@schemashift/core 0.12.0 → 0.13.0

package/dist/index.js

@@ -136,10 +136,30 @@ var SchemaAnalyzer = class {
 // src/approval.ts
 import { existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync } from "fs";
 import { join } from "path";
+
+// src/constants.ts
+var SCHEMASHIFT_DIR = ".schemashift";
+var BACKUP_DIR = ".schemashift-backup";
+var CONFIG_FILE_NAMES = [
+  ".schemashiftrc",
+  ".schemashiftrc.json",
+  ".schemashiftrc.yaml",
+  ".schemashiftrc.yml",
+  ".schemashiftrc.js",
+  ".schemashiftrc.cjs"
+];
+var DEFAULT_CONFIG_FILE = ".schemashiftrc.json";
+var INCREMENTAL_STATE_FILE = "incremental.json";
+var AUDIT_LOG_FILE = "audit-log.json";
+var SCHEMA_SNAPSHOT_FILE = "schema-snapshot.json";
+var PENDING_DIR = "pending";
+var TESTS_DIR = "tests";
+
+// src/approval.ts
 var ApprovalManager = class {
   pendingDir;
   constructor(projectPath) {
-    this.pendingDir = join(projectPath, ".schemashift", "pending");
+    this.pendingDir = join(projectPath, SCHEMASHIFT_DIR, PENDING_DIR);
   }
   /**
    * Create a new migration request for review.
@@ -188,8 +208,16 @@ var ApprovalManager = class {
     if (!existsSync(filePath)) {
       return null;
     }
-    const content = readFileSync(filePath, "utf-8");
-    return JSON.parse(content);
+    try {
+      const content = readFileSync(filePath, "utf-8");
+      const parsed = JSON.parse(content);
+      if (!this.isValidRequest(parsed)) {
+        return null;
+      }
+      return parsed;
+    } catch {
+      return null;
+    }
   }
   /**
    * List all migration requests, optionally filtered by status.
@@ -201,10 +229,14 @@ var ApprovalManager = class {
     const files = readdirSync(this.pendingDir).filter((f) => f.endsWith(".json"));
     const requests = [];
     for (const file of files) {
-      const content = readFileSync(join(this.pendingDir, file), "utf-8");
-      const request = JSON.parse(content);
-      if (!status || request.status === status) {
-        requests.push(request);
+      try {
+        const content = readFileSync(join(this.pendingDir, file), "utf-8");
+        const parsed = JSON.parse(content);
+        if (!this.isValidRequest(parsed)) continue;
+        if (!status || parsed.status === status) {
+          requests.push(parsed);
+        }
+      } catch {
       }
     }
     return requests.sort(
@@ -230,6 +262,11 @@ var ApprovalManager = class {
     const request = this.getRequest(requestId);
     return request?.status === "approved";
   }
+  isValidRequest(data) {
+    if (typeof data !== "object" || data === null) return false;
+    const obj = data;
+    return typeof obj.id === "string" && typeof obj.from === "string" && typeof obj.to === "string" && Array.isArray(obj.files) && typeof obj.requestedBy === "string" && typeof obj.status === "string" && ["pending", "approved", "rejected"].includes(obj.status);
+  }
   ensureDir() {
     if (!existsSync(this.pendingDir)) {
       mkdirSync(this.pendingDir, { recursive: true });
@@ -375,15 +412,13 @@ function transformMethodChain(chain, newBase, factoryMapper, methodMapper) {
 import { createHash } from "crypto";
 import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
 import { join as join2 } from "path";
-var AUDIT_DIR = ".schemashift";
-var AUDIT_FILE = "audit-log.json";
 var AUDIT_VERSION = 1;
 var MigrationAuditLog = class {
   logDir;
   logPath;
   constructor(projectPath) {
-    this.logDir = join2(projectPath, AUDIT_DIR);
-    this.logPath = join2(this.logDir, AUDIT_FILE);
+    this.logDir = join2(projectPath, SCHEMASHIFT_DIR);
+    this.logPath = join2(this.logDir, AUDIT_LOG_FILE);
   }
   /**
    * Append a new entry to the audit log.
@@ -427,7 +462,11 @@ var MigrationAuditLog = class {
       if (!content.trim()) {
         return { version: AUDIT_VERSION, entries: [] };
       }
-      return JSON.parse(content);
+      const parsed = JSON.parse(content);
+      if (!this.isValidAuditLog(parsed)) {
+        return { version: AUDIT_VERSION, entries: [] };
+      }
+      return parsed;
     } catch {
       return { version: AUDIT_VERSION, entries: [] };
     }
@@ -597,6 +636,13 @@ var MigrationAuditLog = class {
       gitCommit: process.env.GITHUB_SHA || process.env.CI_COMMIT_SHA || void 0
     };
   }
+  isValidAuditLog(data) {
+    if (typeof data !== "object" || data === null) return false;
+    const obj = data;
+    if (typeof obj.version !== "number") return false;
+    if (!Array.isArray(obj.entries)) return false;
+    return true;
+  }
   write(log) {
     if (!existsSync2(this.logDir)) {
       mkdirSync2(this.logDir, { recursive: true });
@@ -1040,6 +1086,12 @@ import { join as join4 } from "path";
 // src/ecosystem.ts
 import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
 import { join as join3 } from "path";
+function parseMajorVersion(version) {
+  const match = version.match(/(\d+)/);
+  const num = match?.[1] ? Number.parseInt(match[1], 10) : 0;
+  if (!Number.isFinite(num) || num < 0 || num > 999) return 0;
+  return num;
+}
 var ECOSYSTEM_RULES = [
   // ORM integrations
   {
@@ -1081,8 +1133,7 @@ var ECOSYSTEM_RULES = [
     category: "api",
     migrations: ["zod-v3->v4"],
     check: (version) => {
-      const majorMatch = version.match(/(\d+)/);
-      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      const major = parseMajorVersion(version);
       if (major < 11) {
         return {
           issue: `tRPC v${major} expects Zod v3 types. A v3 ZodType is not assignable to a v4 ZodType.`,
@@ -1115,8 +1166,7 @@ var ECOSYSTEM_RULES = [
     category: "validation-util",
     migrations: ["zod-v3->v4"],
     check: (version) => {
-      const majorMatch = version.match(/(\d+)/);
-      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      const major = parseMajorVersion(version);
       if (major < 4) {
         return {
           issue: `zod-validation-error v${major} is not compatible with Zod v4.`,
@@ -1406,8 +1456,7 @@ var ECOSYSTEM_RULES = [
     category: "validation-util",
     migrations: ["zod-v3->v4"],
     check: (version) => {
-      const majorMatch = version.match(/(\d+)/);
-      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      const major = parseMajorVersion(version);
       if (major < 4) {
         return {
           issue: "zod-to-json-schema v3 may not fully support Zod v4 schemas.",
@@ -1802,7 +1851,7 @@ async function loadConfig(configPath) {
     include: ["**/*.ts", "**/*.tsx"],
     exclude: ["**/node_modules/**", "**/dist/**", "**/*.d.ts"],
     git: { enabled: false },
-    backup: { enabled: true, dir: ".schemashift-backup" },
+    backup: { enabled: true, dir: BACKUP_DIR },
     ...result?.config
   };
 }
@@ -1913,6 +1962,75 @@ function suggestCrossFieldPattern(whenCode) {
   return null;
 }
 
+// src/dead-schema-detector.ts
+var DeadSchemaDetector = class {
+  detect(sourceFiles) {
+    const schemas = this.collectSchemaDefinitions(sourceFiles);
+    const unusedSchemas = this.findUnusedSchemas(schemas, sourceFiles);
+    return {
+      unusedSchemas,
+      totalSchemas: schemas.length,
+      summary: unusedSchemas.length > 0 ? `Found ${unusedSchemas.length} unused schema(s) out of ${schemas.length} total that may be safely removed.` : `All ${schemas.length} schema(s) are referenced.`
+    };
+  }
+  collectSchemaDefinitions(sourceFiles) {
+    const schemas = [];
+    const schemaPattern = /(?:const|let|var|export\s+(?:const|let|var))\s+(\w+)\s*=\s*(?:z\.|yup\.|Yup\.|Joi\.|t\.|v\.|type\(|object\(|string\(|S\.)/;
+    for (const file of sourceFiles) {
+      const text = file.getFullText();
+      const lines = text.split("\n");
+      const filePath = file.getFilePath();
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (!line) continue;
+        const match = schemaPattern.exec(line);
+        if (match?.[1]) {
+          schemas.push({
+            schemaName: match[1],
+            filePath,
+            lineNumber: i + 1
+          });
+        }
+      }
+    }
+    return schemas;
+  }
+  findUnusedSchemas(schemas, sourceFiles) {
+    const fileContents = /* @__PURE__ */ new Map();
+    for (const file of sourceFiles) {
+      fileContents.set(file.getFilePath(), file.getFullText());
+    }
+    const unused = [];
+    for (const schema of schemas) {
+      const { schemaName, filePath } = schema;
+      let referenceCount = 0;
+      for (const [path, content] of fileContents) {
+        const pattern = new RegExp(`\\b${schemaName}\\b`, "g");
+        const matches = content.match(pattern);
+        const matchCount = matches?.length ?? 0;
+        if (path === filePath) {
+          if (matchCount > 1) {
+            referenceCount += matchCount - 1;
+          }
+        } else {
+          referenceCount += matchCount;
+        }
+      }
+      const fileContent = fileContents.get(filePath) ?? "";
+      const exportPattern = new RegExp(
+        `export\\s+(?:const|let|var)\\s+${schemaName}\\b|export\\s*\\{[^}]*\\b${schemaName}\\b`
+      );
+      if (exportPattern.test(fileContent)) {
+        referenceCount++;
+      }
+      if (referenceCount === 0) {
+        unused.push(schema);
+      }
+    }
+    return unused;
+  }
+};
+
 // src/dependency-graph.ts
 import { existsSync as existsSync5, readdirSync as readdirSync2, readFileSync as readFileSync5 } from "fs";
 import { join as join5, resolve } from "path";
@@ -2453,15 +2571,13 @@ var DetailedAnalyzer = class {
 import { createHash as createHash2 } from "crypto";
 import { existsSync as existsSync7, mkdirSync as mkdirSync3, readFileSync as readFileSync7, writeFileSync as writeFileSync3 } from "fs";
 import { join as join7, relative } from "path";
-var SNAPSHOT_DIR = ".schemashift";
-var SNAPSHOT_FILE = "schema-snapshot.json";
 var SNAPSHOT_VERSION = 1;
 var DriftDetector = class {
   snapshotDir;
   snapshotPath;
   constructor(projectPath) {
-    this.snapshotDir = join7(projectPath, SNAPSHOT_DIR);
-    this.snapshotPath = join7(this.snapshotDir, SNAPSHOT_FILE);
+    this.snapshotDir = join7(projectPath, SCHEMASHIFT_DIR);
+    this.snapshotPath = join7(this.snapshotDir, SCHEMA_SNAPSHOT_FILE);
   }
   /**
    * Take a snapshot of the current schema state
@@ -2731,7 +2847,8 @@ var GovernanceEngine = class {
         if (this.rules.has("naming-convention")) {
           const config = this.rules.get("naming-convention") ?? {};
           const pattern = config.pattern || ".*Schema$";
-          if (!new RegExp(pattern).test(schemaName)) {
+          const regex = this.safeRegExp(pattern);
+          if (regex && !regex.test(schemaName)) {
             violations.push({
               rule: "naming-convention",
               message: `Schema "${schemaName}" does not match naming pattern: ${pattern}`,
@@ -2893,6 +3010,14 @@ var GovernanceEngine = class {
       passed: violations.filter((v) => v.severity === "error").length === 0
     };
   }
+  safeRegExp(pattern) {
+    if (pattern.length > 500) return null;
+    try {
+      return new RegExp(pattern);
+    } catch {
+      return null;
+    }
+  }
   detectFileLibrary(sourceFile) {
     for (const imp of sourceFile.getImportDeclarations()) {
       const lib = detectSchemaLibrary(imp.getModuleSpecifierValue());
@@ -3628,17 +3753,77 @@ var GraphExporter = class {
   }
 };
 
+// src/import-deduplicator.ts
+var ImportDeduplicator = class {
+  detect(sourceFiles) {
+    const allGroups = [];
+    for (const file of sourceFiles) {
+      const groups = this.findDuplicatesInFile(file);
+      allGroups.push(...groups);
+    }
+    const totalDuplicates = allGroups.reduce((sum, g) => sum + g.occurrences.length, 0);
+    return {
+      duplicateGroups: allGroups,
+      totalDuplicates,
+      summary: allGroups.length > 0 ? `Found ${allGroups.length} duplicate import group(s) across ${new Set(allGroups.map((g) => g.occurrences[0]?.filePath)).size} file(s). Merge them for cleaner imports.` : "No duplicate imports found."
+    };
+  }
+  findDuplicatesInFile(sourceFile) {
+    const imports = sourceFile.getImportDeclarations();
+    const filePath = sourceFile.getFilePath();
+    const bySource = /* @__PURE__ */ new Map();
+    for (const imp of imports) {
+      const source = imp.getModuleSpecifierValue();
+      const namedImports = imp.getNamedImports().map((n) => n.getName());
+      const namespaceImport = imp.getNamespaceImport()?.getText();
+      const defaultImport = imp.getDefaultImport()?.getText();
+      const importedNames = [];
+      if (defaultImport) importedNames.push(defaultImport);
+      if (namespaceImport) importedNames.push(`* as ${namespaceImport}`);
+      importedNames.push(...namedImports);
+      if (importedNames.length === 0) continue;
+      const entry = {
+        source,
+        filePath,
+        lineNumber: imp.getStartLineNumber(),
+        importedNames
+      };
+      const existing = bySource.get(source);
+      if (existing) {
+        existing.push(entry);
+      } else {
+        bySource.set(source, [entry]);
+      }
+    }
+    const groups = [];
+    for (const [source, occurrences] of bySource) {
+      if (occurrences.length <= 1) continue;
+      const allNames = /* @__PURE__ */ new Set();
+      for (const occ of occurrences) {
+        for (const name of occ.importedNames) {
+          allNames.add(name);
+        }
+      }
+      const mergedNames = [...allNames].sort().join(", ");
+      groups.push({
+        source,
+        occurrences,
+        suggestion: `Merge into single import: import { ${mergedNames} } from '${source}';`
+      });
+    }
+    return groups;
+  }
+};
+
 // src/incremental.ts
 import { existsSync as existsSync8, mkdirSync as mkdirSync4, readFileSync as readFileSync8, unlinkSync, writeFileSync as writeFileSync4 } from "fs";
 import { join as join8 } from "path";
-var STATE_DIR = ".schemashift";
-var STATE_FILE = "incremental.json";
 var IncrementalTracker = class {
   stateDir;
   statePath;
   constructor(projectPath) {
-    this.stateDir = join8(projectPath, STATE_DIR);
-    this.statePath = join8(this.stateDir, STATE_FILE);
+    this.stateDir = join8(projectPath, SCHEMASHIFT_DIR);
+    this.statePath = join8(this.stateDir, INCREMENTAL_STATE_FILE);
   }
   start(files, from, to) {
     const state = {
@@ -3675,7 +3860,9 @@ var IncrementalTracker = class {
   getState() {
     if (!existsSync8(this.statePath)) return null;
     try {
-      return JSON.parse(readFileSync8(this.statePath, "utf-8"));
+      const parsed = JSON.parse(readFileSync8(this.statePath, "utf-8"));
+      if (!this.isValidState(parsed)) return null;
+      return parsed;
     } catch {
       return null;
     }
@@ -3722,6 +3909,11 @@ var IncrementalTracker = class {
       unlinkSync(this.statePath);
     }
   }
+  isValidState(data) {
+    if (typeof data !== "object" || data === null) return false;
+    const obj = data;
+    return typeof obj.migrationId === "string" && typeof obj.from === "string" && typeof obj.to === "string" && typeof obj.startedAt === "string" && Array.isArray(obj.completedFiles) && Array.isArray(obj.remainingFiles) && Array.isArray(obj.failedFiles);
+  }
   saveState(state) {
     if (!existsSync8(this.stateDir)) {
       mkdirSync4(this.stateDir, { recursive: true });
@@ -4045,11 +4237,15 @@ var WebhookNotifier = class {
       const signature = await computeSignature(payload, webhook.secret);
       headers["X-SchemaShift-Signature"] = `sha256=${signature}`;
     }
+    const timeoutMs = webhook.timeoutMs ?? 1e4;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
     try {
       const response = await fetch(webhook.url, {
         method: "POST",
         headers,
-        body: payload
+        body: payload,
+        signal: controller.signal
       });
       return {
         success: response.ok,
@@ -4057,10 +4253,13 @@ var WebhookNotifier = class {
         error: response.ok ? void 0 : `HTTP ${response.status}: ${response.statusText}`
       };
     } catch (err) {
+      const message = err instanceof Error && err.name === "AbortError" ? `Webhook request timed out after ${timeoutMs}ms` : err instanceof Error ? err.message : String(err);
       return {
         success: false,
-        error: err instanceof Error ? err.message : String(err)
+        error: message
       };
+    } finally {
+      clearTimeout(timeoutId);
     }
   }
   /**
@@ -4974,11 +5173,16 @@ var TypeDedupDetector = class {
   }
 };
 export {
+  AUDIT_LOG_FILE,
   ApprovalManager,
+  BACKUP_DIR,
   BehavioralWarningAnalyzer,
   BundleEstimator,
+  CONFIG_FILE_NAMES,
   CompatibilityAnalyzer,
   ComplexityEstimator,
+  DEFAULT_CONFIG_FILE,
+  DeadSchemaDetector,
   DetailedAnalyzer,
   DriftDetector,
   EcosystemAnalyzer,
@@ -4987,16 +5191,22 @@ export {
   GovernanceEngine,
   GovernanceFixer,
   GraphExporter,
+  INCREMENTAL_STATE_FILE,
+  ImportDeduplicator,
   IncrementalTracker,
   MigrationAuditLog,
   MigrationChain,
   MonorepoResolver,
+  PENDING_DIR,
   PackageUpdater,
   PerformanceAnalyzer,
   PluginLoader,
+  SCHEMASHIFT_DIR,
+  SCHEMA_SNAPSHOT_FILE,
   SchemaAnalyzer,
   SchemaDependencyResolver,
   StandardSchemaAdvisor,
+  TESTS_DIR,
   TestScaffolder,
   TransformEngine,
   TypeDedupDetector,