@lousy-agents/cli 2.11.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.js +70 -29
  2. package/dist/index.js.map +1 -1
  3. package/dist/mcp-server.js +27 -0
  4. package/dist/mcp-server.js.map +1 -1
  5. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -32630,6 +32630,15 @@ const RulesetSchema = schemas_object({
32630
32630
  enforcement: schemas_string(),
32631
32631
  rules: schemas_array(RulesetRuleSchema).optional()
32632
32632
  });
32633
+ const RepoSecuritySchema = schemas_object({
32634
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
32635
+ security_and_analysis: schemas_object({
32636
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
32637
+ advanced_security: schemas_object({
32638
+ status: schemas_string()
32639
+ })
32640
+ }).optional()
32641
+ });
32633
32642
  /**
32634
32643
  * Parses a GitHub remote URL to extract owner and repo name
32635
32644
  */ function parseRepoFromRemoteUrl(remoteUrl) {
@@ -32704,6 +32713,24 @@ function defaultExec(command, args, options) {
32704
32713
  return null;
32705
32714
  }
32706
32715
  }
32716
+ async hasAdvancedSecurity(owner, repo) {
32717
+ if (!this.octokit) {
32718
+ return false;
32719
+ }
32720
+ try {
32721
+ const { data } = await this.octokit.rest.repos.get({
32722
+ owner,
32723
+ repo
32724
+ });
32725
+ const parsed = RepoSecuritySchema.safeParse(data);
32726
+ if (!parsed.success) {
32727
+ return false;
32728
+ }
32729
+ return parsed.data.security_and_analysis?.advanced_security?.status === "enabled";
32730
+ } catch {
32731
+ return false;
32732
+ }
32733
+ }
32707
32734
  async listRulesets(owner, repo) {
32708
32735
  if (!this.octokit) {
32709
32736
  throw new Error("Not authenticated");
@@ -33671,8 +33698,44 @@ function isCopilotCodeScanningRule(rule) {
33671
33698
  return findCopilotRuleset(rulesets) !== undefined;
33672
33699
  }
33673
33700
  /**
33674
- * Builds a ruleset payload for enabling Copilot code review
33675
- */ function buildCopilotReviewRulesetPayload() {
33701
+ * Builds a ruleset payload for enabling Copilot code review.
33702
+ * Includes code_scanning rules configured with CodeQL and Copilot Autofix when GitHub Advanced Security is enabled.
33703
+ */ function buildCopilotReviewRulesetPayload(options) {
33704
+ const rules = [
33705
+ {
33706
+ type: "copilot_code_review",
33707
+ parameters: {
33708
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33709
+ review_on_push: true,
33710
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33711
+ review_draft_pull_requests: true
33712
+ }
33713
+ }
33714
+ ];
33715
+ if (options.advancedSecurityEnabled) {
33716
+ rules.push({
33717
+ type: "code_scanning",
33718
+ parameters: {
33719
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33720
+ code_scanning_tools: [
33721
+ {
33722
+ tool: "CodeQL",
33723
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33724
+ security_alerts_threshold: "high_or_higher",
33725
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33726
+ alerts_threshold: "errors"
33727
+ },
33728
+ {
33729
+ tool: "Copilot Autofix",
33730
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33731
+ security_alerts_threshold: "high_or_higher",
33732
+ // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33733
+ alerts_threshold: "errors"
33734
+ }
33735
+ ]
33736
+ }
33737
+ });
33738
+ }
33676
33739
  return {
33677
33740
  name: "Copilot Code Review",
33678
33741
  enforcement: "active",
@@ -33688,32 +33751,7 @@ function isCopilotCodeScanningRule(rule) {
33688
33751
  exclude: []
33689
33752
  }
33690
33753
  },
33691
- rules: [
33692
- {
33693
- type: "copilot_code_review",
33694
- parameters: {
33695
- // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33696
- review_on_push: true,
33697
- // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33698
- review_draft_pull_requests: true
33699
- }
33700
- },
33701
- {
33702
- type: "code_scanning",
33703
- parameters: {
33704
- // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33705
- code_scanning_tools: [
33706
- {
33707
- tool: "Copilot Autofix",
33708
- // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33709
- security_alerts_threshold: "high_or_higher",
33710
- // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
33711
- alerts_threshold: "errors"
33712
- }
33713
- ]
33714
- }
33715
- }
33716
- ]
33754
+ rules
33717
33755
  };
33718
33756
  }
33719
33757
  /**
@@ -34683,7 +34721,10 @@ async function checkAndPromptRuleset(rulesetGateway, targetDir, prompt) {
34683
34721
  return;
34684
34722
  }
34685
34723
  try {
34686
- const payload = buildCopilotReviewRulesetPayload();
34724
+ const advancedSecurityEnabled = await rulesetGateway.hasAdvancedSecurity(repoInfo.owner, repoInfo.repo);
34725
+ const payload = buildCopilotReviewRulesetPayload({
34726
+ advancedSecurityEnabled
34727
+ });
34687
34728
  await rulesetGateway.createRuleset(repoInfo.owner, repoInfo.repo, payload);
34688
34729
  consola.success(`Created Copilot PR review ruleset: "${payload.name}"`);
34689
34730
  } catch (error) {