@dependabit/github-client 0.1.1

package/src/issues.ts

@@ -0,0 +1,185 @@
+/**
+ * Issue Manager
+ * Handles GitHub issue creation and management for dependency changes
+ */
+
+import { Octokit } from 'octokit';
+
+export interface IssueData {
+  owner: string;
+  repo: string;
+  title: string;
+  body: string;
+  severity: 'breaking' | 'major' | 'minor';
+  dependency: {
+    id: string;
+    url: string;
+  };
+  assignee?: string;
+}
+
+export interface IssueResult {
+  number: number;
+  url: string;
+  labels: string[];
+  assignees?: string[] | undefined;
+}
+
+export interface UpdateIssueData {
+  owner: string;
+  repo: string;
+  issueNumber: number;
+  body: string;
+  severity?: 'breaking' | 'major' | 'minor';
+  append?: boolean;
+}
+
+export class IssueManager {
+  private octokit: Octokit;
+
+  constructor(auth?: string) {
+    this.octokit = new Octokit({
+      auth: auth || process.env['GITHUB_TOKEN']
+    });
+  }
+
+  /**
+   * Creates a new issue for a dependency change
+   */
+  async createIssue(data: IssueData): Promise<IssueResult> {
+    const { owner, repo, title, body, severity, dependency, assignee } = data;
+
+    // Prepare labels
+    const labels = ['dependabit', `severity:${severity}`, 'dependency-update'];
+
+    // Create the issue
+    const response = await this.octokit.rest.issues.create({
+      owner,
+      repo,
+      title,
+      body: this.formatIssueBody(body, dependency),
+      labels,
+      ...(assignee && { assignees: [assignee] })
+    });
+
+    return {
+      number: response.data.number,
+      url: response.data.html_url,
+      labels,
+      ...(assignee && { assignees: [assignee] })
+    };
+  }
+
+  /**
+   * Finds an existing issue for a dependency
+   */
+  async findExistingIssue(params: {
+    owner: string;
+    repo: string;
+    dependencyId: string;
+  }): Promise<IssueResult | null> {
+    const { owner, repo, dependencyId } = params;
+
+    try {
+      // Search for open issues with dependabit label and dependency ID
+      const query = `repo:${owner}/${repo} is:issue is:open label:dependabit ${dependencyId}`;
+
+      const response = await this.octokit.rest.search.issuesAndPullRequests({
+        q: query,
+        per_page: 1
+      });
+
+      if (response.data.items.length === 0) {
+        return null;
+      }
+
+      const issue = response.data.items[0];
+      if (!issue) {
+        return null;
+      }
+
+      return {
+        number: issue.number,
+        url: issue.html_url,
+        labels: issue.labels.map((l) => (typeof l === 'string' ? l : l.name || ''))
+      };
+    } catch (error) {
+      console.error('Error finding existing issue:', error);
+      return null;
+    }
+  }
+
+  /**
+   * Updates an existing issue
+   */
+  async updateIssue(data: UpdateIssueData): Promise<IssueResult> {
+    const { owner, repo, issueNumber, body, severity, append } = data;
+
+    let finalBody = body;
+
+    // If appending, fetch current body first
+    if (append) {
+      const current = await this.octokit.rest.issues.get({
+        owner,
+        repo,
+        issue_number: issueNumber
+      });
+      finalBody = `${current.data.body}\n\n---\n\n${body}`;
+    }
+
+    // Update labels if severity changed
+    const updateParams: {
+      owner: string;
+      repo: string;
+      issue_number: number;
+      body: string;
+      labels?: string[];
+    } = {
+      owner,
+      repo,
+      issue_number: issueNumber,
+      body: finalBody
+    };
+
+    if (severity) {
+      const current = await this.octokit.rest.issues.get({
+        owner,
+        repo,
+        issue_number: issueNumber
+      });
+
+      const existingLabels = current.data.labels
+        .map((l) => (typeof l === 'string' ? l : l.name))
+        .filter((l): l is string => !!l);
+
+      const severityLabels = ['dependabit', `severity:${severity}`, 'dependency-update'];
+
+      const mergedLabels = Array.from(new Set([...existingLabels, ...severityLabels]));
+
+      updateParams.labels = mergedLabels;
+    }
+
+    const response = await this.octokit.rest.issues.update(updateParams);
+
+    return {
+      number: response.data.number,
+      url: response.data.html_url,
+      labels: response.data.labels.map((l) => (typeof l === 'string' ? l : l.name || ''))
+    };
+  }
+
+  /**
+   * Formats the issue body with dependency metadata
+   */
+  private formatIssueBody(body: string, dependency: { id: string; url: string }): string {
+    return `${body}
+
+---
+
+**Dependency Information**
+- ID: \`${dependency.id}\`
+- URL: ${dependency.url}
+
+*This issue was automatically created by dependabit. Add \`false-positive\` or \`true-positive\` label to provide feedback.*`;
+  }
+}

package/src/rate-limit.ts

@@ -0,0 +1,210 @@
+/**
+ * Rate Limit Handler
+ * Manages GitHub API rate limits and request budgeting
+ */
+
+import { Octokit } from 'octokit';
+
+export interface RateLimitInfo {
+  limit: number;
+  remaining: number;
+  reset: Date;
+  used: number;
+  warning?: string;
+}
+
+export interface RateLimitStatus {
+  core: RateLimitInfo & { percentageRemaining: number };
+  search: RateLimitInfo & { percentageRemaining: number };
+  graphql: RateLimitInfo & { percentageRemaining: number };
+}
+
+export interface BudgetReservation {
+  reserved: boolean;
+  reason?: string;
+  waitTime?: number;
+}
+
+export class RateLimitHandler {
+  private octokit: Octokit;
+  private lastCheck?: RateLimitStatus;
+  private lastCheckTime?: Date;
+
+  constructor(auth?: string) {
+    this.octokit = new Octokit({
+      auth: auth || process.env['GITHUB_TOKEN']
+    });
+  }
+
+  /**
+   * Checks current rate limit status
+   */
+  async checkRateLimit(): Promise<RateLimitInfo> {
+    const response = await this.octokit.rest.rateLimit.get();
+    const { rate } = response.data;
+
+    const info: RateLimitInfo = {
+      limit: rate.limit,
+      remaining: rate.remaining,
+      reset: new Date(rate.reset * 1000),
+      used: rate.used
+    };
+
+    // Add warning if approaching limit
+    if (info.remaining < info.limit * 0.1) {
+      info.warning = `Only ${info.remaining} requests remaining. Reset at ${info.reset.toISOString()}`;
+    }
+
+    return info;
+  }
+
+  /**
+   * Waits if rate limited
+   */
+  async waitIfNeeded(): Promise<void> {
+    const rateLimit = await this.checkRateLimit();
+
+    if (rateLimit.remaining === 0) {
+      const waitTime = this.calculateWaitTime(rateLimit);
+      if (waitTime > 0) {
+        console.log(`Rate limited. Waiting ${Math.ceil(waitTime / 1000)} seconds until reset...`);
+        await new Promise((resolve) => setTimeout(resolve, waitTime));
+      }
+    }
+  }
+
+  /**
+   * Calculates wait time until rate limit resets
+   */
+  calculateWaitTime(rateLimitInfo: RateLimitInfo): number {
+    if (rateLimitInfo.remaining > 0) {
+      return 0;
+    }
+
+    const now = Date.now();
+    const resetTime = rateLimitInfo.reset.getTime();
+    const waitTime = Math.max(0, resetTime - now);
+
+    return waitTime;
+  }
+
+  /**
+   * Attempts to reserve API call budget with proactive checking
+   */
+  async reserveBudget(
+    callsNeeded: number,
+    options?: {
+      safetyMargin?: number; // Additional buffer (default: 10% of calls needed)
+      maxWaitTime?: number; // Max time to wait in ms
+    }
+  ): Promise<BudgetReservation> {
+    const safetyMargin = options?.safetyMargin ?? Math.ceil(callsNeeded * 0.1);
+    const totalNeeded = callsNeeded + safetyMargin;
+
+    const rateLimit = await this.checkRateLimit();
+
+    if (rateLimit.remaining >= totalNeeded) {
+      return {
+        reserved: true
+      };
+    }
+
+    const waitTime = this.calculateWaitTime(rateLimit);
+
+    // Check if wait time exceeds maximum allowed
+    if (options?.maxWaitTime && waitTime > options.maxWaitTime) {
+      return {
+        reserved: false,
+        reason: `Wait time (${Math.ceil(waitTime / 1000)}s) exceeds maximum (${Math.ceil(options.maxWaitTime / 1000)}s)`,
+        waitTime
+      };
+    }
+
+    return {
+      reserved: false,
+      reason: `Insufficient API quota. Need ${callsNeeded} + ${safetyMargin} margin, have ${rateLimit.remaining}`,
+      waitTime
+    };
+  }
+
+  /**
+   * Proactively check if operation can proceed without hitting rate limit
+   */
+  async canProceed(
+    estimatedCalls: number,
+    options?: {
+      threshold?: number; // Minimum remaining calls (default: 100)
+      safetyMargin?: number;
+    }
+  ): Promise<{ canProceed: boolean; reason?: string }> {
+    const threshold = options?.threshold ?? 100;
+    const safetyMargin = options?.safetyMargin ?? Math.ceil(estimatedCalls * 0.1);
+    const totalNeeded = estimatedCalls + safetyMargin;
+
+    const rateLimit = await this.checkRateLimit();
+
+    // Check if we have enough remaining calls
+    if (rateLimit.remaining < totalNeeded) {
+      return {
+        canProceed: false,
+        reason: `Insufficient quota: need ${totalNeeded}, have ${rateLimit.remaining}`
+      };
+    }
+
+    // Check if we'd drop below threshold
+    if (rateLimit.remaining - totalNeeded < threshold) {
+      return {
+        canProceed: false,
+        reason: `Operation would leave only ${rateLimit.remaining - totalNeeded} calls (threshold: ${threshold})`
+      };
+    }
+
+    return { canProceed: true };
+  }
+
+  /**
+   * Gets detailed rate limit status for all API categories
+   */
+  async getRateLimitStatus(): Promise<RateLimitStatus> {
+    const response = await this.octokit.rest.rateLimit.get();
+    const { resources } = response.data;
+
+    const createInfo = (resource: {
+      limit: number;
+      remaining: number;
+      reset: number;
+      used: number;
+    }): RateLimitInfo & { percentageRemaining: number } => ({
+      limit: resource.limit,
+      remaining: resource.remaining,
+      reset: new Date(resource.reset * 1000),
+      used: resource.used,
+      percentageRemaining: resource.limit > 0 ? (resource.remaining / resource.limit) * 100 : 0
+    });
+
+    const status: RateLimitStatus = {
+      core: createInfo(resources.core),
+      search: createInfo(resources.search),
+      graphql: createInfo(resources.graphql || { limit: 0, remaining: 0, reset: 0, used: 0 })
+    };
+
+    this.lastCheck = status;
+    this.lastCheckTime = new Date();
+
+    return status;
+  }
+
+  /**
+   * Gets cached rate limit status (avoids API call)
+   */
+  getCachedStatus(): RateLimitStatus | undefined {
+    // Return cached status if less than 60 seconds old
+    if (this.lastCheck && this.lastCheckTime) {
+      const age = Date.now() - this.lastCheckTime.getTime();
+      if (age < 60000) {
+        return this.lastCheck;
+      }
+    }
+    return undefined;
+  }
+}

package/src/releases.ts

@@ -0,0 +1,149 @@
+/**
+ * Release Manager
+ * Handles fetching and comparing GitHub releases
+ */
+
+import { Octokit } from 'octokit';
+
+export interface Release {
+  tagName: string;
+  name: string;
+  publishedAt: Date;
+  body?: string | undefined;
+  htmlUrl: string;
+  prerelease?: boolean;
+  draft?: boolean;
+}
+
+export interface ReleaseComparison {
+  newReleases: Release[];
+  oldReleases: Release[];
+}
+
+export class ReleaseManager {
+  private octokit: Octokit;
+
+  constructor(auth?: string) {
+    this.octokit = new Octokit({
+      auth: auth || process.env['GITHUB_TOKEN']
+    });
+  }
+
+  /**
+   * Fetches the latest release from a repository
+   */
+  async getLatestRelease(params: { owner: string; repo: string }): Promise<Release | null> {
+    const { owner, repo } = params;
+
+    try {
+      const response = await this.octokit.rest.repos.getLatestRelease({
+        owner,
+        repo
+      });
+
+      return {
+        tagName: response.data.tag_name,
+        name: response.data.name || response.data.tag_name,
+        publishedAt: new Date(response.data.published_at || response.data.created_at),
+        body: response.data.body || undefined,
+        htmlUrl: response.data.html_url,
+        prerelease: response.data.prerelease,
+        draft: response.data.draft
+      };
+    } catch (error) {
+      if ((error as { status?: number }).status === 404) {
+        return null;
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Fetches all releases from a repository
+   */
+  async getAllReleases(params: {
+    owner: string;
+    repo: string;
+    page?: number;
+    perPage?: number;
+  }): Promise<Release[]> {
+    const { owner, repo, page = 1, perPage = 30 } = params;
+
+    try {
+      const response = await this.octokit.rest.repos.listReleases({
+        owner,
+        repo,
+        page,
+        per_page: perPage
+      });
+
+      return response.data.map((release) => ({
+        tagName: release.tag_name,
+        name: release.name || release.tag_name,
+        publishedAt: new Date(release.published_at || release.created_at),
+        body: release.body || undefined,
+        htmlUrl: release.html_url,
+        prerelease: release.prerelease,
+        draft: release.draft
+      }));
+    } catch (error) {
+      if ((error as { status?: number }).status === 404) {
+        return [];
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Compares two sets of releases to find new ones
+   */
+  compareReleases(oldReleases: Release[], newReleases: Release[]): ReleaseComparison {
+    const oldTags = new Set(oldReleases.map((r) => r.tagName));
+    const newTags = new Set(newReleases.map((r) => r.tagName));
+
+    // Find releases in new but not in old
+    const newOnes = newReleases.filter((r) => !oldTags.has(r.tagName));
+
+    // Find releases in old but not in new (removed/deleted)
+    const oldOnes = oldReleases.filter((r) => !newTags.has(r.tagName));
+
+    return {
+      newReleases: newOnes,
+      oldReleases: oldOnes
+    };
+  }
+
+  /**
+   * Fetches release notes for a specific tag
+   */
+  async getReleaseByTag(params: {
+    owner: string;
+    repo: string;
+    tag: string;
+  }): Promise<Release | null> {
+    const { owner, repo, tag } = params;
+
+    try {
+      const response = await this.octokit.rest.repos.getReleaseByTag({
+        owner,
+        repo,
+        tag
+      });
+
+      return {
+        tagName: response.data.tag_name,
+        name: response.data.name || response.data.tag_name,
+        publishedAt: new Date(response.data.published_at || response.data.created_at),
+        body: response.data.body || undefined,
+        htmlUrl: response.data.html_url,
+        prerelease: response.data.prerelease,
+        draft: response.data.draft
+      };
+    } catch (error) {
+      if ((error as { status?: number }).status === 404) {
+        return null;
+      }
+      throw error;
+    }
+  }
+}

package/test/auth/basic.test.ts

@@ -0,0 +1,122 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { BasicAuthHandler } from '../../src/auth/basic';
+
+describe('BasicAuthHandler', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('constructor', () => {
+    it('should create handler with username and password', () => {
+      const handler = new BasicAuthHandler('user', 'pass');
+      expect(handler).toBeInstanceOf(BasicAuthHandler);
+    });
+
+    it('should throw error for empty username', () => {
+      expect(() => new BasicAuthHandler('', 'pass')).toThrow('Username cannot be empty');
+    });
+
+    it('should throw error for empty password', () => {
+      expect(() => new BasicAuthHandler('user', '')).toThrow('Password cannot be empty');
+    });
+  });
+
+  describe('authenticate', () => {
+    it('should return auth object with credentials', async () => {
+      const handler = new BasicAuthHandler('testuser', 'testpass');
+      const auth = await handler.authenticate();
+
+      expect(auth).toEqual({
+        type: 'basic',
+        username: 'testuser',
+        password: 'testpass'
+      });
+    });
+
+    it('should encode credentials properly', async () => {
+      const handler = new BasicAuthHandler('user@example.com', 'p@ssw0rd!');
+      const auth = await handler.authenticate();
+
+      expect(auth.username).toBe('user@example.com');
+      expect(auth.password).toBe('p@ssw0rd!');
+    });
+  });
+
+  describe('getAuthHeader', () => {
+    it('should generate base64 encoded auth header', () => {
+      const handler = new BasicAuthHandler('user', 'pass');
+      const header = handler.getAuthHeader();
+
+      // "user:pass" in base64 is "dXNlcjpwYXNz"
+      expect(header).toBe('Basic dXNlcjpwYXNz');
+    });
+
+    it('should handle special characters in credentials', () => {
+      const handler = new BasicAuthHandler('user@example.com', 'p@ss:word');
+      const header = handler.getAuthHeader();
+
+      expect(header).toMatch(/^Basic [A-Za-z0-9+/=]+$/);
+    });
+  });
+
+  describe('validate', () => {
+    it('should validate credentials format', () => {
+      const handler = new BasicAuthHandler('user', 'pass');
+      expect(handler.validate()).toBe(true);
+    });
+
+    it('should reject username with invalid characters', () => {
+      const handler = new BasicAuthHandler('user\n', 'pass');
+      expect(handler.validate()).toBe(false);
+    });
+
+    it('should reject password with newline', () => {
+      const handler = new BasicAuthHandler('user', 'pass\n');
+      expect(handler.validate()).toBe(false);
+    });
+
+    it('should accept email as username', () => {
+      const handler = new BasicAuthHandler('user@example.com', 'pass');
+      expect(handler.validate()).toBe(true);
+    });
+  });
+
+  describe('getType', () => {
+    it('should return basic type', () => {
+      const handler = new BasicAuthHandler('user', 'pass');
+      expect(handler.getType()).toBe('basic');
+    });
+  });
+
+  describe('credential rotation', () => {
+    it('should allow password update', () => {
+      const handler = new BasicAuthHandler('user', 'oldpass');
+      handler.updateCredentials('user', 'newpass');
+
+      const header = handler.getAuthHeader();
+      expect(header).toContain(Buffer.from('user:newpass').toString('base64'));
+    });
+
+    it('should throw error on empty password update', () => {
+      const handler = new BasicAuthHandler('user', 'pass');
+      expect(() => handler.updateCredentials('user', '')).toThrow('Password cannot be empty');
+    });
+  });
+
+  describe('security', () => {
+    it('should not expose password in toString', () => {
+      const handler = new BasicAuthHandler('user', 'secretpass');
+      const str = handler.toString();
+
+      expect(str).not.toContain('secretpass');
+      expect(str).toContain('***');
+    });
+
+    it('should not expose password in JSON', () => {
+      const handler = new BasicAuthHandler('user', 'secretpass');
+      const json = JSON.stringify(handler);
+
+      expect(json).not.toContain('secretpass');
+    });
+  });
+});