@dependabit/manifest 0.1.1

package/src/manifest.test.ts

@@ -0,0 +1,400 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { mkdir, rm } from 'node:fs/promises';
+import { join } from 'node:path';
+import {
+  readManifest,
+  writeManifest,
+  updateDependency,
+  addDependency,
+  removeDependency,
+  mergeManifests,
+  createEmptyManifest
+} from '../src/manifest.js';
+import type { DependencyEntry } from '../src/schema.js';
+
+const TEST_DIR = '/tmp/dependabit-manifest-tests';
+
+describe('Manifest Operations Tests', () => {
+  beforeEach(async () => {
+    await mkdir(TEST_DIR, { recursive: true });
+  });
+
+  afterEach(async () => {
+    await rm(TEST_DIR, { recursive: true, force: true });
+  });
+
+  describe('readManifest and writeManifest', () => {
+    it('should write and read a manifest', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'manifest.json');
+      await writeManifest(path, manifest);
+
+      const read = await readManifest(path);
+      expect(read.repository.owner).toBe('test');
+      expect(read.repository.name).toBe('repo');
+    });
+
+    it('should create directory if not exists', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'nested', 'dir', 'manifest.json');
+      await writeManifest(path, manifest);
+
+      const read = await readManifest(path);
+      expect(read).toBeDefined();
+    });
+
+    it('should validate manifest before writing', async () => {
+      const invalid = { version: '2.0.0' } as any;
+      const path = join(TEST_DIR, 'manifest.json');
+
+      await expect(writeManifest(path, invalid)).rejects.toThrow();
+    });
+  });
+
+  describe('addDependency', () => {
+    it('should add a dependency to manifest', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'manifest.json');
+      await writeManifest(path, manifest);
+
+      const dependency: DependencyEntry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: []
+      };
+
+      const updated = await addDependency(path, dependency);
+      expect(updated.dependencies).toHaveLength(1);
+      expect(updated.dependencies[0].name).toBe('TypeScript');
+      expect(updated.statistics.totalDependencies).toBe(1);
+    });
+
+    it('should reject duplicate IDs', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'manifest.json');
+      await writeManifest(path, manifest);
+
+      const dependency: DependencyEntry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: []
+      };
+
+      await addDependency(path, dependency);
+      await expect(addDependency(path, dependency)).rejects.toThrow(/already exists/);
+    });
+
+    it('should reject duplicate URLs', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'manifest.json');
+      await writeManifest(path, manifest);
+
+      const dependency1: DependencyEntry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: []
+      };
+
+      const dependency2: DependencyEntry = {
+        ...dependency1,
+        id: '660e8400-e29b-41d4-a716-446655440001'
+      };
+
+      await addDependency(path, dependency1);
+      await expect(addDependency(path, dependency2)).rejects.toThrow(/already exists/);
+    });
+  });
+
+  describe('updateDependency', () => {
+    it('should update a dependency', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'manifest.json');
+      await writeManifest(path, manifest);
+
+      const dependency: DependencyEntry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: []
+      };
+
+      await addDependency(path, dependency);
+
+      const updated = await updateDependency(path, dependency.id, {
+        currentVersion: '5.9.3',
+        currentStateHash: 'sha256:newHash'
+      });
+
+      expect(updated.dependencies[0].currentVersion).toBe('5.9.3');
+      expect(updated.dependencies[0].currentStateHash).toBe('sha256:newHash');
+    });
+
+    it('should throw error for non-existent dependency', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'manifest.json');
+      await writeManifest(path, manifest);
+
+      await expect(
+        updateDependency(path, '550e8400-e29b-41d4-a716-446655440000', {
+          currentVersion: '5.9.3'
+        })
+      ).rejects.toThrow(/not found/);
+    });
+  });
+
+  describe('removeDependency', () => {
+    it('should remove a dependency', async () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const path = join(TEST_DIR, 'manifest.json');
+      await writeManifest(path, manifest);
+
+      const dependency: DependencyEntry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: []
+      };
+
+      await addDependency(path, dependency);
+      const updated = await removeDependency(path, dependency.id);
+
+      expect(updated.dependencies).toHaveLength(0);
+      expect(updated.statistics.totalDependencies).toBe(0);
+    });
+  });
+
+  describe('mergeManifests', () => {
+    it('should merge two manifests preserving manual entries', () => {
+      const existing = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const manualDep: DependencyEntry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/manual/dep',
+        type: 'documentation',
+        accessMethod: 'http',
+        name: 'Manual Dependency',
+        currentStateHash: 'sha256:manual',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: []
+      };
+
+      existing.dependencies.push(manualDep);
+
+      const updated = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'def456'
+      });
+
+      const autoDep: DependencyEntry = {
+        id: '660e8400-e29b-41d4-a716-446655440001',
+        url: 'https://github.com/auto/dep',
+        type: 'documentation',
+        accessMethod: 'http',
+        name: 'Auto Dependency',
+        currentStateHash: 'sha256:auto',
+        detectionMethod: 'llm-analysis',
+        detectionConfidence: 0.9,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: []
+      };
+
+      updated.dependencies.push(autoDep);
+
+      const merged = mergeManifests(existing, updated);
+
+      expect(merged.dependencies).toHaveLength(2);
+      expect(merged.dependencies.some((d) => d.name === 'Manual Dependency')).toBe(true);
+      expect(merged.dependencies.some((d) => d.name === 'Auto Dependency')).toBe(true);
+    });
+
+    it('should preserve change history', () => {
+      const existing = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      const depWithHistory: DependencyEntry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/test/dep',
+        type: 'documentation',
+        accessMethod: 'http',
+        name: 'Test Dependency',
+        currentStateHash: 'sha256:old',
+        detectionMethod: 'llm-analysis',
+        detectionConfidence: 1.0,
+        detectedAt: new Date().toISOString(),
+        lastChecked: new Date().toISOString(),
+        auth: undefined,
+        referencedIn: [],
+        changeHistory: [
+          {
+            detectedAt: new Date().toISOString(),
+            severity: 'minor',
+            falsePositive: false
+          }
+        ]
+      };
+
+      existing.dependencies.push(depWithHistory);
+
+      const updated = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'def456'
+      });
+
+      const updatedDep: DependencyEntry = {
+        ...depWithHistory,
+        currentStateHash: 'sha256:new',
+        changeHistory: []
+      };
+
+      updated.dependencies.push(updatedDep);
+
+      const merged = mergeManifests(existing, updated);
+
+      expect(merged.dependencies[0].changeHistory).toHaveLength(1);
+    });
+  });
+
+  describe('createEmptyManifest', () => {
+    it('should create a valid empty manifest', () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123'
+      });
+
+      expect(manifest.version).toBe('1.0.0');
+      expect(manifest.dependencies).toHaveLength(0);
+      expect(manifest.statistics.totalDependencies).toBe(0);
+      expect(manifest.repository.owner).toBe('test');
+    });
+
+    it('should accept optional parameters', () => {
+      const manifest = createEmptyManifest({
+        owner: 'test',
+        name: 'repo',
+        branch: 'main',
+        commit: 'abc123',
+        action: 'custom-action',
+        version: '2.0.0',
+        llmProvider: 'claude',
+        llmModel: 'claude-3'
+      });
+
+      expect(manifest.generatedBy.action).toBe('custom-action');
+      expect(manifest.generatedBy.version).toBe('2.0.0');
+      expect(manifest.generatedBy.llmProvider).toBe('claude');
+      expect(manifest.generatedBy.llmModel).toBe('claude-3');
+    });
+  });
+});

package/src/manifest.ts

@@ -0,0 +1,261 @@
+import { readFile, writeFile, mkdir } from 'node:fs/promises';
+import { dirname } from 'node:path';
+import { type DependencyManifest, type DependencyEntry } from './schema.js';
+import { validateManifest, validateDependencyEntry } from './validator.js';
+
+/**
+ * Read and parse a manifest file
+ */
+export async function readManifest(path: string): Promise<DependencyManifest> {
+  const content = await readFile(path, 'utf-8');
+  const data = JSON.parse(content);
+  return validateManifest(data);
+}
+
+/**
+ * Write a manifest to file
+ */
+export async function writeManifest(path: string, manifest: DependencyManifest): Promise<void> {
+  // Validate before writing
+  validateManifest(manifest);
+
+  // Ensure directory exists
+  await mkdir(dirname(path), { recursive: true });
+
+  // Write formatted JSON
+  const content = JSON.stringify(manifest, null, 2);
+  await writeFile(path, content, 'utf-8');
+}
+
+/**
+ * Update a dependency entry in the manifest
+ */
+export async function updateDependency(
+  path: string,
+  dependencyId: string,
+  updates: Partial<DependencyEntry>
+): Promise<DependencyManifest> {
+  const manifest = await readManifest(path);
+
+  const dep = manifest.dependencies.find((d) => d.id === dependencyId);
+  if (!dep) {
+    throw new Error(`Dependency with id ${dependencyId} not found`);
+  }
+
+  // Update the dependency in place
+  Object.assign(dep, updates);
+
+  // Validate the merged dependency
+  validateDependencyEntry(dep);
+
+  // Update statistics
+  manifest.statistics = calculateStatistics(manifest.dependencies);
+
+  // Write back
+  await writeManifest(path, manifest);
+
+  return manifest;
+}
+
+/**
+ * Add a new dependency to the manifest
+ */
+export async function addDependency(
+  path: string,
+  dependency: DependencyEntry
+): Promise<DependencyManifest> {
+  const manifest = await readManifest(path);
+
+  // Check for duplicates by ID or URL
+  const existingById = manifest.dependencies.find((dep) => dep.id === dependency.id);
+  const existingByUrl = manifest.dependencies.find((dep) => dep.url === dependency.url);
+
+  if (existingById) {
+    throw new Error(`Dependency with id ${dependency.id} already exists`);
+  }
+
+  if (existingByUrl) {
+    throw new Error(`Dependency with url ${dependency.url} already exists`);
+  }
+
+  // Add dependency
+  manifest.dependencies.push(dependency);
+
+  // Update statistics
+  manifest.statistics = calculateStatistics(manifest.dependencies);
+
+  // Write back
+  await writeManifest(path, manifest);
+
+  return manifest;
+}
+
+/**
+ * Remove a dependency from the manifest
+ */
+export async function removeDependency(
+  path: string,
+  dependencyId: string
+): Promise<DependencyManifest> {
+  const manifest = await readManifest(path);
+
+  const index = manifest.dependencies.findIndex((dep) => dep.id === dependencyId);
+  if (index === -1) {
+    throw new Error(`Dependency with id ${dependencyId} not found`);
+  }
+
+  // Remove dependency
+  manifest.dependencies.splice(index, 1);
+
+  // Update statistics
+  manifest.statistics = calculateStatistics(manifest.dependencies);
+
+  // Write back
+  await writeManifest(path, manifest);
+
+  return manifest;
+}
+
+/**
+ * Merge two manifests, preserving manual entries
+ * Manual entries are those with detectionMethod === 'manual'
+ */
+export function mergeManifests(
+  existing: DependencyManifest,
+  updated: DependencyManifest,
+  options: {
+    preserveManual?: boolean;
+    preserveHistory?: boolean;
+  } = {}
+): DependencyManifest {
+  const { preserveManual = true, preserveHistory = true } = options;
+
+  // Create a deep copy of the updated manifest to avoid mutations
+  const merged: DependencyManifest = {
+    ...updated,
+    dependencies: updated.dependencies.map((dep) => ({
+      ...dep,
+      changeHistory: dep.changeHistory ? [...dep.changeHistory] : [],
+      referencedIn: dep.referencedIn ? [...dep.referencedIn] : []
+    }))
+  };
+
+  if (preserveManual) {
+    // Find manual entries in existing manifest
+    const manualEntries = existing.dependencies.filter((dep) => dep.detectionMethod === 'manual');
+
+    // Add manual entries that aren't in the updated manifest
+    for (const manualEntry of manualEntries) {
+      const existsInUpdated = merged.dependencies.some(
+        (dep) => dep.id === manualEntry.id || dep.url === manualEntry.url
+      );
+
+      if (!existsInUpdated) {
+        merged.dependencies.push({
+          ...manualEntry,
+          changeHistory: manualEntry.changeHistory ? [...manualEntry.changeHistory] : [],
+          referencedIn: manualEntry.referencedIn ? [...manualEntry.referencedIn] : []
+        });
+      }
+    }
+  }
+
+  if (preserveHistory) {
+    // Preserve change history for matching dependencies
+    merged.dependencies = merged.dependencies.map((dep) => {
+      const existingDep = existing.dependencies.find((d) => d.id === dep.id || d.url === dep.url);
+
+      if (existingDep && existingDep.changeHistory && existingDep.changeHistory.length > 0) {
+        return {
+          ...dep,
+          changeHistory: [...existingDep.changeHistory, ...(dep.changeHistory || [])]
+        };
+      }
+
+      return dep;
+    });
+  }
+
+  // Recalculate statistics
+  merged.statistics = calculateStatistics(merged.dependencies);
+
+  return merged;
+}
+
+/**
+ * Calculate statistics for a list of dependencies
+ */
+function calculateStatistics(dependencies: DependencyEntry[]): DependencyManifest['statistics'] {
+  const byType: Record<string, number> = {};
+  const byAccessMethod: Record<string, number> = {};
+  const byDetectionMethod: Record<string, number> = {};
+  let totalConfidence = 0;
+  let falsePositiveCount = 0;
+  let totalChangeCount = 0;
+
+  for (const dep of dependencies) {
+    byType[dep.type] = (byType[dep.type] || 0) + 1;
+    byAccessMethod[dep.accessMethod] = (byAccessMethod[dep.accessMethod] || 0) + 1;
+    byDetectionMethod[dep.detectionMethod] = (byDetectionMethod[dep.detectionMethod] || 0) + 1;
+    totalConfidence += dep.detectionConfidence;
+
+    // Count false positives in change history
+    const changeHistory = dep.changeHistory || [];
+    const fpCount = changeHistory.filter((change) => change.falsePositive).length;
+    falsePositiveCount += fpCount;
+    totalChangeCount += changeHistory.length;
+  }
+
+  const averageConfidence = dependencies.length > 0 ? totalConfidence / dependencies.length : 0;
+
+  const falsePositiveRate =
+    totalChangeCount > 0 ? falsePositiveCount / totalChangeCount : undefined;
+
+  return {
+    totalDependencies: dependencies.length,
+    byType,
+    byAccessMethod,
+    byDetectionMethod,
+    averageConfidence,
+    falsePositiveRate
+  };
+}
+
+/**
+ * Create an empty manifest template
+ */
+export function createEmptyManifest(options: {
+  owner: string;
+  name: string;
+  branch: string;
+  commit: string;
+  action?: string;
+  version?: string;
+  llmProvider?: string;
+  llmModel?: string;
+}): DependencyManifest {
+  return {
+    version: '1.0.0',
+    generatedAt: new Date().toISOString(),
+    generatedBy: {
+      action: options.action || 'dependabit',
+      version: options.version || '0.1.0',
+      llmProvider: options.llmProvider || 'github-copilot',
+      llmModel: options.llmModel
+    },
+    repository: {
+      owner: options.owner,
+      name: options.name,
+      branch: options.branch,
+      commit: options.commit
+    },
+    dependencies: [],
+    statistics: {
+      totalDependencies: 0,
+      byType: {},
+      byAccessMethod: {},
+      byDetectionMethod: {},
+      averageConfidence: 0
+    }
+  };
+}