';
+          
+          // Find existing comment
+          const { data: comments } = await github.rest.issues.listComments({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            issue_number: context.issue.number,
+          });
+          
+          const botComment = comments.find(c => 
+            c.body?.includes('ContractSpec Impact Analysis') && 
+            c.user?.type === 'Bot'
+          );
+          
+          if (botComment) {
+            await github.rest.issues.updateComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: botComment.id,
+              body
+            });
+          } else {
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body
+            });
+          }
+      continue-on-error: true

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@contractspec/action.validation",
+  "version": "1.60.0",
+  "description": "GitHub Action for running ContractSpec CI checks",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/lssm-tech/contractspec.git",
+    "directory": "packages/apps/action-validation"
+  },
+  "keywords": [
+    "github-action",
+    "contractspec",
+    "ci",
+    "validation",
+    "contracts"
+  ],
+  "author": "LSSM",
+  "license": "MIT",
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/",
+    "access": "public"
+  },
+  "homepage": "https://contractspec.io"
+}