@dependabit/manifest 0.1.1

package/src/schema.test.ts

@@ -0,0 +1,293 @@
+import { describe, it, expect } from 'vitest';
+import {
+  DependencyManifestSchema,
+  DependencyEntrySchema,
+  DependabitConfigSchema,
+  AccessMethodSchema,
+  DependencyTypeSchema,
+  DetectionMethodSchema,
+  SeveritySchema
+} from '../src/schema.js';
+
+describe('Schema Tests', () => {
+  describe('AccessMethodSchema', () => {
+    it('should accept valid access methods', () => {
+      expect(AccessMethodSchema.parse('context7')).toBe('context7');
+      expect(AccessMethodSchema.parse('arxiv')).toBe('arxiv');
+      expect(AccessMethodSchema.parse('openapi')).toBe('openapi');
+      expect(AccessMethodSchema.parse('github-api')).toBe('github-api');
+      expect(AccessMethodSchema.parse('http')).toBe('http');
+    });
+
+    it('should reject invalid access methods', () => {
+      expect(() => AccessMethodSchema.parse('invalid')).toThrow();
+    });
+  });
+
+  describe('DependencyTypeSchema', () => {
+    it('should accept valid dependency types', () => {
+      expect(DependencyTypeSchema.parse('reference-implementation')).toBe(
+        'reference-implementation'
+      );
+      expect(DependencyTypeSchema.parse('schema')).toBe('schema');
+      expect(DependencyTypeSchema.parse('documentation')).toBe('documentation');
+    });
+
+    it('should reject invalid dependency types', () => {
+      expect(() => DependencyTypeSchema.parse('invalid')).toThrow();
+    });
+  });
+
+  describe('DetectionMethodSchema', () => {
+    it('should accept valid detection methods', () => {
+      expect(DetectionMethodSchema.parse('llm-analysis')).toBe('llm-analysis');
+      expect(DetectionMethodSchema.parse('manual')).toBe('manual');
+      expect(DetectionMethodSchema.parse('package-json')).toBe('package-json');
+    });
+  });
+
+  describe('SeveritySchema', () => {
+    it('should accept valid severity levels', () => {
+      expect(SeveritySchema.parse('breaking')).toBe('breaking');
+      expect(SeveritySchema.parse('major')).toBe('major');
+      expect(SeveritySchema.parse('minor')).toBe('minor');
+    });
+  });
+
+  describe('DependencyEntrySchema', () => {
+    it('should validate a complete dependency entry', () => {
+      const entry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        description: 'TypeScript compiler',
+        currentVersion: '5.9.3',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'package-json',
+        detectionConfidence: 1.0,
+        detectedAt: '2026-01-29T10:30:00Z',
+        lastChecked: '2026-01-29T10:30:00Z',
+        auth: undefined,
+        referencedIn: [
+          {
+            file: 'package.json',
+            line: 15,
+            context: '"typescript": "^5.9.3"'
+          }
+        ],
+        changeHistory: []
+      };
+
+      const result = DependencyEntrySchema.parse(entry);
+      expect(result.id).toBe(entry.id);
+      expect(result.name).toBe('TypeScript');
+    });
+
+    it('should require all mandatory fields', () => {
+      expect(() =>
+        DependencyEntrySchema.parse({
+          url: 'https://example.com'
+        })
+      ).toThrow();
+    });
+
+    it('should validate UUID format', () => {
+      const entry = {
+        id: 'not-a-uuid',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: '2026-01-29T10:30:00Z',
+        lastChecked: '2026-01-29T10:30:00Z',
+        referencedIn: []
+      };
+
+      expect(() => DependencyEntrySchema.parse(entry)).toThrow();
+    });
+
+    it('should validate URL format', () => {
+      const entry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'not-a-url',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.0,
+        detectedAt: '2026-01-29T10:30:00Z',
+        lastChecked: '2026-01-29T10:30:00Z',
+        referencedIn: []
+      };
+
+      expect(() => DependencyEntrySchema.parse(entry)).toThrow();
+    });
+
+    it('should validate confidence range', () => {
+      const entry = {
+        id: '550e8400-e29b-41d4-a716-446655440000',
+        url: 'https://github.com/microsoft/TypeScript',
+        type: 'reference-implementation',
+        accessMethod: 'github-api',
+        name: 'TypeScript',
+        currentStateHash: 'sha256:abc123',
+        detectionMethod: 'manual',
+        detectionConfidence: 1.5,
+        detectedAt: '2026-01-29T10:30:00Z',
+        lastChecked: '2026-01-29T10:30:00Z',
+        referencedIn: []
+      };
+
+      expect(() => DependencyEntrySchema.parse(entry)).toThrow();
+    });
+  });
+
+  describe('DependencyManifestSchema', () => {
+    it('should validate a complete manifest', () => {
+      const manifest = {
+        version: '1.0.0',
+        generatedAt: '2026-01-29T10:30:00Z',
+        generatedBy: {
+          action: 'dependabit',
+          version: '1.0.0',
+          llmProvider: 'github-copilot',
+          llmModel: 'gpt-4'
+        },
+        repository: {
+          owner: 'pradeepmouli',
+          name: 'dependabit',
+          branch: 'main',
+          commit: 'abc123def456'
+        },
+        dependencies: [
+          {
+            id: '550e8400-e29b-41d4-a716-446655440000',
+            url: 'https://github.com/microsoft/TypeScript',
+            type: 'reference-implementation',
+            accessMethod: 'github-api',
+            name: 'TypeScript',
+            currentStateHash: 'sha256:abc123',
+            detectionMethod: 'package-json',
+            detectionConfidence: 1.0,
+            detectedAt: '2026-01-29T10:30:00Z',
+            lastChecked: '2026-01-29T10:30:00Z',
+            referencedIn: []
+          }
+        ],
+        statistics: {
+          totalDependencies: 1,
+          byType: { 'reference-implementation': 1 },
+          byAccessMethod: { 'github-api': 1 },
+          byDetectionMethod: { 'package-json': 1 },
+          averageConfidence: 1.0
+        }
+      };
+
+      const result = DependencyManifestSchema.parse(manifest);
+      expect(result.version).toBe('1.0.0');
+      expect(result.dependencies).toHaveLength(1);
+    });
+
+    it('should require correct version', () => {
+      const manifest = {
+        version: '2.0.0',
+        generatedAt: '2026-01-29T10:30:00Z',
+        generatedBy: {
+          action: 'dependabit',
+          version: '1.0.0',
+          llmProvider: 'github-copilot'
+        },
+        repository: {
+          owner: 'pradeepmouli',
+          name: 'dependabit',
+          branch: 'main',
+          commit: 'abc123'
+        },
+        dependencies: [],
+        statistics: {
+          totalDependencies: 0,
+          byType: {},
+          byAccessMethod: {},
+          byDetectionMethod: {},
+          averageConfidence: 0
+        }
+      };
+
+      expect(() => DependencyManifestSchema.parse(manifest)).toThrow();
+    });
+  });
+
+  describe('DependabitConfigSchema', () => {
+    it('should validate a complete config', () => {
+      const config = {
+        version: '1',
+        llm: {
+          provider: 'github-copilot',
+          model: 'gpt-4',
+          maxTokens: 4000,
+          temperature: 0.3
+        },
+        schedule: {
+          interval: 'daily',
+          time: '02:00',
+          timezone: 'UTC'
+        },
+        issues: {
+          labels: ['dependabit', 'dependency-update'],
+          assignees: ['pradeepmouli'],
+          titleTemplate: '[dependabit] {name}: {change}'
+        },
+        monitoring: {
+          enabled: true,
+          autoUpdate: true,
+          falsePositiveThreshold: 0.1
+        }
+      };
+
+      const result = DependabitConfigSchema.parse(config);
+      expect(result.version).toBe('1');
+      expect(result.llm?.provider).toBe('github-copilot');
+    });
+
+    it('should apply defaults', () => {
+      const config = {
+        version: '1'
+      };
+
+      const result = DependabitConfigSchema.parse(config);
+      expect(result.schedule.interval).toBe('daily');
+      expect(result.schedule.timezone).toBe('UTC');
+    });
+
+    it('should validate schedule time format', () => {
+      const config = {
+        version: '1',
+        schedule: {
+          interval: 'daily',
+          time: '25:00',
+          timezone: 'UTC'
+        }
+      };
+
+      expect(() => DependabitConfigSchema.parse(config)).toThrow();
+    });
+
+    it('should validate LLM temperature range', () => {
+      const config = {
+        version: '1',
+        llm: {
+          provider: 'github-copilot',
+          temperature: 3.0
+        }
+      };
+
+      expect(() => DependabitConfigSchema.parse(config)).toThrow();
+    });
+  });
+});

package/src/schema.ts

@@ -0,0 +1,265 @@
+import { z } from 'zod';
+
+// Version tracking
+export const ManifestVersionSchema = z.literal('1.0.0');
+
+// Access methods (HOW to retrieve/check dependency)
+export const AccessMethodSchema = z.enum(['context7', 'arxiv', 'openapi', 'github-api', 'http']);
+
+// Dependency types (WHAT the dependency represents)
+export const DependencyTypeSchema = z.enum([
+  'reference-implementation',
+  'schema',
+  'documentation',
+  'research-paper',
+  'api-example',
+  'other'
+]);
+
+// Detection methods
+export const DetectionMethodSchema = z.enum([
+  'llm-analysis',
+  'manual',
+  'package-json',
+  'requirements-txt',
+  'code-comment'
+]);
+
+// Severity levels
+export const SeveritySchema = z.enum(['breaking', 'major', 'minor']);
+
+// Authentication configuration
+export const AuthConfigSchema = z
+  .object({
+    type: z.enum(['token', 'basic', 'oauth', 'none']),
+    // Reference to an environment variable or secret identifier.
+    // Do NOT store raw secret values directly in the manifest.
+    secretEnvVar: z.string().optional()
+  })
+  .optional();
+
+// Monitoring rules
+export const MonitoringRulesSchema = z.object({
+  enabled: z.boolean().default(true),
+  checkFrequency: z.enum(['hourly', 'daily', 'weekly', 'monthly']).default('daily'),
+  ignoreChanges: z.boolean().default(false),
+  severityOverride: SeveritySchema.optional()
+});
+
+// Individual dependency entry
+export const DependencyEntrySchema = z.object({
+  id: z.string().uuid(),
+  url: z.string().url(),
+  type: DependencyTypeSchema,
+  accessMethod: AccessMethodSchema,
+  name: z.string(),
+  description: z.string().optional(),
+
+  // Version/state tracking
+  currentVersion: z.string().optional(),
+  currentStateHash: z.string(),
+
+  // Metadata
+  detectionMethod: DetectionMethodSchema,
+  detectionConfidence: z.number().min(0).max(1),
+  detectedAt: z.string().datetime(),
+  lastChecked: z.string().datetime(),
+  lastChanged: z.string().datetime().optional(),
+
+  // Configuration
+  auth: AuthConfigSchema,
+  monitoring: MonitoringRulesSchema.optional(),
+
+  // Relationships
+  referencedIn: z.array(
+    z.object({
+      file: z.string(),
+      line: z.number().optional(),
+      context: z.string().optional()
+    })
+  ),
+
+  // Change history
+  changeHistory: z
+    .array(
+      z.object({
+        detectedAt: z.string().datetime(),
+        oldVersion: z.string().optional(),
+        newVersion: z.string().optional(),
+        severity: SeveritySchema,
+        issueNumber: z.number().optional(),
+        falsePositive: z.boolean().default(false)
+      })
+    )
+    .default([])
+});
+
+// Complete manifest
+export const DependencyManifestSchema = z.object({
+  version: ManifestVersionSchema,
+  generatedAt: z.string().datetime(),
+  generatedBy: z.object({
+    action: z.string(),
+    version: z.string(),
+    llmProvider: z.string(),
+    llmModel: z.string().optional()
+  }),
+
+  repository: z.object({
+    owner: z.string(),
+    name: z.string(),
+    branch: z.string(),
+    commit: z.string()
+  }),
+
+  dependencies: z.array(DependencyEntrySchema),
+
+  statistics: z.object({
+    totalDependencies: z.number(),
+    byType: z.record(z.string(), z.number()),
+    byAccessMethod: z.record(z.string(), z.number()),
+    byDetectionMethod: z.record(z.string(), z.number()),
+    averageConfidence: z.number(),
+    falsePositiveRate: z.number().min(0).max(1).optional()
+  })
+});
+
+// Schedule configuration (dependabot-compatible)
+export const ScheduleSchema = z.object({
+  interval: z.enum(['hourly', 'daily', 'weekly', 'monthly']),
+  day: z
+    .enum(['monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'sunday'])
+    .optional(),
+  time: z
+    .string()
+    .regex(/^([01]\d|2[0-3]):([0-5]\d)$/)
+    .optional(),
+  timezone: z.string().default('UTC')
+});
+
+// LLM provider configuration
+export const LLMConfigSchema = z.object({
+  provider: z
+    .enum(['github-copilot', 'claude', 'openai', 'azure-openai'])
+    .default('github-copilot'),
+  model: z.string().optional(),
+  maxTokens: z.number().int().positive().default(4000),
+  temperature: z.number().min(0).max(2).default(0.3)
+});
+
+// Issue configuration
+export const IssueConfigSchema = z.object({
+  labels: z.array(z.string()).default(['dependabit', 'dependency-update']),
+  assignees: z.array(z.string()).default([]),
+  aiAgentAssignment: z
+    .object({
+      enabled: z.boolean().default(false),
+      breaking: z.string().optional(),
+      major: z.string().optional(),
+      minor: z.string().optional()
+    })
+    .optional(),
+  titleTemplate: z.string().default('[dependabit] {name}: {change}'),
+  bodyTemplate: z.string().optional()
+});
+
+// Per-dependency override
+export const DependencyOverrideSchema = z.object({
+  url: z.string().url(),
+  schedule: ScheduleSchema.optional(),
+  monitoring: MonitoringRulesSchema.optional(),
+  issues: IssueConfigSchema.optional()
+});
+
+// Complete configuration
+export const DependabitConfigSchema = z.object({
+  version: z.literal('1'),
+
+  // Global settings
+  llm: LLMConfigSchema.optional(),
+  schedule: ScheduleSchema.default({ interval: 'daily', timezone: 'UTC' }),
+  issues: IssueConfigSchema.optional(),
+
+  // Monitoring behavior
+  monitoring: z
+    .object({
+      enabled: z.boolean().default(true),
+      autoUpdate: z.boolean().default(true),
+      falsePositiveThreshold: z.number().min(0).max(1).default(0.1)
+    })
+    .optional(),
+
+  // Dependency-specific overrides
+  dependencies: z.array(DependencyOverrideSchema).optional(),
+
+  // Exclusions
+  ignore: z
+    .object({
+      urls: z.array(z.string()).optional(),
+      types: z.array(DependencyTypeSchema).optional(),
+      patterns: z.array(z.string()).optional()
+    })
+    .optional()
+});
+
+// Change detection schemas
+export const ChangeTypeSchema = z.enum([
+  'version-bump',
+  'content-changed',
+  'released',
+  'deprecated',
+  'unavailable',
+  'unknown'
+]);
+
+export const ChangeDetectionRecordSchema = z.object({
+  id: z.string().uuid(),
+  timestamp: z.string().datetime(),
+
+  // Dependency reference
+  dependencyId: z.string().uuid(),
+  dependencyUrl: z.string().url(),
+  dependencyName: z.string(),
+
+  // Change details
+  changeType: ChangeTypeSchema,
+  severity: SeveritySchema,
+
+  // State comparison
+  oldState: z.object({
+    version: z.string().optional(),
+    hash: z.string(),
+    checkedAt: z.string().datetime()
+  }),
+  newState: z.object({
+    version: z.string().optional(),
+    hash: z.string(),
+    checkedAt: z.string().datetime()
+  }),
+
+  // Change description
+  summary: z.string(),
+  details: z.string().optional(),
+  breakingChanges: z.array(z.string()).optional(),
+
+  // Action taken
+  issueCreated: z.boolean().default(false),
+  issueNumber: z.number().optional(),
+  issueUrl: z.string().url().optional()
+});
+
+// TypeScript types
+export type DependencyManifest = z.infer<typeof DependencyManifestSchema>;
+export type DependencyEntry = z.infer<typeof DependencyEntrySchema>;
+export type DependencyType = z.infer<typeof DependencyTypeSchema>;
+export type AccessMethod = z.infer<typeof AccessMethodSchema>;
+export type DetectionMethod = z.infer<typeof DetectionMethodSchema>;
+export type Severity = z.infer<typeof SeveritySchema>;
+export type MonitoringRules = z.infer<typeof MonitoringRulesSchema>;
+export type DependabitConfig = z.infer<typeof DependabitConfigSchema>;
+export type Schedule = z.infer<typeof ScheduleSchema>;
+export type LLMConfig = z.infer<typeof LLMConfigSchema>;
+export type IssueConfig = z.infer<typeof IssueConfigSchema>;
+export type DependencyOverride = z.infer<typeof DependencyOverrideSchema>;
+export type ChangeType = z.infer<typeof ChangeTypeSchema>;
+export type ChangeDetectionRecord = z.infer<typeof ChangeDetectionRecordSchema>;