@dependabit/action 0.1.1

package/src/logger.ts

@@ -0,0 +1,210 @@
+import * as core from '@actions/core';
+
+/**
+ * Log level enumeration
+ */
+export enum LogLevel {
+  DEBUG = 'debug',
+  INFO = 'info',
+  WARNING = 'warning',
+  ERROR = 'error'
+}
+
+/**
+ * Structured log entry
+ */
+export interface LogEntry {
+  timestamp: string;
+  level: LogLevel;
+  message: string;
+  correlationId?: string;
+  [key: string]: unknown;
+}
+
+/**
+ * Logger configuration
+ */
+export interface LoggerConfig {
+  correlationId?: string;
+  enableDebug?: boolean;
+  context?: Record<string, unknown>;
+}
+
+/**
+ * Structured JSON logger for GitHub Actions
+ */
+export class Logger {
+  private correlationId: string;
+  private enableDebug: boolean;
+  private context: Record<string, unknown>;
+
+  constructor(config: LoggerConfig = {}) {
+    this.correlationId = config.correlationId || this.generateCorrelationId();
+    this.enableDebug = config.enableDebug ?? false;
+    this.context = config.context || {};
+  }
+
+  /**
+   * Generate a unique correlation ID for operation tracing
+   */
+  private generateCorrelationId(): string {
+    return `${Date.now()}-${Math.random().toString(36).substring(7)}`;
+  }
+
+  /**
+   * Format log entry as JSON
+   */
+  private formatEntry(level: LogLevel, message: string, data?: Record<string, unknown>): string {
+    const entry: LogEntry = {
+      timestamp: new Date().toISOString(),
+      level,
+      message,
+      correlationId: this.correlationId,
+      ...this.context,
+      ...data
+    };
+
+    return JSON.stringify(entry);
+  }
+
+  /**
+   * Log debug message
+   */
+  debug(message: string, data?: Record<string, unknown>): void {
+    if (this.enableDebug) {
+      core.debug(this.formatEntry(LogLevel.DEBUG, message, data));
+    }
+  }
+
+  /**
+   * Log info message
+   */
+  info(message: string, data?: Record<string, unknown>): void {
+    core.info(this.formatEntry(LogLevel.INFO, message, data));
+  }
+
+  /**
+   * Log warning message
+   */
+  warning(message: string, data?: Record<string, unknown>): void {
+    core.warning(this.formatEntry(LogLevel.WARNING, message, data));
+  }
+
+  /**
+   * Log error message
+   */
+  error(message: string, data?: Record<string, unknown>): void {
+    core.error(this.formatEntry(LogLevel.ERROR, message, data));
+  }
+
+  /**
+   * Start a log group
+   */
+  startGroup(name: string): void {
+    core.startGroup(name);
+  }
+
+  /**
+   * End a log group
+   */
+  endGroup(): void {
+    core.endGroup();
+  }
+
+  /**
+   * Get correlation ID
+   */
+  getCorrelationId(): string {
+    return this.correlationId;
+  }
+
+  /**
+   * Create a child logger with the same correlation ID
+   */
+  child(context?: Record<string, unknown>): Logger {
+    return new Logger({
+      correlationId: this.correlationId,
+      enableDebug: this.enableDebug,
+      context: { ...this.context, ...context }
+    });
+  }
+
+  /**
+   * Log LLM interaction
+   */
+  logLLMInteraction(data: {
+    provider: string;
+    model?: string;
+    prompt: string;
+    response: string;
+    tokens?: number;
+    latencyMs?: number;
+  }): void {
+    this.info('LLM interaction', {
+      type: 'llm_interaction',
+      ...data
+    });
+  }
+
+  /**
+   * Log API call
+   */
+  logAPICall(data: {
+    endpoint: string;
+    method: string;
+    statusCode?: number;
+    latencyMs?: number;
+    rateLimit?: {
+      remaining: number;
+      limit: number;
+      reset: number;
+    };
+  }): void {
+    this.info('API call', {
+      type: 'api_call',
+      ...data
+    });
+  }
+
+  /**
+   * Log operation duration
+   */
+  logDuration(operation: string, durationMs: number, data?: Record<string, unknown>): void {
+    this.info(`Operation completed: ${operation}`, {
+      type: 'operation_duration',
+      operation,
+      durationMs,
+      ...data
+    });
+  }
+}
+
+/**
+ * Create a new logger instance
+ */
+export function createLogger(config?: LoggerConfig): Logger {
+  return new Logger(config);
+}
+
+/**
+ * Measure and log operation duration
+ */
+export async function withTiming<T>(
+  logger: Logger,
+  operation: string,
+  fn: () => Promise<T>
+): Promise<T> {
+  const start = Date.now();
+  try {
+    const result = await fn();
+    const duration = Date.now() - start;
+    logger.logDuration(operation, duration);
+    return result;
+  } catch (error) {
+    const duration = Date.now() - start;
+    logger.logDuration(operation, duration, {
+      error: error instanceof Error ? error.message : String(error)
+    });
+    throw error;
+  }
+}

package/src/utils/agent-config.ts

@@ -0,0 +1,61 @@
+import type { DependabitConfig, Severity } from '@dependabit/manifest';
+
+/**
+ * Agent assignment configuration
+ */
+export interface AgentAssignmentConfig {
+  enabled: boolean;
+  severityMapping: {
+    breaking?: string;
+    major?: string;
+    minor?: string;
+  };
+}
+
+/**
+ * Parse AI agent assignment configuration from config
+ *
+ * Extracts severity-to-agent mapping from config.yml:
+ *
+ * ```yaml
+ * issues:
+ *   aiAgentAssignment:
+ *     enabled: true
+ *     breaking: copilot
+ *     major: claude
+ *     minor: copilot
+ * ```
+ *
+ * @param config Dependabit configuration
+ * @returns Agent assignment configuration
+ */
+export function parseAgentConfig(config: DependabitConfig): AgentAssignmentConfig {
+  const aiAgentAssignment = config.issues?.aiAgentAssignment;
+
+  if (!aiAgentAssignment || !aiAgentAssignment.enabled) {
+    return {
+      enabled: false,
+      severityMapping: {}
+    };
+  }
+
+  // Normalize agent names to lowercase
+  const severityMapping: Record<string, string> = {};
+
+  if (aiAgentAssignment.breaking) {
+    severityMapping['breaking'] = aiAgentAssignment.breaking.toLowerCase();
+  }
+
+  if (aiAgentAssignment.major) {
+    severityMapping['major'] = aiAgentAssignment.major.toLowerCase();
+  }
+
+  if (aiAgentAssignment.minor) {
+    severityMapping['minor'] = aiAgentAssignment.minor.toLowerCase();
+  }
+
+  return {
+    enabled: true,
+    severityMapping
+  };
+}

package/src/utils/agent-router.ts

@@ -0,0 +1,67 @@
+import type { Severity } from '@dependabit/manifest';
+import type { AgentAssignmentConfig } from './agent-config';
+/**
+ * Route issue to appropriate AI agent based on severity
+ *
+ * Uses severity-to-agent mapping from configuration to determine
+ * which AI agent should be assigned to handle the issue.
+ *
+ * @param severity Change severity (breaking, major, minor)
+ * @param config Agent assignment configuration
+ * @returns Agent name (e.g., 'copilot', 'claude') or null if not configured
+ */
+export function routeToAgent(severity: Severity, config: AgentAssignmentConfig): string | null {
+  if (!config.enabled) {
+    return null;
+  }
+
+  const agent = config.severityMapping[severity];
+  return agent || null;
+}
+
+/**
+ * Generate assignee label for issue
+ *
+ * Creates a label in format "assigned:agent" that can be used
+ * to trigger agent-specific workflows or assign the issue.
+ *
+ * @param agent Agent name or null
+ * @returns Label string or null
+ */
+export function getAssigneeLabel(agent: string | null): string | null {
+  if (!agent) {
+    return null;
+  }
+
+  return `assigned:${agent}`;
+}
+
+/**
+ * Get all configured agents
+ *
+ * Returns list of unique agent names configured in the severity mapping
+ *
+ * @param config Agent assignment configuration
+ * @returns Array of agent names
+ */
+export function getConfiguredAgents(config: AgentAssignmentConfig): string[] {
+  if (!config.enabled) {
+    return [];
+  }
+
+  const agents = new Set<string>();
+
+  if (config.severityMapping.breaking) {
+    agents.add(config.severityMapping.breaking);
+  }
+
+  if (config.severityMapping.major) {
+    agents.add(config.severityMapping.major);
+  }
+
+  if (config.severityMapping.minor) {
+    agents.add(config.severityMapping.minor);
+  }
+
+  return Array.from(agents);
+}

package/src/utils/errors.ts

@@ -0,0 +1,251 @@
+/**
+ * Error categorization and remediation messages
+ * Provides actionable error messages with remediation steps
+ */
+
+export enum ErrorCategory {
+  AUTHENTICATION = 'authentication',
+  RATE_LIMIT = 'rate_limit',
+  NETWORK = 'network',
+  VALIDATION = 'validation',
+  NOT_FOUND = 'not_found',
+  PERMISSION = 'permission',
+  CONFIGURATION = 'configuration',
+  INTERNAL = 'internal'
+}
+
+export interface CategorizedError {
+  category: ErrorCategory;
+  message: string;
+  originalError: Error;
+  remediation: string[];
+  context?: Record<string, unknown> | undefined;
+}
+
+/**
+ * Error categorizer with remediation suggestions
+ */
+export class ErrorCategorizer {
+  /**
+   * Categorize an error and provide remediation steps
+   */
+  categorize(error: Error, context?: Record<string, unknown>): CategorizedError {
+    const message = error.message.toLowerCase();
+
+    // Authentication errors
+    if (
+      message.includes('authentication') ||
+      message.includes('unauthorized') ||
+      message.includes('invalid token') ||
+      message.includes('bad credentials')
+    ) {
+      return {
+        category: ErrorCategory.AUTHENTICATION,
+        message: error.message,
+        originalError: error,
+        remediation: [
+          'Verify that GITHUB_TOKEN is set correctly',
+          'Check token has required permissions (repo, issues, contents)',
+          'Ensure token has not expired',
+          'For fine-grained tokens, verify repository access is granted',
+          'Try regenerating the token if issues persist'
+        ],
+        context
+      };
+    }
+
+    // Rate limit errors
+    if (
+      message.includes('rate limit') ||
+      message.includes('api rate limit exceeded') ||
+      message.includes('secondary rate limit')
+    ) {
+      return {
+        category: ErrorCategory.RATE_LIMIT,
+        message: error.message,
+        originalError: error,
+        remediation: [
+          'Wait for rate limit to reset (check X-RateLimit-Reset header)',
+          'Consider using authenticated requests (higher rate limits)',
+          'Implement request batching or caching',
+          'Review API usage patterns to reduce calls',
+          'For GitHub Actions, consider using GITHUB_TOKEN instead of PAT'
+        ],
+        context
+      };
+    }
+
+    // Network errors
+    if (
+      message.includes('econnrefused') ||
+      message.includes('enotfound') ||
+      message.includes('timeout') ||
+      message.includes('network')
+    ) {
+      return {
+        category: ErrorCategory.NETWORK,
+        message: error.message,
+        originalError: error,
+        remediation: [
+          'Check internet connectivity',
+          'Verify API endpoint is accessible',
+          'Check for firewall or proxy blocking requests',
+          'Retry the operation after a short delay',
+          'Verify DNS resolution is working'
+        ],
+        context
+      };
+    }
+
+    // Not found errors
+    if (message.includes('not found') || message.includes('404')) {
+      return {
+        category: ErrorCategory.NOT_FOUND,
+        message: error.message,
+        originalError: error,
+        remediation: [
+          'Verify the repository owner and name are correct',
+          'Check if the resource exists (branch, file, issue)',
+          'Ensure you have access to the repository (private repos)',
+          'Verify the URL or path is correct',
+          'Check if the resource was recently deleted'
+        ],
+        context
+      };
+    }
+
+    // Permission errors
+    if (
+      message.includes('permission') ||
+      message.includes('forbidden') ||
+      message.includes('403')
+    ) {
+      return {
+        category: ErrorCategory.PERMISSION,
+        message: error.message,
+        originalError: error,
+        remediation: [
+          'Verify token has required scopes (repo, admin:org, etc.)',
+          'Check repository access permissions',
+          'For organization repos, verify org membership',
+          'Ensure not attempting to modify protected branches',
+          'Review repository settings and branch protection rules'
+        ],
+        context
+      };
+    }
+
+    // Validation errors
+    if (
+      message.includes('validation') ||
+      message.includes('invalid') ||
+      message.includes('malformed')
+    ) {
+      return {
+        category: ErrorCategory.VALIDATION,
+        message: error.message,
+        originalError: error,
+        remediation: [
+          'Check input data format and structure',
+          'Verify required fields are provided',
+          'Validate data types match API expectations',
+          'Review API documentation for correct format',
+          'Check for special characters that need escaping'
+        ],
+        context
+      };
+    }
+
+    // Configuration errors
+    if (message.includes('config') || message.includes('missing')) {
+      return {
+        category: ErrorCategory.CONFIGURATION,
+        message: error.message,
+        originalError: error,
+        remediation: [
+          'Verify all required configuration values are set',
+          'Check .dependabit/config.yml exists and is valid',
+          'Validate configuration schema',
+          'Review example configuration in documentation',
+          'Ensure environment variables are properly set'
+        ],
+        context
+      };
+    }
+
+    // Default to internal error
+    return {
+      category: ErrorCategory.INTERNAL,
+      message: error.message,
+      originalError: error,
+      remediation: [
+        'This may be an internal error or unexpected condition',
+        'Check error details for more information',
+        'Try running the operation again',
+        'If issue persists, report it with error details',
+        'Check GitHub status page for service issues'
+      ],
+      context
+    };
+  }
+
+  /**
+   * Format error with remediation for display
+   */
+  format(categorizedError: CategorizedError): string {
+    const lines = [
+      `Error [${categorizedError.category}]: ${categorizedError.message}`,
+      '',
+      'Remediation steps:',
+      ...categorizedError.remediation.map((step, i) => `  ${i + 1}. ${step}`)
+    ];
+
+    if (categorizedError.context && Object.keys(categorizedError.context).length > 0) {
+      lines.push('');
+      lines.push('Context:');
+      for (const [key, value] of Object.entries(categorizedError.context)) {
+        lines.push(`  ${key}: ${JSON.stringify(value)}`);
+      }
+    }
+
+    return lines.join('\n');
+  }
+
+  /**
+   * Check if error is retryable
+   */
+  isRetryable(categorizedError: CategorizedError): boolean {
+    return [ErrorCategory.NETWORK, ErrorCategory.RATE_LIMIT].includes(categorizedError.category);
+  }
+
+  /**
+   * Get recommended retry delay in milliseconds
+   */
+  getRetryDelay(categorizedError: CategorizedError): number {
+    switch (categorizedError.category) {
+      case ErrorCategory.RATE_LIMIT:
+        return 60000; // 1 minute
+      case ErrorCategory.NETWORK:
+        return 5000; // 5 seconds
+      default:
+        return 0; // Not retryable
+    }
+  }
+}
+
+/**
+ * Create a categorized error from an exception
+ */
+export function categorizeError(error: Error, context?: Record<string, unknown>): CategorizedError {
+  const categorizer = new ErrorCategorizer();
+  return categorizer.categorize(error, context);
+}
+
+/**
+ * Format error with remediation steps
+ */
+export function formatError(error: Error, context?: Record<string, unknown>): string {
+  const categorizer = new ErrorCategorizer();
+  const categorized = categorizer.categorize(error, context);
+  return categorizer.format(categorized);
+}

package/src/utils/inputs.ts

@@ -0,0 +1,75 @@
+/**
+ * Action Input Parsing
+ * Handles parsing and validation of GitHub Action inputs
+ */
+
+import * as core from '@actions/core';
+
+export interface GenerateActionInputs {
+  repoPath: string;
+  llmProvider: 'github-copilot' | 'claude' | 'openai';
+  llmModel?: string;
+  llmApiKey?: string;
+  manifestPath: string;
+  enableDebug: boolean;
+}
+
+export interface UpdateActionInputs {
+  repoPath: string;
+  manifestPath: string;
+  commits: string[]; // Commit SHAs to analyze
+}
+
+export interface CheckActionInputs {
+  manifestPath: string;
+  createIssues: boolean;
+  issueLabels: string[];
+}
+
+/**
+ * Parse inputs for the generate action
+ */
+export function parseGenerateInputs(): GenerateActionInputs {
+  const llmModelInput = core.getInput('llm_model');
+  const llmApiKeyInput =
+    core.getInput('llm_api_key') || process.env['GITHUB_TOKEN'] || process.env['OPENAI_API_KEY'];
+
+  return {
+    repoPath: core.getInput('repo_path') || process.cwd(),
+    llmProvider: (core.getInput('llm_provider') || 'github-copilot') as 'github-copilot',
+    ...(llmModelInput && { llmModel: llmModelInput }),
+    ...(llmApiKeyInput && { llmApiKey: llmApiKeyInput }),
+    manifestPath: core.getInput('manifest_path') || '.dependabit/manifest.json',
+    enableDebug: core.getInput('debug') === 'true'
+  };
+}
+
+/**
+ * Parse inputs for the update action
+ */
+export function parseUpdateInputs(): UpdateActionInputs {
+  const commitsInput = core.getInput('commits');
+  const commits = commitsInput ? commitsInput.split(',').map((c) => c.trim()) : [];
+
+  return {
+    repoPath: core.getInput('repo_path') || process.cwd(),
+    manifestPath: core.getInput('manifest_path') || '.dependabit/manifest.json',
+    commits
+  };
+}
+
+/**
+ * Parse inputs for the check action
+ */
+export function parseCheckInputs(): CheckActionInputs {
+  const labelsInput = core.getInput('issue_labels');
+  const labels = labelsInput
+    ? labelsInput.split(',').map((l) => l.trim())
+    : ['dependabit', 'dependency-update'];
+
+  return {
+    manifestPath: core.getInput('manifest_path') || '.dependabit/manifest.json',
+    createIssues: core.getBooleanInput('create_issues') !== false,
+    issueLabels: labels
+  };
+}