npm - @ktpartners/dgs-platform - Versions diffs - 3.0.4 → 3.3.0 - Mend

@ktpartners/dgs-platform 3.0.4 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/deliver-great-systems/bin/lib/package-ecosystems.cjs ADDED Viewed

@@ -0,0 +1,350 @@
+/**
+ * package-ecosystems.cjs -- Manifest detection and monorepo workspace expansion
+ *
+ * LEAF MODULE: Imports only Node built-ins (fs, path) and `safeReadFile`
+ * from core.cjs. MUST NOT import from other DGS modules. Enforced by
+ * path-audit.test.cjs.
+ *
+ * Exports:
+ *   detectEcosystems(repoDir) -- returns Array<{ ecosystem, manifest_path }>
+ *   ECOSYSTEM_MANIFESTS       -- ordered priority list (for tests/orchestrator)
+ *
+ * Covers roadmap requirements PKG-08, PKG-09, PKG-10, PKG-31.
+ * Does NOT implement PKG-41 (Gradle sub-projects) or PKG-42 (Python src-layout)
+ * -- both deferred to a later milestone (see CONTEXT.md deferred section).
+ */
+'use strict';
+const fs = require('fs');
+const path = require('path');
+const { safeReadFile } = require('./core.cjs');
+const ECOSYSTEM_MANIFESTS = [
+  { eco: 'node',   manifests: ['package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'package.json'] },
+  { eco: 'python', manifests: ['poetry.lock', 'Pipfile.lock', 'requirements.txt', 'pyproject.toml', 'setup.py'] },
+  { eco: 'go',     manifests: ['go.sum', 'go.mod'] },
+  { eco: 'ruby',   manifests: ['Gemfile.lock', 'Gemfile'] },
+  { eco: 'java',   manifests: ['pom.xml', 'build.gradle', 'build.gradle.kts'] },
+];
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+function _posix(p) {
+  if (!p) return p;
+  return p.split(path.sep).join('/').replace(/^\.\//, '');
+}
+function _exists(p) {
+  try {
+    return fs.existsSync(p);
+  } catch {
+    return false;
+  }
+}
+function _hasAnyManifest(repoDir, manifests) {
+  for (const m of manifests) {
+    if (_exists(path.join(repoDir, m))) return true;
+  }
+  return false;
+}
+function _tryParseJson(raw) {
+  if (!raw) return null;
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+// Minimal pnpm-workspace.yaml parser. Looks for a top-level `packages:` list
+// with one entry per indented `- ...` line. Handles quotes but nothing fancy.
+function _parsePnpmWorkspace(raw) {
+  if (!raw) return [];
+  const lines = raw.split(/\r?\n/);
+  let inPackages = false;
+  const result = [];
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (/^packages\s*:/.test(trimmed)) {
+      inPackages = true;
+      continue;
+    }
+    if (inPackages) {
+      if (/^[a-zA-Z_][\w-]*\s*:/.test(trimmed)) {
+        // new top-level key
+        inPackages = false;
+        continue;
+      }
+      const m = trimmed.match(/^-\s*['"]?([^'"\s]+)['"]?\s*$/);
+      if (m) result.push(m[1]);
+    }
+  }
+  return result;
+}
+// Expand a workspace glob pattern relative to repoDir. Supports a single
+// trailing `*` at a depth of at most one (e.g., packages/*, apps/*, *). Does
+// NOT support `**` or nested stars. Returns absolute workspace directories
+// that contain a package.json.
+function _expandWorkspaceGlob(repoDir, pattern) {
+  if (!pattern) return [];
+  // Strip a trailing slash if present.
+  let pat = pattern.replace(/\/$/, '');
+  // If no wildcard, treat as a literal path (still cap at one level).
+  if (!pat.includes('*')) {
+    const abs = path.join(repoDir, pat);
+    if (_exists(path.join(abs, 'package.json'))) return [abs];
+    return [];
+  }
+  // Only allow one `*` (either bare `*` or `<dir>/*`).
+  const parts = pat.split('/');
+  if (parts.length > 2) return []; // cap at one directory level
+  let baseDir = repoDir;
+  let starSegment = parts[0];
+  if (parts.length === 2) {
+    baseDir = path.join(repoDir, parts[0]);
+    starSegment = parts[1];
+  }
+  if (starSegment !== '*') return []; // only support trailing bare `*`
+  let entries;
+  try {
+    entries = fs.readdirSync(baseDir, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  const results = [];
+  for (const e of entries) {
+    if (!e.isDirectory()) continue;
+    const full = path.join(baseDir, e.name);
+    if (_exists(path.join(full, 'package.json'))) {
+      results.push(full);
+    }
+  }
+  return results;
+}
+// Expand a list of workspace patterns, deduplicating and returning absolute
+// workspace directories (each containing package.json).
+function _collectNodeWorkspaces(repoDir, patterns) {
+  const seen = new Set();
+  const out = [];
+  for (const pattern of patterns) {
+    const dirs = _expandWorkspaceGlob(repoDir, pattern);
+    for (const d of dirs) {
+      if (!seen.has(d)) {
+        seen.add(d);
+        out.push(d);
+      }
+    }
+  }
+  return out;
+}
+// Parse root package.json for workspace declarations. Handles array form and
+// object form ({ packages: [...] }). Returns patterns[] (possibly empty).
+function _nodeWorkspacePatterns(rootPkg) {
+  if (!rootPkg || typeof rootPkg !== 'object') return [];
+  const ws = rootPkg.workspaces;
+  if (Array.isArray(ws)) return ws.slice();
+  if (ws && typeof ws === 'object' && Array.isArray(ws.packages)) return ws.packages.slice();
+  return [];
+}
+// Check whether a package.json carries real root-level dependencies (beyond
+// the `workspaces` field). Returns true if either `dependencies` or
+// `devDependencies` is a non-empty object.
+function _hasRootDeps(rootPkg) {
+  if (!rootPkg || typeof rootPkg !== 'object') return false;
+  const hasDeps = rootPkg.dependencies && typeof rootPkg.dependencies === 'object'
+    && Object.keys(rootPkg.dependencies).length > 0;
+  const hasDev = rootPkg.devDependencies && typeof rootPkg.devDependencies === 'object'
+    && Object.keys(rootPkg.devDependencies).length > 0;
+  return Boolean(hasDeps || hasDev);
+}
+// Parse <modules> from a root pom.xml (regex walk, no XML dep). Returns
+// module names (strings) as declared.
+function _parseMavenModules(rawXml) {
+  if (!rawXml) return [];
+  const modulesBlock = rawXml.match(/<modules>([\s\S]*?)<\/modules>/);
+  if (!modulesBlock) return [];
+  const moduleMatches = modulesBlock[1].match(/<module>\s*([^<\s][^<]*?)\s*<\/module>/g) || [];
+  return moduleMatches.map(m => {
+    const inner = m.match(/<module>\s*([\s\S]*?)\s*<\/module>/);
+    return inner ? inner[1].trim() : null;
+  }).filter(Boolean);
+}
+// Detect whether a pom.xml declares <dependencies> alongside any <modules>.
+// Excludes <dependencyManagement><dependencies> so a pure BOM root doesn't
+// count as a scannable target.
+function _mavenHasDependencies(rawXml) {
+  if (!rawXml) return false;
+  // Strip dependencyManagement block to avoid false positives.
+  const stripped = rawXml.replace(/<dependencyManagement>[\s\S]*?<\/dependencyManagement>/g, '');
+  return /<dependencies>[\s\S]*?<dependency>/.test(stripped);
+}
+// Parse the `use (...)` block (multi-line or single-line) from a go.work file.
+// Returns module directory names as declared (strings starting with ./ or a bare name).
+function _parseGoWorkUse(raw) {
+  if (!raw) return [];
+  const results = [];
+  // Multi-line form: use ( ./a\n./b\n )
+  const multiMatch = raw.match(/use\s*\(([\s\S]*?)\)/);
+  if (multiMatch) {
+    const inner = multiMatch[1];
+    for (const line of inner.split(/\r?\n/)) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith('//')) continue;
+      results.push(trimmed);
+    }
+    return results;
+  }
+  // Single-line form: use ./a  (one per line)
+  for (const line of raw.split(/\r?\n/)) {
+    const trimmed = line.trim();
+    const m = trimmed.match(/^use\s+(\S+)\s*$/);
+    if (m) results.push(m[1]);
+  }
+  return results;
+}
+// ─── Main export ─────────────────────────────────────────────────────────────
+/**
+ * Detect scannable manifests and monorepo workspaces at a repo root.
+ *
+ * Returns one entry per scannable target. For simple repos (no workspaces)
+ * each entry has manifest_path: null. For monorepos (npm/pnpm/Yarn workspaces,
+ * Maven multi-module, Go workspaces), emits one entry per workspace with
+ * manifest_path populated as repo-relative POSIX. Gradle sub-projects (PKG-41)
+ * and Python src-layout (PKG-42) are explicitly deferred.
+ *
+ * @param {string} repoDir - Absolute path to the repo root
+ * @returns {Array<{ ecosystem: 'node'|'python'|'go'|'ruby'|'java', manifest_path: string|null }>}
+ */
+function detectEcosystems(repoDir) {
+  if (!repoDir || !_exists(repoDir)) return [];
+  // Per-ecosystem builders — each returns an ordered array of entries.
+  const groups = [];
+  // ─── node ──────────────────────────────────────────────────────────────────
+  {
+    const nodeEntries = [];
+    const hasRoot = _hasAnyManifest(repoDir, ECOSYSTEM_MANIFESTS[0].manifests);
+    // Workspace expansion
+    const rootPkgRaw = safeReadFile(path.join(repoDir, 'package.json'));
+    const rootPkg = _tryParseJson(rootPkgRaw);
+    let patterns = _nodeWorkspacePatterns(rootPkg);
+    // pnpm-workspace.yaml may supply (or supplement) patterns
+    const pnpmRaw = safeReadFile(path.join(repoDir, 'pnpm-workspace.yaml'));
+    if (pnpmRaw) {
+      const pnpmPatterns = _parsePnpmWorkspace(pnpmRaw);
+      patterns = patterns.concat(pnpmPatterns);
+    }
+    const workspaceDirs = patterns.length > 0
+      ? _collectNodeWorkspaces(repoDir, patterns)
+      : [];
+    // Collect workspace entries
+    const wsEntries = workspaceDirs.map(abs => ({
+      ecosystem: 'node',
+      manifest_path: _posix(path.relative(repoDir, path.join(abs, 'package.json'))),
+    }));
+    wsEntries.sort((a, b) => a.manifest_path.localeCompare(b.manifest_path));
+    if (wsEntries.length > 0) {
+      nodeEntries.push(...wsEntries);
+      // Emit root only if root package.json has own deps
+      if (_hasRootDeps(rootPkg)) {
+        nodeEntries.push({ ecosystem: 'node', manifest_path: 'package.json' });
+      }
+    } else if (hasRoot) {
+      nodeEntries.push({ ecosystem: 'node', manifest_path: null });
+    }
+    if (nodeEntries.length > 0) groups.push(nodeEntries);
+  }
+  // ─── python ────────────────────────────────────────────────────────────────
+  {
+    const hasRoot = _hasAnyManifest(repoDir, ECOSYSTEM_MANIFESTS[1].manifests);
+    if (hasRoot) {
+      groups.push([{ ecosystem: 'python', manifest_path: null }]);
+    }
+    // PKG-42 deferred — do not scan src/ or subdirs.
+  }
+  // ─── go ────────────────────────────────────────────────────────────────────
+  {
+    const goEntries = [];
+    const goWorkRaw = safeReadFile(path.join(repoDir, 'go.work'));
+    if (goWorkRaw) {
+      const declared = _parseGoWorkUse(goWorkRaw);
+      const wsEntries = [];
+      for (const decl of declared) {
+        const modDir = path.resolve(repoDir, decl);
+        const modFile = path.join(modDir, 'go.mod');
+        if (_exists(modFile)) {
+          const rel = _posix(path.relative(repoDir, modFile));
+          wsEntries.push({ ecosystem: 'go', manifest_path: rel });
+        }
+      }
+      wsEntries.sort((a, b) => a.manifest_path.localeCompare(b.manifest_path));
+      goEntries.push(...wsEntries);
+      // Go: never emit root entry when go.work is present
+    } else {
+      const hasRoot = _hasAnyManifest(repoDir, ECOSYSTEM_MANIFESTS[2].manifests);
+      if (hasRoot) goEntries.push({ ecosystem: 'go', manifest_path: null });
+    }
+    if (goEntries.length > 0) groups.push(goEntries);
+  }
+  // ─── ruby ──────────────────────────────────────────────────────────────────
+  {
+    const hasRoot = _hasAnyManifest(repoDir, ECOSYSTEM_MANIFESTS[3].manifests);
+    if (hasRoot) groups.push([{ ecosystem: 'ruby', manifest_path: null }]);
+  }
+  // ─── java (Maven + Gradle) ─────────────────────────────────────────────────
+  {
+    const javaEntries = [];
+    const pomPath = path.join(repoDir, 'pom.xml');
+    const pomRaw = safeReadFile(pomPath);
+    if (pomRaw) {
+      const modules = _parseMavenModules(pomRaw);
+      if (modules.length > 0) {
+        const wsEntries = [];
+        for (const mod of modules) {
+          const modPom = path.join(repoDir, mod, 'pom.xml');
+          if (_exists(modPom)) {
+            const rel = _posix(path.relative(repoDir, modPom));
+            wsEntries.push({ ecosystem: 'java', manifest_path: rel });
+          }
+          // Missing modules silently skipped — malformed-tolerance
+        }
+        wsEntries.sort((a, b) => a.manifest_path.localeCompare(b.manifest_path));
+        javaEntries.push(...wsEntries);
+        // Root entry only if pom has both <modules> AND <dependencies>
+        if (_mavenHasDependencies(pomRaw)) {
+          javaEntries.push({ ecosystem: 'java', manifest_path: 'pom.xml' });
+        }
+      } else {
+        javaEntries.push({ ecosystem: 'java', manifest_path: null });
+      }
+    } else if (_exists(path.join(repoDir, 'build.gradle')) || _exists(path.join(repoDir, 'build.gradle.kts'))) {
+      // PKG-41 deferred — single-module Java only
+      javaEntries.push({ ecosystem: 'java', manifest_path: null });
+    }
+    if (javaEntries.length > 0) groups.push(javaEntries);
+  }
+  // Flatten groups into the final array — ecosystem order matches ECOSYSTEM_MANIFESTS.
+  const out = [];
+  for (const g of groups) out.push(...g);
+  return out;
+}
+module.exports = { detectEcosystems, ECOSYSTEM_MANIFESTS };